views:

934

answers:

1

This is regarding this problem here

http://stackoverflow.com/questions/389456/cookie-blocked-not-saved-in-iframe-in-internet-explorer

I have set up my p3p fine as far as I know (The p3p validater doesnt return any errors), but i still get blocked cookies. The src of my iframe is an external website, is there anything special i have to do if the cookies i want to accept is on an external site?

Thanks!

Here is my p3p.xml:

    <?xml version="1.0" encoding="UTF-8" ?>
<META xmlns="http://www.w3.org/2002/01/P3Pv1"&gt;
<!-- Policy Generated by P3PWiz http://www.p3pwiz.com -->
<POLICY-REFERENCES>
  <EXPIRY date="Tue, 16 Feb 2010 08:50:40 -0600"/>
  <POLICY-REF about="/w3c/Policies.xml#Privacy">
    <INCLUDE>/*</INCLUDE>
  </POLICY-REF>
  <POLICY-REF about="/w3c/Policies.xml#WSC">
    <INCLUDE>*/*</INCLUDE>
    <COOKIE-INCLUDE name="*" value="*" domain="*" path="*" />
  </POLICY-REF>
</POLICY-REFERENCES>
</META>
A: 

Well, I'm not sure that you're setting the header right as it is described in the article:

Send the compact header with responses

I've set the webserver at example.com to send the compact header with responses, like this:

HTTP/1.1 200 OK P3P: policyref="/w3c/p3p.xml", CP="IDC DSP COR IVAi IVDi OUR TST" // ... other headers and content

policyref is a relative URI to the Policy Reference file (which in turn references the privacy policies), CP is the compact policy representation

As you can see, somebody else had the same problem:

I was 95% complete, but my header only said: P3P: CP="...." and didn't include the policyref link, which made it work in IE7, but not IE6... works good now. Thanks! – AndreasKnudsen May 12 at 10:17

I'm also wondering if there is any relation between where the policy file is hosted and where the actual site is hosted.

Gyuri