Customer Portal

Get Involved. Join the Conversation.

Topic

    Steve Long
    send P3P header on login?
    Topic posted March 9, 2009 by Steve LongBronze Medal: 1,250+ Points, last edited October 29, 2011 
    1158 Views, 3 Comments
    Title:
    send P3P header on login?
    Content:
    Is there a way to pass a P3P header with the login cookie for CP? I am having some trouble getting IE users to view our development pages, which are being loaded in an iframe within our site, and was wondering if this was at all possible as a workaround? I've had some luck setting per site privacy settings in the browser, but would prefer not to have to set this for each user. Would it be possible to use hooks to accomplish this with the pre_login or post_login locations?

    Comment

     

    • Leif Wickland

      I'd never looked at P3P before, so please forgive my ignorance. From what I can tell by looking at the RFC, P3P information can either be sent in a HTTP header or an HTML header. Unfortunately, we don't buffer the output of pages, so PHP will complain if you try to send an HTTP header. It appears that you could put a <link> tag in the <head> of the page or the page's template that specified a policy file.

       

      The example from the RFC is:

       

       

      <link rel="P3Pv1" href="http://catalog.example.com/P3P/PolicyReferences.xml"> 

       

       

      Again, I'm not familiar with this protocol, so please forgive me if I've missed the point.

    • Steve Long
      I'm not overly familiar with the protocol either, but it seemed like a less obtrusive solution than having all IE users set their privacy settings. I'll take a look into this to see if it fulfills my needs. Thanks!
    • Leif Wickland
      One of the folks here pointed out that the end user pages already send a P3P HTTP header which points to /rnt/rnw/p3p/rnw_p3p_ref.xml. The SEC_P3P_COMPACT_HDR config setting controls what else is sent in the P3P header.

      Please let me know if you have additional questions.