哪些因素影响IE决定是否发送跨域cookie?

发布于 2024-10-02 23:38:00 字数 732 浏览 4 评论 0原文

致力于对第三方使用的接口进行故障排除。快速概述:

  • 第 3 方将用户发送到我们的网站 example.com/login,让用户向我们进行身份验证。
  • 登录后,我们将用户重定向回 thirdparty.com
  • < code>thirdparty.com 使用我们网站上的动态 JS 文件,用于返回有关登录用户的信息 example.com/dynamicJs.js
    • 由于此请求是针对 example.com 发出的,因此它应该包含登录期间删除的 Cookie(它们是实现其目的所必需的)
    • 对于 IE,它们不再包含在请求中

研究中:

  • cookie 本身似乎没有改变,手动将 IE 导航到 dynamicJS.js 的 URL 会导致正在传输必要的cookie。
  • example.com 已制定 P3P 策略,并且不会使用 IE 生成任何可见的警告/错误
  • 其他浏览器包含 cookie

那么,还有哪些其他变量可能会影响 IE 并导致其忽略 示例加载 example.com/dynamicJS.js 时使用 .com cookies?

Working on troubleshooting an interface consumed by 3rd parties. The quick overview:

  • 3rd party sends the user out our site example.com/login to let the user authenticate with us
  • After signin we redirect the user back to thirdparty.com
  • thirdparty.com consumes a dynamic JS file on our site used to return information about the logged in user example.com/dynamicJs.js
    • Since this request is made against example.com it should include the cookies dropped during login (they are required for it to serve its purpose)
    • for IE, they are no longer being included in the request

In researching:

  • the cookies themselves don't appear to have changed, and manually navigating IE to the URL of dynamicJS.js results in the necessary cookies being transmitted.
  • example.com has P3P policies in place and is not generating any visible warnings/errors with IE
  • other browsers include the cookies

So, what other variables could be influencing IE and resulting in it omitting the example.com cookies when loading example.com/dynamicJS.js?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

懷念過去 2024-10-09 23:38:00

经过大量研究,我们发现问题的根源在于 IIS 的自定义 HTTP 响应标头。

之前我们已将站点配置为返回 P3P 标头,但在诊断此问题时,我们发现标头现在以 3P 的形式返回。将密钥返回到 P3P 解决了问题。

在研究此更改的实际原因时,我们发现错误标头起源于 元素内的 web.config,但是它似乎在一段时间前就被放置在那里并保持休眠状态,直到应用程序池被停止/重新启动进行维护。

After much research we identified the root of the issue was within IIS's Custom HTTP Response Headers.

Previously we had configured the site to return a P3P header, but in diagnosing this issue we found that somehow the header was now being returned as 3P. Returning the key to P3P resolved out issue.

In researching the actual cause of this change we found that the bad header originated in the web.config, within the <httpProtocol><customHeaders> element -- however it appeared to have been placed there some time ago and remained dormant until the AppPool was stopped/restarted for maintenance.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文