IE:如何处理跨域cookie?
我的主站点 (hostsite) 有一个 IFRAME
,其中包含托管在不同域上的注册站点 (regsite)。
我想在不同的域上托管注册,因为我觉得将数据库登录信息存储在主机站点上并不安全,因为很多人都可以访问后端。
所有浏览器都接受来自 regsite 的登录会话 cookie - Internet Explorer 8 不接受。让 IE 接受此 cookie 的唯一方法是将两个站点添加到“受信任的站点”中,这不是我想要的。
除了本地浏览器设置之外,还有什么方法可以解决跨域问题,或者是将注册移动到主机站点的唯一选择(curl
不是一个选项,因为我在注册网站上显示的不是静态 HTML,而是 PHP 文件)?
My main Site (hostsite) has an IFRAME
with a registration site (regsite) hosted on a different domain.
I want to host the registration on a different domain, because I feel storing the DB login information on hostsite is not safe as many people have access to the backend.
All browsers accept the login session-cookie coming from regsite - Internet Explorer 8 does not. The only way to make IE accept this cookie is by adding both sites to "Trusted Sites" which is not what i want.
Is there any way I can work around the cross-domain issue besides a local browser setting or is my only option to move the registration to hostsite (curl
is not an option as it's not static HTML I'm displaying on the registration site, but PHP files)?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我认为这可以在不移动任何东西并且很少编程的情况下解决。只需要一些 DNS 规则即可。
例如,您可以创建一个名为 register.hostsite(.com) 的新子域,指向 regsite 所在的 IP。
然后将
IFRAME
重定向到该新子域。它将从同一服务器获取相同的位,但现在它将位于主机站点的域内。
这应该(至少在理论上)足以满足 IE 的要求。但我不是 100% 确定,我已经很长时间没有使用 IFRAMES 了。
如果这不起作用,我建议也询问 serverfault。
编辑:我正在寻找另一个问题,并发现了雅虎的“微代理”PHP 实现。这是他们解决此类问题的推荐方法:
http://developer.yahoo .com/javascript/samples/proxy/php_proxy_simple.txt
I think this can be solved without moving anything, and little programming. Just with some DNS rules.
For example, you can create a new subdomain called register.hostsite(.com) pointing to the ip where regsite is.
Then re-direct the
IFRAME
to that new subdomain.It will get the same bits from the same server, but now it will be inside hostsite's domain.
That should (at least in theory) be enough to satisfy IE. I'm not 100% sure though, I haven't used IFRAMES in a long time.
If that doesn't work, I'd suggest asking on serverfault, too.
EDIT: I was looking for another issue and found this 'micro-proxy' PHP implementation by yahoo. It's their recommended way of resolving this kind of issues:
http://developer.yahoo.com/javascript/samples/proxy/php_proxy_simple.txt
iframe 和 IE 的问题在于 IE 将 iframe 的内容视为第三方(如广告等)。
要让 IE 实际存储此域文档设置的 cookie,您需要让其他域发出 P3P-标题说明其意图。这很容易做到,只需要添加一个 http 标头。
我不确定你所说的跨域问题是什么意思,因为没有跨域问题 - 你只是有来自两个不同域的两个不同文档。您尚未说明是否尝试让一个域为另一个域设置 cookie,或者一个页面访问另一个域。
The problem with the iframe and IE is that IE considers the iframe's content as 3'rd party (as in advertisements etc).
To have IE actually store the cookies set by this domain document you need to have the other domain emit an P3P-header stating its intentions. This is easy to do and requires only a single http-header to be added.
I'm, not sure what you mean by cross domain issues though as there are none - you simply have two different documents from two different domains. You have not stated whether you are trying to have one domain set cookies for the other, or one page access the other.