iframe、跨域 cookie、p3p 策略和 safari 出现错误:未提供所需的防伪令牌或无效
我不久前问过这个 问题,发现 IE 会阻止iframe 中的跨域 Cookie,除非您设置 p3p 策略。到目前为止,p3p 修复在 ie 中运行良好。然而,现在我们在 safari 中遇到了同样的错误。
我发现一篇文章有不同的 针对 Safari 的 p3p 政策。我添加了此代码来设置 p3p 策略,但仍然收到请求验证令牌错误。
public static void SetP3PCompactPolicy()
{
HttpContext current = HttpContext.Current;
if (current.Request.UserAgent.ToLower().IndexOf("safari") >= 0)
HttpContext.Current.Response.AddHeader("p3p", "CP=\"IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA\"");
else
HttpContext.Current.Response.AddHeader("p3p", "CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"");
}
我不确定这意味着什么,但它不适用于 Safari (5)。
此外,当我收到服务器错误时,所有信息都会在报告中发送给我,包括所有 http 标头。在这些错误中,p3p 标头永远不会出现。我不确定这是否是设计使然,或者是否表明问题正在发生。
I asked this question a while back and found that IE blocks cross-domain cookies in an iframe unless you set a p3p policy. So far, the p3p fix has worked beautifully in ie. However, now we are getting the same error in safari.
I found an article with a different p3p policy for safari. I added this code to set up the p3p policy, but I am still getting a request verification token error.
public static void SetP3PCompactPolicy()
{
HttpContext current = HttpContext.Current;
if (current.Request.UserAgent.ToLower().IndexOf("safari") >= 0)
HttpContext.Current.Response.AddHeader("p3p", "CP=\"IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA\"");
else
HttpContext.Current.Response.AddHeader("p3p", "CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"");
}
I'm not sure what any of that means, but it isn't working for Safari (5).
Also, when I get a server error, all information is sent to me in a report, including all the http headers. The p3p header never comes through in these errors. I'm not sure if that is by design or if it is an indicator of the issue going on.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
问题是 Safari 不允许在 iframe 中设置 cookie,除非用户与该 iframe 交互。对于某些人来说,这意味着点击链接。我找到了一个更好的解决方案,那就是进行重定向。
首先,我将此表格放在我的页面上。实际上,我将它放在 iframe 中提供的每个视图所使用的母版页中。
因为我只希望它在用户使用 safari 时起作用,所以我在静态帮助程序类中创建了此属性来检查用户代理
然后,在我的控制器中,我有以下操作
在我的母版页的标题中,我有我的脚本在确定是否呈现表单的同一 if 语句中声明。在我的脚本文件中,我有这个 jquery
iframe 第一次加载页面时,如果是 safari 并且未设置 cookie,则发布表单,设置 cookie,并且用户被重定向回相同的 url。
The issue is that Safari does not allow a cookie to be set in an iframe unless the user interacts with that iframe. For some, that means clicking a link. I found a better solution which is to do a redirect.
First, I put this form on my page. Actually, I put it in the masterpage that is used by every view served in the iframe.
Because I only want this to work when the user is using safari, I created this property in a static helper class to check the useragent
Then, in my controller, I have the following action
In my masterpage, in the header, I have my script declared within the same if statement that determines if the form is rendered. In my script file, I have this jquery
The first time the iframe loads a page, if it is safari and the cookie isn't set, the form is posted, the cookie set, and the user is redirected back to the same url.