IE下,iframe跨域调用session消失
被调用端由于session消失,ajax请求error,需要加上<% response.addHeader("P3P", "CP=\"IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA\""); %>
其他浏览器无此问题。
以下为引用:
问题根源:
IE6/IE7支持的P3P(Platform for Privacy Preferences Project (P3P) specification)协议默认阻止第三方无隐私安全声明的cookie,Firefox目前还不支持P3P安全特性,firefox中自然也不存在此问题了。
解决办法:
在要嵌入的内容中(iframe指向的站点)输出P3P的主机头声明:
php:
header('P3P:CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"');
asp.net:
HttpContext.Current.Response.AddHeader("p3p", "CP=\""IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\""")
或者:Response.AddHeader("P3P","CP=CAO PSA OUR");
jsp:
response.setHeader("P3P","CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'")
ColdFusion:
<cfheader name="P3P" value="CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'" />