zoukankan      html  css  js  c++  java
  • P3P解决cookie跨域

    P3P是什么

    P3P(Platform for Privacy Preferences)是W3C公布的一项隐私保护推荐标准,以为用户提供隐私保护。   P3P标准的构想是:Web 站点的隐私策略应该告之访问者该站点所收集的信息类型、信息将提供给哪些人、信息将被保留多少时间及其使用信息的方式,如站点应做诸如 “本网站将监测您所访问的页面以提高站点的使用率”或“本网站将尽可能为您提供更合适的广告”等申明。访问支持P3P网站的用户有权查看站点隐私报告,然 后决定是否接受cookie 或是否使用该网站。

     

    利用P3P实现跨域

    有别于JS跨域、IFRAME跨域等的常用处理办法,通过发送P3P头信息而实现的跨域。

     

    PHP 使用P3P协议

    header('P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"');
    

      

    JS 使用P3P协议

    xmlhttp.setRequestHeader( "P3P" , 'CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"' );
    

      

    ASP.NET 使用P3P协议

    HttpContext.Current.Response.AddHeader("p3p", "CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"")
    

      

    JSP 使用P3P协议

    response.addHeader("P3P", "CP=IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT");
    

     

    策略说明

    (http://www.w3.org/2002/04/P3Pv1-header.html)

    compact-policy-field         =   `CP="` compact-policy `"`

    compact-policy                = compact-token *(" " compact-token)

    compact-token                = compact-access           |

                                              compact-disputes         |

                                              compact-remedies         |

                                              compact-non-identifiable |

                                              compact-purpose          |

                                              compact-recipient        |

                                              compact-retention        |

                                              compact-categories       |  

                                            compact-test  

    compact-access           = "NOI" | "ALL" | "CAO" | "IDC" | "OTI" | "NON"

     compact-disputes            = "DSP"

     compact-remedies          = "COR" | "MON" | "LAW"

     compact-non-identifiable = "NID"

    compact-purpose           = "CUR"        | "ADM" [creq] | "DEV" [creq] | "TAI" [creq] |

                                            "PSA" [creq] | "PSD" [creq] | "IVA" [creq] | "IVD" [creq] |

                                             "CON" [creq] | "HIS" [creq] | "TEL" [creq] | "OTP" [creq]  

    creq                              = "a" | "i" | "o"  

    compact-recipient        = "OUR" | "DEL" [creq] | "SAM" [creq] | "UNR" [creq] |

                                             "PUB" [creq] | "OTR" [creq]  

    compact-retention          = "NOR" | "STP" | "LEG" | "BUS" | "IND"

     compact-category           = "PHY" | "ONL" | "UNI" | "PUR" | "FIN" | "COM" |  

                                             "NAV" | "INT" | "DEM" | "CNT" | "STA" | "POL" |

                                              "HEA" | "PRE" | "LOC" | "GOV" | "OTC"  

    compact-test                  = "TST"

    简洁策略

    常用的简洁策略的 P3P头为 -   P3P : CP=CAO PSA OUR

    最简洁的写法是 P3P:CP=.


    compact-access(访问):  CAO - contact-and-other  允许第三方cookie的读写)
    compact-purpose(目的):  PSA -  pseudo-analysis .目的就是做身份验证、分析
    compact-recipient(受体):  OUR - ours 声明使用相关信息的人是谁,ours 第三方自己
     

     

    浏览器支持情况

    浏览器 默认允许第三方Cookie 是否支持P3P 禁止第三方Cookie后,配置P3P简明策略头的效果
    IE6

    HTTP可读写Cookie JS可读Cookie 首次读到P3P头,JS无写Cookie权限.第二次才OK

    (第二次.直接Cache.也不行.除非第一次非Cache并读到p3p头.后面我会提到解决方案.)

    应当避免JS的写操作

    IE7-IE9
    HTTP、JS,可随意读写.
    FireFox HTTP、JS都不可读写
    Chrome 部分支持,趋势-否 趋势为HTTP、JS可读不可写.
    Safari HTTP、JS可读不可写
    可以借助借助Post提交表单,实现写操作.
    Opera
    JS可读写 HTTP可读不可写.

     相关资料http://www.w3.org/P3P/

  • 相关阅读:
    jsp第六周作业
    jsp第四周作业
    jsp第一周周作业
    第一次软件测试课堂练习
    4.11jsp
    第六周作业
    第三周jsp作业
    3.10 jsp作业
    3.4软件测试
    JSP第六周作业
  • 原文地址:https://www.cnblogs.com/relucent/p/4127742.html
Copyright © 2011-2022 走看看