Quote:
Originally Posted by raymor
IE, for example, will by default accept third party cookies only if the site sering the cookie uses a P3P compact privacy policy header.
In order to greatly increase acceptance of third party cookies, add a compact privacy policy. See:
http://www.softwareprojects.com/reso...side-1612.html |
Simply adding a compact header only gets you part of the way - you'll want to add a policy file to be sure everything's cool (IE8??).
It's should be easy enough to just throw a header in web server config and then add the necessary xml files - I use two, if you can figure out how to fit it in a single file... it's supposed to do that.
Apache conf:
Code:
Header unset P3P
Header add P3P 'policyref="http://%{SERVER_NAME}e/w3c/p3p.xml", CP="THESE NEED TO MATCH YOUR POLICY HAVE FUN"'
Then a p3p.xml file:
Code:
<?xml version="1.0" encoding="UTF-8"?>
<META xmlns="http://www.w3.org/2002/01/P3Pv1">
<POLICY-REFERENCES>
<POLICY-REF about="policy.xml">
<INCLUDE>/*</INCLUDE>
<COOKIE-INCLUDE name="*" value="*" domain="*" path="*"/>
</POLICY-REF>
</POLICY-REFERENCES>
</META>
Then your lovingly hand-crafted p3p policy file: (since all of the generation tools seem broken or just gone)
Code:
<?xml version="1.0" encoding="UTF-8"?>
<POLICY xmlns="http://www.w3.org/2002/01/P3Pv1" discuri="http://www.yoursite.com/privacy.html" opturi="http://www.yoursite.com/contact.html">
<LOOK_IT_UP_SHEESH/>
</POLICY>
Not having appropriate policies in your program's traffic funnel can be a fun way to try to Gilette yourself a little extra change.