Maybe I am stupid. After spending 6 - 10 hours wondering why my site doesn’t work in an iFrame in IE, I was beginning to suspect the worst. Of course, I wouldn’t be posting to this blog without the solution.
Basically, if you are in a frame/iFrame with a different domain than the window, you are a 3rd party. Unless you set a P3P header, IE will block all cookies with extreme prejudice. In rails this can be accomplished by using a before_filter, to set a response.headers['P3P'] value to something reasonable. If you don’t get through the spec, this page seems reasonable.
The real annoyance comes from the fact that P3P is so forgettable. Every seasoned developer I mention the solution to, said they exact same thing, “Oh yeah, our company ran into that, what a crock . . . “
This might be a stupid question. But, why would you use an iFrame in the first place? What do you use it for?
It is certainly not a stupid question. I happen to be using an iFrame for a quick and dirty integration.
We have a UI built for doing X, company Y wants that functionality, it is easiest to put our site up exactly as is inside of Y.
There are probably 10 better ways of accomplishing this, but this is the quickest.
Hi, thanks for simple answer.
One thing - it is not response.header[’P3P’], but response.headers[’P3P’]
example for those who dont know how to implement that:
application.rb
beforefilter :setp3p
—
def set_p3p
response.headers['P3P'] = “CP=’ALL ADM DEV PSAi COM OUR OTRo STP IND ONL’”
end