next »

[DangerMouse]

Hello folks,

I'm trying to run a small online application located on one domain, within an iframe on another. However I seem to be having problems in IE  I'm not attempting to access cookies from the parent domain, or indeed access anything that occurs within the iframe - that is purely the concern of the iframe target site. Everything works as expected in my Firefox install, but fails in IE. My understanding was that it would be the iframed site that would be setting the cookies and therefore I wouldn't encounter cross domain issues - am I mistaken?

Using the rather unhelpful 'analysis' provided by IE7 it mentions the lack of a "privacy policy" - a P3P header added to http responses on the iframe target domain - is this likely to be accurate and my only problem? If so I'll get it sorted (I control both sites), but I have very little faith in my research on this.

Are there an other issues that I may face?

Cheers,

DM

[Bompa]

Hello folks,

I'm trying to run a small online application located on one domain, within an iframe on another. However I seem to be having problems in IE  I'm not attempting to access cookies from the parent domain, or indeed access anything that occurs within the iframe - that is purely the concern of the iframe target site. Everything works as expected in my Firefox install, but fails in IE.

What is it that fails?

[DangerMouse]

The little privacy icon appears in the bottom of the IE status bar, and session information stored in cookies fails to work from one form step to the next

DM

[perkiset]

Isn't there a setting in IE to only accept cookies from the originating domain? I know FF and Safari have that as well... I believe the privacy part is to protect YOU from spammers like um, people I've heard of, that would use a dynamically created iFrame to install trackers...

[cdc]

I've had the same issue and getting your P3P headers correct will fix it.

[DangerMouse]

Isn't there a setting in IE to only accept cookies from the originating domain? I know FF and Safari have that as well... I believe the privacy part is to protect YOU from spammers like um, people I've heard of, that would use a dynamically created iFrame to install trackers...

Yeah definately, the issue in this case though is that as I'm deadling with an iframe, technically the cookies are 1st party, and set and read by the originating domain (or so I believe), but IE still considers it to be "3rd party" content just because its in an iframe.

I've had the same issue and getting your P3P headers correct will fix it.

Thanks cdc - I'd hoped this would be the case. Seems really stupid though considering it doesn't seem that hard to set the correct P3P header - although you're agreeing to legal T&Cs from a technical perspective you can just use a generic privacy header and apparently it works.

DM