PHP通過設定P3P頭來實現跨域訪問COOKIE
我的是CentOS的系統(Linux 核心)
編輯HOST
vi /etc/hosts
加入
127.0.0.1 www.a.com
127.0.0.1 www.b.com
首先:建立 a_setcookie.php 檔案,內容如下:
<?php
//header(`P3P: CP=”CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR”`);
setcookie(“test”, $_GET[`id`], time()+3600, “/”, “.a.com”);
?>
然後:建立 a_getcookie.php 檔案,內容如下:
<?php
var_dump($_COOKIE);
?>
最後:建立 b_setcookie.php 檔案,內容如下:
<script src=”http://www.a.com/a_setcookie.php?id=www.b.com”></script>
----------------------------
三個檔案建立完畢後,我們通過瀏覽器依次訪問:
http://www.b.com/b_setcookie.php
http://www.a.com/a_getcookie.php
我們會發現,在訪問b.com域的時候,我們並沒有在a.com域設定上cookie值。
然後我們修改一下a_setcookie.php檔案,去掉註釋符號,a_setcookie.php即為:
<?php
header(`P3P: CP=”CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR”`);
setcookie(“test”, $_GET[`id`], time()+3600, “/”, “.a.com”);
?>
再次通過瀏覽器依次訪問:
http://www.b.com/b_setcookie.php
http://www.a.com/a_getcookie.php
這次,你會發現在訪問b.com域的時候,我們設定了a.com域的cookie值。
末了補充一句,似乎只有IE對跨域訪問COOKIE限制比較嚴格,上述程式碼在FIREFOX下測試,即使不傳送P3P頭資訊,也能成功。
==========================================
通過Fiddler可以方便的知道上面P3P程式碼的含義
P3P Header is present:
CP=”CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR”
Compact Policy token is present. A trailing `o` means opt-out, a trailing `i` means opt-in.
CURa
Information is used to complete the activity for which it was provided.
ADMa
Information may be used for the technical support of the Web site and its computer system.
DEVa
Information may be used to enhance, evaluate, or otherwise review the site, service, product, or market.
PSAo
Information may be used to create or build a record of a particular individual or computer that is tied to a pseudonymous identifier, without tying identified data (such as name, address, phone number, or email address) to the record. This profile will be used to determine the habits, interests, or other characteristics of individuals for purpose of research, analysis and reporting, but it will not be used to attempt to identify specific individuals.
PSDo
Information may be used to create or build a record of a particular individual or computer that is tied to a pseudonymous identifier, without tying identified data (such as name, address, phone number, or email address) to the record. This profile will be used to determine the habits, interests, or other characteristics of individuals to make a decision that directly affects that individual, but it will not be used to attempt to identify specific individuals.
OUR
We share information with ourselves and/or entities acting as our agents or entities for whom we are acting as an agent.
BUS
Info is retained under a service provider`s stated business practices. Sites MUST have a retention policy that establishes a destruction time table. The retention policy MUST be included in or linked from the site`s human-readable privacy policy.
UNI
Non-financial identifiers, excluding government-issued identifiers, issued for purposes of consistently identifying or recognizing the individual. These include identifiers issued by a Web site or service.
PUR
Information actively generated by the purchase of a product or service, including information about the method of payment.
INT
Data actively generated from or reflecting explicit interactions with a service provider through its site — such as queries to a search engine, or logs of account activity.
DEM
Data about an individual`s characteristics — such as gender, age, and income.
STA
Mechanisms for maintaining a stateful session with a user or automatically recognizing users who have visited a particular site or accessed particular content previously — such as HTTP cookies.
PRE
Data about an individual`s likes and dislikes — such as favorite color or musical tastes.
COM
Information about the computer system that the individual is using to access the network — such as the IP number, domain name, browser type or operating system.
NAV
Data passively generated by browsing the Web site — such as which pages are visited, and how long users stay on each page.
OTC
Other types of data not captured by the above definitions.
NOI
Web Site does not collected identified data.
DSP
The privacy policy contains DISPUTES elements.
COR
Errors or wrongful actions arising in connection with the privacy policy will be remedied by the service.
Validate at: http://www.w3.org/P3P/validator.html
Learn more at: http://www.fiddlertool.com/redir/?id=p3pinfo
相關文章
- 使用PHP實現跨域COOKIEPHP跨域Cookie
- PHP 設定多域名允許跨域訪問PHP跨域
- 跨源通訊、跨域訪問跨域
- 跨域訪問實現依據跨域
- [php]如何讓cookie實現跨域問題的原始碼例項PHPCookie跨域原始碼
- 阿里雲圖片跨域訪問設定阿里跨域
- Spring Boot 通過CORS實現跨域Spring BootCORS跨域
- php實現SESSION跨域PHPSession跨域
- JavaScript 跨域訪問(API介面)實現原理分析JavaScript跨域API
- ASP.NET MVC & WebApi 中實現Cors來讓Ajax可以跨域訪問ASP.NETMVCWebAPICORS跨域
- localStorage 跨域訪問跨域
- ajax跨域訪問時,set-cookie無效問題的解決跨域Cookie
- 走過路過來看看各種實現跨域的方式~跨域
- 關於Cookie跨域的問題Cookie跨域
- iframe 元素跨域訪問跨域
- JavaScript cookie 跨域JavaScriptCookie跨域
- Linux 通過lseek()來實現檔案大小的設定Linux
- 用postMessage實現跨域通訊跨域
- 通過 Samba 實現 Win/Mac 訪問 LinuxSambaMacLinux
- SpringMVC+RestFul詳細示例實戰教程(實現跨域訪問)SpringMVCREST跨域
- 同源策略和跨域訪問跨域
- IE中iframe跨域訪問跨域
- 什麼是瀏覽器跨域訪問操作?JS如何實現?瀏覽器跨域JS
- 【Angular】設定代理解決跨域問題Angular跨域
- 通過配置環境來實現PHP高效優化PHP優化
- Java通過SSLEngine與NIO實現HTTPS訪問JavaHTTP
- 【linux環境配置】設定linux通過主機名訪問區域網主機Linux
- Laravel API 允許跨域訪問LaravelAPI跨域
- Go Gin 允許跨域訪問Go跨域
- SQL Server跨庫跨伺服器訪問實現SQLServer伺服器
- CORS跨域cookie傳遞CORS跨域Cookie
- SpringBoot中通過CORS解決跨域問題Spring BootCORS跨域
- js資源跨域訪問的問題JS跨域
- 解決JS跨域訪問的問題JS跨域
- 跨域http頭跨域HTTP
- 通過 Certbot 安裝 Let's Encrypt 證書,來實現全站的 HTTPS 訪問HTTP
- vue_cli3.x 跨域訪問Vue跨域
- MySQL利用FREDATED實現跨例項訪問MySql