Error message

  • Warning: Cannot modify header information - headers already sent by (output started at /home/adam/sites/adamyoung.net/index.php:2) in drupal_send_headers() (line 1043 of /home/adam/sites/adamyoung.net/includes/bootstrap.inc).
  • Warning: Cannot modify header information - headers already sent by (output started at /home/adam/sites/adamyoung.net/index.php:2) in drupal_send_headers() (line 1043 of /home/adam/sites/adamyoung.net/includes/bootstrap.inc).
  • Warning: Cannot modify header information - headers already sent by (output started at /home/adam/sites/adamyoung.net/index.php:2) in drupal_send_headers() (line 1043 of /home/adam/sites/adamyoung.net/includes/bootstrap.inc).
  • Warning: Cannot modify header information - headers already sent by (output started at /home/adam/sites/adamyoung.net/index.php:2) in drupal_send_headers() (line 1043 of /home/adam/sites/adamyoung.net/includes/bootstrap.inc).
  • Warning: Cannot modify header information - headers already sent by (output started at /home/adam/sites/adamyoung.net/index.php:2) in drupal_send_headers() (line 1043 of /home/adam/sites/adamyoung.net/includes/bootstrap.inc).

IE Blocking iFrame Cookies

I got a call today about one of my applications not running correctly from inside an iFrame. I tried it out and it looked like everything worked great in Safari and Firefox but not IE6 or IE7. It took me a few failed attempts to fix it before I decided it must be a session problem. After firing up a packet sniffer it became obvious the cookie with the session ID was not being passed.

The problem lies with a W3C standard called Platform for Privacy Preferences or P3P for short. You can read all about the boring stuff via the link or else just install the P3P Compact Policy header below. This will allow Internet Explorer to accept your third-party cookie. You will need to send the header on every page that sets a cookie.

PHP:

header('P3P:CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"');

ASP.NET:

HttpContext.Current.Response.AddHeader("p3p","CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"");

Django:

response = render_to_response('mytemplate.html')
response["P3P"] = 'CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"'

JSP:

response.addHeader("P3P","CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"")

Comments

Saved me from a huge headache.

It's not like you really deserve that many thank yous..must be a fake ego thing..

Thanks Adam , It saved the Day

This is great work!

Respected,
I have a page aspx with an internal iframe that should receive pages called by menu of the type:
<ul id="menu">
<li><a href="Eccaflesm1.aspx" target="iframePDF">E C C A F</a></li>
<li><a href="#" target="iframePDF">Quem Somos</a></li>
</ul>
The iframe is <iframe id="iframePDF" style="width:748px; height:416px" runat="server"
scrolling="yes"></iframe>.
In the firefox and chrome it perfectly works. And in IE8 it doesn't work, the page opens in another window.
It includes the directing HttpContext.Current.Response.AddHeader("p3p","CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"");

in the load aspx-cs and it continues not working in IE.
I request help for that problem. Adim.
adim.almeida@globo.com

Respected,
In complement previus msg:

Menu: <ul id="menu"
<li><a href="Eccaf.aspx" target="iframe1"> Eccaf </a></li>
<li><a href="http://www.gogle.com" target="iframe1">Google </a></li>
</ul>
Iframe: <iframe id="iframe1" style="width:........... runat="server"></iframe>

Thanks! Adim

Thanks Adam,

I applied your solution and it worked perfectly. You really saved me

Appreciated,
Ma'en

Adam:

I would like to add to the chorus of praise. I'm sure you saved me HOURS of work, and I will take all the credit at my workplace :).

Thanks again.

D00d, seriously! I would have never EVER fingered that one out on my own! MANY MANY thanks! Buy a beer on me!

-Dan

Thanks a lot! It fixed my problem! :)

Hi, I am gettin same problem in asp.net, my frame is not saving the cookies. Can you send me the code how i can fix this problem on my Email ID please...
My Email ID : sarajeevraj@gmail.com

Hi,

I am setting up P3P header in the response by setting up filter on java side. But some how its not setting up the P3P header. What should i do. The filter code looks like below

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
HttpServletResponse httpResponse = (HttpServletResponse) response;
httpResponse.setHeader("P3P",
"CP=\"ALL DSP COR CURa ADMa DEVa TAIa OUR IND UNI COM NAV INT CNT\"");
chain.doFilter(request, httpResponse);
}

Is there any other way to setup P3P header in java

Hi, I am gettin same problem in asp.net, my frame is not saving the cookies. Can you send me the code how i can fix this problem on my Email ID please...
My Email ID : sarajeevraj@gmail.com

Should the header function (I code php) be included on the page containing the IFrame or the page that's supposed to show inside the IFrame?

Wow,

thank you very much!!!!!!!!!!!!!

It was the solution to my problem!!

Thanks a lot man!

love it, i was looking for way to solve the problem for our <a href="http://perfumestory.com">Perfume Story</a> project. This helps a lot.

I've just spent several hours looking into this and getting no where. Especially when Firefox and Chrome were working correctly and it was only IE that had this trouble.

Thanks for the info Adam.

If you are using MS technology for your website and you have access to IIS you can get IIS to output the header on every page without having to touch the code.

1. From within IIS bring up the properties for the site in question.
2. Click on the HTTP Headers tab
3. Click the Add button
4. In the custom header name enter:

P3P

6. In the custom header value enter:

CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"

7. Click OK then OK and your good to go. You don't even need to restart IIS.

oh! You are the man!! You just save my live!
Thanks a lot!
Walter.

Great information you got here. I've been reading about this topic for one week now for my papers in school and thank God I found it here in your blog. I had a great time reading this <a href="http://www.adidasadizeros.com">Adidas Adizeros</a>

The procedure is basically the same in IIS7. This was exactly what I needed, I'm glad I went to Google early on this issue.

thanks!!! You save many hours of my live!!!

I have developed one application to check whether browser enables cookie or not, it is running perfectly for google crome and
firefox but not for IE8. In internet explorer 8 it is showing cookie is enabled though cookie is being blocked manually.
Please help.

You're a life saver. Thanks a lot!
P.S. IE sucks

Thanks a lot!

Thank u very much, you are the best (y)

Hi Adam,
I am stuck with a similar issue like this. But here I dont have any cookies set.
I have a jsp, where I use a custom tag for tabs and each tab has its own iFrame loading the contents.
In the first tab/iframe i load a flash object and on the second one it is jsp page, with a table, but the table data is populated from the session bean using another custom tag.

This works fine in mozilla, but not in IE. In IE the table header shows like it is showing data 1-1 of page 1, but the thing is it is not populated. i could see the view source with the data, but the rendering is not happening in IE.. But if i swap the tabs it would populate the data correctly, as now the jsp with table is first tab and it is the default. I tried putting your fix in my original jsp which is having the two tabs and frames defined. But it is still not helping.. Any idea what would be wrong here with rendering on ie with iframes
Thanks in advance
Sarah

THANKS A LOT for your help!
An unbelievable solution for a strange MS problem!

MK

My reaction is like all the other comments,.
Thanks for posting! It's a life saver!

Wow. You stopped IE from giving me a headache this morning. Thank you.

its very unsecure to send session-cookies in iframes.

example:
- your website allow to delete the account via an link in the members-area to http://foo.bar/cancel.php
- your customer is in log in-status on your site and "forgot" to log out.
- then your customer brows to http://bad_infected_site.com with an iframe to http://foo.bar/cancel.php
- the result: the account is deleted because the user is still logged in.

so be careful disabling this security option.

You can do the same without cookies in iframes, by just redirecting the user to a normal page. (Admittedly, with iframes you can keep your actions secret.)

Modified example:
- your website allow to delete the account via an link in the members-area to http://foo.bar/cancel.php
- your customer is in log in-status on your site and "forgot" to log out.
* then your customer browses to http://bad_infected_site.com
* http://bad_infected_site.com redirects the user to http://foo.bar/cancel.php
- the result: the account is deleted because the user is still logged in.

My IE just closes after I have been opening some specific websites do you happen to know about this issue?

Ruby,
<a href="http://www.van-insurance-cheap.co.uk/">cheap van insurance</a>

Ruby,

It could be a script installed on your pc without you knowing. Your best bet would be to clear your browser cache and then reboot your system once again. That should sort it out.

Thomas Banks
<a href="http://www.cheapestvaninsurance.org/">cheapest van insurance</a>

Does it have to be the compact policy you illustrate here, and if so, why? What is it about this compact policy that allows it to work? I have a security policy I am using but it currently will not work.
CP="CAO DSP CURa ADMa DEVa TAIa PSAa PSDa CONo OUR DELa BUS IND PHY ONL UNI COM NAV STA LOC"

The type of compact policy wasn't issue but that the policy I was putting into the header had TST at the end which indicates it is a test policy and IE does not honor that.
Sorry for the confusion.

I am very enjoyed for this blog. Its an informative topic. It help me very much to solve some problems. Its opportunity are so fantastic and working style so speedy. I think it may be help all of you. Thanks a lot for enjoying this beauty blog with me. I am appreciating it very much! Looking forward to another great blog. Good luck to the author! all the best! <a href="http://www.bestlogoproducts.com/" rel="follow">logo products</a>

Looks like you are a specialist on this because you just made it so easy to be with you, motivated me to learn more on the subject! May I ask you, do you devote a lot of effort to it because you seem to be so in tune with <a href="http://fridaymoviez.com/celebrity/shahrukh-khan/56070" rel="follow">Shahrukh Khan</a>

This is a really good read for me. Must agree that you are one of the coolest blogger I ever saw. Thanks for posting this useful information. This was just what I was on looking for. I’ll come back to this blog for sure! I bookmarked this blog a while ago because of the useful content and I am never being disappointed. Keep up the good work
Regards,
<a href="http://townplannersbrisbane.com/">townplanning brisbane</a>

Thanks so much for this post. I would give you my last bud-light absolutely.
-John

Ha. this comment made me laugh. I am drinking a bud light myself<a href="http://www.http://news.webshots.com/album/102344700Zhsacv">.</a>

This is the exact way that people expecting we can see most of the comments are true and towards the positive opinion..This is the exact way that people expecting we can see most of the comments are true and towards the positive opinion..
<a href="http://placementargent.org/placement-financier/">simulateur de placement financier</a>

Thank you Adam Its working really good now.

I can not stop my self saying Thanks & Thanks & Thanks!!!!!!!!!!! to youu................!

Thanka a lot..u save my lots of time..thanks again.. :D

thanks, you saved my life. i spent two weeks of work to find why my script dont work and this helps me within one minute. thank you very much

Tnks!!! Tnks!!! Tnks!!!

thanks a lot!!! :)

It seems to work also writing something else, like:
<strong> header('P3P:CP=" merry christmas "'); </strong>
the important is to send the header :D
bye!

thank you very much, thanks again and again.

Thank you very much. The information is really appreciated. You made my day. :D I have been searching this for a while...

Pages