P3P技术
P3P技术用来解决跨域隐私问题,常见问题就是跨域iframe写入cookies
首先我们需要一个p3p.xml
<META xmlns="http://www.w3.org/2000/12/P3Pv1">
<POLICY-REFERENCES>
<POLICY-REF about="/w3c/vodone.xml">
<INCLUDE>/*</INCLUDE>
<COOKIE-INCLUDE>* * * *</COOKIE-INCLUDE>
</POLICY-REF>
</POLICY-REFERENCES>
</META>
其次需要一个vodone.xml
<?xml version="1.0" encoding="GB2312"?>
<POLICY xmlns="http://www.w3.org/2000/12/P3Pv1">
<ENTITY>
<DATA-GROUP>
<DATA ref="#business.name">第一视频通信传媒有限公司</DATA>
<DATA ref="#business.contact-info.online.uri">http://www.vodone.com/</DATA>
</DATA-GROUP>
</ENTITY>
<ACCESS><nonident/></ACCESS>
<DISPUTES-GROUP>
<DISPUTES resolution-type="independent" service="http://www.truste.org/users/watchdog.html" verification="Truste" short-description="TRUSTe Certification">
<LONG-DESCRIPTION>Microsoft is a premier sponsor of TRUSTe and a member of the TRUSTe privacy program, an independent, non-profit initiative whose mission is to build users' trust and confidence in the Internet by promoting TRUSTe's principles of fair information practices.</LONG-DESCRIPTION>
<IMG src="/w3c/Truste.gif" width="91" height="73" alt="TRUSTe: Click to Verify"/>
<REMEDIES>
<correct/>
</REMEDIES>
</DISPUTES>
</DISPUTES-GROUP>
<STATEMENT>
<CONSEQUENCE>Cookies are used to track visitors to our site, so we can better understand what portions of our site best serve you.</CONSEQUENCE>
<PURPOSE><admin/><develop/></PURPOSE>
<RECIPIENT><ours/></RECIPIENT>
<RETENTION><stated-purpose/></RETENTION>
<DATA-GROUP>
<DATA ref="#dynamic.cookies" optional="yes"><CATEGORIES><state/></CATEGORIES></DATA>
</DATA-GROUP>
</STATEMENT>
</POLICY>
使用示列:
1.静态页:
<meta http-equiv="P3P" content='policyref="http://w.about.com/w3c/p3p.xml"'/>
<link rel="P3Pv1" href="http://w.about.com/w3c/p3p.xml" type="text/xml"/>
2.动态页:
response.setHeader("P3P", "policyref=\"http://u.vodone.com/webunion/w3c/p3p.xml\"");