0

Our app is hosted in Facebook. As you know, Facebook hosts third party app in an IFrame. You may also know that if a web site in an Iframe, and parent website is on a different domain, then 3rd party (cross domain) cookies that do not have a compact policy will be blocked in IE for Medium privacy settings. So one needs to configure a compact p3p policy for a web site. My general question is: What is the recommended way to do this on Azure. I would appreciate any documentations on this. I looked and looked and can only find bits and pieces that do not work for me.

Note, I have already created the p3p policy files (html, xml, compact and reference files). So basically I think I have all the pieces that I need. I am just missing the directions on how to enable them.

Further subquestions:

Do I have to serve the compact p3p policy as part of the response header every time a page is requested?

or

Can I configure the IIS on Azure to set the headers for the entire site? I found this link

http://richardprodger.wordpress.com/2011/04/06/p3p-and-iis-in-azure/

that talks about how to create and run an appcommand on Azure. However, when I do it and try to deploy, my role instances never start. They hang infinitely.

Kind regards,

Archil

Archil Kublashvili
  • 696
  • 1
  • 8
  • 20

1 Answers1

7

On another site (social.msdn.microsoft.com) someone made the following post:

Instead of configuring IIS in startup task, we can write the setting in the web.config file in our web role. The setting I used to resolve p3p issue is:

<configuration>
    <system.webServer>
        <httpProtocol>
            <customHeaders>
                <add name="p3p" value="CP=&quot;IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT&quot;"/>
            </customHeaders>
        </httpProtocol>
    </system.webServer>
</configuration>

The p3p header value is quoted from http://adamyoung.net/IE-Blocking-iFrame-Cookies. Please try if it works for you or not.

Hope this helps.

Armchair Bronco
  • 2,367
  • 4
  • 31
  • 44
  • I have tried this but unfortunately my role instance never starts. Visual Studion just sits there displaying "Running the Deployment" in the lower left corner but it never transitions to actually running it. If I remove the above block then I can run the deployment no problem. – Archil Kublashvili Jun 07 '11 at 04:07
  • Correction to the above: I was incorrectly placing the httpProtocol node under the System.web. Once I put it under System.webserver then I can deploy the solution with no problem. However, I am still having a problem of a "Privacy Settings eye" showing up at the status bar of the IE. I wonder if one of my p3p compact three letter durectives is incorrect. – Archil Kublashvili Jun 07 '11 at 06:18
  • I realized I was modifying a wrong web.config file. The aobve suggestions should go into the web.config file of an app that is hosted inside an IFrame (not the host one). After I made those changes then the problem was solved. – Archil Kublashvili Jun 07 '11 at 20:33