Mod_headers and cgi question involving P3P/IE7/cookies

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I'm running an admittedly old Apache 1.3.6 server configuration with an ecommerce website and recently attempted to resolve the problem involving cookies, IE7 and P3P Compact Headers.
For any unfamiliar with the issue, IE7 browser, at the "High" privacy setting, will only allow cookies to be set or read if the site conforms completely with P3P privacy policies. Among other requirements, the page setting the cookie must have an http response header containing the P3P Compact Policy header, which matches the XML privacy policy on your site. Else an ugly icon becomes visible and cookie access is denied.
Mod_headers is the vehicle prescribed to set the P3P Compact Policy header. Once enabled, mod_headers will add or adjust response headers at your command, with directives in your Apache config files or .htaccess.
On my setup, mod_headers was compiled-in, as revealed by httpd -l. When I placed the appropriate header directive in .htaccess at the web root level, my static pages were delivered with the correct P3P Compact Policy headers. So far, so good.
However, on pages created by my site's shopping cart cgi, the response headers look quite different and do not contain the P3P Compact Policy header. The shopping cart cgi does not appear to be using the Non Parsed Headers mode (no nph in the program names,) so I fail to understand this behavior. I expected that Apache mod_headers would add the header as directed to the cgi output before delivery. 

  And so, the questions:
1. Shouldn't the header directive still be parsed via mod_headers, and shouldn't I expect to see the P3P Compact Policy header on the active pages prepared by the shopping cart cgi? If yes, why might this not work; and if no, why not?
2. Well, Question 1 is good enough. The shopping cart vendor has issued a patch to allow the header to be inserted in the cgi output, so that is a rough solution. But I would really like to know the why mod_headers didn't do the trick. Anybody know? 



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux