问题
I am using the AjaxFileUpload plugin in my code, but ie8 and ie10 are not sending the Cookie in the request header on the POST to AjaxFileUploadHandler.axd. I see the "eye" icon at the bottom of ie8 and see that AjaxFileUploadHandler.axd is "blobked", so this not sending of the cookie is on purpose. I have the tag below in my own web.config, but the issue is the scripts for AjaxFileUpload are pulled in from a dll, and so even with this AjaxFileUploadHandler is still "blocked". I downloaded the source code to the AjaxControlToolkit, which creates the dll for the project, and now I am trying to find where I can add the P3P header so that ie can be happy. I see XMLHttpRequest() in the code of the toolkit, is there any way to add this P3P header to it to satisfy ie?
EDIT: The fix is to comment out iframe.security = "restricted"; I updated the code below.
<httpProtocol>
<customHeaders>
<add name="P3P" value='CP="Potato"'/>
</customHeaders>
</httpProtocol>
In particular this issue is with the iframe that the toolkit uses. Is there any way to just add P3P to the iFrame?
this.createIFrame = function() {
var name = this._iframeName,
iframe = document.createElement("IFRAME");
iframe.width = "0";
iframe.height = "0";
iframe.style.display = "none";
iframe.src = "about:blank";
//iframe.src = "javascript:'<script>window.onload=function(){document.write(\\'<script>document.domain=\\\"" + document.domain + "\\\";<\\\\/script>\\');document.close();};<\/script>'";
iframe.id = name;
iframe.name = name;
//iframe.security = "restricted";
document.body.appendChild(iframe);
iframe.contentWindow.name = name;
$addHandlers(iframe, {
load: Function.createDelegate(this, this.onIFrameLoadedHandler)
});
this._iframe = iframe;
};
this.onIFrameLoadedHandler = function (e) {
/// <summary>
/// Event handler to capture when iframe receive response from server.
/// </summary>
/// <param name="e"></param>
if (!control._currentFileId)
return;
try {
var iframe = this._iframe, doc = null;
// Only test the iframe data, exception should thrown if something went wrong.
if (iframe.contentDocument)
// Firefox, Opera
doc = iframe.contentDocument;
else if (iframe.contentWindow)
// Internet Explorer
doc = iframe.contentWindow.document;
else if (iframe.document)
// Others?
doc = iframe.document;
if (doc == null)
throw "Document not initialized";
// finalizing and upload next file
control.doneAndUploadNextFile(control.getCurrentFileItem());
} catch (e) {
// Cancelation / aborting upload can causing 'Access is denied' or 'Permission denied' on IE 9 bellow,
// let's consider this exception is not trully error exception from server.
if (!control._canceled || !(e.message && (e.message.indexOf("Access is denied") > -1 || e.message.indexOf("Permission denied") > -1))) {
this.raiseUploadError(e);
throw e;
}
}
};
回答1:
The fix for this was to remove one little line:
iframe.security = "restricted";
Keeping that line in there makes ie treat the iframe with the same level of security as a site in the user's "Restricted" list.
来源:https://stackoverflow.com/questions/27488275/can-i-add-a-p3p-response-header-to-xmlhttprequest