468,268 Members | 1,769 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 468,268 developers. It's quick & easy.

Re: Security issue with an HTA frame

With IIS7 on Vista SP1, the problem does not occur. When I told you
yesterday that the problem occurs on Windows XP/Vista, I talked about the
client environment.

Oct 23 '08 #1
2 2393
Hi Oriane,

Thanks for your information. I've reproduced this issue on my side. If an
internet site (your stibil.fr is considered as an internet site because
it's not in the same domain of the machine where the IE runs) is not added
to the trusted sites zone, when using iframe to show the site the cookie
cannot persist.

To work it around we can set http header. Please refer to this article:
http://adamyoung.net/IE-Blocking-iFrame-Cookies

To do this in ASP.NET we can add a new item called global.asax to the
project and add following content in this file:

<%@ Application Language="C#" %>

<script language="C#" runat="server">
protected void Application_BeginRequest(object sender,
EventArgs e)
{
this.Context.Response.AddHeader("p3p", "CP=\"IDC DSP COR ADM DEVi TAIi
PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"");
}
</script>

Please have a try and let me know if it works.

Regards,
Allen Chen
Microsoft Online Support

--------------------
| From: "Oriane" <or****@noemail.noemail>
| References: <e8**************@TK2MSFTNGP06.phx.gbl>
<Z3**************@TK2MSFTNGHUB02.phx.gbl>
<Om**************@TK2MSFTNGP04.phx.gbl>
<gr**************@TK2MSFTNGHUB02.phx.gbl>
| In-Reply-To: <gr**************@TK2MSFTNGHUB02.phx.gbl>
| Subject: Re: Security issue with an HTA frame
| Date: Thu, 23 Oct 2008 15:27:44 +0200
| Lines: 4
| MIME-Version: 1.0
| Content-Type: text/plain;
| format=flowed;
| charset="iso-8859-1";
| reply-type=original
| Content-Transfer-Encoding: 7bit
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Windows Mail 6.0.6001.18000
| X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6001.18049
| Message-ID: <O3**************@TK2MSFTNGP05.phx.gbl>
| Newsgroups: microsoft.public.dotnet.framework.aspnet
| NNTP-Posting-Host: net1.yris-technologie.com 213.41.243.88
| Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSF TNGP05.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl
microsoft.public.dotnet.framework.aspnet:78468
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
|
| With IIS7 on Vista SP1, the problem does not occur. When I told you
| yesterday that the problem occurs on Windows XP/Vista, I talked about the
| client environment.
|
|

Oct 27 '08 #2
Hi Allen,

"Allen Chen [MSFT]" <v-******@online.microsoft.coma écrit dans le message
de news:z9**************@TK2MSFTNGHUB02.phx.gbl...
[...]
>
To work it around we can set http header. Please refer to this article:
http://adamyoung.net/IE-Blocking-iFrame-Cookies

To do this in ASP.NET we can add a new item called global.asax to the
project and add following content in this file:

<%@ Application Language="C#" %>

<script language="C#" runat="server">
protected void Application_BeginRequest(object sender,
EventArgs e)
{
this.Context.Response.AddHeader("p3p", "CP=\"IDC DSP COR ADM DEVi TAIi
PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"");
}
</script>

Please have a try and let me know if it works.
It works :-)

Thanks a lot

Oct 27 '08 #3

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

8 posts views Thread by jasonbrown1999 | last post: by
7 posts views Thread by Neil | last post: by
2 posts views Thread by James | last post: by
2 posts views Thread by K.C. Brown | last post: by
3 posts views Thread by Velvet | last post: by
2 posts views Thread by rbanerji | last post: by
reply views Thread by NPC403 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.