Re: Security issue with an HTA frame

Hi Oriane,

Thanks for your information. I've reproduced this issue on my side. If an
internet site (your stibil.fr is considered as an internet site because
it's not in the same domain of the machine where the IE runs) is not added
to the trusted sites zone, when using iframe to show the site the cookie
cannot persist.

To work it around we can set http header. Please refer to this article:
http://adamyoung.net/IE-Blocking-iFrame-Cookies

To do this in ASP.NET we can add a new item called global.asax to the
project and add following content in this file:

<%@ Application Language="C#" %>

<script language="C#" runat="server">
protected void Application_BeginRequest(object sender,
EventArgs e)
{
this.Context.Response.AddHeader("p3p", "CP=\"IDC DSP COR ADM DEVi TAIi
PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"");
}
</script>

Please have a try and let me know if it works.

Regards,
Allen Chen
Microsoft Online Support

--------------------
| From: "Oriane" <or****@noemail.noemail>
| References: <e8**************@TK2MSFTNGP06.phx.gbl>
<Z3**************@TK2MSFTNGHUB02.phx.gbl>
<Om**************@TK2MSFTNGP04.phx.gbl>
<gr**************@TK2MSFTNGHUB02.phx.gbl>
| In-Reply-To: <gr**************@TK2MSFTNGHUB02.phx.gbl>
| Subject: Re: Security issue with an HTA frame
| Date: Thu, 23 Oct 2008 15:27:44 +0200
| Lines: 4
| MIME-Version: 1.0
| Content-Type: text/plain;
| format=flowed;
| charset="iso-8859-1";
| reply-type=original
| Content-Transfer-Encoding: 7bit
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Windows Mail 6.0.6001.18000
| X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6001.18049
| Message-ID: <O3**************@TK2MSFTNGP05.phx.gbl>
| Newsgroups: microsoft.public.dotnet.framework.aspnet
| NNTP-Posting-Host: net1.yris-technologie.com 213.41.243.88
| Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSF TNGP05.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl
microsoft.public.dotnet.framework.aspnet:78468
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
|
| With IIS7 on Vista SP1, the problem does not occur. When I told you
| yesterday that the problem occurs on Windows XP/Vista, I talked about the
| client environment.
|
|

Hi Allen,

"Allen Chen [MSFT]" <v-******@online.microsoft.coma écrit dans le message
de news:z9**************@TK2MSFTNGHUB02.phx.gbl...
[...]

>
To work it around we can set http header. Please refer to this article:
http://adamyoung.net/IE-Blocking-iFrame-Cookies

To do this in ASP.NET we can add a new item called global.asax to the
project and add following content in this file:

<%@ Application Language="C#" %>

<script language="C#" runat="server">
protected void Application_BeginRequest(object sender,
EventArgs e)
{
this.Context.Response.AddHeader("p3p", "CP=\"IDC DSP COR ADM DEVi TAIi
PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"");
}
</script>

Please have a try and let me know if it works.

It works :-)

Thanks a lot