Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 83282 invoked from network); 24 May 2007 00:43:34 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 24 May 2007 00:43:34 -0000 Received: (qmail 84939 invoked by uid 500); 24 May 2007 00:43:27 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 84919 invoked by uid 500); 24 May 2007 00:43:27 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 84907 invoked by uid 99); 24 May 2007 00:43:27 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 23 May 2007 17:43:27 -0700 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received-SPF: neutral (herse.apache.org: local policy) Received: from [66.75.162.136] (HELO ms-smtp-04.socal.rr.com) (66.75.162.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 23 May 2007 17:43:20 -0700 Received: from [127.0.0.1] (cpe-66-75-233-190.san.res.rr.com [66.75.233.190]) by ms-smtp-04.socal.rr.com (8.13.6/8.13.6) with ESMTP id l4O0gvvB029586 for ; Wed, 23 May 2007 17:42:57 -0700 (PDT) Message-ID: <4654DF90.5020704@totallythomas.com> Date: Wed, 23 May 2007 17:42:56 -0700 From: elwyatt Reply-To: ewyatt@totallythomas.com User-Agent: Thunderbird 1.5.0.10 (Windows/20070221) MIME-Version: 1.0 To: users@httpd.apache.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Antivirus: avast! (VPS 000742-1, 05/22/2007), Outbound message X-Antivirus-Status: Clean X-Virus-Scanned: Symantec AntiVirus Scan Engine X-Virus-Checked: Checked by ClamAV on apache.org Subject: [users@httpd] Mod_headers and cgi question involving P3P/IE7/cookies I'm running an admittedly old Apache 1.3.6 server configuration with an ecommerce website and recently attempted to resolve the problem involving cookies, IE7 and P3P Compact Headers. For any unfamiliar with the issue, IE7 browser, at the "High" privacy setting, will only allow cookies to be set or read if the site conforms completely with P3P privacy policies. Among other requirements, the page setting the cookie must have an http response header containing the P3P Compact Policy header, which matches the XML privacy policy on your site. Else an ugly icon becomes visible and cookie access is denied. Mod_headers is the vehicle prescribed to set the P3P Compact Policy header. Once enabled, mod_headers will add or adjust response headers at your command, with directives in your Apache config files or .htaccess. On my setup, mod_headers was compiled-in, as revealed by httpd -l. When I placed the appropriate header directive in .htaccess at the web root level, my static pages were delivered with the correct P3P Compact Policy headers. So far, so good. However, on pages created by my site's shopping cart cgi, the response headers look quite different and do not contain the P3P Compact Policy header. The shopping cart cgi does not appear to be using the Non Parsed Headers mode (no nph in the program names,) so I fail to understand this behavior. I expected that Apache mod_headers would add the header as directed to the cgi output before delivery. And so, the questions: 1. Shouldn't the header directive still be parsed via mod_headers, and shouldn't I expect to see the P3P Compact Policy header on the active pages prepared by the shopping cart cgi? If yes, why might this not work; and if no, why not? 2. Well, Question 1 is good enough. The shopping cart vendor has issued a patch to allow the header to be inserted in the cgi output, so that is a rough solution. But I would really like to know the why mod_headers didn't do the trick. Anybody know? --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org