For a project I’m working on, I need to set an HTTP header BEFORE the
Set-Cookie header is sent. Basically, I need to send along our compact
privacy policy before the cookie is set.
I’ve tried using:
@headers[‘P3P’] = “P3P: blah blah blah…”
…but the problem is that no matter what I do, the Set-Cookie header is
sent first, and the P3P header is sent afterwards. I also tried setting
the “Set-Cookie” header directly in @headers instead of using the
cookie[] method, and changing the order in which the @headers were set.
But rails always seems to want to send the “Set-Cookie” header first.
I’m thinking I might need to override some rails class, but I don’t have
a clue as to where in rails to even begin looking.
Any ideas on how I can get the P3P header sent first instead?
dear sender,
i´m out of the office until may 29th.
your email will not be forwarded.
for urgent stuff please contact [email protected]
kind regards,
alexander
I think this might be your problem here (from
actionpack-1.13.3/lib/action_controller/cookies.rb):
class CookieJar < Hash
…
Hashes are unordered collections. Maybe you can find/write a ordered
hash and make CookieJar extend that instead.
Then again, hash responds to “sort” so maybe the cookies are being
sorted before they’re written into the header. That would sort
alphabetically… and thwart your ordering. I doubt that though…
unnecessary work.
Well, you can use a firefox plugin (tamper data, live http headers) to
examine the response headers and see how they appear in there. You might
also try to figure out where the actual writing of headers is done…
That or hope that someone who knows what the heck they’re talking about
notices this post.
For a project I’m working on, I need to set an HTTP header BEFORE the
Set-Cookie header is sent. Basically, I need to send along our compact
privacy policy before the cookie is set.
I’ve tried using:
@headers[‘P3P’] = “P3P: blah blah blah…”
…but the problem is that no matter what I do, the Set-Cookie header is
sent first, and the P3P header is sent afterwards. I also tried setting
the “Set-Cookie” header directly in @headers instead of using the
cookie[] method, and changing the order in which the @headers were set.
But rails always seems to want to send the “Set-Cookie” header first.
I’m thinking I might need to override some rails class, but I don’t have
a clue as to where in rails to even begin looking.
Any ideas on how I can get the P3P header sent first instead?
Thanks in advance for any help.
Mike
Hi mike, I think I have exactly the same issue. How did you manage to
solve this problem ? A strange thing is that I can reproduce this
problem with safari mac and I never saw someone mentionning while
browsing the web about this case.
I tried to add
response.headers[‘P3P’] = ‘CP=“CAO PSA OUR”’
in a before_filter action in application.rb, but nothing changed.
…but the problem is that no matter what I do, the Set-Cookie header is
Thanks in advance for any help.
Mike
Based on my testing (with IE, where P3P is really an issue) the order
of the headers doesn’t matter. If you want to hack in and play with
it yourself, you can crack open the mongrel source and add your p3p
header at the top. The code is in the cgi.rb file in the “out”
method. That’s what I did, and didn’t notice any behavioral
differences.
I fought with this P3P stuff for a long time. Ultimately, what I
found is that my compact privacy policy was being misread by IE (not
that it would tell you that). For whatever reason, I had to make sure
the “CP” clause came before the “policyref” clause, even though I saw
examples to the contrary. So, ultimately I have this in a
before_filter in application.rb:
headers[‘P3P’] = %|CP=“CAO DSP CURa ADMa DEVa OUR NOR DEM STA”
policyref=“#{PUBLIC_BASE_URI}/w3c/p3p.xml”|
And it seems to work.
Hope that helps.
Tom
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
