Hi,

I'd use auto_prepend_file [php.net]
Then in a new PHP file put:

<?php header('P3P: policyref="http://example.com/p3p.xml", CP="EXA MPLe"');?>

That should work.

Andrew

Thanks Andrew. Doing that did include the proper header. It passed W3C P3P Validator and manual head check - however, once again IE cannot find the p3p.xml file.

There is limited info on web about an IE work-around for sites that parse HTML with PHP. I'm worried that if IE cannot automatically process my P3P policy, then the user may not accept cookies from my site and 3rd party affiliates.

What is the specific format of your p3p declaration "line" for auto-prepend?
What is the specific content of your prepended file?

I suspect there may be some confusion in this thread about the meaning of the word "header." There are two ways to do this p3p thing; You can output an HTTP response header with the path to p3p.xmp in it, or you can place an HTML meta-tag with the p3p.xml path info in the <head> section of each page on your site. Assuming the path info is correct, it sounds like IE doesn't work with the first option. So in that case, it might be easier to just include the information in the HTML <head> of each page. You might want to inspect the HTTP response header to make sure it's correct before 'blaming' IE -- The "Live HTTP Headers" extension to Firefox is useful for this and many other header-checking tasks.

Jim

[edited by: jdMorgan at 8:47 pm (utc) on Mar. 18, 2007]

I'm doing both Jim (meta tag and header.) And no confusion about "header." I also am not "blaming" IE, just looking for a solution.

As I said, the W3C P3P validator passes what it finds in the header... in all categories (finds all the files, no errors, etc.)

Because I parse HTML files with PHP as a CGI, for some reason IE7 does not locate the policy. I have read several various blog and forum posts saying the very same thing, however I do not find a solurion.

Header displayed via "live Header extension in Firefox:

Date: Sun, 18 Mar 2007 21:33:43 GMT
Server: Apache
Cache-Control: max-age=21600, max-age=21600
Expires: Mon, 19 Mar 2007 03:33:43 GMT, Mon, 19 Mar 2007 03:33:43 GMT
X-Powered-By: PHP/5.2.1
P3P: policyref="http://www.mydomain.com/w3c/p3p.xml"
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 3782
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Language: en, en

The term 'blame' was used loosely, because I couldn't think of another way to put it succinctly...

Because I parse HTML files with PHP as a CGI, for some reason IE7 does not locate the policy...

IE7, or any other browser, has no way of "knowing" that you parse HTML files with PHP as CGI -- All that action takes place server-side, and should happen without the slightest hint to the browser. So the problem is likely elsewhere, and hopefully, couching the question in different terms will lead to a faster solution.

example.com/w3c/p3p.xml is the correct path, so that's not likely a problem. Is this file returned with the correct MIME-type?

Jim

Both p3p.xml and policy1.xml show Content-Type: text/xml in Response header.

I should say that IE6 found the policy. It is only IE7 that cannot. This is also what I read doing searches.

Anything in your error log for IE7 fetches? 404, 403, or 500 responses?

What is the indication that IE7 cannot find the file?

Jim

No specific errors, but now that the path is included in the server response header, I will keep a look-out.

In IE7 > Page > Web Page Privacy Policy... lists files found on landing page. Highlighting http://www.mydomain.com/ and clicking Summary displays this message:

"Cannot find Privacy Policy for http://www.mydomain.com/ To view this site's privacy Policy, contact Web site directly."

Following those same steps in IE6 displayed a brief statement about privacy at my site (as defined in my policy1.xml) and a link to my privacy.html web page.

Maybe I'm incorrectly expecting IE7 to behave as IE6 did?

Further research enlightens me to M$ now requiring a compact policy in order to effectively use cookies. IE6 said it was needed but possibly this requirement was not fully implemented until IE7. Still, why should that affect "finding" the file?

The IBM full policy generator I used does not accommodate the compact version. Guess I'll need to fork over the whopping $39.95 for the compact policy generator since all references to free generators come up missing.

[edited by: keyplyr at 11:23 pm (utc) on Mar. 18, 2007]

"policy1.xml"

I'm not sure about the meaning of this non-standard filename -- whether it's just an example name, or not. Have you tried using the "well-known path" of "/w3c/p3p.xml"? It may be that IE7 has lost the ability to use a non-standard filename.

Jim

Jim, "policy1.xml" is the actual file and "p3p.xml" is a file that locates it. These are both needed and they both validate to W3C standards.

Some sites have several policies targeting different sections of their site, e.g. catalog, services, etc... and they could have separate policies for each: policy1.xml, policy2.xml, etc. The p3p.xml would list each of these and point to their location.

I'm not arguing with you over whether it validates or not, just trying to identify the exact problem.

In the simplest set-up, p3p.xml itself contains the global privacy policy. It may be the IE7 has lost the ability to use "indirection" -- that is, to use p3p.xml as a pointer to another yet layer of more-granular policy files.

If this is the case, then it might work with the policy itself located in p3p.xml, and it would be worth testing if you want to nail down the problem -- perhaps to submit a useful IE7 bug report to MS.

Jim

Granted. Never know a result until tested. Thanks for taking the time to toss around some ideas.

Tried renaming the policy file to p3p.xml as suggested. Not only would IE7 still not recognize it, but it would not pass W3C validation. Switched back. At least it works for everything/everyone else besides IE7. Maybe I'll stumble onto a fix or work-around in the future.

Hi,

I don't really know much about this P3P stuff but here [p3pwriter.com] is a page that lists all of the elements of compact policies, so maybe you can throw something together!

Andrew

Thanks Andrew.

Have a look at this thread : Valid (but simple) example of a P3P XML policy file? [webmasterworld.com].

If you still have problems with IE7 then please post all the specifics like headers, Policy Reference File and P3P Policy so we can exactly locate the errors.

Milan

The W3C P3P Val passes all associated files with no errors, however IE7 continues to give a "not found" type message.

The /w3c/p3p.xml server response header says content type is text/html and I believe it should be text/xml.

In php.ini I have designated...

default_mimetype = "text/html"

Should I leave this blank instead?

Thanks

[continued]

Changing the default_mimetype to blank did not change the response header... probably wouldn't have made a difference anyway.
I give up :)

Thanks to everyone.

[continued]

Just a FYI. I found the problem. IE7 sends a blank UA to request p3p.xml. I block requests with blank UAs, allowing only certain files (sitemap.xml, info.xml, robots.txt, etc.) Had to add the policy files to my white list... voila!

I should also mention that in addition to the full policy.xml, IE needs a CP (compact policy) to effectively use cookies.

Oh good grief!

Thanks for posting (and for sticking with it), and I'm sure glad you found the problem!

Jim