iframe跨域--跨域登录&跨域设置父窗体样式
【1】iframe跨域,涉及cookie、session携带问题
问题场景:
A网站使用iframe嵌入B网站,并且传递登录信息到B网站,实现嵌入B网站后B网站自动登录,B网站无法保持会话信息导致无法登录
问题原因:
1.集成iframe时,没有声明双方安全协议(tomcat禁用了origin,请求头没有申明p3p)
2.参数传递正常,B页面嵌入后,第一次登录失败,在嵌入后的B页面中输入登录信息可以登录,可以保存session信息
原因:暂未找出...
解决:修改登录鉴权方式使用get,将A页面传递的登录信息传入B的中间层jsp,再直接提交请求给B的登录方法(保护好自己的登录信息)
A网站携带post参数请求B网站鉴权接口:如下请求头
响应头信息原始头信息
Access-Control-Allow-Head...?origin, x-csrftoken, content-type, accept, cookie, set-cookie
Access-Control-Allow-Orig...?*
Access-Control-Max-Age?1000
Content-Length?1572
Content-Type?text/html;charset=UTF-8
Date?Sun, 30 Jun 2013 08:41:07 GMT
P3P?CP=CAO PSA OUR
Server?Apache-Coyote/1.1
Set-Cookie?JSESSIONID=732B2D9FD65197CBC2EC9681409F21AE; Path=/xx/; HttpOnly
请求头信息原始头信息
Accept?application/json, text/plain, */*
Accept-Encoding?gzip, deflate
Accept-Language?en,zh-cn;q=0.8,ar-sa;q=0.5,en-us;q=0.3
Cache-Control?no-cache
Connection?keep-alive
Content-Length?108
Content-Type?text/xml; charset=UTF-8
Host?www.xx.com
Origin?http://111.111.111.111
Pragma?no-cache
Referer?http://111.111.111.111/xx?t=2
User-Agent?Mozilla/5.0 (Windows NT 5.1; rv:22.0) Gecko/20100101 Firefox/22.0
?
B页面需要设置请求头信息:
方法如下:
?web.xml中添加过滤器
<filter><filter-name>P3P Security Filter</filter-name><filter-class>filter.P3PSecurityFilter </filter-class> </filter><filter-mapping><filter-name>P3P Security Filter</filter-name><url-pattern>/*</url-pattern><dispatcher>REQUEST</dispatcher><dispatcher>FORWARD</dispatcher></filter-mapping>
?
过滤器中添加请求头参数:
?
/** * 增加了P3P的头声明. * @param req * @param rsp * @param chain * @throws IOException * @throws ServletException */ public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) throws IOException, ServletException { HttpServletResponse response = (HttpServletResponse) servletResponse; response.setHeader("Access-Control-Allow-Origin", "*"); response.setHeader("P3P", "CP=CAO PSA OUR");// response.setHeader("X-Frame-Options", "SAMEORIGIN");// response.setHeader("P3P","CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'");// response.setHeader("P3P","CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT""); // response.setHeader("P3P" , "CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"" );// response.setHeader("Access-Control-Allow-Methods","POST, GET, OPTIONS"); response.setHeader("Access-Control-Max-Age","1000"); response.setHeader("Access-Control-Allow-Headers","origin, x-csrftoken, content-type, accept, cookie, set-cookie"); chain.doFilter(servletRequest, servletResponse); }?
?
?
【2】iframe跨域,设置父类样式
网上的实例很多
可参考,大致思路:A页面嵌入B页面,B页面嵌入一个隐藏的C页面(与A同域),B页面将本页的高度与宽度传递给C页面,C页面设置A页面的属性
http://zhhphappy.iteye.com/blog/426689