Saturday, March 19, 2016

Laravel App Not Working in Iframe in Internent Explorer

Recently in one of my project we faced strange issue. We have one application running from one domain. This application has an iFrame which is loading laravel app from other domain. This laravel app has certain ajax requests. The issue was this laravel app and ajax requests were working fine in Chrome and other webkit browser however it was not working in Internet Explorer.

After few ours of struggle we found a solution. Actually it was an issue of cookies being blocked by Internet Explorer. We all know that laravel app creates certain cookies on the front end. This was blocked by Internet Explorer hence Ajax requests were not working as it was unable to find cookies. First of let me explain what exactly was the issue and then we will look for solution.

Internet Explorer gives lower level of trust to IFRAME pages (IE calls this "third-party" content). If the page inside the IFRAME doesn't have a Privacy Policy, its cookies are blocked (which is indicated by the eye icon in status bar, when you click on it, it shows you a list of blocked URLs).

In this case, when cookies are blocked, session identifier is not sent, and the target script throws a 'session not found' error.

So to solve this problem, it is possible to make the page inside the IFRAME more trusted: if the inner page sends a P3P header with a privacy policy that is acceptable to IE, the cookies will be accepted. So here is how to do this in Laravel app. Add this header in your laravel controller.

header('P3P: CP="This site does not have a p3p policy."');

And that's it it will solve the problem.

You can get more information about P3P policy from below link.

https://www.w3.org/P3P/details.html


Hope this helps you.

No comments:

Post a Comment