WordPress.org

Ready to get started?Download WordPress

Forums

How do you insert a CP policy in the blog header? (9 posts)

  1. dchanin
    Member
    Posted 9 years ago #

    My blog has its own domain name but it's hosted at a subfolder on my main site. The only way i can log in using IE6 the with default security settings is to override its blocking of third-party cookies. I can't ask my readers to do this and they can't log in unless they figure out its a cookie problem.

    I generated the privacy policy files and put them in the /w3c folder and they're found ... BUT i can't figure out where in the spaghetti nest of WordPress to put these fragments that were generated by the P3P policy editor:
    ------------
    begin P3P headers
    ------------
    <center><b>Reference Link Tag</b><br>
    (This can be included within the <HEAD> </HEAD> of your pages if required)<br>
    <textarea cols=80 rows=1><link rel="P3Pv1" href="http://www.MACCS2SUPPORT.com/w3c/p3p.xml"></textarea>

    </center>

    <center><hr><br><b>SERVER HEADERS</b><br>
    <b>Reference HTTP Header</b><br>
    <textarea cols=80 rows=1>P3P: policyref="http://www.MACCS2SUPPORT.com/w3c/p3p.xml"</textarea>
    <br>
    <b>Privacy HTTP Header</b><br>
    <textarea cols=80 rows=1>P3P: CP="CURa OUR IND UNI COM STA PHY ONL NID DSP NOI COR"</textarea><br>
    <br><hr></center>
    ------------
    end P3P headers
    ------------

    I have gone crazy looking at the header generated by my main page (somehow created from index.php) and can't figure out where to insert the needed pointers (above) so that IE 6 can find my compact privacy policy and let people access my blog without making them add my site to their Trusted List (which would make me look like i'm incompetent).

    Here is the beginning of my main page, which is the source code for http://www.maccs2support.com, which you can look at with the XTML validator:

    Below is the source input I used for this validation:

    1: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    2: <html xmlns="http://www.w3.org/1999/xhtml">
    3:
    4: <head profile="http://gmpg.org/xfn/11">
    5: <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
    6:
    7: <title>www.MACCS2SUPPORT.com</title>
    8:
    9: <meta name="generator" content="WordPress 1.5.1.1" /> <!-- leave this for stats please -->
    10:
    11: <style type="text/css" media="screen">
    12: @import url( http://www.davidchanin.com/blog1/wp-content/themes/classic/style.css );
    13: </style>
    14:
    15: <link rel="alternate" type="application/rss+xml" title="RSS 2.0" href="http://www.davidchanin.com/blog1/?feed=rss2" />
    16: <link rel="alternate" type="text/xml" title="RSS .92" href="http://www.davidchanin.com/blog1/?feed=rss" />
    17: <link rel="alternate" type="application/atom+xml" title="Atom 0.3" href="http://www.davidchanin.com/blog1/?feed=atom" />
    18:
    19: <link rel="pingback" href="http://www.davidchanin.com/blog1/xmlrpc.php" />
    20: <link rel='archives' title='May 2005' href='http://www.davidchanin.com/blog1/?m=200505' />
    21: </head>
    22:
    23: <body>
    24: <div id="rap">
    25: <h1 id="header">http://www.MACCS2SUPPORT.com</h1>
    26:
    27: <div id="content">
    28: <!-- end header -->
    29:
    30: <h2>May 24, 2005</h2>
    -----
    end of source listing fragment
    -----

    PLEASE, i've spent hours searching here and with Google and have not found anyone who describes how to insert a CP privacy policy into the WP blog header. My readers use mostly IE in a corporate environment and many cannot change the security settings on their computers at work.

    I've tried inserting the CP string into .htaccess files at /blog and also at /htdocs using all the syntaxes described below but i always get an Error 500 from that. Maybe my host does not allow this in .htaccess, because i'm allowed to have a .htaccess file at root. Web server is Apache running on Linux at 1and1.com.

    [li]http://www.webmasterworld.com/forum92/3288.htm[/li]
    [li]http://f2o.org/forum/index.php?showtopic=2690[/li]

  2. dchanin
    Member
    Posted 9 years ago #

    Here's where i got the info on using a .htaccess file to insert a global CP Policy. This page has useful links for submitting a page for P3P validation:
    http://www.duxcw.com/faq/webmastr/privhttp.htm
    <begin quote>
    P3P Compact Privacy Policy
    Last updated: 6/6/02
    How to add a P3P compact privacy policy to the http headers for a web site running on an Apache web server and p3p privacy policy links.

    Well, no one has asked me this question yet; but I had a devil of a time with it... So, I'm adding it to our FAQs to hopefully help someone out. This fixed the Internet Explorer 6 (IE 6) cookie problems on my web site.

    For dcforum administrators, the compact privacy policy below is what I have installed for my forums and it works with IE 6 set to the default privacy settings (Medium).

    Make an Apache .htaccess file with a text editor such as notespad or wordpad (or edit an existing one--and don't wipe-out an existing one, such as those put on a web site by the FrontPage Server extensions) and put a line similar to the following in it:

    header append P3P: 'CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"'

    All on one line, of course. The "' at the end of the line is made-up of " followed by a ' with no spaces.

    Upload the file to the directory on the web server to be covered by the policy. I uploaded .htaccess all of the P3P files with SmartFTP (http://www.smartftp.com/) in the ASCII transfer mode. It will effect that directory and any subdirectories, etc. branching off from it, unless there is another .htaccess file in a subdirectory which overrides it or part of it.

    You can check it with the HTTP Header Viewer at http://www.delorie.com/web/headers.html.

    Here's an extract from my forum HTTP headers:

    HTTP/1.1 200 OK
    Date: Wed, 05 Jun 2002 20:42:55 GMT
    Server: Apache/1.3.23
    P3P: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
    ....
    The Apache documentation on the Header Directive is at http://httpd.apache.org/docs/mod/mod_headers.html#header.

    I found Ken Coar's Using .htaccess Files with Apache at http://apache-server.com/tutorials/ATusing-htaccess.html quite useful.
    <end quote>
    Please don't tell me to try to use .htaccess to set the CP Policy globally because i've tried it many different ways and it doesn't work. I need to insert it into the WordPress (v. 1.5.1.1) file that generates initial blog page.
    Where is that hidden and how can i insert the CP string into it. Please????

  3. TheArtak
    Member
    Posted 9 years ago #

    I'm not familiar with what you are talking about exactly, but I can tell you where the header file is located.

    Look in the directory in which you have wordpress. Follow this path...

    wp-content-->themes-->whatever theme you are using-->header.php for everything included within the <head></head> tags, as well as the beginning of the <body> tag and everything above the blog itself. Although it's php, the page is mostly XHTML and fairly easy to follow if you're not familiar with php.

    That help any?

  4. dchanin
    Member
    Posted 9 years ago #

    Yes, i've tried doing that by inserting the new link for the CP policy into the header.php file (which is Classic, BTW). I've tried putting that line in several different places after the <HEAD> opening. The added line never shows up in the XHTML Validator below:
    Source Listing
    Below is the source input I used for this validation:

    1: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    2: <html xmlns="http://www.w3.org/1999/xhtml">
    3:
    4: <head profile="http://gmpg.org/xfn/11">
    5: <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
    6:
    7: <title>www.MACCS2SUPPORT.com</title>
    8:
    9: <meta name="generator" content="WordPress 1.5.1.1" /> <!-- leave this for stats please -->
    10:
    11: <style type="text/css" media="screen">
    12: @import url( http://www.davidchanin.com/blog1/wp-content/themes/classic/style.css );
    13: </style>
    ------

    As you can see, the P3Pv1 line is right after the <HEAD> in the file header.php that is on my server right now, which looks like this. This file is on my server right now but the link to P3Pv1 is not shown by the XHTML Validator. Here is my current header.php. Nobody can log in with IE 6 unless they add my site to their Trusted Sites list, and asking them to do so would me me look pathetic as a programmer.
    ---
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">

    <head profile="http://gmpg.org/xfn/11">
    <link rel="P3Pv1" href="http://www.MACCS2SUPPORT.com/w3c/p3p.xml">

    <meta http-equiv="Content-Type" content="<?php bloginfo('html_type'); ?>; charset=<?php bloginfo('charset'); ?>" />

    <title><?php bloginfo('name'); ?><?php wp_title(); ?></title>

  5. dchanin
    Member
    Posted 9 years ago #

    OOPS! I did the previous on the header.php for Default, not Classic. Here is the Validator showing the inserted P3Pv1 link right after the <Head>
    --
    1: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    2: <html xmlns="http://www.w3.org/1999/xhtml">
    3:
    4: <head profile="http://gmpg.org/xfn/11">
    5:
    6: <link rel="P3Pv1" href="http://www.MACCS2SUPPORT.com/w3c/p3p.xml"/>
    7:
    8: <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
    9:
    10: <title>www.MACCS2SUPPORT.com</title>

  6. dchanin
    Member
    Posted 9 years ago #

    Ok, i've figured out the the Privacy Policy genertor at
    http://www.canadiancontent.net/en/jd/go?Url=http://www.p3pwiz.com
    is not generating well-formed XML for my privacy policy file:
    http://validator.w3.org/p3p/20010928/header.pl?mode=line&uri=http://www.maccs2support.com/w3c/p3p.xml

    Even though the link to the P3Pv1 file is right after the <HEAD>, the P3P Validator is saying that it can't find it. I guess i have to use the IBM Ploicy Generator, even though many say it's hard to use.

    Here is what i get from the P3P Validator even though the link is in there:
    -----
    Step 1-2: Syntax check

    /w3c/p3p.xml is NOT an well-formed XML file

    .

    mismatched tag at line 6, column 2, byte 129:
    <TITLE>MACCS2 Support Forum</TITLE>

    </HEAD>
    =^
    <FRAMESET ROWS="100%,*" BORDER="0" FRAMEBORDER="0">
    <FRAME SRC="http://www.davidchanin.com/blog1/w3c/p3p.xml" SCROLLING="AUTO" NAME="bannerframe" NORESIZE>
    --------------------------------------------------------------------------------

    Step 2: HTTP Protocol Validation ( HTTP headers )

    HTTP headers have no P3P: header.

    --------------------------------------------------------------------------------

    Step 3: HTML File Validation

    HTML document has no P3P compliant link tags.

  7. dchanin
    Member
    Posted 9 years ago #

    OK, the IBM P3P Editor is easy to use and i have the XML file. The problem is how do i insert a link into the WordPress file(s) so that it find my privacy file (in XML)? Also, how do i set up the compact privacy (CP) string for WordPress?

    I can't believe i'm the only one who wants to have a WP blog accessible with the default security settings of IE 6. Most people at work don't have a choice on what browser to use or its security settings. This seems like a major deficiency of the WP software.

  8. dchanin
    Member
    Posted 9 years ago #

    OK, the easiest solution is to turn off cookies and that will avoid the third-part cookie problem. They wll not have a persistent session. I've already wasted two days on this.

    Can anyone tell me how to to turn off cookies in WP 1.5..11.1??? Thanks!

  9. AskApache
    Member
    Posted 7 years ago #

    I just figured out how to add the P3P just by using .htaccess!

    Header set P3P "policyref=\"/w3c/p3p.xml\", CP=\"NOI DSP COR NID CUR ADM DEV OUR BUS\""

    Solution at askApache

Topic Closed

This topic has been closed to new replies.

About this Topic