If your webpage uses sessions you will lose your session in Internet Explorer when your page gets embedded into in iFrame. This problem can be solved by setting application specific P3P headers.
Django P3P is an application which makes it easier to set those specific headers for your Django application. You can use an editor like IBM's P3P Policy Editor to configure your website policy to its needs.
Django 1.8.x or greater, Python 2.7 or greater.
Install django-p3p with pip:
$ pip install django-p3p
Add the following to your settings file:
- Add
p3ptoINSTALLED_APPS- Add
p3p.middleware.P3PMiddlewaretoMIDDLEWARE_CLASSES
You need to include the p3p.urls urlpatterns in your root url configuration, for e.g.:
(r'^w3c/', include('p3p.urls', namespace='p3p')),
...
(r'^admin/', include(admin.site.urls)),
You need to override at least 2 templates to configure your project specific HTTP headers and policy:
- templates/p3p/headers.txt
Contains the actual HTTP headers which are sent to the browser. For e.g.: CP="NOI CURa ADMa DEVa TAIa CONa OUR DELa BUS IND PHY ONL UNI PUR COM NAV DEM STA"
- templates/p3p/policy.p3p
Contains the policy as required for the application. You can generate one by using the IBM P3P Policy Editor.
Note
I left the initial templates mostly blank to prevent default usage. Mainly because every application has its own specific policies and it requires you to THINK about what policy fits your website.