Getting Alfresco Share working in an iframe in IE7
Problem: “Cookie disabled” pop-up in IE7 when using Alfresco share in an iframe.
Summery: You need to add a P3P header to all responses from Share. The P3P header must link to an XML file which tells IE to allow the iframe to have its own cookies.
The easiest way to do this is to proxy Alfresco share through Apache and use mod_headers to add the header to every request.
CONFIGURE APACHE
Create a subdomain and point it at the server, this will be the domain sourced in the iframe.
/etc/apache2/apache2.conf
<VirtualHost *:80>
ServerName share.mydomain.com
DocumentRoot /home/ubuntu/share
ProxyRequests off
ProxyPass /w3c/ !
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/
ProxyPreserveHost on
Header add p3p 'P3P:policyref="/w3c/p3p.xml", CP="NID DSP ALL COR"'
</VirtualHost>
http://share.mydomain.com/w3c/p3p.xml must respond with a P3P XML file which tells the iframe to allow cookies.
The easiest way to do this is to add the file to the DocumentRoot of the share VirtualHost, i.e /home/ubuntu/share/w3c/p3p.xml
Note /home/ubuntu/share is an arbitrary empty directory and not related to the Share/Alfresco install.
<META xmlns="http://www.w3.org/2002/01/P3Pv1">
<POLICY-REFERENCES>
<POLICY-REF about="#policy1">
<INCLUDE>/</INCLUDE>
<COOKIE-INCLUDE/>
</POLICY-REF>
</POLICY-REFERENCES>
<POLICIES>
<POLICY discuri="" name="policy1">
<ENTITY>
<DATA-GROUP>
<DATA ref="#business.name"></DATA>
<DATA ref="#business.contact-info.online.email"></DATA>
</DATA-GROUP>
</ENTITY>
<ACCESS>
<nonident/>
</ACCESS>
<!-- if the site has a dispute resolution procedure that it follows, a DISPUTES-GROUP should be included here -->
<STATEMENT>
<PURPOSE>
<current/>
<admin/>
<develop/>
</PURPOSE>
<RECIPIENT>
<ours/>
</RECIPIENT>
<RETENTION>
<indefinitely/>
</RETENTION>
<DATA-GROUP>
<DATA ref="#dynamic.clickstream"/>
<DATA ref="#dynamic.http"/>
</DATA-GROUP>
</STATEMENT>
</POLICY>
</POLICIES>
</META>
UPDATE HOSTS FILE
Update hosts file so requests from server to share.mydomain.com are not routed out to the internet back, but just forwarded to 127.0.0.1.
/etc/hosts
127.0.0.1 share.mydomain.com
Check it works: http://www.w3.org/P3P/validator.html