I have a problem with CSRF validation failing on iframes in IE.
I've learned I can fix it if I have access to the parent page's server by adding certain headers, using information from this question. Unfortunately, I don't have access to the parent page (third party host platform), so this won't work.
The page in question is: http://yuchan.myshopify.com/collections/iphone-4-artist-series/products/custom-product
To replicate the problem, click on "Upload your art" (step 2) and try to upload something in IE. You should get a CSRF error.
I am going to disable CSRF protection, but I was curious what others thought of my sit开发者_StackOverflow中文版uation.
Thanks!
The problem occurs because IE don't accept cookies in iframes by default. You can fix that by setting proper headers:
response = render_to_response('mytemplate.html')
response["P3P"] = 'CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"'
You have some blog entry about that here: http://adamyoung.net/IE-Blocking-iFrame-Cookies .
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论