Rails - May 2007 - Setting P3P header before Set-Cookie

Hi folks,

For a project I''m working on, I need to set an HTTP header BEFORE the
Set-Cookie header is sent.  Basically, I need to send along our compact
privacy policy before the cookie is set.

I''ve tried using:

@headers[''P3P''] = "P3P: blah blah blah..."

...but the problem is that no matter what I do, the Set-Cookie header is
sent first, and the P3P header is sent afterwards.  I also tried setting
the "Set-Cookie" header directly in @headers instead of using the
cookie[] method, and changing the order in which the @headers were set.
But rails always seems to want to send the "Set-Cookie" header first.

I''m thinking I might need to override some rails class, but I
don''t have
a clue as to where in rails to even begin looking.

Any ideas on how I can get the P3P header sent first instead?

Thanks in advance for any help.

Mike

-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

I think this might be your problem here (from 
actionpack-1.13.3/lib/action_controller/cookies.rb):

class CookieJar < Hash
...

Hashes are unordered collections. Maybe you can find/write a ordered 
hash and make CookieJar extend that instead.

Then again, hash responds to "sort" so maybe the cookies are being 
sorted before they''re written into the header. That would sort 
alphabetically... and thwart your ordering. I doubt that though... 
unnecessary work.

Well, you can use a firefox plugin (tamper data, live http headers) to 
examine the response headers and see how they appear in there. You might 
also try to figure out where the actual writing of headers is done... 
That or hope that someone who knows what the heck they''re talking about
notices this post. :-)

b



Mike Lee wrote:
> Hi folks,
> 
> For a project I''m working on, I need to set an HTTP header BEFORE
the
> Set-Cookie header is sent.  Basically, I need to send along our compact
> privacy policy before the cookie is set.
> 
> I''ve tried using:
> 
> @headers[''P3P''] = "P3P: blah blah blah..."
> 
> ...but the problem is that no matter what I do, the Set-Cookie header is
> sent first, and the P3P header is sent afterwards.  I also tried setting
> the "Set-Cookie" header directly in @headers instead of using the
> cookie[] method, and changing the order in which the @headers were set.
> But rails always seems to want to send the "Set-Cookie" header
first.
> 
> I''m thinking I might need to override some rails class, but I
don''t have
> a clue as to where in rails to even begin looking.
> 
> Any ideas on how I can get the P3P header sent first instead?
> 
> Thanks in advance for any help.
> 
> Mike
> 
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

dear sender,
i´m out of the office until may 29th.
your email will not be forwarded.
for urgent stuff please contact joern-0M91wEDH++c@public.gmane.org
kind regards,
alexander





--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

On May 10, 4:30 pm, Mike Lee
<rails-mailing-l...-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org>
wrote:
> Hi folks,
>
> For a project I''m working on, I need to set an HTTPheader BEFORE
the
> Set-Cookie header is sent.  Basically, I need to send along our compact
> privacy policy before the cookie is set.
>
> I''ve tried using:
>
> @headers[''P3P''] = "P3P: blah blah blah..."
>
> ...but the problem is that no matter what I do, the Set-Cookie header is
> sent first, and the P3P header is sent afterwards.  I also tried setting
> the "Set-Cookie" header directly in @headersinstead of using the
> cookie[] method, and changing theorderin which the @headerswere set.
> Butrailsalways seems to want to send the "Set-Cookie" header
first.
>
> I''m thinking I might need to override somerailsclass, but I
don''t have
> a clue as to where inrailsto even begin looking.
>
> Any ideas on how I can get the P3P header sent first instead?
>
> Thanks in advance for any help.
>
> Mike
Based on my testing (with IE, where P3P is really an issue) the order
of the headers doesn''t matter.  If you want to hack in and play with
it yourself, you can crack open the mongrel source and add your p3p
header at the top.  The code is in the cgi.rb file in the "out"
method.  That''s what I did, and didn''t notice any behavioral
differences.

I fought with this P3P stuff for a long time.  Ultimately, what I
found is that my compact privacy policy was being misread by IE (not
that it would tell you that).  For whatever reason, I had to make sure
the "CP" clause came before the "policyref" clause, even
though I saw
examples to the contrary.  So, ultimately I have this in a
before_filter in application.rb:

headers[''P3P''] = %|CP="CAO DSP CURa ADMa DEVa OUR NOR DEM
STA"
policyref="#{PUBLIC_BASE_URI}/w3c/p3p.xml"|

And it seems to work.

Hope that helps.

Tom


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Mike Lee wrote:
> Hi folks,
> 
> For a project I''m working on, I need to set an HTTP header BEFORE
the
> Set-Cookie header is sent.  Basically, I need to send along our compact
> privacy policy before the cookie is set.
> 
> I''ve tried using:
> 
> @headers[''P3P''] = "P3P: blah blah blah..."
> 
> ...but the problem is that no matter what I do, the Set-Cookie header is
> sent first, and the P3P header is sent afterwards.  I also tried setting
> the "Set-Cookie" header directly in @headers instead of using the
> cookie[] method, and changing the order in which the @headers were set.
> But rails always seems to want to send the "Set-Cookie" header
first.
> 
> I''m thinking I might need to override some rails class, but I
don''t have
> a clue as to where in rails to even begin looking.
> 
> Any ideas on how I can get the P3P header sent first instead?
> 
> Thanks in advance for any help.
> 
> Mike
Hi mike, I think I have exactly the same issue. How did you manage to 
solve this problem ? A strange thing is that I can reproduce this 
problem with safari mac and I never saw someone mentionning while 
browsing the web about this case.

I tried to add
response.headers[''P3P''] = ''CP="CAO PSA
OUR"''
in a before_filter action in application.rb, but nothing changed.

Thanks a lot.
-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

> I tried to add
> response.headers[''P3P''] = ''CP="CAO PSA
OUR"''
> in a before_filter action in application.rb, but nothing changed.
> 
> Thanks a lot.
Actually, these lines are working fine with IE7. But I have the same 
issue on Safari (Mac and PC).
-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---