I've encountered the same issue recently trying to serve static HTML from AWS S3.
Unfortunately, it is not possible to set Compact Policies without sending server-side response headers.
This means that you cannot set a Compact Policy on staticly-served HTML content.
There is only one mechanism for sites to serve compact policies; they are sent as HTTP response headers. Thus, if a site is unable or unwilling to add HTTP response headers, compact policies cannot be used.
The HTML element META with the http-equiv attribute is sometimes used to simulate the effect of adding HTTP headers to HTML content. ... the http-equiv mechanism should not be used to send a P3P compact policy header, as this information may not be available to a client until after it has processed the cookies in the response.
The and elements cannot set the Compact Policy either - it must be a response header.
The bottom line is this:
Are you able to send the p3p response header?
Yes: Add the header with the appropriate policy and you are done.
No: You are out of luck and are unable to set a Compact Policy.
For Amazon S3:
The p3p header is considered a user-defined key so it can only be added as x-amz-meta-p3p.
Since x-amz-meta-p3p != p3p the browser will not accept it as the correct header.
Therefore you cannot set a Compact Policy on AWS S3 content.
104
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
