有別于JS跨域、IFRAME跨域等的常用處理辦法，還可以利用P3P來實(shí)現(xiàn)跨域。

P3P是什么
P3P（Platform for Privacy Preferences）是W3C公布的一項(xiàng)隱私保護(hù)推薦標(biāo)準(zhǔn)，以為用戶提供隱私保護(hù)。

P3P標(biāo)準(zhǔn)的構(gòu)想是：Web 站點(diǎn)的隱私策略應(yīng)該告之訪問者該站點(diǎn)所收集的信息類型、信息將提供給哪些人、信息將被保留多少時(shí)間及其使用信息的方式，如站點(diǎn)應(yīng)做諸如 “本網(wǎng)站將監(jiān)測(cè)您所訪問的頁(yè)面以提高站點(diǎn)的使用率”或“本網(wǎng)站將盡可能為您提供更合適的廣告”等申明。訪問支持P3P網(wǎng)站的用戶有權(quán)查看站點(diǎn)隱私報(bào)告，然 后決定是否接受cookie 或是否使用該網(wǎng)站。

如何利用P3P實(shí)現(xiàn)跨域
在開發(fā)中，我們碰到的跨域主要還是糾結(jié)在IE，頁(yè)面中的IFRAME或者FRAME或者JS跨域的時(shí)候，IE有安全策略限制頁(yè)面不帶cookie，但是如果我們加上P3P，就沒有這策略的限制。這也是P3P來突破跨域的可行前提。

以下為摘錄的例子：
http://www.a.com/a_setcookie.php 文件內(nèi)容：
<?php setcookie("test", $_GET['id'], time()+3600, "/", ".a.com"); ?>
http://www.a.com/a_getcookie.php 文件內(nèi)容：
<?php var_dump($_COOKIE); ?>
http://www.b.com/b_setcookie.php 文件內(nèi)容：
<script src="http://www.a.com/a_setcookie.php?id=www.b.com"></script>
通過瀏覽器訪問：
復(fù)制代碼 代碼如下:
1?> http://www.b.com/b_setcookie.php
2?> http://www.a.com/a_getcookie.php

訪問1 b.com域后，我們并沒有在2 a.com域發(fā)現(xiàn)設(shè)置上cookie值。
將http://www.a.com/a_setcookie.php文件內(nèi)容改為如下：
復(fù)制代碼 代碼如下:
<?php 
header('P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"');  
setcookie("test", $_GET['id'], time()+3600, "/", ".a.com"); 
?>

再次訪問：
http://www.b.com/b_setcookie.php
http://www.a.com/a_getcookie.php
在訪問b.com域后，設(shè)置了a.com域的cookie值。
從上面例子可以看出通過發(fā)送P3P頭信息而實(shí)現(xiàn)的跨域。（在Firefox不發(fā)送P3P也能跨域成功）

php使用P3P協(xié)議
復(fù)制代碼 代碼如下:
header( 'P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"' );

JS使用P3P協(xié)議
復(fù)制代碼 代碼如下:
xmlhttp.setRequestHeader( "P3P" , 'CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"' );

P3P的頭部參數(shù)解釋
引用：
復(fù)制代碼 代碼如下:
P3P Header is present:
CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

Compact Policy token is present. A trailing 'o' means opt-out, a trailing 'i' means opt-in.

CURa
Information is used to complete the activity for which it was provided.

ADMa
Information may be used for the technical support of the Web site and its computer system.

DEVa
Information may be used to enhance, evaluate, or otherwise review the site, service, product, or market.

PSAo
Information may be used to create or build a record of a particular individual or computer that is tied to a pseudonymous identifier, without tying identified data (such as name, address, phone number, or email address) to the record. This profile will be used to determine the habits, interests, or other characteristics of individuals for purpose of research, analysis and reporting, but it will not be used to attempt to identify specific individuals.

PSDo
Information may be used to create or build a record of a particular individual or computer that is tied to a pseudonymous identifier, without tying identified data (such as name, address, phone number, or email address) to the record. This profile will be used to determine the habits, interests, or other characteristics of individuals to make a decision that directly affects that individual, but it will not be used to attempt to identify specific individuals.

OUR
We share information with ourselves and/or entities acting as our agents or entities for whom we are acting as an agent.

BUS
Info is retained under a service provider's stated business practices. Sites MUST have a retention policy that establishes a destruction time table. The retention policy MUST be included in or linked from the site's human-readable privacy policy.

UNI
Non-financial identifiers, excluding government-issued identifiers, issued for purposes of consistently identifying or recognizing the individual. These include identifiers issued by a Web site or service.

PUR
Information actively generated by the purchase of a product or service, including information about the method of payment.

INT
Data actively generated from or reflecting explicit interactions with a service provider through its site -- such as queries to a search engine, or logs of account activity.

DEM
Data about an individual's characteristics -- such as gender, age, and income.

STA
Mechanisms for maintaining a stateful session with a user or automatically recognizing users who have visited a particular site or accessed particular content previously -- such as HTTP cookies.

PRE
Data about an individual's likes and dislikes -- such as favorite color or musical tastes.

COM
Information about the computer system that the individual is using to access the NETwork -- such as the IP number, domain name, browser type or operating system.

NAV
Data passively generated by browsing the Web site -- such as which pages are visited, and how long users stay on each page.

OTC
Other types of data not captured by the above definitions.

NOI
Web Site does not collected identified data.

DSP
The privacy policy contains DISPUTES elements.

COR
Errors or wrongful actions arising in connection with the privacy policy will be remedied by the service.

PS,這里說的跨域主要是設(shè)置cookie的情況，如果是跨域讀取cookie，要保證在對(duì)應(yīng)設(shè)置cookie的時(shí)候設(shè)置了P3P，否則在讀取的事情IE會(huì)屏蔽跨域cookie。

php技術(shù)：PHP如何利用P3P實(shí)現(xiàn)跨域，轉(zhuǎn)載需保留來源！

鄭重聲明：本文版權(quán)歸原作者所有，轉(zhuǎn)載文章僅為傳播更多信息之目的，如作者信息標(biāo)記有誤，請(qǐng)第一時(shí)間聯(lián)系我們修改或刪除，多謝。