There are a few special considerations involving HTTP headers for configuring your application and server to operate correctly across browsers as an embedded app.

In this article:

X-Frame-Options Header

Web servers have the option of setting a response header X-Frame-Options: DENY, meaning that the web browser will then refuse to render that page if the content window is inside some kind of frame. Since all embedded applications are rendered inside an iframe, this option must be turned off on your web server.

Get more information on the X-Frame-Option headers ›

Internet Explorer P3P Policy Header

Most versions of Internet Explorer require a P3P policy to be set. If not, the browser creates a cookie but refuses to modify its content in an iframe. The P3P policy is an outdated standard, and most major websites configure their policy to "No Policy". To avoid any issue with cookies on Internet Explorer, simply define a bogus policy (e.g. CP="Not used")

In Rails, add this snippet to you ApplicationController:

    before_filter :set_p3p

    def set_p3p
      headers['P3P'] = 'CP="Your P3P policy here"'

In PHP, you can define a P3P policy as follows:

    header('P3P: CP="Your P3P policy here"');

Haravan - Công ty công nghệ cung cấp giải pháp kinh doanh thương mại điện tử, duy nhất tại Việt Nam được Google lựa chọn vào chương trình bệ phóng tiềm năng với hỗ trợ và đào tạo công nghệ để vươn ra thị trường quốc tế vững chắc.