followup: i've confirmed its definitely a "work-around": disable domain cloaking, and the 'about:blank' goes away - permitting my P3P-compliance mechanism to function properly.
Result - NO BLOCKED COOKIES in IE6!
For the benefit of anyone else who suffers from cookie-blocking problems, here's how I fixed it:
1) created a folder off the XOOPS root called /w3c/
2) created a P3P policy file (policy1.xml) and a standard P3P referral file (p3p.xml) plus an HTML (human-readable) version of the P3P policy (p3p.html) and uploaded all of them to /w3c/ folder
i'm learning as i go along here... i forgot that i had CLOAKING enabled on the redirects! I'm gonna turn that OFF, and i guess i will get the 'system' headers back again!
(I'd really prefer to have the domain cloaking WORKING, but i guess you cant have everything...)
In about 24 hours i should see if that has any helpful effect! the 'uncloaked" URL ( http://rockandroller.net/xoops/html/ ) does have the desireable HEADERS now... I just figured out that i had to switch "update themes on" temporarily in the system configuration (I edited the main theme HTML file where i found a lot of headers...)
is now showing up in the headers, and it seems to be doing the trick (preventing IE6 from blocking cookies!) when using the uncloaked URL
I'm kind of wondering about the "/" (escape character?) in front of that closing angle bracket, though - its present in all the standard XOOPS meta-tags on that page, so i thought i had better copy it...
it seems that "about:blank" is some kind of "browser artifact" thats generated somehow from the redirect that points the domain name at the XOOPS root folder.
If i surf 'directly' to the XOOPS folder (in this case, via http://rockandroller.net/xoops/html/) then there is NO cookie blocking at all, and its all "GREEN LIGHTS" with regards to the XOOPS site being 100% "P3P compliant".
But getting there via the forwarded domain name still sticks me with the unknown (and decidedly non-P3P-compliant!) "about:blank". EVERY other element in the page gets a green light!
So now im pretty STUCK, i think...
It seems I somehow need to get a P3P meta-tag into the "Headers" section of the 'main frame', which comes out DIFFERENT when i reach it via domain name forwarding!
Does anybody know where i can EDIT this? Thats not even showing the proper keywords and description tags - I have different ones entered through the administration interface (which sadly doesnt allow us to add our OWN meta-tags)
as you can see by clicking on the LINK in the post above, the XML file is "apparently" served up just fine, from the folder off the XOOPS root.
BUT...
all is NOT as it appears, because - some other unexpected 'embedded content' called "about:blank" is ALSO being served, up - thus spoiling the P3P verification (which is otherwise flawless)
I am able to make my "server" 100% P3P-compliant (NO cookie-blocking!) by installing the appropriate files in a W3C folder off the root.
HOWEVER, for a very mysterious (to me, anyway!) reason, the same fix DOESNT work in my XOOPS root directory.
The XOOPS system is somehow automatically putting a "wrapper" around the P3P XML file, but the frame content is 'munged' and un-reachable due to the addition of an extra (unwanted!) slash character...
So instead of getting my nice P3P compliancy XML file, the XOOPS site somehow serves up a useless HTML file (sans the content)
(see details below...)
Does anybody know WHAT file i can edit to change (or preferably disable!) this wrapper? I'm very puzzled about the EXTRA slash - and how the rest of the site functions perfectly with it.
Does anybody know where i can get some DOCUMENTATION on the 'guts' of this system? I dont relish having to read through 500 files to sort this out...
BTW, I tried making an HTACCESS file in the XOOPS root directory to make a P3P HTTP header, but its not working either
but now that i have finally gotten a fresh new computer with Xp installed, i have IDENTIFIED the problem.
Its simply that internet explorer 6 BLOCKS the site cookies by default!
on a fresh copy, I see right away that cookies are blocked.. somehow my two development machines had the site added to their TRUSTED SITES LIST ( 'allow all cookies') a long time ago.
The FIX is simply to make the site P3P-compliant so that newer browsers will accept cookies by default.
i'm working on that now.. will post results when i get some
If i understand the reports correctly, the error occurs on the page for entering the user data (not sure if its the first submit or the confirmation submit...) in either case you clearly "got past it" using XP & IE
Do you have XP firewall and/or popup blocker disabled, per chance?