Category: Web Development

Safari’s iFrame cookie setting problem

Post author By yuval
Post date December 7, 2007

My current project is a Facebook application that runs as an iFrame ‘inside’ of a Facebook page.
We use a limited number of cookies to reduce the number of calls to Facebook and what we believe, increase the efficiency of the application.

Internet Explorer starting with version 6 requires entities using iFrames to send a header called p3p to describe the privacy policy of the page loaded inside the iFrame. This is a bit silly because Internet Explorer will trust whatever you send it and let the iFrame do whatever it needs to do with cookies. You can generate your own p3p header using these tools from IBM Alphaworks.

Safari, in an attempt to simplify matters, makes them much more complex. Its default security settings for cookies stipulate that the browser will accept cookies only from the sites that you navigate to. So if you navigate to facebook.com, any attempt to set a cookie from an iFrame that is not under the facebook.com domain will fail. Possible solutions:

Tell your users they must enable cookies to use your app. Still paranoid users will scoff as you are telling them to change security settings in their browsers
Use URL rewriting
Turn users of Safari away, telling them to use Firefox instead

Either way, Safari makes life that much less nicer.

RAD 7 – (Small) SNAFU Number Two (with solution)

Post author By yuval
Post date October 12, 2007

Class diagrams are great. RAD 7 has them and it generates and updates code based on them. Lovely.
The forward and reverse engineering capabilities, the works.
Now if you refactor the classes and change package names… then you’re in trouble. The class diagram is like, oblivious to the change and being unable to find the classes the diagram is based on it just chokes. So just be aware of this possible problem.

How to fix this:

Open the dnx class file with RAD’s XML editor.
Search for the term “srcfolder” – this is where the diagram looks for your source code
Do a replace all for the value srcfolder is set to – e.g. srcfolder=src%5B (the %5B stands for the URL encoded ‘]’ character – and set the replacement value to the new refactored package name – e.g. srcfolder=src/java%5B

Now open the diagram again using the DNX file viewer and voila – your diagram is back!

Tags Java, Rational Application Developer, XML

PHP Web Development

PHP: Headers cannot be sent or why is headers_sent() incorrect?

Post author By yuval
Post date July 21, 2007

Working with PHP, trying to warm up to PHP 5 with all its object-oriented glory, or at least step forward compared to PHP 4.

When you redirect browsers in PHP, you do it raw, without niceties of objects, by sending the HTTP header to the client with a call like:

header(“Location: “);

For some odd reason, this kept on failing, with an error message telling me that the header cannot be sent. Furthermore, PHP even told me through its header ‘detection’ method php headers_sent() that the headers were indeed sent.

Googled and found this article that infers that the issue may have something to do with file encoding. The file that was causing the issues for me was copied from a Windows machine (I am developing on a Linux VM now). It had the Windows line separators (\r\n). Apparently this made Apache and PHP on Linux very very uneasy and made them think that the headers were sent out.

Resolution: Copy the contents of the file to another file that was born on Unix and uses its line separators (\n). Ugly moments in coding.