Community
Products
Confluence
Questions
How to specify P3P (Privacy Policy) for Confluence?

How to specify P3P (Privacy Policy) for Confluence?

Our authentication to Confluence is handled by our own SSO by using a session cookie. The SSO also control the authentication to the core system(s).

Now we're having an issue with cookies not being enforced properly with Internet Explorer, and we've identified that the problem is due to a lacking Privacy Policy (P3P). We are not implementing this for the SSO and Core systems (all running on IIS). But the story is somewhat different for Confluence.

Now, I've opened a question on Stackoverflow for this issue as it wasn't as easy as I first imagined: http://stackoverflow.com/questions/19855946/turkey-urlrewrite-filter-on-tomcat-will-not-set-p3p

I appreciate all the help I can get on this issue.

3 answers

1 accepted

0 votes

Answer accepted

I had a second look at the web.xml file for the urlrewrite entry. I found that Atlassian had added specific settings for the filter to kick in. So "my" rules never actually kicked in. I changed these to /* in server.xml:

&lt;filter-mapping&gt;
    &lt;filter-name&gt;UrlRewriteFilter&lt;/filter-name&gt;
    &lt;!--&lt;url-pattern&gt;/s/*&lt;/url-pattern&gt;--&gt;
    &lt;url-pattern&gt;/*&lt;/url-pattern&gt;
&lt;/filter-mapping&gt;

and added the following to urlrewrite.xml:

&lt;rule enabled="true"&gt;
     &lt;from&gt;.*&lt;/from&gt;
     &lt;set type="response-header" name="p3p"&gt;CP="NON DSP COR ADM OUR STP"&lt;/set&gt;
 &lt;/rule&gt;

Now I have to figure out Atlassians intention with the /s/* (I know what they do, but I do not know why they added this. Test installation seems to run just fine).

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Reply

0 votes

This did not work with me. When I edited web.xml the server failed to reastart

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Note that "my" version is 4.1.5.

If Confluence refuse to start it might be because there is some sort of spelling mistake in the change you did, either in server.xml or in urlrewrite.xml.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

My version is 5.1 and I did not edit the server.xml, I edited web.xml

I will try to edit the server.xml and see what happens

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

Reply

0 votes

Some more googling told me to implement this as follows:

1. For each directory that you want your Compact Policy header to be available from, you must create a file called '.htaccess' (without quotes). Note that the period at the beginning of the filename makes it invisible on your webserver. To view hidden files in an FTP session, add '-al' (without quotes) to the list command (for example: ls -al). Also note that it may be difficult to create a file named '.htaccess' on Windows systems. Instead, name the file 'htaccess', upload it and rename it to '.htaccess'. The .htaccess file will affect the directory it is placed in, and any subdirectories contained in it. Therefore, to apply you Compact Policy to an entire website, place an .htaccess file in your account's root directory.

2. The .htaccess file must contain a line which adds your Compact Policy header. The line should look like:
Header append P3P 'CP="[compact policy here]"'
Note the following:
The command is: Header append
P3P is the header name.
The rest is the header value.
Note the use of quotes in the above example. Single-quotes surround the entire
header value. Double-quotes surround the actual Compact Policy.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Reply

Suggest an answer

Log in or Sign up to answer

Was this helpful?

Thanks!

TAGS