[#11253] - P3P is dead - time to remove from Joomla 3.6+
- Closed
- 23 Jul 2016
- Medium
- Build: master
- # 11253
Joomla has always output a default P3P policy, in later Joomla versions this was configurable, and moved to a plugin that could be disabled/enabled
Globally, It has never been popular. Always controversial. And mainly used for bypassing IE quirks
It will soon be the 10th anniversary of the P3P Spec going final - maybe now is the time to finally remove it from Joomla forever? Discuss...
Wordpress/Drupal dont have P3P policy output by default ;-)
see: http://lorrie.cranor.org/blog/2012/12/03/p3p-is-dead-long-live-p3p/
see: http://stackoverflow.com/questions/389456/cookie-blocked-not-saved-in-iframe-in-internet-explorer
Facebook
P3P CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p" X-Frame-Options
The organization that established P3P, the World Wide Web Consortium, suspended its work on this standard several years ago because most modern web browsers don't fully support P3P. As a result, the P3P standard is now out of date and doesn't reflect technologies that are currently in use on the web, so most websites currently don't have P3P policies.
Google
P3P CP="This is not a P3P policy! See https://www.google.com/support/accounts/answer/151657?hl=en for more info."
Github, PayPal, EBay, Twitter have no Header with a P3P Policy at all..
BTW it is still supported by Edge (deprecated but still in use)
This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/11253.
The Platform for Privacy Preferences 1.0 (P3P 1.0) is obsolete in Windows 10 (Microsoft Edge and all modes of Internet Explorer 11 for Windows 10).
Support for P3P 1.0 has been removed in Windows 10 and will have minimal ongoing servicing for previous versions of Windows. Recommended practice is to avoid deploying P3P privacy policies on your site.
https://msdn.microsoft.com/en-us/library/mt146424(v=vs.85).aspx
I think that states Microsoft Developers point of view exactly and further cements the death of P3P
If people have no objections I'll raise a PR to remove it from Joomla.
Personally I dont see any problem with it being there(disabled by default) so that people who need to support old browsers etc in a corporate environment (yes I have set it up for a client). Not as if it creates a support or maintenance work load etc for joomla
This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/11253.
| Category | ⇒ | Plugins |
@PhilETaylor I agree but seems that PLT got different opinion: #4678
| Labels |
Added:
?
|
||
Maybe someone with some balls could actually make decisions in the Joomla project to move things forward instead of dragging historical baggage around for years to come... But I guess history will repeat itself...
I see no reason why this "plugin" cannot be removed, its already decoupled - inline with the published roadmap and direction for Joomla - and provided as a "core supported" plugin inline with the published roadmap (https://developer.joomla.org/cms/roadmap.html)
There is simply no reason for the bloat (ok so this feature is tiny...) of historical relics being distributed, albeit unpublished, with every download of Joomla and used in a fraction of a single percent of sites.
| Status | New | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2016-07-23 14:46:03 |
| Closed_By | ⇒ | PhilETaylor |
Status quo is easier than lifting a finger
I would be happy to PR it - however I wanted agreement before wasting my time... I disagree in speculative PRs... waste of my time and others time.
P3P is still used, speaicaly when you use iframes, the session can get reset in IE and Edge, Safari iOS if not present
what is your source for that?
Iirc isn't it disabled on new installs.