Microsoft KB Archive/313558

From BetaArchive Wiki

Article ID: 313558

Article Last Modified on 4/21/2006



APPLIES TO

  • Microsoft Internet Explorer (Programming)



This article was previously published under Q313558

SYMPTOMS

If you use Internet Explorer to browse to a Web site that contains a full privacy policy as defined by the Platform for Privacy Preferences (P3P) specification, and if your request goes through an HTTP proxy that requires authentication, your request for the privacy policy fails with the following error message:

Could not find a privacy policy for site name.

CAUSE

As section 2.4.3 of the P3P specification states, requests for policy reference files fall into a "safe zone." The P3P specification states that the client should transmit very minimal identifying information about the user. In particular, the specification states:

User agents MAY also wish to refrain from sending user agent information or cookies accepted in a previous session on 'safe zone' requests.


Internet Explorer abides by this recommendation and does not transmit authentication credentials to a server when it performs P3P policy reference requests. However, authenticating proxy servers do not abide by the safe zone recommendation and thus reject the attempt by Internet Explorer to request a policy reference without credentials.

RESOLUTION

There is no known workaround at this time. The suggestion by the World Wide Web Consortium (W3C) to put policies in a well-known location does not apply. A proxy requires verification for any file that is requested from the remote server, regardless of location.

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

MORE INFORMATION

Steps to Reproduce Behavior

NOTE: To reproduce this behavior, Internet Explorer must direct requests through a proxy that demands user authentication.

  1. Open Internet Explorer 6.0, and then browse to http://www.microsoft.com/. If your proxy server uses Windows NT Challenge/Response (NTLM) authentication, Internet Explorer automatically supplies your username and password; otherwise, Internet Explorer prompts you for this information.
  2. After the page appears, click Privacy Report on the View menu.
  3. A list of links that the page references appears. Click http://www.microsoft.com/, and then click Summary. The privacy policy for the Microsoft site does not appear, as you expect. Instead, you receive the following error message:

Could not find a privacy policy for http://www.microsoft.com/. To view this site's privacy policy, contact the Web site directly.

REFERENCES

For more information, refer to the following World Wide Web Consortium (W3C) Web site:

The Platform for Privacy Preferences 1.0 (P3P1.0) Specification
http://www.w3.org/TR/P3P/


For more information about developing Web-based solutions for Microsoft Internet Explorer, visit the following Microsoft Web sites:

Keywords: kbprb KB313558