Django -- CSRF Failure on IE for IFrame. No access to parent server headers for Policy Fix

I have a problem with CSRF validation failing on iframes in IE.

I've learned I can fix it if I have access to the parent page's server by adding certain headers, using information from this question. Unfortunately, I don't have access to the parent page (third party host platform), so this won't work.

The page in question is: http://yuchan.myshopify.com/collections/iphone-4-artist-series/products/custom-product

To replicate the problem, click on "Upload your art" (step 2) and try to upload something in IE. You should get a CSRF error.

I am going to disable CSRF protection, but I was curious what others thought of my sit开发者_StackOverflow中文版uation.

Thanks!

The problem occurs because IE don't accept cookies in iframes by default. You can fix that by setting proper headers:

response = render_to_response('mytemplate.html')
response["P3P"] = 'CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"'

You have some blog entry about that here: http://adamyoung.net/IE-Blocking-iFrame-Cookies .