novasky-zz/gist:694831b9ff1565e344d1a281b975fcf7

## gistfile1.txt
When I realized this was only happening in IE and Chrome, but not Firefox, it led me to the fix.
The app was using AddThis share buttons and the javascript was adding an iframe to the pages.
This issue is resolved by adding a P3P header to the VerifyCsrfToken Middleware. Hope this saves somebody the hours I lost.

<?php
public function handle($request, Closure $next)
{
    $response = $next($request);

    if (last(explode('\\',get_class($response))) != 'RedirectResponse') {
        $response->header('P3P', 'CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"');
    }

    return $response;
}
?>
	When I realized this was only happening in IE and Chrome, but not Firefox, it led me to the fix.
	The app was using AddThis share buttons and the javascript was adding an iframe to the pages.
	This issue is resolved by adding a P3P header to the VerifyCsrfToken Middleware. Hope this saves somebody the hours I lost.

	<?php
	public function handle($request, Closure $next)
	{
	$response = $next($request);

	if (last(explode('\\',get_class($response))) != 'RedirectResponse') {
	$response->header('P3P', 'CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"');
	}

	return $response;
	}
	?>