diff options
| author | Peter Bengtsson <mail@peterbe.com> | 2020-12-08 14:40:17 -0500 |
|---|---|---|
| committer | Peter Bengtsson <mail@peterbe.com> | 2020-12-08 14:40:17 -0500 |
| commit | 33058f2b292b3a581333bdfb21b8f671898c5060 (patch) | |
| tree | 51c3e392513ec574331b2d3f85c394445ea803c6 /files/zh-cn/web/http/headers/access-control-allow-credentials | |
| parent | 8b66d724f7caf0157093fb09cfec8fbd0c6ad50a (diff) | |
| download | translated-content-33058f2b292b3a581333bdfb21b8f671898c5060.tar.gz translated-content-33058f2b292b3a581333bdfb21b8f671898c5060.tar.bz2 translated-content-33058f2b292b3a581333bdfb21b8f671898c5060.zip | |
initial commit
Diffstat (limited to 'files/zh-cn/web/http/headers/access-control-allow-credentials')
| -rw-r--r-- | files/zh-cn/web/http/headers/access-control-allow-credentials/index.html | 94 |
1 files changed, 94 insertions, 0 deletions
diff --git a/files/zh-cn/web/http/headers/access-control-allow-credentials/index.html b/files/zh-cn/web/http/headers/access-control-allow-credentials/index.html new file mode 100644 index 0000000000..7085ccb0f0 --- /dev/null +++ b/files/zh-cn/web/http/headers/access-control-allow-credentials/index.html @@ -0,0 +1,94 @@ +--- +title: Access-Control-Allow-Credentials +slug: Web/HTTP/Headers/Access-Control-Allow-Credentials +tags: + - CORS + - Reference + - header + - 响应头 + - 跨域 +translation_of: Web/HTTP/Headers/Access-Control-Allow-Credentials +--- +<div>{{HTTPSidebar}}</div> + +<p><strong><code>Access-Control-Allow-Credentials</code></strong> 响应头表示是否可以将对请求的响应暴露给页面。返回true则可以,其他值均不可以。</p> + +<p>Credentials可以是 cookies, authorization headers 或 TLS client certificates。</p> + +<p>当作为对预检请求的响应的一部分时,这能表示是否真正的请求可以使用credentials。注意简单的{{HTTPMethod("GET")}} 请求没有预检,所以若一个对资源的请求带了credentials,如果这个响应头没有随资源返回,响应就会被浏览器忽视,不会返回到web内容。</p> + +<p><code>Access-Control-Allow-Credentials</code> 头 工作中与{{domxref("XMLHttpRequest.withCredentials")}} 或Fetch API中的{{domxref("Request.Request()", "Request()")}} 构造器中的<code>credentials</code> 选项结合使用。Credentials必须在前后端都被配置(即the <code>Access-Control-Allow-Credentials</code> header 和 XHR 或Fetch request中都要配置)才能使带credentials的CORS请求成功。</p> + +<table class="properties"> + <tbody> + <tr> + <th scope="row">头部类型</th> + <td>{{Glossary("Response header")}}</td> + </tr> + <tr> + <th scope="row">{{Glossary("Forbidden header name")}}</th> + <td>no</td> + </tr> + </tbody> +</table> + +<h2 id="语法">语法</h2> + +<pre class="syntaxbox">Access-Control-Allow-Credentials: true +</pre> + +<h2 id="指令">指令</h2> + +<dl> + <dt>true</dt> + <dd>这个头的唯一有效值(区分大小写)。如果不需要credentials,相比将其设为false,请直接忽视这个头。</dd> +</dl> + +<h2 id="例子">例子</h2> + +<p>允许credentials:</p> + +<pre>Access-Control-Allow-Credentials: true</pre> + +<p>使用带credentials的 <a href="/en-US/docs/Web/API/XMLHttpRequest">XHR</a> :</p> + +<pre class="brush: js">var xhr = new XMLHttpRequest(); +xhr.open('GET', 'http://example.com/', true); +xhr.withCredentials = true; +xhr.send(null);</pre> + +<p>使用带credentials的 <a href="/en-US/docs/Web/API/Fetch_API">Fetch</a> :</p> + +<pre class="brush: js">fetch(url, { + credentials: 'include' +})</pre> + +<h2 id="规范">规范</h2> + +<table class="standard-table"> + <tbody> + <tr> + <th scope="col">规范</th> + <th scope="col">状态</th> + <th scope="col">注释</th> + </tr> + <tr> + <td>{{SpecName('Fetch','#http-access-control-allow-credentials', 'Access-Control-Allow-Credentials')}}</td> + <td>{{Spec2("Fetch")}}</td> + <td>Initial definition</td> + </tr> + </tbody> +</table> + +<h2 id="浏览器兼容性">浏览器兼容性</h2> + +<p class="hidden">The compatibility table in this page is generated from structured data. If you'd like to contribute to the data, please check out <a href="https://github.com/mdn/browser-compat-data">https://github.com/mdn/browser-compat-data</a> and send us a pull request.</p> + +<p>{{Compat("http/headers/access-control-allow-credentials")}}</p> + +<h2 id="查阅更多">查阅更多</h2> + +<ul> + <li>{{domxref("XMLHttpRequest.withCredentials")}}</li> + <li>{{domxref("Request.Request()", "Request()")}}</li> +</ul> |