44 files changed, 0 insertions, 213 deletions

diff --git a/files/ru/web/http/авторизация/index.html b/files/ru/web/http/authentication/index.html
index 99228e7633..99228e7633 100644
--- a/files/ru/web/http/авторизация/index.html
+++ b/files/ru/web/http/authentication/index.html
diff --git a/files/ru/web/http/basics_of_http/identifying_resources_on_the_web_ru/index.html b/files/ru/web/http/basics_of_http/identifying_resources_on_the_web/index.html
index 2b52d642b2..2b52d642b2 100644
--- a/files/ru/web/http/basics_of_http/identifying_resources_on_the_web_ru/index.html
+++ b/files/ru/web/http/basics_of_http/identifying_resources_on_the_web/index.html
diff --git a/files/ru/web/http/кэширование/index.html b/files/ru/web/http/caching/index.html
index 8e472eb126..8e472eb126 100644
--- a/files/ru/web/http/кэширование/index.html
+++ b/files/ru/web/http/caching/index.html
diff --git a/files/ru/web/http/куки/index.html b/files/ru/web/http/cookies/index.html
index 154f05cdb0..154f05cdb0 100644
--- a/files/ru/web/http/куки/index.html
+++ b/files/ru/web/http/cookies/index.html
diff --git a/files/ru/web/http/заголовки/accept-charset/index.html b/files/ru/web/http/headers/accept-charset/index.html
index 97fb4f65e4..97fb4f65e4 100644
--- a/files/ru/web/http/заголовки/accept-charset/index.html
+++ b/files/ru/web/http/headers/accept-charset/index.html
diff --git a/files/ru/web/http/заголовки/accept-language/index.html b/files/ru/web/http/headers/accept-language/index.html
index 2e1cf9ae57..2e1cf9ae57 100644
--- a/files/ru/web/http/заголовки/accept-language/index.html
+++ b/files/ru/web/http/headers/accept-language/index.html
diff --git a/files/ru/web/http/заголовки/accept-patch/index.html b/files/ru/web/http/headers/accept-patch/index.html
index 2dfa99d0ac..2dfa99d0ac 100644
--- a/files/ru/web/http/заголовки/accept-patch/index.html
+++ b/files/ru/web/http/headers/accept-patch/index.html
diff --git a/files/ru/web/http/заголовки/accept-ranges/index.html b/files/ru/web/http/headers/accept-ranges/index.html
index 6637d01bbf..6637d01bbf 100644
--- a/files/ru/web/http/заголовки/accept-ranges/index.html
+++ b/files/ru/web/http/headers/accept-ranges/index.html
diff --git a/files/ru/web/http/заголовки/accept/index.html b/files/ru/web/http/headers/accept/index.html
index 69ab96233b..69ab96233b 100644
--- a/files/ru/web/http/заголовки/accept/index.html
+++ b/files/ru/web/http/headers/accept/index.html
diff --git a/files/ru/web/http/заголовки/access-control-allow-headers/index.html b/files/ru/web/http/headers/access-control-allow-headers/index.html
index d392143198..d392143198 100644
--- a/files/ru/web/http/заголовки/access-control-allow-headers/index.html
+++ b/files/ru/web/http/headers/access-control-allow-headers/index.html
diff --git a/files/ru/web/http/заголовки/access-control-allow-methods/index.html b/files/ru/web/http/headers/access-control-allow-methods/index.html
index d3917204bc..d3917204bc 100644
--- a/files/ru/web/http/заголовки/access-control-allow-methods/index.html
+++ b/files/ru/web/http/headers/access-control-allow-methods/index.html
diff --git a/files/ru/web/http/заголовки/access-control-allow-origin/index.html b/files/ru/web/http/headers/access-control-allow-origin/index.html
index 5dc5aa2b7c..5dc5aa2b7c 100644
--- a/files/ru/web/http/заголовки/access-control-allow-origin/index.html
+++ b/files/ru/web/http/headers/access-control-allow-origin/index.html
diff --git a/files/ru/web/http/заголовки/access-control-max-age/index.html b/files/ru/web/http/headers/access-control-max-age/index.html
index 0d5d63b8b0..0d5d63b8b0 100644
--- a/files/ru/web/http/заголовки/access-control-max-age/index.html
+++ b/files/ru/web/http/headers/access-control-max-age/index.html
diff --git a/files/ru/web/http/заголовки/authorization/index.html b/files/ru/web/http/headers/authorization/index.html
index 02679e19f1..02679e19f1 100644
--- a/files/ru/web/http/заголовки/authorization/index.html
+++ b/files/ru/web/http/headers/authorization/index.html
diff --git a/files/ru/web/http/заголовки/cache-control/index.html b/files/ru/web/http/headers/cache-control/index.html
index 4dd0c2de68..4dd0c2de68 100644
--- a/files/ru/web/http/заголовки/cache-control/index.html
+++ b/files/ru/web/http/headers/cache-control/index.html
diff --git a/files/ru/web/http/заголовки/connection/index.html b/files/ru/web/http/headers/connection/index.html
index 48a5a9dce5..48a5a9dce5 100644
--- a/files/ru/web/http/заголовки/connection/index.html
+++ b/files/ru/web/http/headers/connection/index.html
diff --git a/files/ru/web/http/заголовки/content-disposition/index.html b/files/ru/web/http/headers/content-disposition/index.html
index 406cc0720c..406cc0720c 100644
--- a/files/ru/web/http/заголовки/content-disposition/index.html
+++ b/files/ru/web/http/headers/content-disposition/index.html
diff --git a/files/ru/web/http/заголовки/content-encoding/index.html b/files/ru/web/http/headers/content-encoding/index.html
index 0f54a68395..0f54a68395 100644
--- a/files/ru/web/http/заголовки/content-encoding/index.html
+++ b/files/ru/web/http/headers/content-encoding/index.html
diff --git a/files/ru/web/http/заголовки/content-language/index.html b/files/ru/web/http/headers/content-language/index.html
index dfe3007fc9..dfe3007fc9 100644
--- a/files/ru/web/http/заголовки/content-language/index.html
+++ b/files/ru/web/http/headers/content-language/index.html
diff --git a/files/ru/web/http/заголовки/content-length/index.html b/files/ru/web/http/headers/content-length/index.html
index 0b2c087b65..0b2c087b65 100644
--- a/files/ru/web/http/заголовки/content-length/index.html
+++ b/files/ru/web/http/headers/content-length/index.html
diff --git a/files/ru/web/http/заголовки/content-type/index.html b/files/ru/web/http/headers/content-type/index.html
index a6900ebab3..a6900ebab3 100644
--- a/files/ru/web/http/заголовки/content-type/index.html
+++ b/files/ru/web/http/headers/content-type/index.html
diff --git a/files/ru/web/http/заголовки/date/index.html b/files/ru/web/http/headers/date/index.html
index 7dded6ea77..7dded6ea77 100644
--- a/files/ru/web/http/заголовки/date/index.html
+++ b/files/ru/web/http/headers/date/index.html
diff --git a/files/ru/web/http/заголовки/dnt/index.html b/files/ru/web/http/headers/dnt/index.html
index a4e7f56864..a4e7f56864 100644
--- a/files/ru/web/http/заголовки/dnt/index.html
+++ b/files/ru/web/http/headers/dnt/index.html
diff --git a/files/ru/web/http/заголовки/etag/index.html b/files/ru/web/http/headers/etag/index.html
index f64994ee97..f64994ee97 100644
--- a/files/ru/web/http/заголовки/etag/index.html
+++ b/files/ru/web/http/headers/etag/index.html
diff --git a/files/ru/web/http/заголовки/expect/index.html b/files/ru/web/http/headers/expect/index.html
index 80a785befa..80a785befa 100644
--- a/files/ru/web/http/заголовки/expect/index.html
+++ b/files/ru/web/http/headers/expect/index.html
diff --git a/files/ru/web/http/заголовки/expires/index.html b/files/ru/web/http/headers/expires/index.html
index 2d946f0724..2d946f0724 100644
--- a/files/ru/web/http/заголовки/expires/index.html
+++ b/files/ru/web/http/headers/expires/index.html
diff --git a/files/ru/web/http/заголовки/host/index.html b/files/ru/web/http/headers/host/index.html
index 4b99e7233c..4b99e7233c 100644
--- a/files/ru/web/http/заголовки/host/index.html
+++ b/files/ru/web/http/headers/host/index.html
diff --git a/files/ru/web/http/заголовки/if-match/index.html b/files/ru/web/http/headers/if-match/index.html
index e2c403a90f..e2c403a90f 100644
--- a/files/ru/web/http/заголовки/if-match/index.html
+++ b/files/ru/web/http/headers/if-match/index.html
diff --git a/files/ru/web/http/заголовки/if-modified-since/index.html b/files/ru/web/http/headers/if-modified-since/index.html
index 28769b20ae..28769b20ae 100644
--- a/files/ru/web/http/заголовки/if-modified-since/index.html
+++ b/files/ru/web/http/headers/if-modified-since/index.html
diff --git a/files/ru/web/http/заголовки/if-unmodified-since/index.html b/files/ru/web/http/headers/if-unmodified-since/index.html
index c451f97a4d..c451f97a4d 100644
--- a/files/ru/web/http/заголовки/if-unmodified-since/index.html
+++ b/files/ru/web/http/headers/if-unmodified-since/index.html
diff --git a/files/ru/web/http/заголовки/index.html b/files/ru/web/http/headers/index.html
index 41c24031f8..41c24031f8 100644
--- a/files/ru/web/http/заголовки/index.html
+++ b/files/ru/web/http/headers/index.html
diff --git a/files/ru/web/http/заголовки/last-modified/index.html b/files/ru/web/http/headers/last-modified/index.html
index e5d4b34510..e5d4b34510 100644
--- a/files/ru/web/http/заголовки/last-modified/index.html
+++ b/files/ru/web/http/headers/last-modified/index.html
diff --git a/files/ru/web/http/заголовки/origin/index.html b/files/ru/web/http/headers/origin/index.html
index 8b8ad319c7..8b8ad319c7 100644
--- a/files/ru/web/http/заголовки/origin/index.html
+++ b/files/ru/web/http/headers/origin/index.html
diff --git a/files/ru/web/http/заголовки/pragma/index.html b/files/ru/web/http/headers/pragma/index.html
index c53891dd44..c53891dd44 100644
--- a/files/ru/web/http/заголовки/pragma/index.html
+++ b/files/ru/web/http/headers/pragma/index.html
diff --git a/files/ru/web/http/заголовки/range/index.html b/files/ru/web/http/headers/range/index.html
index 62b6d34a86..62b6d34a86 100644
--- a/files/ru/web/http/заголовки/range/index.html
+++ b/files/ru/web/http/headers/range/index.html
diff --git a/files/ru/web/http/заголовки/referer/index.html b/files/ru/web/http/headers/referer/index.html
index 3ff8b8d51e..3ff8b8d51e 100644
--- a/files/ru/web/http/заголовки/referer/index.html
+++ b/files/ru/web/http/headers/referer/index.html
diff --git a/files/ru/web/http/заголовки/retry-after/index.html b/files/ru/web/http/headers/retry-after/index.html
index 7e37acd766..7e37acd766 100644
--- a/files/ru/web/http/заголовки/retry-after/index.html
+++ b/files/ru/web/http/headers/retry-after/index.html
diff --git a/files/ru/web/http/заголовки/set-cookie/index.html b/files/ru/web/http/headers/set-cookie/index.html
index d7822a1790..d7822a1790 100644
--- a/files/ru/web/http/заголовки/set-cookie/index.html
+++ b/files/ru/web/http/headers/set-cookie/index.html
diff --git a/files/ru/web/http/заголовки/strict-transport-security/index.html b/files/ru/web/http/headers/strict-transport-security/index.html
index c63308c97e..c63308c97e 100644
--- a/files/ru/web/http/заголовки/strict-transport-security/index.html
+++ b/files/ru/web/http/headers/strict-transport-security/index.html
diff --git a/files/ru/web/http/заголовки/vary/index.html b/files/ru/web/http/headers/vary/index.html
index a9bf3238e6..a9bf3238e6 100644
--- a/files/ru/web/http/заголовки/vary/index.html
+++ b/files/ru/web/http/headers/vary/index.html
diff --git a/files/ru/web/http/заголовки/x-content-type-options/index.html b/files/ru/web/http/headers/x-content-type-options/index.html
index 7a1762e662..7a1762e662 100644
--- a/files/ru/web/http/заголовки/x-content-type-options/index.html
+++ b/files/ru/web/http/headers/x-content-type-options/index.html
diff --git a/files/ru/web/http/заголовки/x-forwarded-for/index.html b/files/ru/web/http/headers/x-forwarded-for/index.html
index e44d3bd8da..e44d3bd8da 100644
--- a/files/ru/web/http/заголовки/x-forwarded-for/index.html
+++ b/files/ru/web/http/headers/x-forwarded-for/index.html
diff --git a/files/ru/web/http/заголовки/x-xss-protection/index.html b/files/ru/web/http/headers/x-xss-protection/index.html
index 847ec38972..847ec38972 100644
--- a/files/ru/web/http/заголовки/x-xss-protection/index.html
+++ b/files/ru/web/http/headers/x-xss-protection/index.html
diff --git a/files/ru/web/http/server-side_access_control/index.html b/files/ru/web/http/server-side_access_control/index.html
deleted file mode 100644
index c3d53cb730..0000000000
--- a/files/ru/web/http/server-side_access_control/index.html
+++ /dev/null
@@ -1,213 +0,0 @@
----
-title: Server-Side Access Control (CORS)
-slug: Web/HTTP/Server-Side_Access_Control
-translation_of: Web/HTTP/CORS
-translation_of_original: Web/HTTP/Server-Side_Access_Control
----
-<p>Системы контроля доступа производят идентификацию <a href="http://searchsoftwarequality.techtarget.com/definition/authorization">авторизации</a>, <a href="http://searchsecurity.techtarget.com/definition/authentication">аутентификацию</a>, подтверждение доступа и подотчетность сущностей с помощью учетных данных для входа, включая <a href="http://searchsecurity.techtarget.com/definition/password">пароль</a>, личный идентификационный номер (PINs), <a href="http://searchsecurity.techtarget.com/definition/biometrics">биометрическое</a> сканирование и физический или электронный ключ.</p>
-
-<p>Контроль доступа --- это техника безопасности, которую можно использовать для регулирования процессом того, кто или что может видеть или использовать ресурсы в вычислительном окружении.</p>
-
-<p>{{HTTPSidebar}}</p>
-
-<p>Для меж-сайтовых запросов, произведенных с помощью {{domxref("XMLHttpRequest")}} или <a href="/en-US/docs/Web/API/Fetch_API">Fetch API</a>, браузеры передают специальные <a href="/en-US/docs/Web/HTTP/Headers">HTTP заголовки</a>. Так же ожидаемо увидеть определенные HTTP заголовки, переданные обратно внутри меж-сайтового ответа. Обзор этих заголовков, включая примеры JavaScript кода, создающего запросы и обрабатывающего ответы от сервера, как и описание каждого из заголовков, <a class="internal" href="/en-US/docs/Web/HTTP/Access_control_CORS">может быть найден в статье HTTP Access Control (CORS)</a> и должен быть прочитан вместе с данной. Эта статья покрывает обработку <strong>Запросов контроля доступа</strong> и формулировку <strong>Ответов контроля доступа </strong>в PHP. Целевая аудитория для этой статьи ---  разработчики серверов и администраторы. Хотя примеры кода, приведенные тут, на PHP, подобная концепция применяется в ASP.net, Perl, Python, Java, etc.; в общем, эти концепции могут быть применены в любом сервером окружении, который обрабатывает HTTP запросы и динамически формирует HTTP ответы.</p>
-
-<h2 id="Discussion_of_HTTP_headers">Discussion of HTTP headers</h2>
-
-<p>The article <a class="internal" href="/en-US/docs/Web/HTTP/Access_control_CORS">covering the HTTP headers used by both clients and servers is here</a>, and should be considered prerequisite reading.</p>
-
-<h2 id="Working_code_samples">Working code samples</h2>
-
-<p>The PHP snippets (and the JavaScript invocations to the server) in subsequent sections are taken from <a class="external" href="http://arunranga.com/examples/access-control/">the working code samples posted here.</a> These will work in browsers that implement cross-site {{domxref("XMLHttpRequest")}}.</p>
-
-<h2 id="Simple_cross-site_requests">Simple cross-site requests</h2>
-
-<p><a class="internal" href="/en-US/docs/Web/HTTP/Access_control_CORS#Simple_requests">Simple Access Control Requests</a> are initiated when:</p>
-
-<ul>
- <li>An HTTP/1.1 {{HTTPMethod("GET")}} or a {{HTTPMethod("POST")}} is used as request method. In the case of a POST, the {{HTTPHeader("Content-Type")}} of the request body is one of <code>application/x-www-form-urlencoded</code>, <code>multipart/form-data</code>, or <code>text/plain.</code></li>
- <li>No custom headers are sent with the HTTP request (such as <code>X-Modified</code>, etc.)</li>
-</ul>
-
-<p>In this case, responses can be sent back based on some considerations.</p>
-
-<ul>
- <li>If the resource in question is meant to be widely accessed (just like any HTTP resource accessed by GET), then sending back the {{HTTPHeader("Access-Control-Allow-Origin")}}<code>: *</code> header will be sufficient, <strong>unless</strong> the resource needs credentials such as <a href="/en-US/docs/Web/HTTP/Cookies">Cookies</a> and HTTP Authentication information.</li>
- <li>If the resource should be kept restricted based on requester domain, <strong>OR</strong> if the resource needs to be accessed with credentials (or sets credentials), then filtering by the request's {{HTTPHeader("Origin")}} header may be necessary, or at least echoing back the requester's <code>Origin</code> (e.g. {{HTTPHeader("Access-Control-Allow-Origin")}}<code>: <a class="external" href="http://arunranga.com" rel="freelink">http://arunranga.com</a></code>).  Additionally, the {{HTTPHeader("Access-Control-Allow-Credentials")}}<code>: true</code> header will have to be sent. This is discussed in a <a class="internal" href="#Credentialed_Requests">subsequent section</a>.</li>
-</ul>
-
-<p>The section on <a class="internal" href="/en-US/docs/Web/HTTP/Access_control_CORS#Simple_requests">Simple Access Control Requests</a> shows you the header exchanges between client and server. Here is a PHP code segment that handles a Simple Request:</p>
-
-<pre class="brush: php">&lt;?php
-
-// We'll be granting access to only the arunranga.com domain
-// which we think is safe to access this resource as application/xml
-
-if($_SERVER['HTTP_ORIGIN'] == "http://arunranga.com") {
-    header('Access-Control-Allow-Origin: http://arunranga.com');
-    header('Content-type: application/xml');
-    readfile('arunerDotNetResource.xml');
-} else {
-  header('Content-Type: text/html');
-  echo "&lt;html&gt;";
-  echo "&lt;head&gt;";
-  echo "   &lt;title&gt;Another Resource&lt;/title&gt;";
-  echo "&lt;/head&gt;";
-  echo "&lt;body&gt;",
-       "&lt;p&gt;This resource behaves two-fold:";
-  echo "&lt;ul&gt;",
-         "&lt;li&gt;If accessed from &lt;code&gt;http://arunranga.com&lt;/code&gt; it returns an XML document&lt;/li&gt;";
-  echo   "&lt;li&gt;If accessed from any other origin including from simply typing in the URL into the browser's address bar,";
-  echo   "you get this HTML document&lt;/li&gt;",
-       "&lt;/ul&gt;",
-     "&lt;/body&gt;",
-   "&lt;/html&gt;";
-}
-?&gt;
-</pre>
-
-<p>The above checks to see if the {{HTTPHeader("Origin")}} header sent by the browser (obtained through $_SERVER['HTTP_ORIGIN']) matches '<a class="external" href="http://arunranga.com" rel="freelink">http://arunranga.com</a>'. If yes, it returns {{HTTPHeader("Access-Control-Allow-Origin")}}<code>: <a class="external" href="http://arunranga.com" rel="freelink">http://arunranga.com</a></code>. This example can be <a class="external" href="http://arunranga.com/examples/access-control/">seen running here</a>.</p>
-
-<h2 id="Preflighted_requests">Preflighted requests</h2>
-
-<p><a class="internal" href="/en-US/docs/Web/HTTP/Access_control_CORS#Preflighted_requests">Preflighted Access Control Requests</a> occur when:</p>
-
-<ul>
- <li>A method other than {{HTTPMethod("GET")}} or {{HTTPMethod("POST")}} is used, or if {{HTTPMethod("POST")}} is used with a {{HTTPHeader("Content-Type")}} <strong>other than</strong> one of <code>application/x-www-form-urlencoded</code>, <code>multipart/form-data</code>, or <code>text/plain</code>. For instance, if the <code>Content-Type</code> of the <code>POST</code> body is <code>application/xml</code>, a request is preflighted.</li>
- <li>A custom header (such as <code>X-PINGARUNER</code>) is sent with the request.</li>
-</ul>
-
-<p>The section on <a class="internal" href="/en-US/docs/Web/HTTP/Access_control_CORS#Preflighted_requests">Preflighted Access Control Requests</a> shows a header exchange between client and server. A server resource responding to a preflight requests needs to be able to make the following determinations:</p>
-
-<ul>
- <li>Filtration based on {{HTTPHeader("Origin")}}, if any at all.</li>
- <li>Response to an {{HTTPMethod("OPTIONS")}} request (which is the preflight request), including sending necessary values with {{HTTPHeader("Access-Control-Allow-Methods")}}, {{HTTPHeader("Access-Control-Allow-Headers")}} (if any additional headers are needed in order for the application to work), and, if credentials are necessary for this resource, {{HTTPHeader("Access-Control-Allow-Credentials")}}.</li>
- <li>Response to the actual request, including handling <code>POST</code> data, etc.</li>
-</ul>
-
-<p>Here is an example in PHP of handling a <a class="internal" href="/en-US/docs/Web/HTTP/Access_control_CORS#Preflighted_requests">preflighted request</a>:</p>
-
-<pre class="brush: php">&lt;?php
-
-if($_SERVER['REQUEST_METHOD'] == "GET") {
-
-  header('Content-Type: text/plain');
-  echo "This HTTP resource is designed to handle POSTed XML input";
-  echo "from arunranga.com and not be retrieved with GET";
-
-} elseif($_SERVER['REQUEST_METHOD'] == "OPTIONS") {
-  // Tell the Client we support invocations from arunranga.com and
-  // that this preflight holds good for only 20 days
-
-  if($_SERVER['HTTP_ORIGIN'] == "http://arunranga.com") {
-    header('Access-Control-Allow-Origin: http://arunranga.com');
-    header('Access-Control-Allow-Methods: POST, GET, OPTIONS');
-    header('Access-Control-Allow-Headers: X-PINGARUNER');
-    header('Access-Control-Max-Age: 1728000');
-    header("Content-Length: 0");
-    header("Content-Type: text/plain");
-    //exit(0);
-  } else {
-    header("HTTP/1.1 403 Access Forbidden");
-    header("Content-Type: text/plain");
-    echo "You cannot repeat this request";
-  }
-
-} elseif($_SERVER['REQUEST_METHOD'] == "POST") {
-  // Handle POST by first getting the XML POST blob,
-  // and then doing something to it, and then sending results to the client
-
-  if($_SERVER['HTTP_ORIGIN'] == "http://arunranga.com") {
-    $postData = file_get_contents('php://input');
-    $document = simplexml_load_string($postData);
-
-    // do something with POST data
-
-    $ping = $_SERVER['HTTP_X_PINGARUNER'];
-
-    header('Access-Control-Allow-Origin: http://arunranga.com');
-    header('Content-Type: text/plain');
-    echo // some string response after processing
-  } else {
-    die("POSTing Only Allowed from arunranga.com");
-  }
-} else {
-    die("No Other Methods Allowed");
-}
-?&gt;
-</pre>
-
-<p>Note the appropriate headers being sent back in response to the {{HTTPMethod("OPTIONS")}} preflight as well as to the {{HTTPMethod("POST")}} data. One resource thus handles the preflight as well as the actual request. In the response to the <code>OPTIONS</code> request, the server notifies the client that the actual request can indeed be made with the <code>POST</code> method, and header fields such as <code>X-PINGARUNER</code> can be sent with the actual request. This example can be <a class="external" href="http://arunranga.com/examples/access-control/">seen running here</a>.</p>
-
-<h2 id="Credentialed_requests">Credentialed requests</h2>
-
-<p><a class="internal" href="/en-US/docs/Web/HTTP/Access_control_CORS#Requests_with_credentials">Credentialed Access Control Requests</a> – that is, requests that are accompanied by <a href="/en-US/docs/Web/HTTP/Cookies">Cookies</a> or HTTP Authentication information (and which expect Cookies to be sent with responses) – can be either <a class="internal" href="/en-US/docs/Web/HTTP/Access_control_CORS#Simple_requests">Simple</a> or <a class="internal" href="/en-US/docs/Web/HTTP/Access_control_CORS#Preflighted_requests">Preflighted</a>, depending on the request methods used.</p>
-
-<p>In a <a class="internal" href="/en-US/docs/Web/HTTP/Access_control_CORS#Simple_requests">Simple Request</a> scenario, the request will be sent with Cookies (e.g. if the <code><a href="/en-US/docs/Web/API/XMLHttpRequest/withCredentials">withCredentials</a></code> flag is set on {{domxref("XMLHttpRequest")}}). If the server responds with {{HTTPHeader("Access-Control-Allow-Credentials")}}<code>: true</code> attached to the credentialed response, then the response is accepted by the client and exposed to web content. In a <a class="internal" href="/en-US/docs/Web/HTTP/Access_control_CORS#Preflighted_requests">Preflighted Request</a>, the server can respond with <code>Access-Control-Allow-Credentials: true</code> to the <code>OPTIONS</code> request.</p>
-
-<p>Here is some PHP that handles credentialed requests:</p>
-
-<pre class="brush: php">&lt;?php
-
-if($_SERVER['REQUEST_METHOD'] == "GET") {
-  header('Access-Control-Allow-Origin: http://arunranga.com');
-  header('Access-Control-Allow-Credentials: true');
-  header('Cache-Control: no-cache');
-  header('Pragma: no-cache');
-  header('Content-Type: text/plain');
-
-  // First See if There Is a Cookie
-  if (!isset($_COOKIE["pageAccess"])) {
-    setcookie("pageAccess", 1, time()+2592000);
-    echo 'I do not know you or anyone like you so I am going to';
-    echo 'mark you with a Cookie :-)';
-  } else {
-    $accesses = $_COOKIE['pageAccess'];
-    setcookie('pageAccess', ++$accesses, time()+2592000);
-    echo 'Hello -- I know you or something a lot like you!';
-    echo 'You have been to ', $_SERVER['SERVER_NAME'], ';
-    echo 'at least ', $accesses-1, ' time(s) before!';
-  }
-} elseif($_SERVER['REQUEST_METHOD'] == "OPTIONS") {
-  // Tell the Client this preflight holds good for only 20 days
-  if($_SERVER['HTTP_ORIGIN'] == "http://arunranga.com") {
-    header('Access-Control-Allow-Origin: http://arunranga.com');
-    header('Access-Control-Allow-Methods: GET, OPTIONS');
-    header('Access-Control-Allow-Credentials: true');
-    header('Access-Control-Max-Age: 1728000');
-    header("Content-Length: 0");
-    header("Content-Type: text/plain");
-  } else {
-    header("HTTP/1.1 403 Access Forbidden");
-    header("Content-Type: text/plain");
-    echo "You cannot repeat this request";
-  }
-} else {
-  die("This HTTP Resource can ONLY be accessed with GET or OPTIONS");
-}
-?&gt;
-</pre>
-
-<p>Note that in the case of credentialed requests, the <code>Access-Control-Allow-Origin:</code> header <strong>must not</strong> have a wildcard value of "*".  It <strong>must</strong> mention a valid origin domain. The example above can be seen <a class="external" href="http://arunranga.com/examples/access-control/">running here</a>.</p>
-
-<h2 id="Apache_examples">Apache examples</h2>
-
-<h3 id="Restrict_access_to_certain_URIs">Restrict access to certain URIs</h3>
-
-<p>One helpful trick is to use an Apache rewrite, environment variable, and headers to apply <code>Access-Control-Allow-*</code> to certain URIs. This is useful, for example, to constrain cross-origin requests to <code>GET /api(.*).json</code> requests without credentials:</p>
-
-<pre>RewriteRule ^/api(.*)\.json$ /api$1.json [CORS=True]
-Header set Access-Control-Allow-Origin "*" env=CORS
-Header set Access-Control-Allow-Methods "GET" env=CORS
-Header set Access-Control-Allow-Credentials "false" env=CORS
-</pre>
-
-<h2 id="See_also">See also</h2>
-
-<ul>
- <li><a class="external" href="http://arunranga.com/examples/access-control/">Examples of Access Control in Action</a></li>
- <li><a href="https://github.com/jackblackevo/cors-jsonp-sample">Client-Side &amp; Server-Side (Java) sample for Cross-Origin Resource Sharing (CORS)</a></li>
- <li><a class="internal" href="/en-US/docs/Web/HTTP/Access_control_CORS">HTTP Access Control covering the HTTP headers</a></li>
- <li>{{domxref("XMLHttpRequest")}}</li>
- <li><a href="/en-US/docs/Web/API/Fetch_API">Fetch API</a></li>
-</ul>