From 33058f2b292b3a581333bdfb21b8f671898c5060 Mon Sep 17 00:00:00 2001
From: Peter Bengtsson <mail@peterbe.com>
Date: Tue, 8 Dec 2020 14:40:17 -0500
Subject: initial commit

---
 .../api/xmlhttprequest/withcredentials/index.html  | 103 +++++++++++++++++++++
 1 file changed, 103 insertions(+)
 create mode 100644 files/zh-cn/web/api/xmlhttprequest/withcredentials/index.html

(limited to 'files/zh-cn/web/api/xmlhttprequest/withcredentials')

diff --git a/files/zh-cn/web/api/xmlhttprequest/withcredentials/index.html b/files/zh-cn/web/api/xmlhttprequest/withcredentials/index.html
new file mode 100644
index 0000000000..d91fa7cc87
--- /dev/null
+++ b/files/zh-cn/web/api/xmlhttprequest/withcredentials/index.html
@@ -0,0 +1,103 @@
+---
+title: XMLHttpRequest.withCredentials
+slug: Web/API/XMLHttpRequest/withCredentials
+tags:
+  - AJAX
+  - XMLHttpRequest
+translation_of: Web/API/XMLHttpRequest/withCredentials
+---
+<p>{{APIRef('XMLHttpRequest')}}</p>
+
+<p><strong>XMLHttpRequest.withCredentials  </strong>属性是一个{{jsxref("Boolean")}}类型，它指示了是否该使用类似cookies,authorization headers(头部授权)或者TLS客户端证书这一类资格证书来创建一个跨站点访问控制（cross-site <code>Access-Control</code>）请求。在同一个站点下使用<code>withCredentials属性是无效的。</code></p>
+
+<p><code>此外，这个指示</code>也会被用做<code>响应中</code>cookies 被忽视的标示。默认值是false。</p>
+
+<p>如果在发送来自其他域的XMLHttpRequest请求之前，未设置<code>withCredentials</code> 为true，那么就不能为它自己的域设置cookie值。而通过设置<code>withCredentials</code> 为true获得的第三方cookies，将会依旧享受同源策略，因此不能被通过<a href="/en-US/docs/Web/API/Document/cookie">document.cookie</a>或者从头部相应请求的脚本等访问。</p>
+
+<div class="note">
+<p><strong>注:</strong> 永远不会影响到同源请求</p>
+</div>
+
+<div class="note">
+<p><strong>Note:</strong><strong> </strong>不同域下的<code>XmlHttpRequest</code> 响应，不论其<code>Access-Control-</code> header 设置什么值，都无法为它自身站点设置cookie值，除非它在请求之前将<code>withCredentials</code> 设为true。</p>
+</div>
+
+<h2 id="实例">实例</h2>
+
+<pre class="brush: js">var xhr = new XMLHttpRequest();
+xhr.open('GET', 'http://example.com/', true);
+xhr.withCredentials = true;
+xhr.send(null);</pre>
+
+<h2 id="详述">详述</h2>
+
+<table class="standard-table">
+ <tbody>
+  <tr>
+   <th scope="col">Specification</th>
+   <th scope="col">Status</th>
+   <th scope="col">Comment</th>
+  </tr>
+  <tr>
+   <td>{{SpecName('XMLHttpRequest', '#the-withcredentials-attribute')}}</td>
+   <td>{{Spec2('XMLHttpRequest')}}</td>
+   <td>WHATWG living standard</td>
+  </tr>
+ </tbody>
+</table>
+
+<h2 id="浏览器兼容性">浏览器兼容性</h2>
+
+<div>{{CompatibilityTable}}</div>
+
+<div id="compat-desktop">
+<table class="compat-table">
+ <tbody>
+  <tr>
+   <th>Feature</th>
+   <th>Chrome</th>
+   <th>Firefox (Gecko)</th>
+   <th>Internet Explorer</th>
+   <th>Opera</th>
+   <th>Safari (WebKit)</th>
+  </tr>
+  <tr>
+   <td>Basic support</td>
+   <td>{{CompatChrome(3)}}</td>
+   <td>{{CompatGeckoDesktop("1.9.1")}}<sup>[2]</sup></td>
+   <td>{{CompatIe(10)}}<sup>[1]</sup></td>
+   <td>{{CompatOpera(12)}}</td>
+   <td>{{CompatSafari("4")}}</td>
+  </tr>
+ </tbody>
+</table>
+</div>
+
+<div id="compat-mobile">
+<table class="compat-table">
+ <tbody>
+  <tr>
+   <th>Feature</th>
+   <th>Android</th>
+   <th>Chrome for Android</th>
+   <th>Firefox Mobile (Gecko)</th>
+   <th>IE Mobile</th>
+   <th>Opera Mobile</th>
+   <th>Safari Mobile</th>
+  </tr>
+  <tr>
+   <td>Basic support</td>
+   <td>{{CompatUnknown}}</td>
+   <td>{{CompatUnknown}}</td>
+   <td>{{CompatVersionUnknown}}<sup>[2]</sup></td>
+   <td>{{CompatUnknown}}</td>
+   <td>{{CompatUnknown}}</td>
+   <td>{{CompatUnknown}}</td>
+  </tr>
+ </tbody>
+</table>
+</div>
+
+<p>[1]IE8 和IE9通过使用  <a href="https://msdn.microsoft.com/en-us/library/cc288060%28VS.85%29.aspx">XDomainRequest</a> 支持跨域请求</p>
+
+<p>[2] 从 Gecko 11.0 (Firefox 11.0 / Thunderbird 11.0 / SeaMonkey 2.8)开始, Gecko 不允许在同步请求下使用<code>withCredentials</code> 属性.尝试这么做将会导致浏览器抛出 <code>NS_ERROR_DOM_INVALID_ACCESS_ERR</code> exception的错误.</p>
-- 
cgit v1.2.3-54-g00ecf