From 33058f2b292b3a581333bdfb21b8f671898c5060 Mon Sep 17 00:00:00 2001
From: Peter Bengtsson <mail@peterbe.com>
Date: Tue, 8 Dec 2020 14:40:17 -0500
Subject: initial commit

---
 .../access-control-allow-credentials/index.html    | 94 ++++++++++++++++++++++
 1 file changed, 94 insertions(+)
 create mode 100644 files/zh-cn/web/http/headers/access-control-allow-credentials/index.html

(limited to 'files/zh-cn/web/http/headers/access-control-allow-credentials')

diff --git a/files/zh-cn/web/http/headers/access-control-allow-credentials/index.html b/files/zh-cn/web/http/headers/access-control-allow-credentials/index.html
new file mode 100644
index 0000000000..7085ccb0f0
--- /dev/null
+++ b/files/zh-cn/web/http/headers/access-control-allow-credentials/index.html
@@ -0,0 +1,94 @@
+---
+title: Access-Control-Allow-Credentials
+slug: Web/HTTP/Headers/Access-Control-Allow-Credentials
+tags:
+  - CORS
+  - Reference
+  - header
+  - 响应头
+  - 跨域
+translation_of: Web/HTTP/Headers/Access-Control-Allow-Credentials
+---
+<div>{{HTTPSidebar}}</div>
+
+<p><strong><code>Access-Control-Allow-Credentials</code></strong> 响应头表示是否可以将对请求的响应暴露给页面。返回true则可以，其他值均不可以。</p>
+
+<p>Credentials可以是 cookies, authorization headers 或 TLS client certificates。</p>
+
+<p>当作为对预检请求的响应的一部分时，这能表示是否真正的请求可以使用credentials。注意简单的{{HTTPMethod("GET")}} 请求没有预检，所以若一个对资源的请求带了credentials，如果这个响应头没有随资源返回，响应就会被浏览器忽视，不会返回到web内容。</p>
+
+<p><code>Access-Control-Allow-Credentials</code> 头 工作中与{{domxref("XMLHttpRequest.withCredentials")}} 或Fetch API中的{{domxref("Request.Request()", "Request()")}} 构造器中的<code>credentials</code> 选项结合使用。Credentials必须在前后端都被配置（即the <code>Access-Control-Allow-Credentials</code> header 和 XHR 或Fetch request中都要配置）才能使带credentials的CORS请求成功。</p>
+
+<table class="properties">
+ <tbody>
+  <tr>
+   <th scope="row">头部类型</th>
+   <td>{{Glossary("Response header")}}</td>
+  </tr>
+  <tr>
+   <th scope="row">{{Glossary("Forbidden header name")}}</th>
+   <td>no</td>
+  </tr>
+ </tbody>
+</table>
+
+<h2 id="语法">语法</h2>
+
+<pre class="syntaxbox">Access-Control-Allow-Credentials: true
+</pre>
+
+<h2 id="指令">指令</h2>
+
+<dl>
+ <dt>true</dt>
+ <dd>这个头的唯一有效值（区分大小写）。如果不需要credentials，相比将其设为false，请直接忽视这个头。</dd>
+</dl>
+
+<h2 id="例子">例子</h2>
+
+<p>允许credentials:</p>
+
+<pre>Access-Control-Allow-Credentials: true</pre>
+
+<p>使用带credentials的 <a href="/en-US/docs/Web/API/XMLHttpRequest">XHR</a> ：</p>
+
+<pre class="brush: js">var xhr = new XMLHttpRequest();
+xhr.open('GET', 'http://example.com/', true);
+xhr.withCredentials = true;
+xhr.send(null);</pre>
+
+<p>使用带credentials的 <a href="/en-US/docs/Web/API/Fetch_API">Fetch</a> ：</p>
+
+<pre class="brush: js">fetch(url, {
+  credentials: 'include'
+})</pre>
+
+<h2 id="规范">规范</h2>
+
+<table class="standard-table">
+ <tbody>
+  <tr>
+   <th scope="col">规范</th>
+   <th scope="col">状态</th>
+   <th scope="col">注释</th>
+  </tr>
+  <tr>
+   <td>{{SpecName('Fetch','#http-access-control-allow-credentials', 'Access-Control-Allow-Credentials')}}</td>
+   <td>{{Spec2("Fetch")}}</td>
+   <td>Initial definition</td>
+  </tr>
+ </tbody>
+</table>
+
+<h2 id="浏览器兼容性">浏览器兼容性</h2>
+
+<p class="hidden">The compatibility table in this page is generated from structured data. If you'd like to contribute to the data, please check out <a href="https://github.com/mdn/browser-compat-data">https://github.com/mdn/browser-compat-data</a> and send us a pull request.</p>
+
+<p>{{Compat("http/headers/access-control-allow-credentials")}}</p>
+
+<h2 id="查阅更多">查阅更多</h2>
+
+<ul>
+ <li>{{domxref("XMLHttpRequest.withCredentials")}}</li>
+ <li>{{domxref("Request.Request()", "Request()")}}</li>
+</ul>
-- 
cgit v1.2.3-54-g00ecf