From 43a5cac2eff22c21071800e13bef12af9d3a37d0 Mon Sep 17 00:00:00 2001 From: Florian Merz Date: Thu, 11 Feb 2021 13:12:08 +0100 Subject: unslug zh-tw: move --- .../web/http/basics_of_http/data_uris/index.html | 128 +++++++++++++ files/zh-tw/web/http/data_uris/index.html | 128 ------------- .../web/http/server-side_access_control/index.html | 213 --------------------- files/zh-tw/web/http/status/418/index.html | 45 +++++ .../web/http/status/418_i_m_a_teapot/index.html | 45 ----- 5 files changed, 173 insertions(+), 386 deletions(-) create mode 100644 files/zh-tw/web/http/basics_of_http/data_uris/index.html delete mode 100644 files/zh-tw/web/http/data_uris/index.html delete mode 100644 files/zh-tw/web/http/server-side_access_control/index.html create mode 100644 files/zh-tw/web/http/status/418/index.html delete mode 100644 files/zh-tw/web/http/status/418_i_m_a_teapot/index.html (limited to 'files/zh-tw/web/http') diff --git a/files/zh-tw/web/http/basics_of_http/data_uris/index.html b/files/zh-tw/web/http/basics_of_http/data_uris/index.html new file mode 100644 index 0000000000..a8332c7cf3 --- /dev/null +++ b/files/zh-tw/web/http/basics_of_http/data_uris/index.html @@ -0,0 +1,128 @@ +--- +title: data URIs +slug: Web/HTTP/data_URIs +tags: + - Base64 + - Guide + - URI +translation_of: Web/HTTP/Basics_of_HTTP/Data_URIs +--- +

data URIs, 由 RFC 2397 文件定義, 允許作者在文件中嵌入檔案.

+ +

表達式

+ +

data URI 的表達式如下:

+ +
data:[<mediatype>][;base64],<data>
+
+ +

mediatype 為一 MIME type 字串,例如 JPEG 圖檔為「image/jpeg」,為非必要參數,若省略的話,默認值為「text/plain;charset=US-ASCII」。

+ +

If the data is textual, you can simply embed the text (using the appropriate entities or escapes based on the enclosing document's type). Otherwise, you can specify base64 to embed base64-encoded binary data.

+ +

範例

+ +
+
data:,Hello%2C%20World!
+
一個簡單的 text/plain data
+
data:text/plain;base64,SGVsbG8sIFdvcmxkIQ%3D%3D
+
同前者,但經過 base64 編碼。
+
data:text/html,%3Ch1%3EHello%2C%20World!%3C%2Fh1%3E
+
一 HTML 檔,內容為<h1>Hello, World</h1>
+
+ +

以 base64 格式編碼資料

+ +

在 Linux 和 Mac OS X 中,可以在終端機輸入下面的程式碼來進行編碼:

+ +
uuencode -m infile remotename
+
+ +

The infile parameter is the name of the file you wish to encode into base64 format, and remotename is the remote name for the file, which isn't actually used in data URLs.

+ +

輸出結果如下所示:

+ +
begin-base64 664 test
+YSBzbGlnaHRseSBsb25nZXIgdGVzdCBmb3IgdGV2ZXIK
+====
+
+ +

The data URI will use the encoded data after the initial header line.

+ +

JavaScript

+ +

請先閱讀文章《 Base64 encoding and decoding. 》。

+ +

轉換 nsIFile 至data URI

+ +

This function returns a base 64-encoded data URI from the passed nsIFile.

+ +
function generateDataURI(file) {
+  var contentType = Components.classes["@mozilla.org/mime;1"]
+                              .getService(Components.interfaces.nsIMIMEService)
+                              .getTypeFromFile(file);
+  var inputStream = Components.classes["@mozilla.org/network/file-input-stream;1"]
+                              .createInstance(Components.interfaces.nsIFileInputStream);
+  inputStream.init(file, 0x01, 0600, 0);
+  var stream = Components.classes["@mozilla.org/binaryinputstream;1"]
+                         .createInstance(Components.interfaces.nsIBinaryInputStream);
+  stream.setInputStream(inputStream);
+  var encoded = btoa(stream.readBytes(stream.available()));
+  return "data:" + contentType + ";base64," + encoded;
+}
+
+ +

安全

+ +
+

Note: Prior to {{Gecko("6.0")}}, data URIs inherited the security context of the page currently in the browser window if the user enters a data URI into the location bar. Now data URIs get a new, empty, security context.

+
+ +

常見的問題

+ +

以下列舉幾個再使用 data URIs 時常遇到的問題.

+ +
+
表達式
+
data URIs 的格式十分簡單, 但是我們容易忘記在 "data" 區塊前面使用逗號, 或是不正確的將資料轉換為 base64 的格式.
+
在HTML 的格式
+
A data URI provides a file within a file, which can potentially be very wide relative to the width of the enclosing document. As a URL, the data should be formatable with whitespace (linefeed, tab, or spaces), but there are practical issues that arise when using base64 encoding.
+
長度限制
+
Although Mozilla supports data URIs of essentially unlimited length, browsers are not required to support any particular maximum length of data. For example, the Opera 11 browser limits data URIs to around 65000 characters.
+
缺乏錯誤處理
+
Invalid parameters in media, or typos when specifying "base64", are ignored, but no error is provided.
+
未支援 query 字串, etc.
+
+

The data portion of a data URI is opaque, so an attempt to use a query string (page-specific parameters, with the syntax <url>?parameter-data) with a data URI will just include the query string in the data the URI represents. For example:

+ +
data:text/html,lots of text...<p><a name%3D"bottom">bottom</a>?arg=val
+
+ +

This represents an HTML resource whose contents are:

+ +
lots of text...<p><a name="bottom">bottom</a>?arg=val
+
+ +

Note: as of Firefox 6, fragments (anchors) are processed consistent with other URI schemes, thus a bare "#" in the content needs to be escaped as '%23'.

+
+
+ +

瀏覽器的支援

+ +

The data scheme is supported by Opera 7.20 and above, as well as Safari and Konqueror. Internet Explorer 7 and below, however, do not currently support it. Internet Explorer 8 and above only supports data URIs for images in CSS, <link>, and <img>.

+ +

參見

+ + + +

資源

+ + diff --git a/files/zh-tw/web/http/data_uris/index.html b/files/zh-tw/web/http/data_uris/index.html deleted file mode 100644 index a8332c7cf3..0000000000 --- a/files/zh-tw/web/http/data_uris/index.html +++ /dev/null @@ -1,128 +0,0 @@ ---- -title: data URIs -slug: Web/HTTP/data_URIs -tags: - - Base64 - - Guide - - URI -translation_of: Web/HTTP/Basics_of_HTTP/Data_URIs ---- -

data URIs, 由 RFC 2397 文件定義, 允許作者在文件中嵌入檔案.

- -

表達式

- -

data URI 的表達式如下:

- -
data:[<mediatype>][;base64],<data>
-
- -

mediatype 為一 MIME type 字串,例如 JPEG 圖檔為「image/jpeg」,為非必要參數,若省略的話,默認值為「text/plain;charset=US-ASCII」。

- -

If the data is textual, you can simply embed the text (using the appropriate entities or escapes based on the enclosing document's type). Otherwise, you can specify base64 to embed base64-encoded binary data.

- -

範例

- -
-
data:,Hello%2C%20World!
-
一個簡單的 text/plain data
-
data:text/plain;base64,SGVsbG8sIFdvcmxkIQ%3D%3D
-
同前者,但經過 base64 編碼。
-
data:text/html,%3Ch1%3EHello%2C%20World!%3C%2Fh1%3E
-
一 HTML 檔,內容為<h1>Hello, World</h1>
-
- -

以 base64 格式編碼資料

- -

在 Linux 和 Mac OS X 中,可以在終端機輸入下面的程式碼來進行編碼:

- -
uuencode -m infile remotename
-
- -

The infile parameter is the name of the file you wish to encode into base64 format, and remotename is the remote name for the file, which isn't actually used in data URLs.

- -

輸出結果如下所示:

- -
begin-base64 664 test
-YSBzbGlnaHRseSBsb25nZXIgdGVzdCBmb3IgdGV2ZXIK
-====
-
- -

The data URI will use the encoded data after the initial header line.

- -

JavaScript

- -

請先閱讀文章《 Base64 encoding and decoding. 》。

- -

轉換 nsIFile 至data URI

- -

This function returns a base 64-encoded data URI from the passed nsIFile.

- -
function generateDataURI(file) {
-  var contentType = Components.classes["@mozilla.org/mime;1"]
-                              .getService(Components.interfaces.nsIMIMEService)
-                              .getTypeFromFile(file);
-  var inputStream = Components.classes["@mozilla.org/network/file-input-stream;1"]
-                              .createInstance(Components.interfaces.nsIFileInputStream);
-  inputStream.init(file, 0x01, 0600, 0);
-  var stream = Components.classes["@mozilla.org/binaryinputstream;1"]
-                         .createInstance(Components.interfaces.nsIBinaryInputStream);
-  stream.setInputStream(inputStream);
-  var encoded = btoa(stream.readBytes(stream.available()));
-  return "data:" + contentType + ";base64," + encoded;
-}
-
- -

安全

- -
-

Note: Prior to {{Gecko("6.0")}}, data URIs inherited the security context of the page currently in the browser window if the user enters a data URI into the location bar. Now data URIs get a new, empty, security context.

-
- -

常見的問題

- -

以下列舉幾個再使用 data URIs 時常遇到的問題.

- -
-
表達式
-
data URIs 的格式十分簡單, 但是我們容易忘記在 "data" 區塊前面使用逗號, 或是不正確的將資料轉換為 base64 的格式.
-
在HTML 的格式
-
A data URI provides a file within a file, which can potentially be very wide relative to the width of the enclosing document. As a URL, the data should be formatable with whitespace (linefeed, tab, or spaces), but there are practical issues that arise when using base64 encoding.
-
長度限制
-
Although Mozilla supports data URIs of essentially unlimited length, browsers are not required to support any particular maximum length of data. For example, the Opera 11 browser limits data URIs to around 65000 characters.
-
缺乏錯誤處理
-
Invalid parameters in media, or typos when specifying "base64", are ignored, but no error is provided.
-
未支援 query 字串, etc.
-
-

The data portion of a data URI is opaque, so an attempt to use a query string (page-specific parameters, with the syntax <url>?parameter-data) with a data URI will just include the query string in the data the URI represents. For example:

- -
data:text/html,lots of text...<p><a name%3D"bottom">bottom</a>?arg=val
-
- -

This represents an HTML resource whose contents are:

- -
lots of text...<p><a name="bottom">bottom</a>?arg=val
-
- -

Note: as of Firefox 6, fragments (anchors) are processed consistent with other URI schemes, thus a bare "#" in the content needs to be escaped as '%23'.

-
-
- -

瀏覽器的支援

- -

The data scheme is supported by Opera 7.20 and above, as well as Safari and Konqueror. Internet Explorer 7 and below, however, do not currently support it. Internet Explorer 8 and above only supports data URIs for images in CSS, <link>, and <img>.

- -

參見

- - - -

資源

- - diff --git a/files/zh-tw/web/http/server-side_access_control/index.html b/files/zh-tw/web/http/server-side_access_control/index.html deleted file mode 100644 index 29ba4ef791..0000000000 --- a/files/zh-tw/web/http/server-side_access_control/index.html +++ /dev/null @@ -1,213 +0,0 @@ ---- -title: 伺服器端存取控制(CORS) -slug: Web/HTTP/Server-Side_Access_Control -translation_of: Web/HTTP/CORS -translation_of_original: Web/HTTP/Server-Side_Access_Control ---- -

存取控制系統是執行授權識別、認證、存取核可的實體,也負責透過登入來進行驗證,包含密碼、個人身份識別碼(personal identification numbers,PINs)、生物辨識掃描,以及物理或電子的金鑰。

- -

存取控制是用於規範計算環境之資源可供哪些人或單位觀看、使用的一種安全技術。

- -

{{HTTPSidebar}}

- -

瀏覽器透過 {{domxref("XMLHttpRequest")}} 或 Fetch API 所發起的跨網域請求(cross-site request),會在寄送時使用特定的 HTTP 標頭。同樣的,由伺服器回傳的跨網域回應(cross-site response)中也能看到特定的 HTTP 標頭。關於這些特定標頭的簡介,包括使用 JavaScript 發起請求與處理來自伺服器回應的範例以及每一個標頭的討論,可以在 HTTP 存取控制(CORS)一文中找到,並應該搭配本文一起閱讀。這篇文章包含使用 PHP 處理存取控制請求與建立存取控制回應。本文的目標讀者為伺服器端程式設計師或管理員。僅管本篇範例使用的是 PHP,但類似的概念也適用於 ASP.net、Perl、Python、Java 等等其他語言;一般來說,這些概念也能套用在任何處理 HTTP 請求及動態建立 HTTP 回應的伺服器端程式環境中。

- -

HTTP 標頭討論

- -

討論到同時涵蓋客戶端及伺服器端使用的 HTTP 標頭的文章在此,建議先閱讀該篇文章。

- -

可執行的程式碼範例

- -

隨後章節的 PHP 程式碼片段(以及 JavaScript 呼叫伺服器)可以在這裡取得。這些程式在實作了跨網域 {{domxref("XMLHttpRequest")}} 的瀏覽器中都可以運作。

- -

簡單跨網域請求

- -

簡單存取控制請求會在以下情況下被建立發起:

- - - -

在此情況下,回傳回應需要考慮以下條件:

- - - -

在 HTTP 存取控制(CORS)一文的簡單存取控制請求章節示範了客戶端與伺服器端之間標頭的交流。下面是一個處理簡單請求的 PHP 程式碼片段:

- -
<?php
-
-// 我們僅授權讓 arunranga.com 網域來存取資源
-// 因為我們認為該網域存取本 application/xml 資源是安全的
-
-if($_SERVER['HTTP_ORIGIN'] == "http://arunranga.com") {
-    header('Access-Control-Allow-Origin: http://arunranga.com');
-    header('Content-type: application/xml');
-    readfile('arunerDotNetResource.xml');
-} else {
-  header('Content-Type: text/html');
-  echo "<html>";
-  echo "<head>";
-  echo "   <title>Another Resource</title>";
-  echo "</head>";
-  echo "<body>",
-       "<p>This resource behaves two-fold:";
-  echo "<ul>",
-         "<li>If accessed from <code>http://arunranga.com</code> it returns an XML document</li>";
-  echo   "<li>If accessed from any other origin including from simply typing in the URL into the browser's address bar,";
-  echo   "you get this HTML document</li>",
-       "</ul>",
-     "</body>",
-   "</html>";
-}
-?>
-
- -

以上的程式會檢查由瀏覽器所送出之請求的 {{HTTPHeader("Origin")}} 標頭(透過取得 $_SERVER['HTTP_ORIGIN'])是否為「http://arunranga.com」。若相符,則回傳之回應中加入 {{HTTPHeader("Access-Control-Allow-Origin")}}: http://arunranga.com 標頭值。這個範例可以在這裡看到執行的情形

- -

預檢請求

- -

預檢存取控制請求在以下情況下發起:

- - - -

在 HTTP 存取控制(CORS)一文的預檢存取控制請求章節示範了客戶端與伺服器端之間標頭的交流。一個伺服器資源要回應預檢(preflighted)請求必須能夠進行以下的判斷:

- - - -

下面是一個使用 PHP 實作之處理預檢請求的範例:

- -
<?php
-
-if($_SERVER['REQUEST_METHOD'] == "GET") {
-
-  header('Content-Type: text/plain');
-  echo "This HTTP resource is designed to handle POSTed XML input";
-  echo "from arunranga.com and not be retrieved with GET";
-
-} elseif($_SERVER['REQUEST_METHOD'] == "OPTIONS") {
-  // 告訴客戶端我們支援來自 arunranga.com 的呼叫
-  // 以及這個預檢請求的有效期限僅有 20 天
-
-  if($_SERVER['HTTP_ORIGIN'] == "http://arunranga.com") {
-    header('Access-Control-Allow-Origin: http://arunranga.com');
-    header('Access-Control-Allow-Methods: POST, GET, OPTIONS');
-    header('Access-Control-Allow-Headers: X-PINGARUNER');
-    header('Access-Control-Max-Age: 1728000');
-    header("Content-Length: 0");
-    header("Content-Type: text/plain");
-    //exit(0);
-  } else {
-    header("HTTP/1.1 403 Access Forbidden");
-    header("Content-Type: text/plain");
-    echo "You cannot repeat this request";
-  }
-
-} elseif($_SERVER['REQUEST_METHOD'] == "POST") {
-  // 處理 POST 請求,第一步為取得 POST 請求中 blob 型態的 XML
-  // 並且對其做一些處理,再傳送結果給客戶端
-
-  if($_SERVER['HTTP_ORIGIN'] == "http://arunranga.com") {
-    $postData = file_get_contents('php://input');
-    $document = simplexml_load_string($postData);
-
-    // 對 POST 請求的資料做一些處理
-
-    $ping = $_SERVER['HTTP_X_PINGARUNER'];
-
-    header('Access-Control-Allow-Origin: http://arunranga.com');
-    header('Content-Type: text/plain');
-    echo // 在處理之後要回傳的一些回應字串
-  } else {
-    die("POSTing Only Allowed from arunranga.com");
-  }
-} else {
-    die("No Other Methods Allowed");
-}
-?>
-
- -

注意範例中在回應 {{HTTPMethod("OPTIONS")}} 預檢(preflighted)請求與回應 {{HTTPMethod("POST")}} 請求時都會回傳相對應的 HTTP 標頭值,因此一個伺服器資源可以處理預檢以及實際(actual)請求。在回應 OPTIONS 預檢請求之回應標頭中,伺服器告知客戶端可以使用 POST 方法發送實際(actual)請求,並且能於實際(actual)請求的 HTTP 標頭欄位中帶上 X-PINGARUNER 及其值。這個範例可以在這裡看到執行的情形

- -

身分驗證請求

- -

身分驗證存取控制請求——即請求可以附帶 Cookies 或 HTTP 認證(Authentication)訊息(並期望回應攜帶 Cookies)——可以是簡單預檢請求,根據請求使用之 HTTP 方法而定。

- -

簡單請求情境中,請求將會連同 Cookies 一起發送(例如當 withCredentials 旗標被設置於 {{domxref("XMLHttpRequest")}} 時)。假如伺服器以附帶了 {{HTTPHeader("Access-Control-Allow-Credentials")}}: true 標頭值的身分驗證回應來回傳,則回應會被客戶端接受並且可被用於網頁內容中。在預檢請求中,伺服器可以用 Access-Control-Allow-Credentials: true 標頭來回應 OPTIONS 預檢請求。

- -

以下為一些處理身分驗證請求的 PHP 程式片段:

- -
<?php
-
-if($_SERVER['REQUEST_METHOD'] == "GET") {
-  header('Access-Control-Allow-Origin: http://arunranga.com');
-  header('Access-Control-Allow-Credentials: true');
-  header('Cache-Control: no-cache');
-  header('Pragma: no-cache');
-  header('Content-Type: text/plain');
-
-  // 檢查有沒有 Cookie,若沒有則當作是第一次訪問
-  if (!isset($_COOKIE["pageAccess"])) {
-    setcookie("pageAccess", 1, time()+2592000);
-    echo 'I do not know you or anyone like you so I am going to';
-    echo 'mark you with a Cookie :-)';
-  } else {
-    $accesses = $_COOKIE['pageAccess'];
-    setcookie('pageAccess', ++$accesses, time()+2592000);
-    echo 'Hello -- I know you or something a lot like you!';
-    echo 'You have been to ', $_SERVER['SERVER_NAME'], ';
-    echo 'at least ', $accesses-1, ' time(s) before!';
-  }
-} elseif($_SERVER['REQUEST_METHOD'] == "OPTIONS") {
-  // 告訴客戶端這個預檢請求的有效期限僅有 20 天
-  if($_SERVER['HTTP_ORIGIN'] == "http://arunranga.com") {
-    header('Access-Control-Allow-Origin: http://arunranga.com');
-    header('Access-Control-Allow-Methods: GET, OPTIONS');
-    header('Access-Control-Allow-Credentials: true');
-    header('Access-Control-Max-Age: 1728000');
-    header("Content-Length: 0");
-    header("Content-Type: text/plain");
-  } else {
-    header("HTTP/1.1 403 Access Forbidden");
-    header("Content-Type: text/plain");
-    echo "You cannot repeat this request";
-  }
-} else {
-  die("This HTTP Resource can ONLY be accessed with GET or OPTIONS");
-}
-?>
-
- -

注意此範例中的身分驗證請求,其中的 Access-Control-Allow-Origin: 標頭值不得是萬用字元(wildcard)「*」。此標頭值必須為一個有效的的來源網域(origin domain)。以上的範例可以在這裡看到執行的情形

- -

Apache 範例

- -

限制存取某些 URI

- -

一個實用的訣竅是使用 Apache rewrite 環境變數(environment variable),並且讓 HTTP 標頭套用 Access-Control-Allow-* 至某些 URI。這相當有用,例如要限制跨來源(cross-origin)請求 GET /api(.*).json 為不帶身分驗證的請求:

- -
RewriteRule ^/api(.*)\.json$ /api$1.json [CORS=True]
-Header set Access-Control-Allow-Origin "*" env=CORS
-Header set Access-Control-Allow-Methods "GET" env=CORS
-Header set Access-Control-Allow-Credentials "false" env=CORS
-
- -

參見

- - diff --git a/files/zh-tw/web/http/status/418/index.html b/files/zh-tw/web/http/status/418/index.html new file mode 100644 index 0000000000..0f03f77c24 --- /dev/null +++ b/files/zh-tw/web/http/status/418/index.html @@ -0,0 +1,45 @@ +--- +title: 418 I'm a teapot +slug: Web/HTTP/Status/418_I_m_a_teapot +translation_of: Web/HTTP/Status/418 +--- +
{{HTTPSidebar}}
+ +

HTTP 418 I'm a teapot 用戶端錯誤碼表明了伺服器是個(永久性的)茶壺,所以拒絕煮咖啡。一個結合了咖啡與茶壺的壺子暫時沒咖啡的情境,應該回傳 503。這個錯誤是源自於 1998 與 2014 的愚人節玩笑「超文字咖啡壺控制協定」(Hyper Text Coffee Pot Control Protocol)。

+ +

狀態

+ +
418 I'm a teapot
+ +

規範

+ + + + + + + + + + + + + + + + + + +
規範標題
{{RFC("2324", "418 I'm a teapot" , "2.3.2")}}Hyper Text Coffee Pot Control Protocol (HTCPCP/1.0): Semantics and Content
{{RFC("7168", "418 I'm a teapot" , "2.3.3")}}The Hyper Text Coffee Pot Control Protocol for Tea Efflux Appliances (HTCPCP-TEA): Response Codes
+ +

瀏覽器相容性

+ + + +

{{Compat("http.status.418")}}

+ +

參見

+ + diff --git a/files/zh-tw/web/http/status/418_i_m_a_teapot/index.html b/files/zh-tw/web/http/status/418_i_m_a_teapot/index.html deleted file mode 100644 index 0f03f77c24..0000000000 --- a/files/zh-tw/web/http/status/418_i_m_a_teapot/index.html +++ /dev/null @@ -1,45 +0,0 @@ ---- -title: 418 I'm a teapot -slug: Web/HTTP/Status/418_I_m_a_teapot -translation_of: Web/HTTP/Status/418 ---- -
{{HTTPSidebar}}
- -

HTTP 418 I'm a teapot 用戶端錯誤碼表明了伺服器是個(永久性的)茶壺,所以拒絕煮咖啡。一個結合了咖啡與茶壺的壺子暫時沒咖啡的情境,應該回傳 503。這個錯誤是源自於 1998 與 2014 的愚人節玩笑「超文字咖啡壺控制協定」(Hyper Text Coffee Pot Control Protocol)。

- -

狀態

- -
418 I'm a teapot
- -

規範

- - - - - - - - - - - - - - - - - - -
規範標題
{{RFC("2324", "418 I'm a teapot" , "2.3.2")}}Hyper Text Coffee Pot Control Protocol (HTCPCP/1.0): Semantics and Content
{{RFC("7168", "418 I'm a teapot" , "2.3.3")}}The Hyper Text Coffee Pot Control Protocol for Tea Efflux Appliances (HTCPCP-TEA): Response Codes
- -

瀏覽器相容性

- - - -

{{Compat("http.status.418")}}

- -

參見

- - -- cgit v1.2.3-54-g00ecf