blob: b916ab3c4588570e339cf999becacc67e764bfc2 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
---
title: Simple response header
slug: Glossary/Simple_response_header
tags:
- Simple response header
translation_of: Glossary/Simple_response_header
---
<p>一个简单的响应头(或CORS安全列表的响应头)是一个 <a href="/en-US/docs/Web/HTTP/Headers">HTTP 头 </a>,它是以下之一:</p>
<ul>
<li>{{HTTPHeader("Cache-Control")}}</li>
<li>{{HTTPHeader("Content-Language")}}</li>
<li>{{HTTPHeader("Content-Type")}}</li>
<li>{{HTTPHeader("Expires")}}</li>
<li>{{HTTPHeader("Last-Modified")}}</li>
<li>{{HTTPHeader("Pragma")}}</li>
</ul>
<p>These headers will not be filtered when the response is filtered by CORS, they are considered as <em>safe</em> (as the headers listed in {{HTTPHeader("Access-Control-Expose-Headers")}}.</p>
<h2 id="Examples">Examples</h2>
<h3 id="Extending_the_safelist">Extending the safelist</h3>
<p>You can extend the list of CORS-safelisted response headers by using the {{HTTPHeader("Access-Control-Expose-Headers")}} header:</p>
<pre>Access-Control-Expose-Headers: X-Custom-Header, Content-Length</pre>
<h2 id="Learn_more">Learn more</h2>
<ul>
<li><a href="/en-US/docs/Web/HTTP">HTTP</a></li>
<li><a href="/en-US/docs/Web/HTTP/Headers">HTTP headers</a></li>
<li>{{HTTPHeader("Access-Control-Expose-Headers")}}</li>
<li>{{Glossary("CORS")}}</li>
<li>{{Glossary("Simple header")}}</li>
<li>{{Glossary("Forbidden header name")}}</li>
<li>{{Glossary("Request header")}}</li>
</ul>
|
