blob: b3b94b622355b1f53496f6555f4288348fe254ce (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
|
---
title: Upgrade-Insecure-Requests
slug: Web/HTTP/Headers/Upgrade-Insecure-Requests
tags:
- 升级机制
- 安全性
- 首部
translation_of: Web/HTTP/Headers/Upgrade-Insecure-Requests
---
<div>{{HTTPSidebar}}</div>
<p><strong><code>Upgrade-Insecure-Requests</code></strong> 是一个请求首部,用来向服务器端发送信号,表示客户端优先选择加密及带有身份验证的响应,并且它可以成功处理 {{CSP("upgrade-insecure-requests")}} <a href="/en-US/docs/Web/Security/CSP">CSP</a> 指令。</p>
<table class="properties">
<tbody>
<tr>
<th scope="row">Header type</th>
<td>{{Glossary("Request header")}}</td>
</tr>
<tr>
<th scope="row">{{Glossary("Forbidden header name")}}</th>
<td>no</td>
</tr>
</tbody>
</table>
<h2 id="语法">语法</h2>
<pre class="syntaxbox">Upgrade-Insecure-Requests: 1</pre>
<h2 id="示例">示例</h2>
<p>客户端向服务器端发送信号表示它支持 {{CSP("upgrade-insecure-requests")}} 的升级机制:</p>
<pre>GET / HTTP/1.1
Host: example.com
Upgrade-Insecure-Requests: 1</pre>
<p>服务器现在可以重定向到这个站点的安全版本。在响应中可以添加一个 {{HTTPHeader("Vary")}} 首部,这样的话,响应就不会被缓存服务器提供给不支持升级机制的客户端了。</p>
<pre>Location: https://example.com/
Vary: Upgrade-Insecure-Requests</pre>
<h2 id="规范">规范</h2>
<table class="standard-table">
<tbody>
<tr>
<th scope="col">Specification</th>
<th scope="col">Status</th>
<th scope="col">Comment</th>
</tr>
<tr>
<td>{{specName("Upgrade Insecure Requests", "#preference", "upgrade-insecure-requests")}}</td>
<td>{{Spec2('Upgrade Insecure Requests')}}</td>
<td>Initial definition.</td>
</tr>
</tbody>
</table>
<h2 id="浏览器兼容性">浏览器兼容性</h2>
<p>{{Compat("http.headers.Upgrade-Insecure-Requests")}}</p>
<h2 id="相关内容">相关内容</h2>
<ul>
<li>{{HTTPHeader("Content-Security-Policy")}}</li>
<li>CSP {{CSP("upgrade-insecure-requests")}} directive</li>
</ul>
|
