blob: e70f611ece795050912871eb3d8baea9d78a8186 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
---
title: XMLHttpRequest.withCredentials
slug: Web/API/XMLHttpRequest/withCredentials
translation_of: Web/API/XMLHttpRequest/withCredentials
---
<div>{{APIRef('XMLHttpRequest')}}</div>
<p><code><strong>XMLHttpRequest.withCredentials</strong></code> 屬性是一個 {{jsxref("Boolean")}} 型別,它指出無論是否使用 <code>Access-Control</code> 標頭在跨站的要求上,都應該使用像 Cookies、Authorization 標頭或 TLS 用戶端憑證來進行驗證。在相同來源的要求設定 <code>withCredentials</code> 沒有任何效果。</p>
<p>In addition, this flag is also used to indicate when cookies are to be ignored in the response. The default is <code>false</code>. <code>XMLHttpRequest</code> from a different domain cannot set cookie values for their own domain unless <code>withCredentials</code> is set to <code>true</code> before making the request. The third-party cookies obtained by setting <code>withCredentials</code> to true will still honor same-origin policy and hence can not be accessed by the requesting script through <a href="/en-US/docs/Web/API/Document/cookie">document.cookie</a> or from response headers.</p>
<div class="note">
<p><strong>Note:</strong> 永遠不會影響到同源請求。</p>
</div>
<div class="note">
<p><strong>Note:</strong><strong> </strong><code>XMLHttpRequest</code> responses from a different domain <em>cannot</em> set cookie values for their own domain unless <code>withCredentials</code> is set to <code>true</code> before making the request, regardless of <code>Access-Control-</code> header values. </p>
</div>
<h2 id="範例">範例</h2>
<pre class="brush: js">var xhr = new XMLHttpRequest();
xhr.open('GET', 'http://example.com/', true);
xhr.withCredentials = true;
xhr.send(null);</pre>
<h2 id="規格">規格</h2>
<table class="standard-table">
<tbody>
<tr>
<th scope="col">規格</th>
<th scope="col">狀態</th>
<th scope="col">備註</th>
</tr>
<tr>
<td>{{SpecName('XMLHttpRequest', '#the-withcredentials-attribute')}}</td>
<td>{{Spec2('XMLHttpRequest')}}</td>
<td>WHATWG living standard</td>
</tr>
</tbody>
</table>
<h2 id="瀏覽器相容性">瀏覽器相容性</h2>
<p>{{Compat("api.XMLHttpRequest.withCredentials")}}</p>
|
