亚洲国产日韩欧美一区二区三区,精品亚洲国产成人av在线,国产99视频精品免视看7,99国产精品久久久久久久成人热,欧美日韩亚洲国产综合乱

directory search
Guides Access control CORS Authentication Browser detection using the user agent Caching Caching FAQ Compression Conditional requests Connection management in HTTP 1.x Content negotiation Content negotiation: List of default Accept values Cookies CSP Messages Overview Protocol upgrade mechanism Proxy servers and tunneling Proxy servers and tunneling: Proxy Auto-Configuration (PAC) file Public Key Pinning Range requests Redirections Resources and specifications Resources and URIs Response codes Server-Side Access Control Session Guides: Basics Basics of HTTP Choosing between www and non-www URLs Data URIs Evolution of HTTP Identifying resources on the Web MIME Types MIME types: Complete list of MIME types CSP Content-Security-Policy Content-Security-Policy-Report-Only CSP: base-uri CSP: block-all-mixed-content CSP: child-src CSP: connect-src CSP: default-src CSP: font-src CSP: form-action CSP: frame-ancestors CSP: frame-src CSP: img-src CSP: manifest-src CSP: media-src CSP: object-src CSP: plugin-types CSP: referrer CSP: report-uri CSP: require-sri-for CSP: sandbox CSP: script-src CSP: style-src CSP: upgrade-insecure-requests CSP: worker-src Headers Accept Accept-Charset Accept-Encoding Accept-Language Accept-Ranges Access-Control-Allow-Credentials Access-Control-Allow-Headers Access-Control-Allow-Methods Access-Control-Allow-Origin Access-Control-Expose-Headers Access-Control-Max-Age Access-Control-Request-Headers Access-Control-Request-Method Age Allow Authorization Cache-Control Connection Content-Disposition Content-Encoding Content-Language Content-Length Content-Location Content-Range Content-Type Cookie Cookie2 Date DNT ETag Expect Expires Forwarded From Headers Host If-Match If-Modified-Since If-None-Match If-Range If-Unmodified-Since Keep-Alive Large-Allocation Last-Modified Location Origin Pragma Proxy-Authenticate Proxy-Authorization Public-Key-Pins Public-Key-Pins-Report-Only Range Referer Referrer-Policy Retry-After Server Set-Cookie Set-Cookie2 SourceMap Strict-Transport-Security TE Tk Trailer Transfer-Encoding Upgrade-Insecure-Requests User-Agent User-Agent: Firefox Vary Via Warning WWW-Authenticate X-Content-Type-Options X-DNS-Prefetch-Control X-Forwarded-For X-Forwarded-Host X-Forwarded-Proto X-Frame-Options X-XSS-Protection Methods CONNECT DELETE GET HEAD Methods OPTIONS PATCH POST PUT Status 100 Continue 101 Switching Protocols 200 OK 201 Created 202 Accepted 203 Non-Authoritative Information 204 No Content 205 Reset Content 206 Partial Content 300 Multiple Choices 301 Moved Permanently 302 Found 303 See Other 304 Not Modified 307 Temporary Redirect 308 Permanent Redirect 400 Bad Request 401 Unauthorized 403 Forbidden 404 Not Found 405 Method Not Allowed 406 Not Acceptable 407 Proxy Authentication Required 408 Request Timeout 409 Conflict 410 Gone 411 Length Required 412 Precondition Failed 413 Payload Too Large 414 URI Too Long 415 Unsupported Media Type 416 Range Not Satisfiable 417 Expectation Failed 426 Upgrade Required 428 Precondition Required 429 Too Many Requests 431 Request Header Fields Too Large 451 Unavailable For Legal Reasons 500 Internal Server Error 501 Not Implemented 502 Bad Gateway 503 Service Unavailable 504 Gateway Timeout 505 HTTP Version Not Supported 511 Network Authentication Required Status
characters

所述Set-CookieHTTP 響應(yīng)報(bào)頭被用于從服務(wù)器向用戶代理發(fā)送 cookie。

有關(guān)更多信息,請(qǐng)參閱 HTTP cookie 指南。

Header type

Response header

Forbidden header name

no

句法

Set-Cookie: <cookie-name>=<cookie-value> Set-Cookie: <cookie-name>=<cookie-value>; Expires=<date>Set-Cookie: <cookie-name>=<cookie-value>; Max-Age=<non-zero-digit>Set-Cookie: <cookie-name>=<cookie-value>; Domain=<domain-value>Set-Cookie: <cookie-name>=<cookie-value>; Path=<path-value>Set-Cookie: <cookie-name>=<cookie-value>; Secure
Set-Cookie: <cookie-name>=<cookie-value>; HttpOnly

Set-Cookie: <cookie-name>=<cookie-value>; SameSite=Strict
Set-Cookie: <cookie-name>=<cookie-value>; SameSite=Lax// Multiple directives are also possible, for example:Set-Cookie: <cookie-name>=<cookie-value>; Domain=<domain-value>; Secure; HttpOnly

指令

<cookie-name>=<cookie-value>Cookie 以名稱 - 值對(duì)開(kāi)頭:

  • <cookie-name>可以是除控制字符(CTL),空格或制表符之外的任何US-ASCII字符。它也不能包含像下面這樣的分隔符:()<> @,; :\“/?= {}。

  • <cookie-value>可以有選擇地用雙引號(hào)設(shè)置,并且任何 US-ASCII 字符(不包括 CTL,空格,雙引號(hào),逗號(hào),分號(hào)和反斜線)都是允許的。編碼:許多實(shí)現(xiàn)在 cookie 值上執(zhí)行 URL 編碼,但不是每個(gè) RFC 規(guī)范都要求的。它確實(shí)有助于滿足 <cookie-value> 允許哪些字符被允許的要求。

  • __Secure-:名稱以__Secure-(破折號(hào)為前綴的一部分)開(kāi)頭的Cookie 必須使用該secure標(biāo)志進(jìn)行設(shè)置,并且必須來(lái)自安全頁(yè)面(HTTPS)。

  • __Host-:以名稱開(kāi)頭的 Cookie __Host-必須設(shè)置為secure標(biāo)志,必須來(lái)自安全頁(yè)面(HTTPS),不得指定域(因此不會(huì)發(fā)送到子域),路徑必須為“/”。

Expires=<date> Optional

作為 HTTP 日期時(shí)間戳的 cookie 的最大生存期。請(qǐng)參閱Date詳細(xì)格式。如果未指定,則 Cookie 將具有會(huì)話 cookie 的生存期會(huì)話在客戶端關(guān)閉時(shí)結(jié)束,意味著會(huì)話 cookie 將在此時(shí)被刪除。但是,許多 Web 瀏覽器都有一項(xiàng)稱為會(huì)話恢復(fù)的功能,可以保存所有選項(xiàng)卡,并在下次使用瀏覽器時(shí)讓它們恢復(fù)。 Cookies 也將出現(xiàn),就像您從未真正關(guān)閉瀏覽器一樣。

如果設(shè)置了到期日期,則設(shè)置的時(shí)間和日期與相關(guān) Cookie 的客戶端設(shè)置相關(guān),而不是服務(wù)器。

Max-Age = <非零數(shù)字>直到 Cookie 過(guò)期的可選秒數(shù)。一個(gè)或多個(gè)數(shù)字1到9.較舊的瀏覽器(ie6,ie7 和 ie8)不支持最大年齡。對(duì)于其他瀏覽器,如果(ExpiresMax-Age)都設(shè)置了,Max-Age將具有優(yōu)先權(quán)。域= <域值>可選指定將向其發(fā)送 cookie 的那些主機(jī)。如果未指定,則默認(rèn)為當(dāng)前文檔位置的主機(jī)部分(但不包括子域)。與之前的規(guī)范相反,域名中的前導(dǎo)點(diǎn)被忽略。如果指定了域,則始終包含子域。Path = <path-value>可選指示發(fā)送Cookie標(biāo)頭之前必須存在于請(qǐng)求的資源中的URL路徑。%x2F(“/”)字符被解釋為目錄分隔符,并且子目錄也將被匹配(例如 path = / docs,“/ docs”,“/ docs / Web /”或“/ docs / Web / HTTP“ 將全部匹配).Secure 可選只有在使用SSL和HTTPS協(xié)議進(jìn)行請(qǐng)求時(shí)才會(huì)將安全 cookie 發(fā)送到服務(wù)器。然而,

注意:不安全的網(wǎng)站(http:)不能使用“安全”指令設(shè)置 cookie(Chrome 52 +和Firefox 52+中的新增功能)。

HttpOnly 無(wú)法通過(guò) JavaScript 訪問(wèn)可選 HTTP ,HTTP cookie,通過(guò)此Document.cookie屬性XMLHttpRequestRequestAPI來(lái)緩解對(duì)跨站點(diǎn)腳本攻擊(XSS)的攻擊 .SameSite = Strict

SameSite=Lax Optional

允許服務(wù)器聲明 Cookie 不應(yīng)與跨站點(diǎn)請(qǐng)求一起發(fā)送,這為跨站點(diǎn)請(qǐng)求偽造攻擊(CSRF)提供了一些保護(hù)。

例子

會(huì)話 cookie

會(huì)話 cookie 將在客戶端關(guān)閉時(shí)被刪除。他們沒(méi)有指定ExpiresMax-Age指令。請(qǐng)注意,Web 瀏覽器通常會(huì)啟用會(huì)話恢復(fù)。

Set-Cookie: sessionid=38afes7a8; HttpOnly; Path=/

永久 cookie

永久性 cookies 不是在客戶關(guān)閉時(shí)到期,而是在特定日期(Expires)或特定時(shí)間長(zhǎng)度()后過(guò)期Max-Age。

Set-Cookie: id=a3fWa; Expires=Wed, 21 Oct 2015 07:28:00 GMT; Secure; HttpOnly

無(wú)效的網(wǎng)域

屬于不包含原始服務(wù)器的域的 cookie 應(yīng)該被用戶代理拒絕。如果以下 cookie 由托管在 originalcompany.com 上的服務(wù)器設(shè)置,則它將被拒絕。

Set-Cookie: qwerty=219ffwef9w0f; Domain=somecompany.co.uk; Path=/; Expires=Wed, 30 Aug 2019 00:00:00 GMT

Cookie 前綴

與前綴餅干名稱__Secure-__Host-可如果它們?cè)O(shè)置與只使用secure從安全(HTTPS)的起源指令。另外,帶__Host-前綴的 cookies  必須有一個(gè)“/”(整個(gè)主機(jī))的路徑,并且不能有域?qū)傩?。?duì)于不實(shí)施 cookie 前綴的客戶,您不能指望獲得這些額外保證,cookies 將始終被接受。

// Both accepted when from a secure origin (HTTPS)Set-Cookie: __Secure-ID=123; Secure; Domain=example.com
Set-Cookie: __Host-ID=123; Secure; Path=/// Rejected due to missing Secure directiveSet-Cookie: __Secure-id=1// Rejected due to the missing Path=/ directiveSet-Cookie: __Host-id=1; Secure// Rejected due to setting a domainSet-Cookie: __Host-id=1; Secure; Path=/; domain=example.com

產(chǎn)品規(guī)格

Specification

Title

RFC 6265, section 4.1: Set-Cookie

HTTP State Management Mechanism

RFC draft-ietf-httpbis-cookie-prefixes-00

Cookie Prefixes

RFC draft-ietf-httpbis-cookie-same-site-00

Same-Site Cookies

RFC draft-ietf-httpbis-cookie-alone-01

Strict Secure Cookies

瀏覽器兼容性

Feature

Chrome

Edge

Firefox

Internet Explorer

Opera

Safari

Basic Support

(Yes)

(Yes)

(Yes)

(Yes)

(Yes)

(Yes)

Max-Age

(Yes)

(Yes)

(Yes)

8.0

(Yes)

(Yes)

HttpOnly

1.0

(Yes)

3.0

9.0

11

5.0

Cookie prefixes

49

(Yes)

50

?

36

(Yes)

SameSite

51

No

No1

No

39

No

Feature

Android

Chrome for Android

Edge mobile

Firefox for Android

IE mobile

Opera Android

iOS Safari

Basic Support

(Yes)

(Yes)

(Yes)

(Yes)

(Yes)

(Yes)

(Yes)

Max-Age

(Yes)

(Yes)

(Yes)

(Yes)

(Yes)

(Yes)

(Yes)

HttpOnly

?

(Yes)

(Yes)

1.0

(Yes)

(Yes)

iOS 4

Cookie prefixes

?

49

(Yes)

50

?

36

(Yes)

SameSite

51

51

No

No1

No

39

No

  • 請(qǐng)參閱 Bugzilla.Compatibility 說(shuō)明中的錯(cuò)誤795346

  • 從 Chrome 52 和 Firefox 52 開(kāi)始,不安全的站點(diǎn)(http:)不能再使用“安全”指令來(lái)設(shè)置 cookie。

Previous article: Next article: