Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[zh-cn] sync translated content #24635

Merged
merged 2 commits into from
Nov 21, 2024
Merged

[zh-cn] sync translated content #24635

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
c5b8c75
zh-cn: sync translated content
mdn-bot Nov 21, 2024
678d949
Accept-Charset HTTP header removed - not sent by any browser for many…
yin1999 Nov 21, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions files/zh-cn/_redirects.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2446,6 +2446,7 @@
/zh-CN/docs/Web/HTTP/HTTP请求方法 /zh-CN/docs/Web/HTTP/Methods
/zh-CN/docs/Web/HTTP/HTTP请求方法/GET /zh-CN/docs/Web/HTTP/Methods/GET
/zh-CN/docs/Web/HTTP/HTTP请求方法/POST /zh-CN/docs/Web/HTTP/Methods/POST
/zh-CN/docs/Web/HTTP/Headers/Accept-Charset /zh-CN/docs/Web/HTTP/Headers
/zh-CN/docs/Web/HTTP/Headers/Content-Security-Policy/require-sri-for /zh-CN/docs/Web/HTTP/Headers/Content-Security-Policy
/zh-CN/docs/Web/HTTP/Headers/Content-Security-Policy__by_cnvoid /zh-CN/docs/Web/HTTP/Headers/Content-Security-Policy
/zh-CN/docs/Web/HTTP/Headers/Content-Security-Policy__by_cnvoid/base-uri /zh-CN/docs/Web/HTTP/Headers/Content-Security-Policy/base-uri
Expand Down
4 changes: 0 additions & 4 deletions files/zh-cn/_wikihistory.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22640,10 +22640,6 @@
"modified": "2020-10-15T22:24:12.153Z",
"contributors": ["xuhui98"]
},
"Web/HTTP/Headers/Accept-Charset": {
"modified": "2020-10-15T21:50:53.082Z",
"contributors": ["shinken008", "Dorllen", "WayneCui", "xgqfrms-GitHub"]
},
"Web/HTTP/Headers/Accept-Encoding": {
"modified": "2020-10-15T21:53:10.909Z",
"contributors": [
Expand Down
26 changes: 17 additions & 9 deletions files/zh-cn/glossary/forbidden_header_name/index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,18 +2,25 @@
title: 禁止修改的标头
slug: Glossary/Forbidden_header_name
l10n:
sourceCommit: e72890bafe775a38620def9a74beda8cf9c47411
sourceCommit: 56cbe48e4426172461d9297523b68716922690e5
---

{{GlossarySidebar}}

**禁止修改的标头**指的是不能在代码中通过编程的方式进行修改的 [HTTP 标头](/zh-CN/docs/Web/HTTP/Headers),具体地,这是 HTTP **请求**标头名称(和{{Glossary("Forbidden response header name", "禁止修改的响应标头")}}形成对比)。

因为用户代理保留对此类标头的完全控制,所以它们被禁止修改。保留以 `Sec-` 开头的名称,以用于在使用 [fetch 算法](https://fetch.spec.whatwg.org/#concept-fetch)的请求中创建安全的新标头,这些 {{glossary("API")}} 授予开发人员对标头的控制权,例如:{{domxref("XMLHttpRequest")}}。
因为用户代理保留对此类标头的完全控制,所以它们被禁止修改。例如,{{HTTPHeader("Date")}} 标头是禁止修改的标头,因此代码无法设置消息的 `Date` 字段:

禁止修改的标头包括以 `Proxy-` 和 `Sec-` 开头的标头,以及下面列出的标头:
```js example-bad
fetch("https://httpbin.org/get", {
headers: {
Date: new Date().toUTCString(),
},
});
```

保留以 `Sec-` 开头的名称,以用于创建新的,不会受到授予开发者控制标头权限的 API(如 {{domxref("Window/fetch", "fetch()")}})的影响的标头。禁止修改的标头包括以 `Proxy-` 和 `Sec-` 开头的标头,以及下面列出的标头:

- {{HTTPHeader("Accept-Charset")}}
- {{HTTPHeader("Accept-Encoding")}}
- {{HTTPHeader("Access-Control-Request-Headers")}}
- {{HTTPHeader("Access-Control-Request-Method")}}
Expand All @@ -27,8 +34,8 @@ l10n:
- {{HTTPHeader("Host")}}
- {{HTTPHeader("Keep-Alive")}}
- {{HTTPHeader("Origin")}}
- `Proxy-`
- `Sec-`
- `Proxy-` 标头
- `Sec-` 标头
- {{HTTPHeader("Referer")}}
- {{HTTPHeader("TE")}}
- {{HTTPHeader("Trailer")}}
Expand All @@ -37,11 +44,12 @@ l10n:
- {{HTTPHeader("Via")}}

> [!NOTE]
> 根据[规范](https://fetch.spec.whatwg.org/#terminology-headers)中的禁止修改的标头列表(Firefox 43 中实现了它),{{HTTPHeader("User-Agent")}} 标头不再被禁止,现在可以设置在 Fetch 的 [Headers](/zh-CN/docs/Web/API/Headers) 对象中,或者通过 `XMLHttpRequest` 的 [setRequestHeader()](/zh-CN/docs/Web/API/XMLHttpRequest/setRequestHeader) 方法设置。但是,Chrome 会不做提示地从 Fetch 请求中丢弃这个标头(请参阅 [Chromium bug 571722](https://bugs.chromium.org/p/chromium/issues/detail?id=571722))。
> 根据[规范](https://fetch.spec.whatwg.org/#terminology-headers)中的禁止修改的标头列表(Firefox 43 中实现了它),{{HTTPHeader("User-Agent")}} 标头不再被禁止,现在可以设置在 Fetch 的 [Headers](/zh-CN/docs/Web/API/Headers) 对象中,或者通过 `XMLHttpRequest` 的 [setRequestHeader()](/zh-CN/docs/Web/API/XMLHttpRequest/setRequestHeader) 方法设置。但是,Chrome 会静默地从 Fetch 请求中丢弃这个标头(请参阅 [Chromium bug 571722](https://bugs.chromium.org/p/chromium/issues/detail?id=571722))。

> [!NOTE]
> 虽然[规范](https://fetch.spec.whatwg.org/#forbidden-request-header)中将 {{HTTPHeader("Referer")}} 标头列为禁止修改的标头,但是用户代理并没有完全对其进行控制,因此可以通过编程的方式修改此标头。例如,当使用 [`fetch()`](/zh-CN/docs/Web/API/fetch) 时,可以通过 [`referrer` 选项](/zh-CN/docs/Web/API/fetch#referrer)对 {{HTTPHeader("Referer")}} 标头进行编程修改。
> 虽然[规范](https://fetch.spec.whatwg.org/#forbidden-request-header)中将 {{HTTPHeader("Referer")}} 标头列为禁止修改的标头,但是用户代理并没有完全对其进行控制,因此可以通过编程的方式修改此标头。例如,当使用 [`fetch()`](/zh-CN/docs/Web/API/Window/fetch) 时,可以通过 [`referrer` 选项](/zh-CN/docs/Web/API/RequestInit#referrer)对 {{HTTPHeader("Referer")}} 标头进行编程修改。

## 参见

{{Glossary("Forbidden response header name", "禁止修改的响应标头")}}(术语表)
- 相关术语:
- {{Glossary("Forbidden response header name", "禁止修改的响应标头")}}
Loading