WWW-Authenticate

 HTTP WWW-Authenticate 响应头定义了使用何种验证方式去获取对资源的连接。

WWW-Authenticate header通常会和一个 401 Unauthorized 的响应一同被发送.

Header type Response header
Forbidden header name no

Syntax

WWW-Authenticate: <type> realm=<realm>

Directives

<type>
Authentication type. 一个通用类型 "Basic". IANA 维护了一个 list of Authentication schemes.
realm=<realm>
一个保护区域的描述. 如果未指定realm, 客户端通常显示一个格式化的主机名来替代。

Examples

通常的, 一个服务器响应包含一个像如下WWW-Authenticate的头信息:

WWW-Authenticate: Basic

WWW-Authenticate: Basic realm="Access to the staging site"

同样可以查看 HTTP authentication 作为一个例子来确定如何配置Apache和nginx服务器来使用HTTP basic authentication密码保护你的站点。

Specifications

Specification Title
RFC 7235, section 4.1: WWW-Authenticate HTTP/1.1: Authentication
RFC 7617 The 'Basic' HTTP Authentication Scheme

See also

相关主题
  1. HTTP
  2. Guides:
  3. Resources and URIs
    1. Identifying resources on the Web
    2. Data URIs
    3. Introduction to MIME Types
    4. Complete list of MIME Types
    5. Choosing between www and non-www URLs
  4. HTTP guide
    1. Basics of HTTP
    2. Overview of HTTP
    3. Evolution of HTTP
    4. HTTP Messages
    5. A typical HTTP session
    6. Connection management in HTTP/1.x
    7. Protocol upgrade mechanism
  5. HTTP security
    1. Content Security Policy (CSP)
    2. HTTP Public Key Pinning (HPKP)
    3. HTTP Strict Transport Security (HSTS)
    4. Cookie security
    5. X-Content-Type-Options
    6. X-Frame-Options
    7. X-XSS-Protection
    8. Mozilla web security guidelines
    9. Mozilla Observatory
  6. HTTP access control (CORS)
  7. HTTP authentication
  8. HTTP caching
  9. HTTP compression
  10. HTTP conditional requests
  11. HTTP content negotiation
  12. HTTP cookies
  13. HTTP range requests
  14. HTTP redirects
  15. HTTP specifications
  16. Feature policy
  17. References:
  18. HTTP headers
    1. Accept
    2. Accept-Charset
    3. Accept-Encoding
    4. Accept-Language
    5. Accept-Ranges
    6. Access-Control-Allow-Credentials
    7. Access-Control-Allow-Headers
    8. Access-Control-Allow-Methods
    9. Access-Control-Allow-Origin
    10. Access-Control-Expose-Headers
    11. Access-Control-Max-Age
    12. Access-Control-Request-Headers
    13. Access-Control-Request-Method
    14. Age
    15. Allow
    16. Alt-Svc
    17. Authorization
    18. Cache-Control
    19. Clear-Site-Data
    20. Connection
    21. Content-Disposition
    22. Content-Encoding
    23. Content-Language
    24. Content-Length
    25. Content-Location
    26. Content-Range
    27. Content-Security-Policy
    28. Content-Security-Policy-Report-Only
    29. Content-Type
    30. Cookie
    31. Cookie2
    32. DNT
    33. Date
    34. ETag
    35. Early-Data
    36. Expect
    37. Expect-CT
    38. Expires
    39. Feature-Policy [我来译!]
    40. Forwarded
    41. From
    42. Host
    43. If-Match
    44. If-Modified-Since
    45. If-None-Match
    46. If-Range
    47. If-Unmodified-Since
    48. Index [我来译!]
    49. Keep-Alive
    50. Large-Allocation
    51. Last-Modified
    52. Location
    53. Origin
    54. Pragma
    55. Proxy-Authenticate
    56. Proxy-Authorization
    57. Public-Key-Pins
    58. Public-Key-Pins-Report-Only
    59. Range
    60. Referer
    61. Referrer-Policy
    62. Retry-After
    63. Sec-WebSocket-Accept
    64. Server
    65. Server-Timing [我来译!]
    66. Set-Cookie
    67. Set-Cookie2
    68. SourceMap
    69. HTTP Strict Transport Security
    70. TE
    71. Timing-Allow-Origin
    72. Tk
    73. Trailer
    74. Transfer-Encoding
    75. Upgrade-Insecure-Requests
    76. 用户代理
    77. Vary
    78. Via
    79. WWW-Authenticate
    80. Warning
    81. X-Content-Type-Options
    82. DNS 预读取
    83. X-Forwarded-For
    84. X-Forwarded-Host
    85. X-Forwarded-Proto
    86. X-Frame-Options 响应头
    87. X-XSS-Protection
  19. HTTP request methods
    1. CONNECT
    2. DELETE
    3. GET
    4. HEAD
    5. OPTIONS
    6. PATCH
    7. POST
    8. PUT
    9. TRACE
  20. HTTP response status codes
    1. 100 Continue
    2. 101 Switching Protocol
    3. 200 OK
    4. 201 Created
    5. 202 Accepted
    6. 203 Non-Authoritative Information
    7. 204 No Content
    8. 205 Reset Content
    9. 206 Partial Content
    10. 300 Multiple Choices
    11. 301 Moved Permanently
    12. 302 Found
    13. 303 See Other
    14. 304 Not Modified
    15. 307 Temporary Redirect
    16. 308 Permanent Redirect
    17. 400 Bad Request
    18. 401 Unauthorized
    19. 403 Forbidden
    20. 404 Not Found
    21. 405 Method Not Allowed
    22. 406 Not Acceptable
    23. 407 Proxy Authentication Required
    24. 408 Request Timeout
    25. 409 Conflict
    26. 410 Gone
    27. 411 Length Required
    28. 412 Precondition Failed(先决条件失败)
    29. 413 Payload Too Large
    30. 414 URI Too Long
    31. 415 Unsupported Media Type
    32. 416 Range Not Satisfiable
    33. 417 Expectation Failed
    34. 418 I'm a teapot
    35. 422 Unprocessable Entity
    36. 425 Too Early
    37. 426 Upgrade Required
    38. 428 Precondition Required
    39. 429 Too Many Requests
    40. 431 Request Header Fields Too Large
    41. 451 Unavailable For Legal Reasons
    42. 500 内部服务器错误
    43. 501 Not Implemented
    44. 502 Bad Gateway
    45. 503 Service Unavailable
    46. 504 Gateway Timeout
    47. 505 HTTP Version Not Supported
    48. 511 Network Authentication Required
  21. CSP directives
    1. CSP: base-uri
    2. CSP: block-all-mixed-content
    3. CSP: child-src [我来译!]
    4. CSP: connect-src
    5. CSP: default-src
    6. CSP: font-src
    7. CSP: form-action [我来译!]
    8. CSP: frame-ancestors
    9. CSP: frame-src [我来译!]
    10. CSP: img-src [我来译!]
    11. CSP: manifest-src [我来译!]
    12. CSP: media-src [我来译!]
    13. CSP: object-src [我来译!]
    14. CSP: plugin-types [我来译!]
    15. CSP: referrer [我来译!]
    16. CSP: report-uri [我来译!]
    17. CSP: require-sri-for
    18. CSP: sandbox [我来译!]
    19. CSP: script-src [我来译!]
    20. CSP: style-src [我来译!]
    21. CSP: upgrade-insecure-requests
    22. CSP: worker-src [我来译!]
    23. report-to
  22. CORS errors
    1. Reason: CORS disabled
    2. Reason: CORS header 'Access-Control-Allow-Origin' does not match 'xyz' [我来译!]
    3. Reason: CORS header 'Access-Control-Allow-Origin' missing
    4. Reason: CORS header ‘Origin’ cannot be added
    5. Reason: CORS preflight channel did not succeed
    6. Reason: CORS request did not succeed
    7. Reason: CORS request external redirect not allowed
    8. Reason: CORS request not HTTP
    9. Reason: Credential is not supported if the CORS header ‘Access-Control-Allow-Origin’ is ‘*’ [我来译!]
    10. Reason: Did not find method in CORS header ‘Access-Control-Allow-Methods’ [我来译!]
    11. Reason: Multiple CORS header 'Access-Control-Allow-Origin' not allowed [我来译!]
    12. Reason: expected ‘true’ in CORS header ‘Access-Control-Allow-Credentials’ [我来译!]
    13. Reason: invalid token ‘xyz’ in CORS header ‘Access-Control-Allow-Headers’ [我来译!]
    14. Reason: invalid token ‘xyz’ in CORS header ‘Access-Control-Allow-Methods’ [我来译!]
    15. Reason: missing token ‘xyz’ in CORS header ‘Access-Control-Allow-Headers’ from CORS preflight channel [我来译!]
  23. Feature-Policy directives
    1. Feature-Policy: autoplay [我来译!]
    2. Feature-Policy: camera [我来译!]
    3. Feature-Policy: encrypted-media [我来译!]
    4. Feature-Policy: fullscreen [我来译!]
    5. Feature-Policy: geolocation [我来译!]
    6. Feature-Policy: microphone [我来译!]
    7. Feature-Policy: midi [我来译!]
    8. Feature-Policy: payment [我来译!]
    9. Feature-Policy: vr [我来译!]
    10. document-domain [我来译!]