我們的志工尚未將本文翻譯為 正體中文 (繁體) 版本。加入我們,幫忙翻譯!
您也可以閱讀本文的 English (US) 版本。

The HTTP Authorization request header contains the credentials to authenticate a user agent with a server, usually after the server has responded with a 401 Unauthorized status and the WWW-Authenticate header.

Header type Request header
Forbidden header name no

Syntax

Authorization: <type> <credentials>

Directives

<type>
Authentication type. A common type is "Basic". Other types:
<credentials>
If the "Basic" authentication scheme is used, the credentials are constructed like this:
  • The username and the password are combined with a colon (aladdin:opensesame).
  • The resulting string is base64 encoded (YWxhZGRpbjpvcGVuc2VzYW1l).

Note: Base64 encoding does not mean encryption or hashing! This method is equally secure as sending the credentials in clear text (base64 is a reversible encoding). Prefer to use HTTPS in conjunction with Basic Authentication.

Examples

Authorization: Basic YWxhZGRpbjpvcGVuc2VzYW1l

See also HTTP authentication for examples on how to configure Apache or nginx servers to password protect your site with HTTP basic authentication.

Specifications

Specification Title
RFC 7235, section 4.2: Authorization HTTP/1.1: Authentication
RFC 7617 The 'Basic' HTTP Authentication Scheme

See also

文件標籤與貢獻者

此頁面的貢獻者: mdnwebdocs-bot, mfuji09, zachvalenta, teoli, fscholz
最近更新: mdnwebdocs-bot,