添加链接 注册    登录
link管理
链接快照平台
  • 输入网页链接,自动生成快照
  • 标签化管理网页链接
相关文章推荐
八块腹肌的草稿本  ·  Permissions-Policy: ...·  昨天    · 
绅士的凉面  ·  制表符与空格的区别-CSDN博客·  6 月前    · 
面冷心慈的红酒  ·  光明区公办初中学区划分及咨询电话·  8 月前    · 
重感情的单车  ·  【法律法规资讯】什么情况属于拒服兵役?_萧县 ...·  9 月前    · 
玩足球的白开水  ·  全美第一高中“花落”中国 ...·  1 年前    · 
叛逆的感冒药  ·  公安部发布A级通缉令 通缉第二批50名在逃人员·  1 年前    · 
link管理  ›  401 Unauthorized
access origin header cors
https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/401
听话的煎饼
5 天前

The HTTP 401 Unauthorized client error response status code indicates that a request was not successful because it lacks valid authentication credentials for the requested resource. This status code is sent with an HTTP WWW-Authenticate response header that contains information on the authentication scheme the server expects the client to include to make the request successfully.

A 401 Unauthorized is similar to the 403 Forbidden response, except that a 403 is returned when a request contains valid credentials, but the client does not have permissions to perform a certain action.

Unauthorized request to a protected API

The following GET request is made to a URL www.example.com/admin that expects credentials in an Authorization header:

http 
GET /admin HTTP/1.1
Host: example.com

The server responds with a 401 message and a WWW-Authenticate header indicating that the request must be authenticated and that Bearer auth (an access token) is the permitted authentication scheme:


http
HTTP/1.1 401 Unauthorized
Date: Tue, 02 Jul 2024 12:18:47 GMT
WWW-Authenticate: Bearer
    
Specifications

        Specification
          Learn how to contribute 

    This page was last modified on  by MDN contributors.
    View this page on GitHubReport a problem with this content
      
  1. HTTP
  2. Guides
  3. Overview of HTTP
  4. Evolution of HTTP
  5. A typical HTTP session
  6. HTTP messages
  7. Media types
    1. Common types
  8. Compression in HTTP
  9. HTTP caching
  10. HTTP authentication
  11. Using HTTP cookies
  12. Redirections in HTTP
  13. Conditional requests
  14. Range requests
  15. Client hints
  16. Compression Dictionary Transport


  17. Network Error Logging


  18. Content negotiation
    1. Default Accept values
  19. Browser detection using the UA string
  20. Connection management in HTTP/1.x
  21. Protocol upgrade mechanism
  22. Proxy servers and tunneling
    1. Proxy Auto-Configuration (PAC) file
  23. Security and privacy
    1. HTTP Observatory
    2. Practical implementation guides
    3. Permissions Policy


    4. Cross-Origin Resource Policy (CORP)
    5. Cross-Origin Resource Sharing (CORS)
    6. CORS errors
      1. Reason: CORS disabled
      2. Reason: CORS header 'Access-Control-Allow-Origin' does not match 'xyz'
      3. Reason: CORS header 'Access-Control-Allow-Origin' missing
      4. Reason: CORS header 'Origin' cannot be added
      5. Reason: CORS preflight channel did not succeed
      6. Reason: CORS request did not succeed
      7. Reason: CORS request external redirect not allowed
      8. Reason: CORS request not HTTP
      9. Reason: Credential is not supported if the CORS header 'Access-Control-Allow-Origin' is '*'
      10. Reason: Did not find method in CORS header 'Access-Control-Allow-Methods'
      11. Reason: expected 'true' in CORS header 'Access-Control-Allow-Credentials'
      12. Reason: invalid token 'xyz' in CORS header 'Access-Control-Allow-Headers'
      13. Reason: invalid token 'xyz' in CORS header 'Access-Control-Allow-Methods'
      14. Reason: missing token 'xyz' in CORS header 'Access-Control-Allow-Headers' from CORS preflight channel
      15. Reason: Multiple CORS header 'Access-Control-Allow-Origin' not allowed
    7. Content Security Policy (CSP)
      1. Errors and warnings
  24. Reference
  25. HTTP headers
    1. Accept
    2. Accept-CH
    3. Accept-Encoding
    4. Accept-Language
    5. Accept-Patch
    6. Accept-Post
    7. Accept-Ranges
    8. Access-Control-Allow-Credentials
    9. Access-Control-Allow-Headers
    10. Access-Control-Allow-Methods
    11. Access-Control-Allow-Origin
    12. Access-Control-Expose-Headers
    13. Access-Control-Max-Age
    14. Access-Control-Request-Headers
    15. Access-Control-Request-Method
    16. Age
    17. Allow
    18. Alt-Svc
    19. Alt-Used
    20. Attribution-Reporting-Eligible


    21. Attribution-Reporting-Register-Source


    22. Attribution-Reporting-Register-Trigger


    23. Authorization
    24. Available-Dictionary


    25. Cache-Control
    26. Clear-Site-Data
    27. Connection
    28. Content-Digest
    29. Content-Disposition
    30. Content-DPR



    31. Content-Encoding
    32. Content-Language
    33. Content-Length
    34. Content-Location
    35. Content-Range
    36. Content-Security-Policy
    37. Content-Security-Policy-Report-Only
    38. Content-Type
    39. Cookie
    40. Critical-CH


    41. Cross-Origin-Embedder-Policy
    42. Cross-Origin-Opener-Policy
    43. Cross-Origin-Resource-Policy
    44. Date
    45. Device-Memory
    46. Dictionary-ID




    47. Downlink




    48. Early-Data



    49. ETag
    50. Expect
    51. Expect-CT


    52. Expires
    53. Forwarded
    54. From
    55. Host
    56. If-Match
    57. If-Modified-Since
    58. If-None-Match
    59. If-Range
    60. If-Unmodified-Since
    61. Integrity-Policy


    62. Integrity-Policy-Report-Only


    63. Keep-Alive
    64. Last-Modified
    65. Link
    66. Location
    67. Max-Forwards
    68. NEL


    69. No-Vary-Search


    70. Observe-Browsing-Topics



    71. Origin
    72. Origin-Agent-Cluster
    73. Permissions-Policy


    74. Pragma


    75. Prefer
    76. Preference-Applied
    77. Priority
    78. Proxy-Authenticate
    79. Proxy-Authorization
    80. Range
    81. Referer
    82. Referrer-Policy
    83. Refresh
    84. Report-To



    85. Reporting-Endpoints
    86. Repr-Digest
    87. Retry-After
    88. RTT


    89. Save-Data


    90. Sec-Browsing-Topics



    91. Sec-CH-Prefers-Color-Scheme


    92. Sec-CH-Prefers-Reduced-Motion


    93. Sec-CH-Prefers-Reduced-Transparency


    94. Sec-CH-UA


    95. Sec-CH-UA-Arch


    96. Sec-CH-UA-Bitness


    97. Sec-CH-UA-Form-Factors


    98. Sec-CH-UA-Full-Version


    99. Sec-CH-UA-Full-Version-List


    100. Sec-CH-UA-Mobile


    101. Sec-CH-UA-Model


    102. Sec-CH-UA-Platform


    103. Sec-CH-UA-Platform-Version


    104. Sec-CH-UA-WoW64


    105. Sec-Fetch-Dest
    106. Sec-Fetch-Mode
    107. Sec-Fetch-Site
    108. Sec-Fetch-User
    109. Sec-GPC


    110. Sec-Purpose
    111. Sec-Speculation-Tags


    112. Sec-WebSocket-Accept
    113. Sec-WebSocket-Extensions
    114. Sec-WebSocket-Key
    115. Sec-WebSocket-Protocol
    116. Sec-WebSocket-Version
    117. Server
    118. Server-Timing
    119. Service-Worker
    120. Service-Worker-Allowed
    121. Service-Worker-Navigation-Preload
    122. Set-Cookie
    123. Set-Login
    124. SourceMap
    125. Speculation-Rules


    126. Strict-Transport-Security
    127. Supports-Loading-Mode


    128. TE
    129. Timing-Allow-Origin
    130. Tk



    131. Trailer
    132. Transfer-Encoding
    133. Upgrade
    134. Upgrade-Insecure-Requests
    135. Use-As-Dictionary


    136. User-Agent
    137. Vary
    138. Via
    139. Viewport-Width



    140. Want-Content-Digest
    141. Want-Repr-Digest
    142. Warning


    143. Width



    144. WWW-Authenticate
    145. X-Content-Type-Options
    146. X-DNS-Prefetch-Control


    147. X-Forwarded-For


    148. X-Forwarded-Host


    149. X-Forwarded-Proto


    150. X-Frame-Options
    151. X-Permitted-Cross-Domain-Policies


    152. X-Powered-By


    153. X-Robots-Tag


    154. X-XSS-Protection



  26. HTTP request methods
    1. CONNECT
    2. DELETE
    3. GET
    4. HEAD
    5. OPTIONS
    6. PATCH
    7. POST
    8. PUT
    9. TRACE
  27. HTTP response status codes
    1. 100 Continue
    2. 101 Switching Protocols
    3. 102 Processing
    4. 103 Early Hints
    5. 200 OK
    6. 201 Created
    7. 202 Accepted
    8. 203 Non-Authoritative Information
    9. 204 No Content
    10. 205 Reset Content
    11. 206 Partial Content
    12. 207 Multi-Status
    13. 208 Already Reported
    14. 226 IM Used
    15. 300 Multiple Choices
    16. 301 Moved Permanently
    17. 302 Found
    18. 303 See Other
    19. 304 Not Modified
    20. 307 Temporary Redirect
    21. 308 Permanent Redirect
    22. 400 Bad Request
    23. 401 Unauthorized
    24. 402 Payment Required
    25. 403 Forbidden
    26. 404 Not Found
    27. 405 Method Not Allowed
    28. 406 Not Acceptable
    29. 407 Proxy Authentication Required
    30. 408 Request Timeout
    31. 409 Conflict
    32. 410 Gone
    33. 411 Length Required
    34. 412 Precondition Failed
    35. 413 Content Too Large
    36. 414 URI Too Long
    37. 415 Unsupported Media Type
    38. 416 Range Not Satisfiable
    39. 417 Expectation Failed
    40. 418 I'm a teapot
    41. 421 Misdirected Request
    42. 422 Unprocessable Content
    43. 423 Locked
    44. 424 Failed Dependency
    45. 425 Too Early
    46. 426 Upgrade Required
    47. 428 Precondition Required
    48. 429 Too Many Requests
    49. 431 Request Header Fields Too Large
    50. 451 Unavailable For Legal Reasons
    51. 500 Internal Server Error
    52. 501 Not Implemented
    53. 502 Bad Gateway
    54. 503 Service Unavailable
    55. 504 Gateway Timeout
    56. 505 HTTP Version Not Supported
    57. 506 Variant Also Negotiates
    58. 507 Insufficient Storage
    59. 508 Loop Detected
    60. 510 Not Extended
    61. 511 Network Authentication Required
  28. CSP directives
    1. base-uri
    2. block-all-mixed-content


    3. child-src
    4. connect-src
    5. default-src
    6. fenced-frame-src


    7. font-src
    8. form-action
    9. frame-ancestors
    10. frame-src
    11. img-src
    12. manifest-src
    13. media-src
    14. object-src
    15. prefetch-src



    16. report-to
    17. report-uri


    18. require-trusted-types-for
    19. sandbox
    20. script-src
    21. script-src-attr
    22. script-src-elem
    23. style-src
    24. style-src-attr
    25. style-src-elem
    26. trusted-types
    27. upgrade-insecure-requests
    28. worker-src
  29. Permissions-Policy directives


    1. accelerometer


    2. ambient-light-sensor


    3. attribution-reporting


    4. autoplay


    5. bluetooth


    6. browsing-topics



    7. camera


    8. captured-surface-control


    9. compute-pressure


    10. cross-origin-isolated


    11. deferred-fetch


    12. deferred-fetch-minimal


    13. display-capture


    14. encrypted-media


    15. fullscreen


    16. gamepad


    17. geolocation


    18. gyroscope



    19. identity-credentials-get


    20. idle-detection


    21. language-detector


    22. local-fonts


    23. magnetometer


    24. microphone



    25. otp-credentials


    26. payment


    27. picture-in-picture


    28. publickey-credentials-create


    29. publickey-credentials-get


    30. screen-wake-lock


    31. serial


    32. speaker-selection


    33. storage-access


    34. summarizer


    35. translator



    36. web-share


    37. window-management


    38. xr-spatial-tracking


  30. HTTP resources and specifications
 
推荐文章
八块腹肌的草稿本  ·  Permissions-Policy: cross-origin-isolated directive
昨天
绅士的凉面  ·  制表符与空格的区别-CSDN博客
6 月前
面冷心慈的红酒  ·  光明区公办初中学区划分及咨询电话
8 月前
重感情的单车  ·  【法律法规资讯】什么情况属于拒服兵役?_萧县人民政府
9 月前
玩足球的白开水  ·  全美第一高中“花落”中国 托马斯学位供不应求_招生
1 年前
叛逆的感冒药  ·  公安部发布A级通缉令 通缉第二批50名在逃人员
1 年前
Link管理   ·   Sov5搜索   ·   小百科
link管理 - 链接快照平台