堆栈内存溢出
  简体   繁体   English

“ Bearer”授权标头是否有特殊含义?

[英]Does the “Bearer” Authorization header have any special meaning?

 原文  2016-03-09 01:39:05       http/ oauth/ header

问题描述

Is there a difference between using a "Bearer" Authorization header and using a custom header? 使用“承载者”授权标头和使用自定义标头之间有区别吗? For example, the "Basic" Authorization header is different from a custom header because browsers treat "Basic" Authorization headers as a special case (some browsers cache the "Basic" Authorization header). 例如,“基本”授权标头与自定义标头不同,因为浏览器将“基本”授权标头视为特殊情况(某些浏览器会缓存“基本”授权标头)。 In other words, is "Bearer" just an arbitrary string or do browsers know about it? 换句话说,“承载者”是一个任意字符串还是浏览器知道吗?

If I don't want future browsers to cache my bearer token, should I be safe and use a custom header? 如果我不希望将来的浏览器缓存我的不记名令牌,是否应该安全并使用自定义标头?

For example, is there a difference between these (assuming my server can handle both): 例如,这两者之间有区别(假设我的服务器可以同时处理两者): 

header('Authorization: Bearer 12345');
header('Mysite-Bearer-Token: 12345');

1 个解决方案

解决方案1
 2  2016-03-18 09:20:57

Bearer token is defined by OAuth 2.0. 承载令牌由OAuth 2.0定义。 You can get more details from http://tools.ietf.org/html/rfc6750 . 您可以从http://tools.ietf.org/html/rfc6750获得更多详细信息。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 0 的 HTTP 状态代码有什么意义吗? - Does an HTTP Status code of 0 have any meaning? HTTP授权标头 - 承载令牌安全性 - HTTP Authorization Header - Bearer token security 如何在Delphi中为Indy添加“ Authorization = Bearer”标头? - How to add a “Authorization=Bearer” header with Indy in Delphi? HTTP GET:Header(授权:Bearer Token) - HTTP GET : Header (Authorization : Bearer Token) 为什么 GitHub Oauth2 Authorization header 的认证方案是“token”而不是“Bearer”? - Why the authentication scheme of GitHub Oauth2 Authorization header is 'token' not 'Bearer'? 为什么在HTTP请求中“授权”标头中的令牌之前需要“承载者”? - Why is 'Bearer' required before the token in 'Authorization' header in a HTTP request? 我可以在 Authorization 标头中同时使用 Basic 和 Bearer 吗? - Can I use both of Basic and Bearer in Authorization header? 为什么我的授权 Header 不需要“Bearer”? - Why Doesn't my Authorization Header need "Bearer"? 服务器返回Authorization标头是否有意义 - Does it make sense for server to return Authorization header 授权头 - Authorization header
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM