# 文件

***

## Content-Type

Content-Type（内容类型），一般是指网页中存在的 Content-Type，用于定义网络文件的类型和网页的编码，决定浏览器将以什么形式、什么编码读取这个文件，这就是经常看到一些 PHP 网页点击的结果却是下载一个文件或一张图片的原因。

Content-Type 标头告诉客户端实际返回的内容的内容类型。

语法格式：

```
Content-Type: text/html; charset=utf-8
Content-Type: multipart/form-data; boundary=something
```

**HTTP content-type 对照表**

| 文件扩展名      | Content-Type(Mime-Type)                 |
| ---------- | --------------------------------------- |
| .\*（ 二进制流） | application/octet-stream                |
| .001       | application/x-001                       |
| .323       | text/h323                               |
| .907       | drawing/907                             |
| .acp       | audio/x-mei-aac                         |
| .aif       | audio/aiff                              |
| .aiff      | audio/aiff                              |
| .asa       | text/asa                                |
| .asp       | text/asp                                |
| .au        | audio/basic                             |
| .awf       | application/vnd.adobe.workflow          |
| .bmp       | application/x-bmp                       |
| .c4t       | application/x-c4t                       |
| .cal       | application/x-cals                      |
| .cdf       | application/x-netcdf                    |
| .cel       | application/x-cel                       |
| .cg4       | application/x-g4                        |
| .cit       | application/x-cit                       |
| .cml       | text/xml                                |
| .cmx       | application/x-cmx                       |
| .crl       | application/pkix-crl                    |
| .csi       | application/x-csi                       |
| .cut       | application/x-cut                       |
| .dbm       | application/x-dbm                       |
| .dcd       | text/xml                                |
| .der       | application/x-x509-ca-cert              |
| .dib       | application/x-dib                       |
| .doc       | application/msword                      |
| .drw       | application/x-drw                       |
| .dwf       | Model/vnd.dwf                           |
| .dwg       | application/x-dwg                       |
| .dxf       | application/x-dxf                       |
| .emf       | application/x-emf                       |
| .ent       | text/xml                                |
| .eps       | application/x-ps                        |
| .etd       | application/x-ebx                       |
| .fax       | image/fax                               |
| .fif       | application/fractals                    |
| .frm       | application/x-frm                       |
| .gbr       | application/x-gbr                       |
| .gif       | image/gif                               |
| .gp4       | application/x-gp4                       |
| .hmr       | application/x-hmr                       |
| .hpl       | application/x-hpl                       |
| .hrf       | application/x-hrf                       |
| .htc       | text/x-component                        |
| .html      | text/html                               |
| .htx       | text/html                               |
| .ico       | image/x-icon                            |
| .iff       | application/x-iff                       |
| .igs       | application/x-igs                       |
| .img       | application/x-img                       |
| .isp       | application/x-internet-signup           |
| .java      | java/\*                                 |
| .jpe       | image/jpeg                              |
| .jpeg      | image/jpeg                              |
| .jpg       | application/x-jpg                       |
| .jsp       | text/html                               |
| .lar       | application/x-laplayer-reg              |
| .lavs      | audio/x-liquid-secure                   |
| .lmsff     | audio/x-la-lms                          |
| .ltr       | application/x-ltr                       |
| .m2v       | video/x-mpeg                            |
| .m4e       | video/mpeg4                             |
| .man       | application/x-troff-man                 |
| .mdb       | application/msaccess                    |
| .mfp       | application/x-shockwave-flash           |
| .mhtml     | message/rfc822                          |
| .mid       | audio/mid                               |
| .mil       | application/x-mil                       |
| .mnd       | audio/x-musicnet-download               |
| .mocha     | application/x-javascript                |
| .mp1       | audio/mp1                               |
| .mp2v      | video/mpeg                              |
| .mp4       | video/mpeg4                             |
| .mpd       | application/vnd.ms-project              |
| .mpeg      | video/mpg                               |
| .mpga      | audio/rn-mpeg                           |
| .mps       | video/x-mpeg                            |
| .mpv       | video/mpg                               |
| .mpw       | application/vnd.ms-project              |
| .mtx       | text/xml                                |
| .net       | image/pnetvue                           |
| .nws       | message/rfc822                          |
| .out       | application/x-out                       |
| .p12       | application/x-pkcs12                    |
| .p7c       | application/pkcs7-mime                  |
| .p7r       | application/x-pkcs7-certreqresp         |
| .pc5       | application/x-pc5                       |
| .pcl       | application/x-pcl                       |
| .pdf       | application/pdf                         |
| .pdx       | application/vnd.adobe.pdx               |
| .pgl       | application/x-pgl                       |
| .pko       | application/vnd.ms-pki.pko              |
| .plg       | text/html                               |
| .plt       | application/x-plt                       |
| .png       | application/x-png                       |
| .ppa       | application/vnd.ms-powerpoint           |
| .pps       | application/vnd.ms-powerpoint           |
| .ppt       | application/x-ppt                       |
| .prf       | application/pics-rules                  |
| .prt       | application/x-prt                       |
| .ps        | application/postscript                  |
| .pwz       | application/vnd.ms-powerpoint           |
| .ra        | audio/vnd.rn-realaudio                  |
| .ras       | application/x-ras                       |
| .rdf       | text/xml                                |
| .red       | application/x-red                       |
| .rjs       | application/vnd.rn-realsystem-rjs       |
| .rlc       | application/x-rlc                       |
| .rm        | application/vnd.rn-realmedia            |
| .rmi       | audio/mid                               |
| .rmm       | audio/x-pn-realaudio                    |
| .rms       | application/vnd.rn-realmedia-secure     |
| .rmx       | application/vnd.rn-realsystem-rmx       |
| .rp        | image/vnd.rn-realpix                    |
| .rsml      | application/vnd.rn-rsml                 |
| .rtf       | application/msword                      |
| .rv        | video/vnd.rn-realvideo                  |
| .sat       | application/x-sat                       |
| .sdw       | application/x-sdw                       |
| .slb       | application/x-slb                       |
| .slk       | drawing/x-slk                           |
| .smil      | application/smil                        |
| .snd       | audio/basic                             |
| .sor       | text/plain                              |
| .spl       | application/futuresplash                |
| .ssm       | application/streamingmedia              |
| .stl       | application/vnd.ms-pki.stl              |
| .sty       | application/x-sty                       |
| .swf       | application/x-shockwave-flash           |
| .tg4       | application/x-tg4                       |
| .tif       | image/tiff                              |
| .tiff      | image/tiff                              |
| .top       | drawing/x-top                           |
| .tsd       | text/xml                                |
| .uin       | application/x-icq                       |
| .vcf       | text/x-vcard                            |
| .vdx       | application/vnd.visio                   |
| .vpg       | application/x-vpeg005                   |
| .vsd       | application/x-vsd                       |
| .vst       | application/vnd.visio                   |
| .vsw       | application/vnd.visio                   |
| .vtx       | application/vnd.visio                   |
| .wav       | audio/wav                               |
| .wb1       | application/x-wb1                       |
| .wb3       | application/x-wb3                       |
| .wiz       | application/msword                      |
| .wk4       | application/x-wk4                       |
| .wks       | application/x-wks                       |
| .wma       | audio/x-ms-wma                          |
| .wmf       | application/x-wmf                       |
| .wmv       | video/x-ms-wmv                          |
| .wmz       | application/x-ms-wmz                    |
| .wpd       | application/x-wpd                       |
| .wpl       | application/vnd.ms-wpl                  |
| .wr1       | application/x-wr1                       |
| .wrk       | application/x-wrk                       |
| .ws2       | application/x-ws                        |
| .wsdl      | text/xml                                |
| .xdp       | application/vnd.adobe.xdp               |
| .xfd       | application/vnd.adobe.xfd               |
| .xhtml     | text/html                               |
| .xls       | application/x-xls                       |
| .xml       | text/xml                                |
| .xq        | text/xml                                |
| .xquery    | text/xml                                |
| .xsl       | text/xml                                |
| .xwd       | application/x-xwd                       |
| .sis       | application/vnd.symbian.install         |
| .x\_t      | application/x-x\_t                      |
| .apk       | application/vnd.android.package-archive |
| .tif       | image/tiff                              |
| .301       | application/x-301                       |
| .906       | application/x-906                       |
| .a11       | application/x-a11                       |
| .ai        | application/postscript                  |
| .aifc      | audio/aiff                              |
| .anv       | application/x-anv                       |
| .asf       | video/x-ms-asf                          |
| .asx       | video/x-ms-asf                          |
| .avi       | video/avi                               |
| .biz       | text/xml                                |
| .bot       | application/x-bot                       |
| .c90       | application/x-c90                       |
| .cat       | application/vnd.ms-pki.seccat           |
| .cdr       | application/x-cdr                       |
| .cer       | application/x-x509-ca-cert              |
| .cgm       | application/x-cgm                       |
| .class     | java/\*                                 |
| .cmp       | application/x-cmp                       |
| .cot       | application/x-cot                       |
| .crt       | application/x-x509-ca-cert              |
| .css       | text/css                                |
| .dbf       | application/x-dbf                       |
| .dbx       | application/x-dbx                       |
| .dcx       | application/x-dcx                       |
| .dgn       | application/x-dgn                       |
| .dll       | application/x-msdownload                |
| .dot       | application/msword                      |
| .dtd       | text/xml                                |
| .dwf       | application/x-dwf                       |
| .dxb       | application/x-dxb                       |
| .edn       | application/vnd.adobe.edn               |
| .eml       | message/rfc822                          |
| .epi       | application/x-epi                       |
| .eps       | application/postscript                  |
| .exe       | application/x-msdownload                |
| .fdf       | application/vnd.fdf                     |
| .fo        | text/xml                                |
| .g4        | application/x-g4                        |
| .          | application/x-                          |
| .gl2       | application/x-gl2                       |
| .hgl       | application/x-hgl                       |
| .hpg       | application/x-hpgl                      |
| .hqx       | application/mac-binhex40                |
| .hta       | application/hta                         |
| .htm       | text/html                               |
| .htt       | text/webviewhtml                        |
| .icb       | application/x-icb                       |
| .ico       | application/x-ico                       |
| .ig4       | application/x-g4                        |
| .iii       | application/x-iphone                    |
| .ins       | application/x-internet-signup           |
| .IVF       | video/x-ivf                             |
| .jfif      | image/jpeg                              |
| .jpe       | application/x-jpe                       |
| .jpg       | image/jpeg                              |
| .js        | application/x-javascript                |
| .la1       | audio/x-liquid-file                     |
| .latex     | application/x-latex                     |
| .lbm       | application/x-lbm                       |
| .ls        | application/x-javascript                |
| .m1v       | video/x-mpeg                            |
| .m3u       | audio/mpegurl                           |
| .mac       | application/x-mac                       |
| .math      | text/xml                                |
| .mdb       | application/x-mdb                       |
| .mht       | message/rfc822                          |
| .mi        | application/x-mi                        |
| .midi      | audio/mid                               |
| .mml       | text/xml                                |
| .mns       | audio/x-musicnet-stream                 |
| .movie     | video/x-sgi-movie                       |
| .mp2       | audio/mp2                               |
| .mp3       | audio/mp3                               |
| .mpa       | video/x-mpg                             |
| .mpe       | video/x-mpeg                            |
| .mpg       | video/mpg                               |
| .mpp       | application/vnd.ms-project              |
| .mpt       | application/vnd.ms-project              |
| .mpv2      | video/mpeg                              |
| .mpx       | application/vnd.ms-project              |
| .mxp       | application/x-mmxp                      |
| .nrf       | application/x-nrf                       |
| .odc       | text/x-ms-odc                           |
| .p10       | application/pkcs10                      |
| .p7b       | application/x-pkcs7-certificates        |
| .p7m       | application/pkcs7-mime                  |
| .p7s       | application/pkcs7-signature             |
| .pci       | application/x-pci                       |
| .pcx       | application/x-pcx                       |
| .pdf       | application/pdf                         |
| .pfx       | application/x-pkcs12                    |
| .pic       | application/x-pic                       |
| .pl        | application/x-perl                      |
| .pls       | audio/scpls                             |
| .png       | image/png                               |
| .pot       | application/vnd.ms-powerpoint           |
| .ppm       | application/x-ppm                       |
| .ppt       | application/vnd.ms-powerpoint           |
| .pr        | application/x-pr                        |
| .prn       | application/x-prn                       |
| .ps        | application/x-ps                        |
| .ptn       | application/x-ptn                       |
| .r3t       | text/vnd.rn-realtext3d                  |
| .ram       | audio/x-pn-realaudio                    |
| .rat       | application/rat-file                    |
| .rec       | application/vnd.rn-recording            |
| .rgb       | application/x-rgb                       |
| .rjt       | application/vnd.rn-realsystem-rjt       |
| .rle       | application/x-rle                       |
| .rmf       | application/vnd.adobe.rmf               |
| .rmj       | application/vnd.rn-realsystem-rmj       |
| .rmp       | application/vnd.rn-rn\_music\_package   |
| .rmvb      | application/vnd.rn-realmedia-vbr        |
| .rnx       | application/vnd.rn-realplayer           |
| .rpm       | audio/x-pn-realaudio-plugin             |
| .rt        | text/vnd.rn-realtext                    |
| .rtf       | application/x-rtf                       |
| .sam       | application/x-sam                       |
| .sdp       | application/sdp                         |
| .sit       | application/x-stuffit                   |
| .sld       | application/x-sld                       |
| .smi       | application/smil                        |
| .smk       | application/x-smk                       |
| .sol       | text/plain                              |
| .spc       | application/x-pkcs7-certificates        |
| .spp       | text/xml                                |
| .sst       | application/vnd.ms-pki.certstore        |
| .stm       | text/html                               |
| .svg       | text/xml                                |
| .tdf       | application/x-tdf                       |
| .tga       | application/x-tga                       |
| .tif       | application/x-tif                       |
| .tld       | text/xml                                |
| .torrent   | application/x-bittorrent                |
| .txt       | text/plain                              |
| .uls       | text/iuls                               |
| .vda       | application/x-vda                       |
| .vml       | text/xml                                |
| .vsd       | application/vnd.visio                   |
| .vss       | application/vnd.visio                   |
| .vst       | application/x-vst                       |
| .vsx       | application/vnd.visio                   |
| .vxml      | text/xml                                |
| .wax       | audio/x-ms-wax                          |
| .wb2       | application/x-wb2                       |
| .wbmp      | image/vnd.wap.wbmp                      |
| .wk3       | application/x-wk3                       |
| .wkq       | application/x-wkq                       |
| .wm        | video/x-ms-wm                           |
| .wmd       | application/x-ms-wmd                    |
| .wml       | text/vnd.wap.wml                        |
| .wmx       | video/x-ms-wmx                          |
| .wp6       | application/x-wp6                       |
| .wpg       | application/x-wpg                       |
| .wq1       | application/x-wq1                       |
| .wri       | application/x-wri                       |
| .ws        | application/x-ws                        |
| .wsc       | text/scriptlet                          |
| .wvx       | video/x-ms-wvx                          |
| .xdr       | text/xml                                |
| .xfdf      | application/vnd.adobe.xfdf              |
| .xls       | application/vnd.ms-excel                |
| .xlw       | application/x-xlw                       |
| .xpl       | audio/scpls                             |
| .xql       | text/xml                                |
| .xsd       | text/xml                                |
| .xslt      | text/xml                                |
| .x\_b      | application/x-x\_b                      |
| .sisx      | application/vnd.symbian.install         |
| .ipa       | application/vnd.iphone                  |
| .xap       | application/x-silverlight-app           |

***

## 跨域策略文件

* <https://blog.csdn.net/gnail\\_oug/article/details/53488918>

跨域，顾名思义就是需要的资源不在自己的域服务器上，需要访问其他域服务器。跨域策略文件是一个 xml 文档文件，主要是为 web 客户端(如 Adobe Flash Player 等)设置跨域处理数据的权限。打个比方说，公司 A 部门有一台公共的电脑，里面存放着一些资料文件，专门供 A 部门内成员自己使用，这样，A 部门内的员工就可以访问该电脑，其他部门人员则不允许访问。如下图：

A 部门的员工可以任意访问 A 部门的公共电脑，但是不能直接访问 B 部门的公共电脑。有一天，B 部门领导觉得他们的资料非常有用，想要与 A 部门分享，于是就给 A 部门一个令牌，这样 A 部门的员工也可以访问 B 部门的公共电脑了。

换成系统，常见就如同下面所示:

上图是典型的跨域请求，业务服务器向图片服务器上传图片时就涉及到了跨域，要想能正常访问，图片服务器需要给业务服务器设置允许访问的权限。而这个权限设置就是跨域策略文件 `crossdomain.xml` 存在的意义。

**配置规则**

* *cross-domain-policy*

  cross-domain-policy 元素是跨域策略文件 `crossdomain.xml` 的根元素。它只是一个策略定义的容器，没有自己的属性。子元素有：

  * `site-control`
  * `allow-access-from`
  * `allow-access-from-identity`
  * `allow-http-request-headers-from`
* *site-control*

  site-control 元素用于定义当前域的元策略。元策略则是用于指定可接受的域策略文件，且该文件不同于目标域根元素(名为`crossdomain.xml`)中的主策略文件。

  如果客户端收到指示使用主策略文件以外的策略文件，则该客户端必须首先检查主策略的元策略，以确定请求的策略文件是否获得许可。

  属性：

  * `permitted-cross-domain-policies`

    指定元策略。除套接字策略文件外，所有策略文件的默认值均为 master-only，套接字策略文件的默认值为 all。该属性允许的值有：

    * none：目标服务器上的任何位置(包括该主策略文件)均不允许使用策略文件。
    * master-only：仅允许这个主策略文件。
    * by-content-type：仅允许 `Content-Type:text/x-cross-domain-policy` 提供的策略文件(只适用于 HTTP/HTTPS)。
    * by-ftp-filename：仅允许文件名为 `crossdomain.xml` 的策略文件。(只适用于 FTP)
    * all：允许此目标域中所有的策略文件。
* *allow-access-from*

  allow-access-from 元素用于授权发出请求的域从目标域中读取数据。可以通过使用通配符(\*)，为多个域设置访问权限。

  属性:

  * `domain` ：指定要授予访问权限的发出请求的域。可以是域名或 IP 地址。子域将被视为不同的域。指定域时可以使用通配符星号( \* )表示多个域。单独使用星号( \* )表示所有域。一般不建议设置为星号允许所有域访问。
  * `to-ports` ：只适用于 Sockets，以逗号分隔的端口列表，或者允许连接到套接字连接的一系列端口。端口范围通过在两个端口号之间插入短划线 (-) 指定。端口范围在用逗号隔开时则可以用于指代单个端口。一个通配符 (\*) 可用于表示允许所有端口。
  * `secure` ：只只适用于 HTTPS 和 Sockets，指定仅授予指定来源的 HTTPS 文档的访问权限 (true)，还是授予指定来源的所有文档的访问权限 (false)。如果 HTTPS 策略文件中未指定 secure，则默认为 true。不建议在 HTTPS 策略文件中使用 false，因为这会影响 HTTPS 的安全性。在套接字策略文件中，默认值为 false。只有当套接字服务器接受本地主机连接时，指定 secure=”true” 才有意义，因为本地套接字连接通常不会面临中间人攻击的风险，因此无法更改 `secure=”true”` 声明。
* *allow-access-from-identity*

  allow-access-from-identity 元素根据加密凭据授予权限，而 allow-access-from 则截然不同，它根据来源授予权限。
* *allow-http-request-headers-from*

  allow-http-request-headers-from 元素用于授权发出请求的域中的请求文档将用户定义的标头发送到目标域。而 allow-access-from 元素旨在授权从目标域提取数据。这个标签授权以标头的形式推送数据。

  属性：

  * `domain` ：指定要授予访问权限的的域。可以是域名，也可以是 IP 地址，子域将被视为不同的域。通配符 (\*) 单独使用时可用于表示所有域，在用作以句点 (.) 分隔的明确二级域名前缀时表示多个域。表示单个域时需要使用单独的 allow-access-from 元素。
  * `headers` ：以逗号分隔的标头列表，表示允许发送的请求域。通配符 (\*) 可用于准许所有标头或头后缀，从而支持以相同字符开头但以不同字符结尾的标头。
  * `secure` ：只适用于 HTTPS，如果设置为 false，则表示允许 HTTPS 策略文件授权访问 HTTP 源发出的请求。默认值为 true，表示仅提供 HTTPS 源权限。我们不推荐使用 false。

**匹配规则**

* 各个域或子域必须完全匹配。如 [www.example.com](http://www.example.com) 匹配 <http://www.example.com。>
* IP 地址和域名不匹配，即使 IP 地址就是域名指代的 IP 也不行。
* 域通配符与该域本身及所有子域匹配。
* 单独使用通配符 (\*) 允许所有请求者进行访问，但不推荐使用。只有在策略文件范围内的所有内容完全公开的情况下才应当使用允许所有权限。

**示例文件**

```
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
    <site-control permitted-cross-domain-policies="master-only"/>
    <!-- 允许example.com及其子域访问 -->
    <allow-access-from domain="*.example.com"/>
    <!-- 允许http://www.example.com访问 -->
    <allow-access-from domain="www.example.com"/>
    <allow-http-request-headers-from domain="*.csdn.net" headers="*"/>
</cross-domain-policy>
```

***

**Source & Reference**

* [HTTP content-type](https://www.runoob.com/http/http-content-type.html)