i think i misunderstood the management of cookies with xmlhttprequest. I have a server that response to the XMLHttpRequestmade in javascript, my server returns Allow-Control-Access-Origin, Access-Control-Allow-Headers, Access-Control-Expose-Headersand Access-Control-Allow-Credentialsheaders with the correct value.

我想我误解了 xmlhttprequest 对 cookie 的管理。我有一个服务器响应XMLHttpRequest在JavaScript做，我的服务器返回Allow-Control-Access-Origin，Access-Control-Allow-Headers，Access-Control-Expose-Headers并Access-Control-Allow-Credentials用正确的值标题。

I'm doing a Digest Authenticate in a server with javascript, no problem in that, i receive ok the WWW-Authenticateheader from server, i process and send to the server the Authorization header with all the digest-response and everything ok. The problem is, that when the digest-challenge is succesful, my server returns a Set-Cookie Header, i have to get it and add to the rest of all of my xhr request. The browser (using Chromium and Chrome) not let me access to the header doing:

我正在使用 javascript 在服务器中进行 Digest Authenticate，没问题，我WWW-Authenticate从服务器接收到 ok 的标头，我处理并向服务器发送 Authorization 标头以及所有的摘要响应，一切正常。问题是，当摘要挑战成功时，我的服务器返回一个 Set-Cookie 标头，我必须获取它并添加到我所有 xhr 请求的其余部分。浏览器（使用 Chromium 和 Chrome）不允许我访问标题：

xhr.getResponseHeader("Set-Cookie");

Ok, in the XMLHTTPREQUEST Level 2it says: "Returns all headers from the response, with the exception of those whose field name is Set-Cookie or Set-Cookie2" Ok, so i cant take it, but what are the ways? Using the Chrome Api for cookies (at the moment i dont read noting about it), but i want to do for a standard manner as posible. With the:

好的，在XMLHTTPREQUEST 级别 2 中，它说：“从响应中返回所有标头，但字段名称为 Set-Cookie 或 Set-Cookie2 的标头除外” 好的，所以我无法接受，但是有哪些方法？将 Chrome Api 用于 cookie（目前我没有注意到它），但我想尽可能采用标准方式。与：

xhr.withCredentials = true;

means that the browser automatically get the set-cookie and send in cookie headers??

意味着浏览器会自动获取 set-cookie 并发送 cookie 标头？