为什么应该使用 HTTP POST 或 DELETE 而不是 GET 来删除? [英] Why should you delete using an HTTP POST or DELETE, rather than GET?

问题描述

我一直在学习 Microsoft 的 ASP.NET MVC 教程，最后在此页面上结束

I have been working through Microsoft's ASP.NET MVC tutorials, ending up at this page

http://www.asp.net/learn/mvc/教程-32-cs.aspx

本页底部有以下声明:

通常，在调用修改 Web 应用程序状态的操作时，您不希望执行 HTTP GET 操作.执行删除时，您希望执行 HTTP POST，或者更好的是执行 HTTP DELETE 操作.

In general, you don’t want to perform an HTTP GET operation when invoking an action that modifies the state of your web application. When performing a delete, you want to perform an HTTP POST, or better yet, an HTTP DELETE operation.

这是真的吗?任何人都可以更详细地解释此声明背后的基本原理吗?

Is this true? Can anyone offer a more detailed explanation for the rationale behind this statement?

维基百科声明如下:

某些方法(例如 HEAD、GET、OPTIONS 和 TRACE)被定义为安全的，这意味着它们仅用于信息检索，不应更改服务器的状态.

Some methods (for example, HEAD, GET, OPTIONS and TRACE) are defined as safe, which means they are intended only for information retrieval and should not change the state of the server.

相比之下，POST、PUT 和 DELETE 等方法用于可能对服务器造成副作用的操作

By contrast, methods such as POST, PUT and DELETE are intended for actions which may cause side effects either on the server

推荐答案

Jon Skeet 的答案是标准答案.但是:假设您有一个链接:

Jon Skeet's answer is the canonical answer. But: Suppose you have a link:

href = "myAppDeleteImportantData.aspx?UserID=27"

然后 google-bot 出现并索引您的页面?那会发生什么?

and the google-bot comes along and indexes your page? What happens then?

这篇关于为什么应该使用 HTTP POST 或 DELETE 而不是 GET 来删除?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！