为什么不应该在HTTP GET请求上修改数据? [英] Why shouldn't data be modified on an HTTP GET request?
问题描述
我知道使用非GET方法(POST,PUT,DELETE)修改服务器数据是正确的做法。我可以找到多个资源,声称GET请求不应该改变服务器上的资源。
然而,如果客户今天想到我这里说我不'如果我们可以使用调用URL并获取一些XML,我们就可以更容易地使用您的API - 我们不希望构建HTTP请求和POST / PUT XML,有什么有利于业务的理由可以让我们说服他们吗?
是否存在缓存影响?安全问题?我在寻找的不仅仅是语义上没有意义或它使事情变得模糊不清。
编辑:
感谢有关预取的答案。我并不关心预取,因为它主要是围绕内部网络API使用,而不是可访问的HTML页面,这些页面可能会有可能被浏览器预取的链接。
I know that using non-GET methods (POST, PUT, DELETE) to modify server data is The Right Way to do things. I can find multiple resources claiming that GET requests should not change resources on the server.
However, if a client were to come up to me today and say "I don't care what The Right Way to do things is, it's easier for us to use your API if we can just use call URLs and get some XML back - we don't want to have to build HTTP requests and POST/PUT XML," what business-conducive reasons could I give to convince them otherwise?
Are there caching implications? Security issues? I'm kind of looking for more than just "it doesn't make sense semantically" or "it makes things ambiguous."
Edit:
Thanks for the answers so far regarding prefetching. I'm not as concerned with prefetching since is mostly surrounding internal network API use and not visitable HTML pages that would have links that could be prefetched by a browser.
- Prefetch: A lot of web browsers will use prefetching. Which means that it will load a page before you click on the link. Anticipating that you will click on that link later.
- Bots: There are several bots that scan and index the internet for information. They will only issue GET requests. You don't want to delete something from a GET request for this reason.
- Caching: GET HTTP requests should not change state and they should be idempotent. Idempotent means that issuing a request once, or issuing it multiple times gives the same result. I.e. there are no side effects. For this reason GET HTTP requests are tightly tied to caching.
- HTTP standard says so: The HTTP standard says what each HTTP method is for. Several programs are built to use the HTTP standard, and they assume that you will use it the way you are supposed to. So you will have undefined behavior from a slew of random programs if you don't follow.
这篇关于为什么不应该在HTTP GET请求上修改数据?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!