为什么不应该在HTTP GET请求上修改数据？ [英] Why shouldn't data be modified on an HTTP GET request?

问题描述

我知道使用非GET方法（POST，PUT，DELETE）修改服务器数据是正确的做法。我可以找到多个资源，声称GET请求不应该改变服务器上的资源。

然而，如果客户今天想到我这里说我不'如果我们可以使用调用URL并获取一些XML，我们就可以更容易地使用您的API - 我们不希望构建HTTP请求和POST / PUT XML，有什么有利于业务的理由可以让我们说服他们吗？

是否存在缓存影响？安全问题？我在寻找的不仅仅是语义上没有意义或它使事情变得模糊不清。

编辑：

感谢有关预取的答案。我并不关心预取，因为它主要是围绕内部网络API使用，而不是可访问的HTML页面，这些页面可能会有可能被浏览器预取的链接。

解决方案

预取：许多Web浏览器都会使用预取。这意味着它会在你点击链接之前加载一个页面。预计您稍后将点击该链接。

机器人：有几台机器人可以扫描互联网并将其编入索引以获取信息。他们只会发出GET请求。您不希望从GET请求中删除某些内容。

缓存： GET HTTP请求不应该改变状态，它们应该是幂等的。幂等性意味着发出一次请求或多次发出请求会得到相同的结果。即没有副作用。由于这个原因，GET HTTP请求与缓存紧密相关。

有几个程序是为了使用HTTP标准而建立的，他们假设你会按照你应该的方式使用它。因此，如果您不遵循，您将会从一系列随机程序中获得未定义的行为。

I know that using non-GET methods (POST, PUT, DELETE) to modify server data is The Right Way to do things. I can find multiple resources claiming that GET requests should not change resources on the server.

However, if a client were to come up to me today and say "I don't care what The Right Way to do things is, it's easier for us to use your API if we can just use call URLs and get some XML back - we don't want to have to build HTTP requests and POST/PUT XML," what business-conducive reasons could I give to convince them otherwise?

Are there caching implications? Security issues? I'm kind of looking for more than just "it doesn't make sense semantically" or "it makes things ambiguous."

Edit:

Thanks for the answers so far regarding prefetching. I'm not as concerned with prefetching since is mostly surrounding internal network API use and not visitable HTML pages that would have links that could be prefetched by a browser.

解决方案

• Prefetch: A lot of web browsers will use prefetching. Which means that it will load a page before you click on the link. Anticipating that you will click on that link later.
• Bots: There are several bots that scan and index the internet for information. They will only issue GET requests. You don't want to delete something from a GET request for this reason.
• Caching: GET HTTP requests should not change state and they should be idempotent. Idempotent means that issuing a request once, or issuing it multiple times gives the same result. I.e. there are no side effects. For this reason GET HTTP requests are tightly tied to caching.
• HTTP standard says so: The HTTP standard says what each HTTP method is for. Several programs are built to use the HTTP standard, and they assume that you will use it the way you are supposed to. So you will have undefined behavior from a slew of random programs if you don't follow.

这篇关于为什么不应该在HTTP GET请求上修改数据？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！