使用Tornado通过GET服务所有REST请求 [英] Serving all REST requests over GET with Tornado

问题描述

我有一个REST（或几乎REST）的web api，

我希望API用户能够使用所有的api，即使由于某种原因只能进行GET调用，所以计划是接受一个url参数（查询字符串），如 request_method ，它可以是GET（默认）或POST，PUT，DELETE，并且我想要路由它们。

我的问题不是标准请求处理程序覆盖并检入中的每个httpRequestHandler get（self）方法，如果这是为了POST，PUT，DELETE和调用适当的函数，有没有办法以更一般的方式做这个路由，就像应用程序定义中的URL模式一样或覆盖路由功能或其他东西？

为了使它清除，这些请求都通过GET来传递，例如像？request_method = POST

有任何建议。

可能的解决方案： 只有一个。*url模式，并处理单个RequestHandler中的所有路由。应该工作正常，除了我不会利用Tornado的url模式匹配功能。

c $ c>方法，并检查请求是否应该由 get 处理，如果不是，请调用相关方法。

解决方案

这将是一件非常愚蠢的事情。 Chrome和Firefox以及其他许多Web用户代理都会推测性地获取（GET）页面上的部分或全部链接，包括 request_method = DELETE URL。你会发现你的数据库已经被清空了，只是因为有人环顾四周。不要故意破坏HTTP。 GET被定义是一个安全的方法，这意味着可以获得任何你喜欢的URL，并且不会发生任何不良情况。

编辑为类似情况下的其他人：

OP表示他使用JSONP并且同时控制API服务器和客户端Web应用程序。在这种情况下，理想的解决方案是跨源资源共享（CORS， spec ），但该技术需要IE8 +，Firefox 3.5+，Safari 4+或Chrome 3+。如果您需要定位到早期的浏览器，并且您控制了这两个域，我建议至少为您自己的客户端Web应用程序合并这两个域的内容。 api域可以保留给外部客户端，但它们会受到CORS浏览器要求的限制。

I have a REST (or almost REST) web api,
I want the API users to be able to use all the api, even if for some reason the can only make GET calls, so the plan is to accept a url parameter (query string) like request_method that can be GET (default) or POST, PUT, DELETE and I want to route them.

My question is other than the standard request handler overrides and checking in each httpRequestHandler in the get(self) method if this is meant to be a POST, PUT, DELETE and calling the appropriate functions, is there a way to do this "routing" in a more general way, like in the URL patterns in the application definition or overriding a routing function or something?

To make it clear, these requests are all coming over GET with a parameter for example like ?request_method=POST

Any suggestions is appreciated.

Possible Solutions:

• only have a ".*" url pattern and handle all the routing in a single RequestHandler. Should work fine, except that I won't be taking advantage of the url pattern matching features of Tornado.

• add an if to all the get(self) methods in all the request handlers and check if the request should be handled by get if not, call the relevant method.

解决方案

This would be a very foolish thing to do. Both Chrome and Firefox, along with many other web user agents, will speculatively fetch (GET) some or all of the links on a page, including your request_method=DELETE URLs. You will find your database has been emptied out just because someone was looking around. Do not deliberately break HTTP. GET is defined to be a "safe" method, meaning it's okay to GET any URL you like and nothing bad will happen.

EDIT for others in similar situations:
The OP says he is using JSONP and is in control of both the API server and the client web app. In such a case the ideal solution is Cross-Origin Resource Sharing (CORS, spec), although this technology requires IE8+, Firefox 3.5+, Safari 4+ or Chrome 3+. If you need to target earlier browsers, and you control both domains, I would recommend merging the content of the two domains at least for your own client web app. The api domain can remain for external clients, but they would be restricted by the CORS browser requirements.

这篇关于使用Tornado通过GET服务所有REST请求的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！