在收到整个请求之前,服务器是否可以发送HTTP响应? [英] Is it acceptable for a server to send a HTTP response before the entire request has been received?
问题描述
考虑一个大的HTTP请求:
Consider a large HTTP request:
POST /upload HTTP/1.1
Content-Type: multipart/form-data
Content-Length: 1048576
...
客户端现在开始上传一兆字节的数据,这可能需要一段时间。但是,服务器确定需要HTTP授权,因此它决定使用 HTTP 401 Unauthorized 进行响应。
The client now begins uploading a megabyte of data, which may take a while. However, the server determines that HTTP authorization is needed, so it decides it will respond with HTTP 401 Unauthorized.
必须服务器等到它收到整个请求(IE,标题+ CRLF CRLF + Content-Length 字节)才能响应?
MUST the server wait until it has received the entire request (IE, headers + CRLF CRLF + Content-Length bytes) before it can respond?
实际上,这种行为会破坏任何浏览器吗?浏览器是否继续上传文件,或者如果收到过早响应,它们是否会停止传输?
In practical terms, will such behavior break any browsers? Do browsers continue uploading the file anyway, or will they stop transmitting if they receive a 'premature' response?
更重要的是,在这种情况下,他们是否能够成功进行身份验证并再次开始上传(使用凭据),或者像这样切断上传是不可靠的?
More importantly, in this scenario, will they be able to successfully authenticate and begin the upload again (with credentials), or is it unreliable to cut off the upload like this?
推荐答案
查看定义协议的RFC 2616,在第8.2.2节监视错误状态消息的连接中,它指出
Looking at RFC 2616 which defines the protocol, in Section 8.2.2 Monitoring Connections for Error Status Messages, it states
发送消息体的HTTP / 1.1(或更高版本)客户端应该在发送请求时监视网络连接的错误状态。如果客户端看到错误状态,它应该立即停止传输正文。
An HTTP/1.1 (or later) client sending a message-body SHOULD monitor the network connection for an error status while it is transmitting the request. If the client sees an error status, it SHOULD immediately cease transmitting the body.
所以我会说使用你可以跳转一个发送401错误。然后查看10.4.2 401 Unauthorized
So I would say use you can jump in a send a 401 error. And then looking at 10.4.2 401 Unauthorized
该请求需要用户身份验证。响应必须包含WWW-Authenticate头字段(第14.47节),其中包含适用于所请求资源的质询。客户端可以使用合适的授权标头字段重复请求
The request requires user authentication. The response MUST include a WWW-Authenticate header field (section 14.47) containing a challenge applicable to the requested resource. The client MAY repeat the request with a suitable Authorization header field
客户端可以使用合适的凭据重试的状态。
States that the client can retry with suitable credentials.
我没有进行任何实验来查看浏览器的实际执行情况。
I haven't performed any experiments to see how browsers actually performed however.
这篇关于在收到整个请求之前,服务器是否可以发送HTTP响应?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
