JSONP意义与真正的REST [英] JSONP Implications with true REST
问题描述
这是我的理解JSONP只能使用GET动词来实现的。假设这是真的,我认为是,那么这排除了核心符合真正的REST中,你应该使用不同的动词即GET,PUT,POST,DELETE等等......针对不同的特定目的。
我的问题是什么样的障碍,我可能碰到,如果我是说允许更新使用JSONP服务使用GET请求的资源和删除。
它是更好的做法是提供一个JSON的服务和状态,用户将需要一个服务器端代理使用消耗的JavaScript XDomain?
干杯,
安德鲁
这是我的理解JSONP只能使用GET动词来实现的。
是的。
幸运的是简单的幂等信息的GET请求是最常见的用例跨域JSON。
这排除了核心符合真正的REST中,你应该使用不同的动词即GET,PUT,POST,DELETE等
是的。
我不是太在意与REST作为一个抽象的标准符合,但它是一个真正的问题,如果流浪,leakable,缓存GET请求可能会意外地有副作用。
有策略,你可以用它来减少这种问题的可能性,例如要求每个API,用户和/或一次性使用的提交键作为参数,让操作继续前进。如果允许写访问,通过JSONP的API,你将需要考虑这样的事情,无论如何,以prevent XSRF攻击。
From my understanding JSONP can only be achieved using the GET verb. Assuming this is true which I think it is, then this rules out core compliance with true REST in which you should make use of different verbs i.e. GET,PUT,POST,DELETE etc... for different and specific purposes.
My question is what type of barriers am I likely to come up against if I were to say allow updating and deleting of resources using a JSONP service using a get request.
Is it better practice to offer a JSON service and state that the user will need a server side proxy to consume using JavaScript XDomain?
Cheers ,
Andrew
From my understanding JSONP can only be achieved using the GET verb.
Yes.
Luckily simple idempotent informational GET requests are the most common use case for cross-domain JSON.
this rules out core compliance with true REST in which you should make use of different verbs i.e. GET,PUT,POST,DELETE etc
Yes.
I'm not too bothered with ‘complying’ with REST as an abstract standard, but it's a real concern if stray, leakable, cacheable GET requests can accidentally have side-effects.
There are strategies you can use to reduce the likelihood of this sort of problem, such as requiring a per-API-user and/or one-time-use submit-key as a parameter to allow the action to go ahead. If you are allowing write access to an API via JSONP you will need to be thinking about this sort of thing anyway, to prevent XSRF attacks.
这篇关于JSONP意义与真正的REST的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
