带有 URL 查询参数的 HTTP POST——好主意与否? [英] HTTP POST with URL query parameters -- good idea or not?
问题描述
我正在设计一个通过 HTTP 的 API,我想知道是否使用 HTTP POST 命令,但只使用 URL 查询参数而没有请求正文,这是一个好方法.
I'm designing an API to go over HTTP and I am wondering if using the HTTP POST command, but with URL query parameters only and no request body, is a good way to go.
注意事项:
- 优秀的网页设计"需要通过 POST 发送非幂等操作.这是一个非幂等的操作.
- 当 URL 中存在请求参数时,可以更轻松地开发和调试此应用.
- 该 API 不适合广泛使用.
- 似乎发出一个没有正文的 POST 请求需要更多的工作,例如必须显式添加
Content-Length: 0标头. - 在我看来,没有正文的 POST 与大多数开发人员和 HTTP 框架的期望有点背道而驰.
通过 URL 查询而不是请求正文在 POST 请求上发送参数是否有更多的缺陷或优势?
Are there any more pitfalls or advantages to sending parameters on a POST request via the URL query rather than the request body?
正在考虑的原因是这些操作不是幂等的,并且除了检索之外还有副作用.请参阅HTTP 规范:
The reason this is under consideration is that the operations are not idempotent and have side effects other than retrieval. See the HTTP spec:
特别是,该公约已经确定 GET 和 HEAD方法不应该有采取其他行动的重要性比检索.这些方法应该被认为是安全的".这允许用户代理代表其他方法,例如 POST、PUT 和 DELETE,在一个特殊的方式,使用户意识到一个可能的事实正在请求不安全的操作.
In particular, the convention has been established that the GET and HEAD methods SHOULD NOT have the significance of taking an action other than retrieval. These methods ought to be considered "safe". This allows user agents to represent other methods, such as POST, PUT and DELETE, in a special way, so that the user is made aware of the fact that a possibly unsafe action is being requested.
...
方法也可以具有以下属性幂等"在那(除了错误或过期问题)N>的副作用0 相同请求与单个请求相同要求.方法 GET、HEAD、PUT和 DELETE 共享此属性.还,方法 OPTIONS 和 TRACE 应该没有副作用,所以是本质上是幂等的.
Methods can also have the property of "idempotence" in that (aside from error or expiration issues) the side-effects of N > 0 identical requests is the same as for a single request. The methods GET, HEAD, PUT and DELETE share this property. Also, the methods OPTIONS and TRACE SHOULD NOT have side effects, and so are inherently idempotent.
推荐答案
如果您的操作不是幂等的,那么您必须使用 POST.如果你不这样做,你只是在自找麻烦.GET、PUT 和 DELETE 方法要求是幂等的.想象一下,如果客户端为您的服务预取每个可能的 GET 请求,您的应用程序会发生什么情况——如果这会导致客户端可见的副作用,那么就出了问题.
If your action is not idempotent, then you MUST use POST. If you don't, you're just asking for trouble down the line. GET, PUT and DELETE methods are required to be idempotent. Imagine what would happen in your application if the client was pre-fetching every possible GET request for your service – if this would cause side effects visible to the client, then something's wrong.
我同意发送带有查询字符串但没有正文的 POST 看起来很奇怪,但我认为它在某些情况下是合适的.
I agree that sending a POST with a query string but without a body seems odd, but I think it can be appropriate in some situations.
将 URL 的查询部分视为对资源的命令,以限制当前请求的范围.通常,查询字符串用于对 GET 请求进行排序或过滤(例如 ?page=1&sort=title),但我认为它对 POST 有意义 还可以限制范围(可能类似于 ?action=delete&id=5).
Think of the query part of a URL as a command to the resource to limit the scope of the current request. Typically, query strings are used to sort or filter a GET request (like ?page=1&sort=title) but I suppose it makes sense on a POST to also limit the scope (perhaps like ?action=delete&id=5).
这篇关于带有 URL 查询参数的 HTTP POST——好主意与否?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
