服务器在收到整个请求之前发送 HTTP 响应是否可以接受? [英] Is it acceptable for a server to send a HTTP response before the entire request has been received?
问题描述
考虑一个大型 HTTP 请求:
Consider a large HTTP request:
POST /upload HTTP/1.1
Content-Type: multipart/form-data
Content-Length: 1048576
...
客户端现在开始上传 1 兆字节的数据,这可能需要一段时间.但是,服务器确定需要 HTTP 授权,因此它决定响应 HTTP 401 Unauthorized.
The client now begins uploading a megabyte of data, which may take a while. However, the server determines that HTTP authorization is needed, so it decides it will respond with HTTP 401 Unauthorized.
服务器是否必须等到它收到整个请求(IE,headers + CRLF CRLF + Content-Length 字节)才能响应?
MUST the server wait until it has received the entire request (IE, headers + CRLF CRLF + Content-Length bytes) before it can respond?
实际上,这种行为会破坏任何浏览器吗?浏览器是否会继续上传文件,还是会在收到过早"响应时停止传输?
In practical terms, will such behavior break any browsers? Do browsers continue uploading the file anyway, or will they stop transmitting if they receive a 'premature' response?
更重要的是,在这种情况下,他们是否能够成功通过身份验证并再次开始上传(使用凭据),或者像这样切断上传是不可靠的?
More importantly, in this scenario, will they be able to successfully authenticate and begin the upload again (with credentials), or is it unreliable to cut off the upload like this?
推荐答案
查看定义协议的 RFC 2616,在第 8.2.2 节监视错误状态消息的连接中,它指出
Looking at RFC 2616 which defines the protocol, in Section 8.2.2 Monitoring Connections for Error Status Messages, it states
发送消息体的 HTTP/1.1(或更高版本)客户端应该在传输请求时监视网络连接的错误状态.如果客户端看到错误状态,它应该立即停止传输正文.
An HTTP/1.1 (or later) client sending a message-body SHOULD monitor the network connection for an error status while it is transmitting the request. If the client sees an error status, it SHOULD immediately cease transmitting the body.
所以我会说使用你可以跳转到发送 401 错误.然后看10.4.2 401 Unauthorized
So I would say use you can jump in a send a 401 error. And then looking at 10.4.2 401 Unauthorized
请求需要用户身份验证.响应必须包括一个 WWW-Authenticate 头域(第 14.47 节),其中包含一个适用于所请求资源的质询.客户端可以使用合适的授权头字段重复请求
The request requires user authentication. The response MUST include a WWW-Authenticate header field (section 14.47) containing a challenge applicable to the requested resource. The client MAY repeat the request with a suitable Authorization header field
声明客户端可以使用合适的凭据重试.
States that the client can retry with suitable credentials.
我还没有进行任何实验来了解浏览器的实际表现.
I haven't performed any experiments to see how browsers actually performed however.
这篇关于服务器在收到整个请求之前发送 HTTP 响应是否可以接受?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
