为什么要删除使用HTTP POST或DELETE，而不是得到什么？ [英] Why should you delete using an HTTP POST or DELETE, rather than GET?

问题描述

我一直在努力通过微软的ASP.NET MVC的教程，在这个页面结束了

<一个href=\"http://www.asp.net/learn/mvc/tutorial-32-cs.aspx\">http://www.asp.net/learn/mvc/tutorial-32-cs.aspx

下面的语句是朝着这个页面的底部提出：

  

在一般情况下，你不希望调用该修改你的web应用程序的状态的动作时，要执行一个HTTP GET操作。在执行删除操作时，您要执行HTTP POST，或者更好，一个HTTP DELETE操作。

这是真的吗？谁能为这句话背后的基本原理提供了更详细的解释？

修改

维基百科规定如下：

  

的一些方法（例如，HEAD，GET，OPTIONS和TRACE）被定义为安全的，这意味着它们仅用于信息检索和不应该改变的服务器的状态

  
  

相反，方法如POST，PUT和DELETE旨在用于其可引起副作用或在服务器上的行为

解决方案

乔恩斯基特的回答是规范的答案。但是：假设你有一个链接：

  HREF =\\对myApp \\ DeleteImportantData.aspx？用户名= 27
 

和谷歌的-BOT到来和索引你的页面？然后会发生什么？

I have been working through Microsoft's ASP.NET MVC tutorials, ending up at this page

http://www.asp.net/learn/mvc/tutorial-32-cs.aspx

The following statement is made towards the bottom of this page:

In general, you don’t want to perform an HTTP GET operation when invoking an action that modifies the state of your web application. When performing a delete, you want to perform an HTTP POST, or better yet, an HTTP DELETE operation.

Is this true? Can anyone offer a more detailed explanation for the rationale behind this statement?

Edit

Wikipedia states the following:

Some methods (for example, HEAD, GET, OPTIONS and TRACE) are defined as safe, which means they are intended only for information retrieval and should not change the state of the server.

By contrast, methods such as POST, PUT and DELETE are intended for actions which may cause side effects either on the server

解决方案

Jon Skeet's answer is the canonical answer. But: Suppose you have a link:

href = "\myApp\DeleteImportantData.aspx?UserID=27"

and the google-bot comes along and indexes your page? What happens then?

这篇关于为什么要删除使用HTTP POST或DELETE，而不是得到什么？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！