为什么我们需要HTTP GET？ HTTP POST有什么不能实现的吗？ [英] Why do we need HTTP GET? Is there anything that can't be achieved by HTTP POST?

问题描述

据我所知，GET可以做什么，POST也可以达到同样的效果。那么为什么在定义HTTP协议时首先要求GET。如果GET仅用于获取资源，则人们仍然可以通过在URL中发送参数值来更新资源。为什么这个漏洞？或者，在服务器端编码以更新GET请求上的资源的人写了一个错误的代码？

解决方案

实际上，没有浏览器通过点击链接（不拦截JavaScript中的点击事件）来实现POSTing，也没有为POST数据添加书签。此外，在语义上POST和GET服务于不同的目的。一个用于将数据发布到应用程序，另一个用于从应用程序获取数据。这些语义具有实际意义，但它们也具有理论上的设计含义，可以说明应用程序设计的质量：不处理GET与POST不同的应用程序可能存在大量安全问题和工作流程错误。

As far as I know what GET can do, the same can be achieved by POST. So why was GET required in first place while defining HTTP protocol. If GET is only for fetching the resource, people can still update resources by sending the parameters values in URL. Why this loophole? Or the guy who did the coding on server side to update the resource on GET request has written a bad code?

解决方案

Practically, no browser implements POSTing by clicking links (without intercepting the click event in JavaScript), nor bookmarking POST data. Furthermore, semantically POST and GET serve different purposes. One is for POSTing data to an application, the other is for GETting data from the application. These semantics have practical implications, but they also have theoretical design implications that speak to the quality of your application's design: an application that doesn't handle GET differently from POST probably has a great deal of security problems and workflow bugs.

这篇关于为什么我们需要HTTP GET？ HTTP POST有什么不能实现的吗？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！