为什么我们需要HTTP GET? HTTP POST有什么不能实现的吗? [英] Why do we need HTTP GET? Is there anything that can't be achieved by HTTP POST?
问题描述
实际上,没有浏览器通过点击链接(不拦截JavaScript中的点击事件)来实现POSTing,也没有为POST数据添加书签。此外,在语义上POST和GET服务于不同的目的。一个用于将数据发布到应用程序,另一个用于从应用程序获取数据。这些语义具有实际意义,但它们也具有理论上的设计含义,可以说明应用程序设计的质量:不处理GET与POST不同的应用程序可能存在大量安全问题和工作流程错误。
As far as I know what GET can do, the same can be achieved by POST. So why was GET required in first place while defining HTTP protocol. If GET is only for fetching the resource, people can still update resources by sending the parameters values in URL. Why this loophole? Or the guy who did the coding on server side to update the resource on GET request has written a bad code?
Practically, no browser implements POSTing by clicking links (without intercepting the click event in JavaScript), nor bookmarking POST data. Furthermore, semantically POST and GET serve different purposes. One is for POSTing data to an application, the other is for GETting data from the application. These semantics have practical implications, but they also have theoretical design implications that speak to the quality of your application's design: an application that doesn't handle GET differently from POST probably has a great deal of security problems and workflow bugs.
这篇关于为什么我们需要HTTP GET? HTTP POST有什么不能实现的吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!