返回HTTP 409是否适合进行验证检查？ [英] Is returning HTTP 409 appropriate for a validation check?

问题描述

我有一项服务，必须先检查某些验证规则才能进行特定操作。

I have a service where some validation rules must be checked before a particular operation should be able to take place.

例如，客户端不应生成可打印的报告如果没有满足所有验证规则。

For instance, the client should not generate printable reports if all of the validation rules are not being met.

但是，单个客户端可能没有所有必需的信息（该用户可能只能访问子集用于确定验证成功的数据），因此必须将请求发送到服务器：基本上是事物在 start <之间有效/ code>和完成。

However, an individual client may not have all of the required information (that user may only be able to access a subset of the data that is used to determine validation success), so a request must be sent to the server: basically "is a thing valid between start and finish".

响应将是某种表示有效：可以免费继续，或者可以提交给用户的验证失败原因列表。

The response will either be some sort of token that indicates VALID: FEEL FREE TO CONTINUE, or a list of validation failure reasons, that can be presented to the user.

很明显，成功的验证将返回 200 OK 。但我不认为成功状态代码适合验证失败。我倾向于 409 Conflict ，但我只是用它来拒绝 PUT 或 POST 。由 409 指示验证失败是否有效（窃笑），还是有更好的方法？

It's obvious that a successful validation will return a 200 OK. But I don't feel that a success status code is appropriate for a validation failure. I'm leaning towards a 409 Conflict, but I've only ever used this to reject a PUT or POST. Is it valid (snicker) to have a validation failure indicated by a 409, or is there a better way?

注意：执行的操作没有在服务器上执行，所以在禁止操作的情况下，跳过此检查，只是尝试使用 403 的操作是不是一个选项。

Note: the action performed is not being performed on the server, so skipping this check, and just attempting the action, with a 403 in the case of the action being forbidden is not an option.

推荐答案

您已向服务器发送了一个请求，要求它执行验证。它已成功执行所述验证。从HTTP的角度来看，请求已经很好地形成并由服务器正确处理。

You've sent a request to the server for it to perform validation. It has successfully performed said validation. From an HTTP perspective, the request was well formed and correctly processed by the server.

所以我要说返回任何HTTP错误代码都是错误的。

So I'd say returning any HTTP error code would be incorrect.

这个答案继续收到downvotes并且我不完全确定原因（没有一个downvoters似乎留下任何评论）。通过与OP的大量来回，我们确定此请求/响应的整个点是执行验证。服务器收到请求，执行了请求执行的验证，并将验证过程的结果返回给调用者。

This answer continues to receive downvotes and I'm not entirely sure why (none of the downvoters seem to leave any comments). Through a fair amount of back and forth with the OP, we established that the entire point of this request/response was to perform validation. The server received the request, it performed the validation that it was requested to perform, and it returned the results of that validation process to the caller.

绝对没有错与客户发送此请求。

There was absolutely nothing wrong with the client sending this request.

服务器理解请求。

请求有效（来自HTTP透视）。

The request was valid (from an HTTP perspective).

服务器可以处理请求。

服务器执行了100％的活动意味着并且正在返回处理请求时产生的结果。

The server performed 100% of the activity it was meant to and is returning the results that are produced having processed the request.

这就是为什么，正如我所说，我不相信HTTP错误代码是适当的。

And that is why, as I say, I do not believe that an HTTP error code is appropriate.

即想象一下，服务器公开了一个验证电子邮件地址的端点（对于你希望说可以执行验证的任何特定形式）。它收到一条请求验证abc@invalid.org并发出回复说我查看了这个电子邮件地址，我希望您告诉用户我无法获得有效的DNS响应无效.ORG。如果人们不认为这里的200回答是正确的，我会爱来理解他们的推理。

I.e. imagine that the server exposes an endpoint that validates email addresses (for whatever particular form you wish to say that validation can be performed). It receives a request saying "validate abc@invalid.org" and it produces a response saying "I took a look at this email address and I'd like you to tell the user that I can't get a valid DNS response for invalid.org". If people don't think a 200 response is correct here, I'd love to understand their reasoning.

这篇关于返回HTTP 409是否适合进行验证检查？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！