PHP和自定义HTTP标头,不好的做法? [英] PHP and custom HTTP headers, bad practice?
问题描述
我有一个RESTful API的自定义实现,用于返回json数据的PHP应用程序,为了传达操作的状态,即请求中是否有失败,我正在设置一个自定义HTTP头一个(非常小的)json对象作为字符串。这很有效,因为我可以发送响应并轻松检索客户端而不会弄乱发送的实际数据。
I have a custom implementation of a RESTful API for a PHP application that returns json data, and in order to communicate the status of the operation, ie whether there were failures in the request, I'm setting a custom HTTP Header with a (very tiny) json object as a string. This works well since I can send responses and easily retrieve them client side without messing with the actual data sent.
问题是,有没有我可能没有意识到的缺点使用这种方法?对于应用程序来说,设置自定义http标头似乎并不常见,所以我想知道这是不好的做法还是不好的味道。
The question is, are there any drawbacks I may not have realized of using this method? It doesn't seem to be very common for applications to set custom http headers, so I'm wondering whether it is a bad practice or bad "taste" somehow.
推荐答案
这是一个有趣的问题。它应该没有任何理由成为问题,但您应该考虑以下几点:
This is an interesting question. There shouldn't be any reason for it to be a problem, but you should take a few things into account:
- 标题需要是您的应用程序独有的。不只是现在,而是永远。你应该确保为它们添加前缀,例如:
X-MyApplication-Foo:Bar。不这样做可能会在将来引起冲突。
- 防火墙有时(很少)过滤掉未知的HTTP标头有点过于热心。这应该不是问题,但要记住这一点。
- 较旧的浏览器对标题字段大小的限制比现代浏览器小,所以你我需要尽可能多地进行测试。
- The headers need to be unique to your application. Not just now, but forever. You should ensure you're prefixing them, e.g.
X-MyApplication-Foo: Bar. Not doing this might cause conflicts in future. - Firewalls are sometimes (rarely) a little overzealous with filtering unknown HTTP headers. This shouldn't be a problem, but it's something to keep in mind.
- Older browsers have smaller limitations on header field sizes than modern browsers, so you need to test across as many as you can get hold of.
你有什么理由可以不使用标准的HTTP错误代码?我知道你可能想要提供堆栈跟踪或其他有用的调试信息,但是如果出现错误,你不会只返回包含错误信息的JSON blob,而不是正常的结果JSON数据吗?您可以根据HTTP错误代码轻松检测差异,并以不同方式处理这两种情况。
Is there are reason you can't use the standard HTTP error codes? I understand that you might want to provide stack traces or other useful debugging information, but in the case of an error, wouldn't you just return a JSON blob that contains the error information, rather than the normal "result" JSON data? You could easily detect the difference based on the HTTP error code and handle the two cases differently.
我担心您建议的方法的原因是标头用于改变或导致浏览器行为 - 它们不是一种数据存储机制。
The reason I'm concerned by your suggested approach is that headers are used to alter or cause browser behaviour - they're not intended to be a data storage mechanism.
伪代码示例:
switch(httpResponseCode)
{
case 200:
parseResult(json);
break;
case 403:
parseForbidden(json);
break;
case 500:
parseServerError(json);
break;
default:
// bad response code, handle appropriately
}
这篇关于PHP和自定义HTTP标头,不好的做法?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
