HTTP GET和POST语义和限制 [英] HTTP GET and POST semantics and limitations
问题描述
本周早些时候,我不得不做一些感觉违反语义的事情。让我解释一下。
Earlier this week, I had to do something which feels like a semantics violation. Let me explain.
我正在创建一个简单的AJAX客户端应用程序,它是向具有给定数量参数的服务发出请求。由于整个应用程序基本上是只读的,我认为使用HTTP GET是可行的方法。我必须传递的一些参数很简单(例如排序顺序或页码)。
I was making a simple AJAX client application, which was to make a request to a service with a given number of parameters. Since the whole app is basically read-only, I thought that using HTTP GET was the way to go. Some of the parameters that I had to pass were simple (such as the sort order, or page number).
但是,其中一个必需参数可以是可变长度的这让我很担心由于我在GET请求的查询字符串中编码了所有参数,因此在我看来这样做了一个不必要的的(大约)2000个字符的上限。无论如何,我不喜欢看到500个字符长的请求URL。
However, one of the required parameters could be of variable length, and this made me worry. Since I was encoding all of the parameters in the querystring of the GET request, it seemed to me that this placed an unnecessary upper limit of (roughly) 2000 characters for the request URL. And regardless, I didn't like seeing 500-character-long request URLs.
因此,由于POST请求没有这样的限制,我决定开关。但这感觉不对。我的印象是POST表示数据的修改 - 但是我用它来做一个简单的只读请求。
So, since a POST request doesn't have a limitation like that, I decided to switch. But this doesn't feel right. I am under the impression that a POST denotes modification of data - but I'm using it for a simple read-only request.
有没有更好的方法来做到这一点?要执行GET,有多个参数?我听说过一种方法 - 你自己执行参数的初步POST,然后执行GET。但是,这种技术还有很多不足之处。
Is there a better way to do this? To perform a GET, with many parameters? I've heard of one method - where you perform a preliminary POST of the parameters themselves, and then perform a GET. But, this technique leaves much to be desired.
但是看一下这个特定情况, HTTP请求方法的真正语义和局限是什么?为什么GET不支持任何类型的参数有效载荷?使用URL中的查询字符串对我来说几乎感觉像是黑客。
But looking past this specific case, what are the real semantics and limitations of HTTP request methods? And why does GET not support any kind of parameter payload? Using the querystring in the URL almost feels like a hack to me.
推荐答案
关于这个问题的几点:
- HTTP规范(RFC 2616)不会将GET请求转发为具有参数,因此这不是HTTP GET本身的语义问题。但是,许多HTTP堆栈(对于客户端,服务或代理)禁止HTTP请求中的主体,您不能使用它们的事实主要是实现细节(非常普遍)而不是HTTP GET请求的语义问题
- 同样,RFC上也没有指定URI(或查询字符串)长度的限制。它主要是由多个HTTP服务器堆栈实现的安全缓解,以防止错误的客户端消耗服务器资源(例如,在IIS / ASP.NET中,默认限制为2k,但您可以通过web.config中的某些元素来增加它)。同样,它不是语义而是实际问题。
- 如果您遵循REST原则,POST请求确实指示数据修改,但有许多HTTP POST请求用于读取 - 只有操作。 SOAP在其所有请求中都使用POST,无论它调用的操作是安全还是修改操作。所以你也可以使用POST进行这些操作。但是,通过偏离REST(以及规范HTTP)用法,您将失去协议的一些功能,例如可以应用于GET请求的缓存,但不适用于POST。
- 你使用两个请求的例子(POST参数+ GET来获得结果)似乎有点过分了。正如我所提到的,POST请求并不一定意味着修改资源,因此当一个请求足够时,您不必创建新的协议(POST + GET)来访问您的操作。
- The HTTP spec (RFC 2616) doesn't forbit GET requests to have parameters, so it's not a matter of the semantics of HTTP GET itself. However, many HTTP stacks (for clients, services, or proxies) forbid bodies in HTTP requests, the fact that you can't use them is mostly an implementation detail (quite prevalent) than a semantic issue with the HTTP GET requests
- Similarly, the limitation of the URI (or query string) length isn't specified on the RFC either. It's mostly a security mitigation implemented by several HTTP server stacks to prevent a bad client from consuming server resources (for example, in IIS/ASP.NET the default limit is 2k but you can increase it via some elements in web.config). Again, it's not a semantic but a practical issue.
- POST requests do indicate data modification if you're following the REST philosophy, but there are many examples of HTTP POST requests used for read-only operations. SOAP uses POST in all of its requests, regardless of whether the operation it is calling is a "safe" or a "modifying" one. So you can use POST for those operations as well. However, by deviating from the REST (and the "canonical" HTTP) usage, you'll lose some of the features of the protocol, such as caching which can be applied for GET requests, but not for POST.
- Your example of using two requests (POST with parameters + GET to "get" the results) seems overkill. As I mentioned, POST requests don't necessarily mean modifying resources, so you don't have to create a new "protocol" (POST+GET) to access your operation when one request is enough.
这篇关于HTTP GET和POST语义和限制的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
