出于特殊原因不允许执行DELETE操作时要返回的HTTP状态代码 [英] Which HTTP status code to return when the DELETE operation is not allowed for particular reason

问题描述

假设我有一个支持HTTP DELETE方法的资源（例如： / api / shipment / 100 ）。正如您可以从URI本身理解的那样，如果针对此URI发出DELETE请求，则将删除此资源。

Assume that I have a resource (e.g: /api/shipments/100) which supports HTTP DELETE method. As you can understand from the URI itself, if a DELETE request is made against this URI, this resource will be removed.

在我当前的场景中，DELETE请求只能如果满足以下条件，则成功执行：

In my current scenario, the DELETE request can only be performed successfully if a certain condition is met as below:

• 如果装运状态未设置为InTransit或已交付。

如果针对该URI存在DELETE请求并且不满足上述条件，那么哪种HTTP状态代码更适合返回？我已经考虑过以下但是无法确定哪一个更具语义性：

If there is a DELETE request against that URI and the above condition is not met, which HTTP status code would be more proper to return in that case? I have thought about the below ones but couldn't decide which one is more semantic:

• 405方法不允许


• 403 Forbidden


• 409冲突

推荐答案

我会选择 409：冲突 ，因为你所拥有的是违反资源状态。

I would go with 409: Conflict, because what you have is a violation of resource state.

405：方法不允许 也可以。如果您想使用 405 ，则必须发送允许标头以指示支持的方法，受支持的方法会因资源状态而异。在我看来，这个响应代码非常适合只读资源，无法删除的资源等，但 Darrel 对这篇文章的评论是有效的。规范含糊不清：

405: Method Not Allowed would also work. If you'd want to use a 405, you'd have to send an Allow header to indicate the supported methods, and the supported methods would vary depeding on the resource's state. In my opinion, this response code fits well for read-only resources, resources that can't be deleted etc. but Darrel's comments to this post are valid. The spec is ambiguous:

请求行中指定的方法不允许请求标识的
资源 - URI。响应必须包含一个
Allow标头，其中包含所请求的
资源的有效方法列表。

The method specified in the Request-Line is not allowed for the resource identified by the Request-URI. The response MUST include an Allow header containing a list of valid methods for the requested resource.

In在任何一种情况下，您都应该在响应正文中提供信息，以便客户了解错误的来源。

In either case, you should provide information in the response body for the client to understand the source of the error.

关于提到的其他两种方法：

Regarding the other two methods mentioned:

403：当您没有相应的权限进行修改时，应使用禁止资源，即如果你必须是管理员删除该资源而你不是。

403: Forbidden should be used when you don't have the appropriate privileges to modify the resource, i.e. if you have to be an admin to delete that resource and you're not.

412：前提条件失败主要用于条件请求，其中前提条件在请求标头中明确指定。例如，只有在 If-Match 标头有效时才能执行条件PUT请求。如果你没有在请求标题中指定任何内容，我仍然会选择409 over 412.这是412的规范：

412: Precondition Failed is mostly used for conditional requests where the preconditions are specified explicitly in the request headers. For example, you can have conditional PUT requests that should be carried out only when the If-Match header is valid. If you don't specify anything in the request headers, I'd still choose 409 over 412. Here's the spec for 412:

在一个或多个请求标头字段中给出的前提条件
在服务器上进行测试时评估为false。此响应
代码允许客户端在当前资源
元信息（头字段数据）上放置前置条件，从而防止将请求的
方法应用于非预期的资源。 / p>

The precondition given in one or more of the request-header fields evaluated to false when it was tested on the server. This response code allows the client to place preconditions on the current resource metainformation (header field data) and thus prevent the requested method from being applied to a resource other than the one intended.

这篇关于出于特殊原因不允许执行DELETE操作时要返回的HTTP状态代码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！