URL真的可以被认为是HTTP响应的唯一密钥吗? - 第2部分 [英] Can a URL really be considered to be the only key for an HTTP response? - Part 2
问题描述
我不确定这是如何符合Stack Overflow的审核指南的,但我在撰写本文时并没有这样做一个URL真的可以被认为是HTTP响应的唯一关键吗?考虑到这个特殊情况,所以决定继续这个。
I am not sure how this fits into Stack Overflow's moderation guidelines, but I did not at the time of writing Can a URL really be considered to be the only key for an HTTP response? have this particular case in mind, and so decided to continue with this one.
旧故事:说有一个网站,用户需要获取私人资产进行创作,这些是图像,声音等。这些URL的问题现在被认为在问题的第一部分中得到了解决。但是,如果用户需要获取其资产的索引(即枚举它们以显示为图库),即使资产是严格私有的,网站管理员也必须能够访问这些资源,以提供支持等。想到这样的索引的以下URL:
The old story: say one has a site where users need to fetch private assets for authoring, these be images, sounds etc. The problem of URLs for these is now considered resolved in the "first part" of the question. What if, however, users need to fetch the index of their assets (i.e. enumerate them to display as a gallery) and even though the assets are strictly private, site administrators must also be able to access these, for providing support etc. I originally thought of the following URL for such index:
http://mydomain/user/assets/index
如果客户端在cookie中携带用户身份验证和授权,则确实可以使用。服务器将能够推断出要检索的用户资产索引。当站点管理员需要获取某些用户资产索引时会出现问题,这是上述URL绝对不足以进行此类索引识别的地方。站点管理员用户代理仅为站点管理员本身发送身份验证和授权,实际上并不识别用户获取资产索引。那么是通过URL识别用户的最佳解决方案,如下所示?
which would indeed work if accessed by a client carrying user authentication and authorization in a cookie. The server will be able to deduce which user asset index to retrieve. The problem arises when a site administrator needs to fetch some users asset index, this is where the URL above is absolutely insufficient for such index identification. The site administrator user agent only sends authentication and authorization for the site administrator himself, it does not in fact identify the user to fetch the asset index for. Is then the best solution to identify the user by the URL, like below?
http://mydomain/user/<user_id>/assets/index
感谢您的时间。
推荐答案
我可能希望将user_id作为参数而不是URL传递,这样可以保持URI的一致性,即:
I'd probably look to pass the user_id as a parameter rather than in the URL, this would allow you to keep your URI consistent, i.e. :
http://mydomain/user/assets/index?uid=<user_id>
或
http://mydomain/user/assets/index/<user_id>
这篇关于URL真的可以被认为是HTTP响应的唯一密钥吗? - 第2部分的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
