我正在构建一个休息服务器,它将被调用以中止客户端长时间运行的进程。
/abort/{processID}
现在,如果找不到processID进程,我将返回404 Not Found
但是,如果进程已经完成/没有运行,那么什么是正确的HTTP错误代码呢?
406 Not Acceptable与Accept标题相关(因此我认为我不会使用)。
400 Bad Request似乎过于通用。
寻求关于哪个标题最适合它的建议?
I am in process of building a rest server, which will be called to abort a long running process by client.
/abort/{processID}
Now if process with processID is not found, I am returning 404 Not Found
However if the process has already been completed/is not running, then what shall be correct HTTP Error code for the same?
406 Not Acceptable is relevant to Accept header (and hence I think I shall not used).
400 Bad Request appears to be too generic.
Seeking suggestions on which header will be optimum for it?
最满意答案
简短的回答
以下是一些可能适合您的合理选项:
404未找到 410已经过去了 409冲突 403禁止正确的选择依赖于进程的语义已经完成/未运行 :
如果该过程不再存在,请考虑404或410 ,具体取决于条件是否为永久性。 如果可以找到具有给定id的进程,但由于与进程的当前状态冲突而无法完成中止此进程的尝试,则可以转到409 。 如果出于其他原因禁止操作,请选择403 。该过程不再存在
如果该过程不再存在,您可以在404和410之间进行选择,具体取决于条件是否(或者是否可以确定条件是否为永久性)。
请参阅RFC 7231中的以下引用:
6.5.4。 404未找到
404 (未找到)状态代码表示源服务器没有找到目标资源的当前表示,或者不愿意透露存在该目标资源。 404状态代码并不表示这种缺乏代表性是暂时的还是永久性的; 如果原始服务器可能通过一些可配置的方式知道该条件可能是永久性的,则410 (Gone)状态代码优先于404 。 [...]
6.5.9。 410已经过去了
410 (Gone)状态代码表示在源服务器上不再可以访问目标资源,并且该条件可能是永久性的。 如果原始服务器不知道或无法确定条件是否是永久性的,则应该使用状态代码404 (未找到)。 [...]
该过程存在,但该操作会导致冲突
如果该过程存在, 404或410不是好的选择。
如果由于与进程的当前状态冲突而无法完成中止现有进程的尝试,则应考虑409以及描述冲突原因的有效负载。
看报价:
6.5.8。 409冲突
409 (冲突)状态代码表示由于与目标资源的当前状态冲突而无法完成请求。 此代码用于用户可能能够解决冲突并重新提交请求的情况。 服务器应该生成一个有效负载,其中包含足够的信息供用户识别冲突源。 [...]
该过程存在,但由于某种原因禁止该操作
最后一个选项是403 。 当凭证有效时,此状态代码经常用于授权问题,但它们不足以授权请求。
然而, 403比这更广泛,并且可以用于指示出于与凭证无关的原因而禁止请求。 请确保提供有效负载,以描述禁止操作的原因 。
看报价:
6.5.3。 403禁止
403 (禁止)状态代码表示服务器理解请求但拒绝授权。 希望公开请求被禁止的服务器可以在响应有效负载中描述该原因(如果有的话)。
如果请求中提供了身份验证凭据,则服务器认为它们不足以授予访问权限。 客户端不应该使用相同的凭据自动重复请求。 客户端可以使用新的或不同的凭据重复请求。 但是,出于与凭证无关的原因,可能会禁止请求。
希望“隐藏”当前存在的禁止目标资源的原始服务器可以用状态代码404 (未找到)进行响应。
Short answer
Here are some reasonable options that may suit you:
404 Not Found 410 Gone 409 Conflict 403 ForbiddenThe right choice relies on the semantics of process has already been completed/is not running:
If the process no longer exists, consider 404 or 410, depending on whether the condition is permanent or not. If a process can be found with a given id, but the attempt to abort this process cannot be completed due to a conflict with the current state of the process, you could go for 409. If the operation is forbidden for other reasons, choose 403.The process no longer exists
If the process no longer exists, you could choose between 404 and 410, depending on whether the condition is (or it is possible to determine whether the condition is) permanent or not.
See the following quotes from the RFC 7231:
6.5.4. 404 Not Found
The 404 (Not Found) status code indicates that the origin server did not find a current representation for the target resource or is not willing to disclose that one exists. A 404 status code does not indicate whether this lack of representation is temporary or permanent; the 410 (Gone) status code is preferred over 404 if the origin server knows, presumably through some configurable means, that the condition is likely to be permanent. [...]
6.5.9. 410 Gone
The 410 (Gone) status code indicates that access to the target resource is no longer available at the origin server and that this condition is likely to be permanent. If the origin server does not know, or has no facility to determine, whether or not the condition is permanent, the status code 404 (Not Found) ought to be used instead. [...]
The process exists, but the operation causes a conflict
If the process exists, 404 or 410 are not the good choices.
If the attempt to abort an existing process cannot be completed due to a conflict with the current state of the process, you should consider 409 along with a payload that describes the reason of the conflict.
See the quote:
6.5.8. 409 Conflict
The 409 (Conflict) status code indicates that the request could not be completed due to a conflict with the current state of the target resource. This code is used in situations where the user might be able to resolve the conflict and resubmit the request. The server SHOULD generate a payload that includes enough information for a user to recognize the source of the conflict. [...]
The process exists, but the operation is forbidden for some reason
One last option is 403. This status code is frequently used for authorization problems, when the credentials are valid, but they are insufficient to authorize the request.
However 403 is much broader than that and could be used to indicate that a request is forbidden for reasons unrelated to the credentials. Just be sure you provide a payload that describes why the operation is forbidden.
See the quote:
6.5.3. 403 Forbidden
The 403 (Forbidden) status code indicates that the server understood the request but refuses to authorize it. A server that wishes to make public why the request has been forbidden can describe that reason in the response payload (if any).
If authentication credentials were provided in the request, the server considers them insufficient to grant access. The client SHOULD NOT automatically repeat the request with the same credentials. The client MAY repeat the request with new or different credentials. However, a request might be forbidden for reasons unrelated to the credentials.
An origin server that wishes to "hide" the current existence of a forbidden target resource MAY instead respond with a status code of 404 (Not Found).
更多推荐
发布评论