可能的重复:我应该如何在 GET 和 POST 之间进行选择HTML 表单中的方法?什么时候用POST,什么时候用得到吗?
显然,您应该这样做.但是除了为了实现HTTP协议而这样做之外,还有什么理由这样做吗?更少的开销?某种安全性的东西?
Obviously, you should. But apart from doing so to fulfil the HTTP protocol, are there any reasons to do so? Less overhead? Some kind of security thing?
推荐答案因为 GET 不能根据定义改变服务器的状态.
because GET must not alter the state of the server by definition.
请参阅RFC2616 9.1.1 安全方法:
9.1.1 安全方法
实施者应该意识到软件代表用户在他们的通过互联网进行互动,以及应该小心让用户注意他们可能采取的任何行动采取这可能有一个意想不到的对自己或他人的重要性.
Implementors should be aware that the software represents the user in their interactions over the Internet, and should be careful to allow the user to be aware of any actions they might take which may have an unexpected significance to themselves or others.
特别是,该公约已经确定 GET 和 HEAD方法不应该有采取其他行动的重要性比检索.这些方法应该被认为是安全的".这允许用户代理代表其他方法,例如 POST、PUT 和 DELETE,在一个特殊的方式,使用户意识到一个可能的事实正在请求不安全的操作.
In particular, the convention has been established that the GET and HEAD methods SHOULD NOT have the significance of taking an action other than retrieval. These methods ought to be considered "safe". This allows user agents to represent other methods, such as POST, PUT and DELETE, in a special way, so that the user is made aware of the fact that a possibly unsafe action is being requested.
如果您使用 GET 来更改服务器的状态,那么搜索引擎机器人或 Web 浏览器中的某些链接预取扩展程序可能会对您的网站造成严重破坏,并且(例如)只需点击您网站的链接即可删除所有用户数据.
If you use GET to alter the state of the server then a search engine bot or some link prefetching extension in a web browser can wreak havoc on your site and (for example) delete all user data just by following links to your site.
更多推荐
那么为什么我们应该使用 POST 而不是 GET 来发布数据呢?
发布评论