current position:Home>HTTP request method security: get, post, put, patch, delete, options, head, trace

HTTP request method security: get, post, put, patch, delete, options, head, trace

2022-05-15 04:04:14Ink mark v. breeze

Catalog

1. GET

2. HEAD

3. POST

4. PUT

5. DELETE

6. OPTIONS

7. TRACE

8. PATCH


according to RFC2616 Chapter IX description ,http Methods are defined in two ways :safe and Idempotent, That is, security and idempotent sex , The above methods can be explained in combination with these two points

1. GET

Security 、 idempotent ;

get Requests are used to get data , It's just for querying data , Do not make any changes to the server's data , newly added , Delete and other operations .

Here we think get The request is secure , And idempotent . Security means not affecting the data of the server , Idempotent means that the results returned by sending the same request multiple times should be the same . Resources go through a set of HTTP Head and presentation data ( Such as HTML Text , Or pictures or videos ) Return to the client .GET In request , Never include rendering data

characteristic :

get The request will attach the parameters of the request to URL Back , This creates security problems , If the login interface of the system uses get request , You need to encrypt the parameters of the request .

get The request itself HTTP The agreement does not limit its URL size , But different browsers have different size and length restrictions

2. HEAD

Security 、 idempotent ;
And get The method is similar to , But not back message body Content , Just get some information about the resources (content-type、content-length);
restful Less used in the framework

HEAD and GET It's essentially the same thing , The difference lies in HEAD No presentation data , And it's just HTTP Header information . Some people don't think it's possible to use this method , It's not like that . Imagine a business scenario : To determine whether a resource exists , We usually use GET, But here we use it. HEAD The meaning is more clear .

3. POST

Non safety 、 Non idempotent ;

post The request is usually to change the data of the server , Commonly used for data submission , New operation .

characteristic :

post The request parameters of the request are all in the request body

post Request itself HTTP There is no limit to the size of the protocol , What limits it is the processing power of the server

4. PUT

Non safety 、 idempotent ;

This method is relatively rare .HTML Forms don't support this either .
In essence , PUT and POST Very similar , It's sending data to the server , But there's an important difference between them ,PUT The location of the resource is usually specified , and POST There is no ,POST The location of data storage is decided by the server itself . And put The focus of is on the modification of data , however post Focus on the increase of data

5. DELETE

Non safety 、 idempotent ;

delete The request is used to delete resources from the server

6. OPTIONS

Security 、 idempotent ;

options Request a pre check request belonging to the browser , Check whether the server accepts the request , After passing the pre inspection , The browser will send it get,post,put,delete Equal request . As for when the browser will send a pre check request , The browser will divide requests into two categories , Simple requests and non simple requests , Non simple requests generate pre checks options request : It is used to get the current URL Supported methods . If the request succeeds , Then it will be in HTTP The header contains a name “Allow” The head of the , Value is the supported method , Such as “GET, POST”.

7. TRACE

Security 、 idempotent ;
Wikipedia “ Echo requests received by server , So the client can see ( If there is ) Which changes or additions have been implemented by the intermediate server .”
restful Less used in the framework

TRACE Request server echoes request information it receives , This method is mainly used for HTTP Test or diagnosis requested .

8. PATCH

Non safety 、 idempotent ;
Used to create 、 Update resources , On PUT similar , The difference lies in PATCH Represents a partial update ;
The interface method proposed later , You may need to verify whether the client and server support ;

copyright notice
author[Ink mark v. breeze],Please bring the original link to reprint, thank you.
https://en.qdmana.com/2022/131/202205111454194048.html

Random recommended