REST API 中幂等和安全 HTTP 方法之间的区别
Difference between idempotent and safe HTTP methods in REST APIs
PUT方法怎么能做到幂等而不安全呢?有人可以解释一下吗?
HTTP Method Idempotent Safe
OPTIONS yes yes
GET yes yes
HEAD yes yes
PUT yes no
POST no no
DELETE yes no
PATCH no no
Safe method 内部没有任何改变(资源)
Safe methods are methods that can be cached, prefetched without any repercussions to the resource.
Idempotent method 没有任何改变外部(响应)
idempotent HTTP method is a HTTP method that can be called many times without different outcomes.
都在规范里:
4.2.2. Idempotent Methods
A request method is considered "idempotent" if the intended effect on
the server of multiple identical requests with that method is the same
as the effect for a single such request. Of the request methods
defined by this specification, PUT, DELETE, and safe request methods
are idempotent.
Like the definition of safe, the idempotent property only applies to
what has been requested by the user; a server is free to log each
request separately, retain a revision control history, or implement
other non-idempotent side effects for each idempotent request.
Idempotent methods are distinguished because the request can be
repeated automatically if a communication failure occurs before the
client is able to read the server's response. For example, if a client
sends a PUT request and the underlying connection is closed before any
response is received, then the client can establish a new connection
and retry the idempotent request. It knows that repeating the request
will have the same intended effect, even if the original request
succeeded, though the response might differ.
(https://greenbytes.de/tech/webdav/rfc7231.html#idempotent.methods)
PUT方法怎么能做到幂等而不安全呢?有人可以解释一下吗?
HTTP Method Idempotent Safe
OPTIONS yes yes
GET yes yes
HEAD yes yes
PUT yes no
POST no no
DELETE yes no
PATCH no no
Safe method 内部没有任何改变(资源)
Safe methods are methods that can be cached, prefetched without any repercussions to the resource.
Idempotent method 没有任何改变外部(响应)
idempotent HTTP method is a HTTP method that can be called many times without different outcomes.
都在规范里:
4.2.2. Idempotent Methods
A request method is considered "idempotent" if the intended effect on the server of multiple identical requests with that method is the same as the effect for a single such request. Of the request methods defined by this specification, PUT, DELETE, and safe request methods are idempotent.
Like the definition of safe, the idempotent property only applies to what has been requested by the user; a server is free to log each request separately, retain a revision control history, or implement other non-idempotent side effects for each idempotent request.
Idempotent methods are distinguished because the request can be repeated automatically if a communication failure occurs before the client is able to read the server's response. For example, if a client sends a PUT request and the underlying connection is closed before any response is received, then the client can establish a new connection and retry the idempotent request. It knows that repeating the request will have the same intended effect, even if the original request succeeded, though the response might differ.
(https://greenbytes.de/tech/webdav/rfc7231.html#idempotent.methods)