Note: Remember that query strings (i.e. name/value pairs) get transferred in the URL of GET requests:
GET /blog/?name1=value1&name2=value2 HTTP/1.1
Host: carsonified.com
and in the body of POST requests:
POST /blog/ HTTP/1.1
Host: carsonified.com
name1=value1&name2=value2
GET vs POST Basics
In between new additions to our vocabularies (think “idempotent“), sections 9.1, 9.3 & 9.5 of RFC 2616 help us to conclude the first rule of GET vs POST…
Rule #1: Use GET for safe actions and POST for unsafe actions.
The RFC instructs internet browsers to make users aware that, when reissuing a previously made POST request, that the action (e.g. placing an order) is potentially unsafe. Hence the existence of dialogue boxes like this:
However, whilst browser compliance with this RFC instruction might explain why POST should be used for unsafe actions, why shouldn’t we use POST for safe ones?
Simply put, because GET requests are more useable:
- GET requests can be cached
- GET requests can remain in the browser history
- GET requests can be bookmarked
- GET requests can be distributed & shared
-
GET requests can be hacked (ask Jakob!)
Note: If you need the best of both worlds, an unsafe action can be made safe by making it idempotent, so that it makes no difference how many times it’s requested. You do this by giving the request a unique ID and using server-side validation to ensure that a request with that ID hasn’t already been processed. In fact, if you’re in search of excellence, all unsafe actions should be made idempotent as nothing can stop users from ignoring warnings.
GET vs POST Extended
Rule #2: Use POST when dealing with sensitive data.
Because query strings are transferred openly in GET requests, we have to consider our security and that of our users when dealing with sensitive data like passwords or credit card numbers:
- Our users… because they may not realise that they are sharing sensitive data when they share a URL or that it can be viewed in the browser history by other people using the same computer.*
- Ourselves… because we may be breaking laws by unexpectedly storing data that we’re not allowed to (like credit card CV2s) in log files.
* This doesn’t apply when working within an AJAX environment.
Rule #3: Use POST when dealing with long requests.
Although the RFC doesn’t lay down any length-related guidelines, Internet Explorer – with its insistence on finding ways to make things difficult for us – enforces a maximum URL length of 2,048 characters.
Rule #4: Use GET in AJAX environments.
When using XMLHttpRequest, browsers implement POST as a two-step process (sending the headers first and then the data). This means that GET requests are more responsive – something you need in AJAX environments.
Summary
Although rules usually exist for good reasons, it’s good to know the logic behind them so they can be embraced fully. I, myself, hate rules that don’t have explanations and I hope that the above helps to justify the rules of GET vs POST.
Choosing between methods is a systematic process which should be part of second nature.
分享到:
相关推荐
The Definitive Guide to Java Swing Third Edition
The Definitive Guide to Django 2nd Edition 本书分为两部分 第一部分可以视为入门 第二部分深入 对使用Django系统及想要使用的很有帮助 英文
The Definitive Guide to Spring Batch takes you from the “Hello, World!” of batch processing to complex scenarios demonstrating cloud native techniques for developing batch applications to be run on...
The Definitive Guide to Jython, written by the official Jython team leads, covers the latest Jython 2.5 (or 2.5.x) from the basics to the advanced features. This book begins with a brief introduction ...
书由Apress出版社出版发行,“Definitive Guide”系列丛书之一。这本书是介绍MySQL 5的权威手册,初学者可以以此开始学习MySQL数据库技术。
And because SQLite's databases are completely file based, privileges are granted at the operating system level, allowing for easy and fast user management., The Definitive Guide to SQLite is the ...
The Definitive Guide to SQLite (Second Edition)
The Definitive Guide to NetBeans Platform 7
The Definitive Guide to Django - Web Development Done Right(2nd) 英文无水印pdf 第2版 pdf所有页面使用FoxitReader和PDF-XChangeViewer测试都可以打开 本资源转载自网络,如有侵权,请联系上传者或csdn删除 ...
The Definitive Guide to Windows Installer Introduction Chapter 1 - Installations Past, Present, and Future Chapter 2 - Building an Msi File: Visual Studio and Orca Chapter 3 - COM in the ...
The Definitive Guide to the ARM® Cortex®-M0 and Cortex-M0+ Processors, Second Edition explains the architectures underneath ARM’s Cortex-M0 and Cortex-M0+ processors and their programming ...
The Definitive Guide to GCC, Second Edition has been revised to reflect the changes made in the most recent major GCC release, version 4. Providing in-depth information on GCC’s enormous array of ...
The Definitive Guide to SQLite是市面上唯一的讲SQLite3的书,而且内容很新,资源是书中示例的源码。
magento入门原版书.。。The Definitive Guide to Magento.pdf
This book, The Definitive Guide to GCC, is about how to build, install, customize, use, and trouble- shoot GCC version 4.x. GCC has long been available for most major hardware and operating system ...
To get the most out of it, you should have a firm grasp of modern JavaScript and some knowledge of how to work with relational databases and the command line. I explain new and interesting bits of ...
HTML5 THE DEFINITIVE GUIDE TO HTML5
The definitive guide to grails 2 英文版 书和随书代码, 学习grails必备