简体繁体 English

服务器返回Authorization标头是否有意义

[英]Does it make sense for server to return Authorization header

原文 2017-01-27 15:27:46 4 1 http/ http-headers

I will admit I am not a very good backend developer but I was doing some research about the Authorization header. 我承认我不是一个很好的后端开发人员，但是我在做一些关于Authorization标头的研究。 It seems pretty straight-forward and even packages like https://github.com/jshttp/basic-auth I understand. 我似乎很直率甚至是像https://github.com/jshttp/basic-auth之类的软件包。

In our Spring application though, we are returning the header Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ= . 不过，在我们的Spring应用程序中，我们将返回标头Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ= 。 Does this make sense to do this? 这样做有意义吗？ The Client wouldn't care about this correct? 客户会不在乎这个正确吗？

1 个解决方案

No, it doesn't make sense. 不，这没有道理。 Since the client knows it already (since it sent it in the first place) sending it back is a waste of time. 由于客户已经知道了它（因为它首先发送了它），因此将其发送回是浪费时间。

使用gzip编码对于同一服务器内的通信是否有意义？ - Does using gzip encoding make sense for communications within same server?

在Cache-Control HTTP标头中使用max-age和s-maxage是否有意义？ - Does it make sense to have max-age and s-maxage in the Cache-Control HTTP header?

使用图像精灵在HTTP / 2中有意义吗？ - Does using image sprites make sense in HTTP/2?

是否可以在 HTTP 请求上使授权标头可选？ - Is it possible to make the authorization header optional on an HTTP request?

JWT 或 HTTP 授权 header 在实时服务器上不起作用 - JWT or HTTP Authorization header not working on live server

将授权标头从服务器发送到客户端是否安全？ - Is it safe to send authorization header from a server to client?

EventSource 中的 HTTP 授权标头（服务器发送的事件） - HTTP Authorization Header in EventSource (Server Sent Events)

OAuth 2.0 - 当资源所有者凭据无效时，为什么授权服务器返回400而不是401？ - OAuth 2.0 - Why does the authorization server return 400 instead of 401 when the resource owner credentials are invalid?

授权头 - Authorization header

在响应中设置与请求中完全相同的cookie是否有意义？ - Does it make sense to set EXACTLY the same cookie in the response as came in the request?

暂无

暂无

声明:本站的技术帖子网页，遵循CC BY-SA 4.0协议，如果您需要转载，请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用gzip编码对于同一服务器内的通信是否有意义？ - Does using gzip encoding make sense for communications within same server? 在Cache-Control HTTP标头中使用max-age和s-maxage是否有意义？ - Does it make sense to have max-age and s-maxage in the Cache-Control HTTP header? 使用图像精灵在HTTP / 2中有意义吗？ - Does using image sprites make sense in HTTP/2? 是否可以在 HTTP 请求上使授权标头可选？ - Is it possible to make the authorization header optional on an HTTP request? JWT 或 HTTP 授权 header 在实时服务器上不起作用 - JWT or HTTP Authorization header not working on live server 将授权标头从服务器发送到客户端是否安全？ - Is it safe to send authorization header from a server to client? EventSource 中的 HTTP 授权标头（服务器发送的事件） - HTTP Authorization Header in EventSource (Server Sent Events) OAuth 2.0 - 当资源所有者凭据无效时，为什么授权服务器返回400而不是401？ - OAuth 2.0 - Why does the authorization server return 400 instead of 401 when the resource owner credentials are invalid? 授权头 - Authorization header 在响应中设置与请求中完全相同的cookie是否有意义？ - Does it make sense to set EXACTLY the same cookie in the response as came in the request?

相关标签

粤ICP备18138465号 © 2020-2024 STACKOOM.COM