用Flask + Python处理无效的GET / POST请求参数的最佳方法?
[英]Best way to handle invalid GET/POST request parameters with Flask+Python?
问题描述
Whats the best way to handle invalid parameters passed in with a GET or POST request in Flask+Python? 
在Flask + Python中处理通过GET或POST请求传入的无效参数的最佳方法是什么?
Let's say for the sake of argument I handle a GET request using Flask+Python that requires a parameter that needs to be an integer but the client supplies it as a value that cannot be interpreted as an integer. 假设出于参数考虑,我使用Flask + Python处理GET请求,该请求需要一个必须为整数的参数,但是客户端将其提供为无法解释为整数的值。 So, obviously, an exception will be thrown when I try to convert that parameter to an integer. 因此,很显然,当我尝试将该参数转换为整数时,将引发异常。
My question is should I let that exception propagate, thus letting Flask do it's default thing of returning an HTTP status code of 500 back to the client? 我的问题是我是否应该让该异常传播,从而让Flask将返回的HTTP状态代码500返回给客户端,这是默认的做法? Or should I handle it and return a proper (IMO) status code of 400 back to the client? 还是应该处理它,然后将正确的(IMO)状态代码400返回给客户端?
The first option is the easier of the two. 第一个选择是两者中较容易的一个。 The downside is that the resulting error isn't clear as to whose at fault here. 不利的一面是,由此产生的错误尚不清楚谁是谁的错。 A system admin might look at the logs and not knowing anything about Python or Flask might conclude that there's a bug in the code. 系统管理员可能会查看日志,而对Python或Flask一无所知可能会得出结论,认为代码中存在错误。 However, if I return a 400 then it becomes more clear that the problem might be on the client's end. 但是,如果我返回400,则很清楚问题可能出在客户端。
What do most people do in these situations? 在这种情况下,大多数人会做什么?
3 个解决方案
解决方案1
2 已采纳 2017-09-29 12:55:11
HTTP 400 seems good to me. HTTP 400对我来说似乎很好。
Returning 500 in this case is wrong. 在这种情况下返回500是错误的。 It provides no information to the client, and they will assume that the problem is with the server, not the client. 它不向客户端提供任何信息,并且他们将认为问题出在服务器而不是客户端。
There is nothing stopping you from adding a body to the 400 response that identifies the parameter with the invalid value (or whatever the problem was). 没有什么可以阻止您将正文添加到400响应中的,该响应以无效值(或任何问题所在)来标识参数。 Use whatever representation the client accepts, eg if it's an API you might return a JSON response: 使用客户端接受的任何表示形式,例如,如果使用的是API,则可能返回JSON响应:
{"error": "parameter age: positive integer required"}
解决方案2
1 2017-09-29 12:55:12
If you look at most of the REST APIs, they will return 400 and appropriate error message back to the client if the user sends request parameters of a different type than is expected. 如果您查看大多数REST API,如果用户发送的请求类型与预期的类型不同,它们将返回400,并向客户端返回适当的错误消息。 So, you should go with your 2nd option. 因此,您应该选择第二个选项。
解决方案3
1 2017-09-29 12:55:19
A status code of 400 means you tell the client "hey, you've messed up, don't try that again". 状态码400表示您告诉客户“嘿,您搞砸了,不要再尝试了”。 A status code of 500 means you tell the client "hey, I've messed up, feel free to try again later when I've fixed that bug". 状态码500表示您告诉客户“嘿,我搞砸了,等我修复该错误后,请稍后再试”。
In your case, you should return a 400 since the party that is at fault is the client. 在您的情况下,您应该返回400,因为有问题的一方是客户。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.