堆栈内存溢出
  简体   繁体   English

这些REST HTTP响应代码正确吗?内容类型又如何?

[英]Are these REST HTTP response codes right, and what about the Content-Type?

 原文  2010-05-11 18:49:03       rest/ httpresponse

问题描述

I'm writing a controller helper that sets the proper response headers for my REST controller action. 我正在写一个控制器助手,它为我的REST控制器动作设置正确的响应头。 It's pasted below and should be simplified enough for those who aren't familiar with Zend Framework to understand what I'm doing. 它粘贴在下面,应该进行简化,以使不熟悉Zend Framework的人了解我在做什么。

My question is: Are these codes correct for their respective responses, and in the case of "access denied" do I use a 401 or 403? 我的问题是:这些代码对于它们各自的响应是否正确?在“拒绝访问”的情况下,我应该使用401还是403?

Also, in case of responding with an error, I understand I should be placing a message in the response body, but should I set the "Content-Type" to "text/plain"? 另外,如果发生错误响应,我知道我应该在响应正文中放置一条消息,但是我应该将“ Content-Type”设置为“ text / plain”吗? 

<?php

class App_Controller_Helper_RestResponse extends Zend_Controller_Action_Helper_Abstract
{
    public function denied()
    {
        // 403 or 401?
    }

    public function notFound()
    {
        // 404
    }

    public function created()
    {
        // 201
    }

    public function deleted()
    {
        // 204
    }


    public function redirect()
    {
        // 301
        // new url
    }

    public function malformed()
    {
        // 400
    }

    public function gone()
    {
        // 410
    }


}

1 个解决方案

解决方案1
 0 已采纳  2010-05-12 01:35:07

Those look pretty good to me, I tend to use 200 for deleted, but I don't see anything wrong with using 204 if you're never going to send back any entity when you process a delete. 这些对我来说看起来不错,我倾向于使用200进行删除,但是如果您在处理删除过程中永远不发回任何实体,那么使用204不会出现任何问题。 Regarding 401 vs 403, they're tricky because they are named poorly. 关于401 vs 403,它们很棘手,因为它们的命名很差。 401 says "unauthorized" but the requirement to send a WWW-Authenticate header suggests to me that it should really be used when the request isn't "Authenticated". 401表示“未经授权”,但发送WWW-Authenticate标头的要求向我建议,当请求未经过“认证”时,应确实使用它。 401 says: "I can't let you do that because I'm not satisfied I know enough about you. 403 on the other conveys the resource is "Forbidden", just another way of saying "not authorized" only in this case, there is no effort made to get the user better authenticated than they already are. Use 403 when you need to express: "I know who you are, and I don't care, I'm not going to let you do that." 401说:“我不能让你这样做,因为我不满意我对你的了解。另一方面,403表示资源是“禁止的”,只是在这种情况下说“未授权”的另一种方式,我们将尽一切努力使用户获得比以前更好的身份验证。当您需要表达以下信息时,请使用403:“我知道您是谁,我不在乎,我不会让您那样做。”

Otherwise those look good, though you may want to consider 302, 303 and 307 as additional redirects depending on why you are doing the redirect. 否则,这些看起来不错,尽管您可能希望根据执行重定向的原因将302、303和307视为其他重定向。 Have an additional look at http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html and let me know if you need some more insight on the redirect headers. 进一步查看http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html ,让我知道您是否需要有关重定向标头的更多信息。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 REST Web服务:响应状态为4XX时可接受的HTTP响应内容类型(客户端错误) - REST Web Service: Acceptable HTTP response content-type when responding with status 4XX (Client Error) REST和内容类型 - REST and content-type 如何更改REST DataSnap中的Content-Type响应 - How to change the Content-Type response in the REST DataSnap REST-API 错误响应的不同内容类型 - REST-API Different Content-Type on Error Response 如果响应是加密的 json,那么 Content-Type 应该是什么? - What should be Content-Type if response is encrypted json? 什么内容类型应该使用204无响应? - What Content-Type should a 204 No Response use? phpunit和http内容类型 - phpunit and http content-type Django REST 框架 RequestsClient 内容类型 - Django REST framework RequestsClient content-type 带有内容类型的 java REST Assured 响应主体:带有注入的 html 标签的 text/html - java REST Assured response body with Content-Type: text/html with injected html tags 为Rest客户端设置Json内容类型 - Setting Json content-type for Rest client
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM