建筑 REST API - 长 header
[英]building REST API - long header
问题描述
I'm building an API.. But I think my server sends a quite long header compared to other "APIs"..
我正在构建一个 API .. 但与其他“API”相比,我认为我的服务器发送了相当长的 header ..
HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 19:51:22 GMT
Server: Apache/2.2.16 (Debian)
X-Powered-By: PHP/5.3.3-7+squeeze1
Set-Cookie: PHPSESSID=dv1nrjrd47qurff4u9tn8afa84; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/html
Just want to know if there is any disadvantage of that regarding safety?只是想知道在安全方面是否有任何缺点?
edit编辑
yay..!耶..! now I'm down to this现在我到了这个
HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 20:51:18 GMT
Server: Apache
Content-Length: 0
Connection: close
Content-Type: application/json
1 个解决方案
解决方案1
3 已采纳 2011-06-30 20:07:17
There is no appreciable disadvantage in term of permormance to send these extra header to the client.将这些额外的 header 发送给客户端在性能方面没有明显的劣势。 A client should never cache the response returned by a web service call since the client usually is not a browser.客户端不应缓存 web 服务调用返回的响应,因为客户端通常不是浏览器。
You also start a session (see the PHPSESSID cookie) and if is not useful for the client, simple don't start the session您还启动了 session(请参阅 PHPSESSID cookie),如果对客户端没有用,简单地不要启动 session
I usually tend to hide the version of apache and PHP for security reason.出于安全原因,我通常倾向于隐藏 apache 和 PHP 的版本。
Hide Apache version: ServerTokens PROD in the httpd.conf file在 httpd.conf 文件中隐藏 Apache 版本:ServerTokens PROD
Hide PHP version: expose_php = Off in the php.ini在 php.ini 中隐藏 PHP 版本:expose_php = Off
Restart Apache重启Apache
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.