RESTful 架构中的给定 URI 是否应该始终返回相同的响应?

发布于 2024-08-29 09:52:26 字数 509 浏览 6 评论 0原文

这是这个问题的后续问题< /a>.

那么对任何给定的 URI 拥有唯一的响应是 RESTful 架构的核心租户吗?这里的很多讨论都倾向于这个方向,但我还没有在任何地方将其视为“硬性且快速”的规则。

我理解它的价值(用于缓存、爬行、传递链接等),但我也看到诸如 twitter API 之类的东西违反了它(对 http://api.twitter.com/1/statuses/ 的请求Friends_timeline.xml 将根据给定的用户名而有所不同),我知道有时可能有必要 - 更不用说按时间顺序分页的资源也会随着新元素的添加而改变。

我是否应该努力完全消除来自同一 URI 的不同响应,或者我是否只是接受有时这是不切实际的,只要我尽量减少它的出现,我就会处于良好状态。

This is kind of a follow-up question to this one.

So is having a unique response for any given URI a core tenant of RESTful architecture? A lot of discussion here tends that direction, but I haven't seen it anywhere as a "hard and fast" rule.

I understand the value of it (for caching, crawling, passing links, etc), but I also see things like the twitter API violate it (A request to http://api.twitter.com/1/statuses/friends_timeline.xml will vary based on the username given), and I understand there are times when it may be necessary--not to mention that a chronologically paged resource will also change as new elements are added.

Should I strive for varied responses from the same URI to be eliminated altogether, or do I just accept that sometimes it isn't practical, and as long as I minimize its occurrence, I'll be in decent shape.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

无边思念无边月 2024-09-05 09:52:26

不是相同的响应,而是相同资源的表示(取决于 conneg 和条件请求标头)。在 Rest 架构中,一个 URI 标识一个且仅一个资源(但一个资源可以有多个 URI)。根据授权用户(HTTP Auth、cookies 等)提供不同的资源是不好的做法,因为相同的 URI 代表每个用户不同的资源,如 Twitter 示例中所示。我无法允许您查看我的时间线并为您提供 URI,因为这与您的时间线的 URI 相同。用户必须在 URI 中进行编码,并且访问受到授权机制的限制。要让单个访问点根据经过身份验证的用户提供不同的资源,请使用重定向(例如 303 See Other、302 Found,...)

Not the same response, but a representation (wich depends on conneg and conditional request headers) of the same resource. In a Rest Architecture, a URI identify one and only one resource (but a resource can have several URI). Presenting different resource depending on the authorized user (being HTTP Auth, cookies, ...) is bad practice, since the same URI represent a different resource for each user, as in the Twitter example. I can't allow you to view my timeline and give you the URI, since this is the same URI for your timeline. The user must be encoded in the URI, and access limited by the authorization mecanism. To have a single access point presenting different resource depending on the authenticated user, use a redirect (e.g. 303 See Other, 302 Found, ...)

奢欲 2024-09-05 09:52:26

REST 中没有任何内容表示相同的响应 - 但您应该准备好处理诸如“如果修改后”请求标头之类的内容(当它们有意义时);)

tritter API 显然还有其他问题 - 例如:这是一个设计决策。例如,一旦您允许隔离朋友时间线,则将时间线放在朋友姓名元素下方是有意义的 - 他们显然决定反对这样做;)

这取决于设计决策。查看 OData(例如 http://odata.netflix.com/Catalog/) - 在这里使 snse 在给定时间内为每个 URL 返回相同的数据(缓存),因为它是完全公开的目录。对于其他场景,这可能没有意义。

Nothing in REST says same response - but you shuld be prepared to handle stuff like the "If Modified Since" request headers WHEN THEY MAKE SENSE ;)

The tritter API has other issues, obviously - as in: this is a design decision. Once you allow friend timelines to be isolated, for example, it would make sense to put the timeline below a friend name element - they obviously decided against this ;)

It runs down to design decisions. Look at OData (like http://odata.netflix.com/Catalog/) - here it makes snse to return the same data for every URL for a given time (caching), because it is a fully public cataloque. For other scenarios it may make no sense.

巷子口的你 2024-09-05 09:52:26

某些请求标头确实会更改返回的内容(同时仍然是 RESTful):

  1. 显然,缓存标头将用于确定返回的是 304 还是 200。
  2. Accept 标头可用于确定返回的内容。响应的格式(HTML、XML、JSON)
  3. Authorized 标头至少可以确定返回的是 401、403 还是 200。
  4. 此外,资源可以随时间变化。

真正的问题是是否可以使用 Authorized 标头(决定用户)来更改响应的内容。我还没有看到任何关于它的官方声明,但我怀疑很多人宁愿让用户在 URL 中,并使用 Authorized 标头来验证访问。我怀疑这两种方式仍然是 RESTful 的。

Some request headers do change what is returned (while still being RESTful):

  1. Clearly the cache-headers are expected to be used to determine if a 304 or 200 is returned
  2. The Accept header can be used to determine the format of the response (HTML vs XML vs JSON)
  3. The Authorized header can at least determine if a 401, 403, or 200 is returned.
  4. Also, resources are allowed to change over time.

The real question is whether the Authorized header (which determines the user) can be used to change the content of the response. I haven't seen any official statement about it, but I suspect a number of people would rather have the user in the URL and the Authorized header used to validate access. I suspect either way is still RESTful.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文