HTTP协议-安全和幂等方法

Http协议官网

9.1 Safe and Idempotent Methods

9.1.1 Safe Methods

Implementors should be aware that the software represents the user in their interactions over the Internet, and should be careful to allow the user to be aware of any actions they might take which may have an unexpected significance to themselves or others.

In particular, the convention has been established that the GET and HEAD methods SHOULD NOT have the significance of taking an action other than retrieval. These methods ought to be considered "safe".
需要强调的是,已发布的约定指明GET和HEAD方法不应当包含除了检索(取回)外的其他动作,这些方法应当被认为是“安全的”。

This allows user agents to represent other methods, such as POST, PUT and DELETE, in a special way, so that the user is made aware of the fact that a possibly unsafe action is being requested.
这允许用户代理使用特殊的方式来表现其他方法,例如POST、PUT和DELETE,使得用户认识到正在请求一个可能不安全的操作。

Naturally, it is not possible to ensure that the server does not generate side-effects as a result of performing a GET request; in fact, some dynamic resources consider that a feature. The important
distinction here is that the user did not request the side-effects, so therefore cannot be held accountable for them.

9.1.2 Idempotent Methods

Methods can also have the property of "idempotence" in that (aside from error or expiration issues) the side-effects of N > 0 identical requests is the same as for a single request. The methods GET, HEAD, PUT and DELETE share this property. Also, the methods OPTIONS and TRACE SHOULD NOT have side effects, and so are inherently idempotent.
当单一请求的副作用跟N>0次Http协议官网

9.1 Safe and Idempotent Methods

9.1.1 Safe Methods

Implementors should be aware that the software represents the user in their interactions over the Internet, and should be careful to allow the user to be aware of any actions they might take which may have an unexpected significance to themselves or others.

In particular, the convention has been established that the GET and HEAD methods SHOULD NOT have the significance of taking an action other than retrieval. These methods ought to be considered "safe".
需要强调的是,已发布的约定指明GET和HEAD方法不应当包含除了检索(取回)外的其他动作,它们应当被认为是“安全的”。

This allows user agents to represent other methods, such as POST, PUT and DELETE, in a special way, so that the user is made aware of the fact that a possibly unsafe action is being requested.
这允许用户代理使用特殊的方式来表现其他方法,例如POST、PUT和DELETE,使得用户认识到正在请求一个可能不安全的操作。

Naturally, it is not possible to ensure that the server does not generate side-effects as a result of performing a GET request; in fact, some dynamic resources consider that a feature. The important
distinction here is that the user did not request the side-effects, so therefore cannot be held accountable for them.

9.1.2 Idempotent Methods

Methods can also have the property of "idempotence" in that (aside from error or expiration issues) the side-effects of N > 0 identical requests is the same as for a single request. The methods GET, HEAD, PUT and DELETE share this property. Also, the methods OPTIONS and TRACE SHOULD NOT have side effects, and so are inherently idempotent.
当对方法进行单一请求的副作用跟进行N>0次相同请求时每次的副作用一样时,我们也可以认为这个方法拥有“幂等”的属性。GET、HEAD、PUT和DELETE均有这个属性。而方法OPTIONS和TRACE则是不应当有副作用,所以它们是天然幂等的。

你可能感兴趣的:(HTTP协议-安全和幂等方法)