在发出HTTP DELETE请求时,请求URI应该完全标识要删除的资源。但是,是否允许添加额外的元数据作为请求实体主体的一部分?
当前回答
值得注意的是,OpenAPI 3.0版本的规范放弃了对带体的DELETE方法的支持:
请看这里和这里的参考资料
这可能会影响将来这些api的实现、文档或使用。
其他回答
在我看来,RFC 2616并没有规定这一点。
从第4.3节开始:
The presence of a message-body in a request is signaled by the inclusion of a Content-Length or Transfer-Encoding header field in the request's message-headers. A message-body MUST NOT be included in a request if the specification of the request method (section 5.1.1) does not allow sending an entity-body in requests. A server SHOULD read and forward a message-body on any request; if the request method does not include defined semantics for an entity-body, then the message-body SHOULD be ignored when handling the request.
9.7节:
The DELETE method requests that the origin server delete the resource identified by the Request-URI. This method MAY be overridden by human intervention (or other means) on the origin server. The client cannot be guaranteed that the operation has been carried out, even if the status code returned from the origin server indicates that the action has been completed successfully. However, the server SHOULD NOT indicate success unless, at the time the response is given, it intends to delete the resource or move it to an inaccessible location. A successful response SHOULD be 200 (OK) if the response includes an entity describing the status, 202 (Accepted) if the action has not yet been enacted, or 204 (No Content) if the action has been enacted but the response does not include an entity. If the request passes through a cache and the Request-URI identifies one or more currently cached entities, those entries SHOULD be treated as stale. Responses to this method are not cacheable.c
因此,它没有显式地允许或禁止,并且代理可能会删除消息体(尽管它应该读取并转发它)。
Roy Fielding在HTTP邮件列表上澄清了HTTP邮件列表https://lists.w3.org/Archives/Public/ietf-http-wg/2020JanMar/0123.html并说:
GET/DELETE主体绝对禁止产生任何影响 对请求的处理或解释
这意味着主体不能修改服务器的行为。 然后他补充道:
除了 为了维护,必须读取和丢弃接收到的字节 信息框架。
最后是不禁止尸体的原因
我们不禁止派人去的唯一原因是 因为这将导致懒惰的实现,假设没有人会这样做 被发送。
因此,当客户端可以发送有效负载主体时,服务器应该丢弃它 和api不应该为这些请求的有效载荷体定义语义。
只是一个提示,如果你在你的DELETE请求中提供了一个主体,并且使用了谷歌云HTTPS负载均衡器,它将拒绝你的请求,错误为400。我的头撞到墙上,然后发现谷歌,不管出于什么原因,认为一个带有主体的DELETE请求是一个畸形的请求。
实际答案:不
有些客户端和服务器会忽略甚至删除delete请求中的主体。在极少数情况下,它们会失败并返回错误。
也许下面的GitHUb url会帮助你,得到答案。 实际上,应用服务器,如Tomcat, Weblogic拒绝HTTP。带请求有效负载的DELETE调用。所以记住这些东西,我已经在github中添加了例子,请看看
https://github.com/ashish720/spring-examples
推荐文章
- ReferenceError: description没有定义NodeJs
- REST API - dto还是不是?
- OData和REST web服务的区别
- 用Spring我可以做一个可选的路径变量吗?
- 什么是HTTP“主机”报头?
- 哪个HTTP状态代码表示“尚未准备好,稍后再试”?
- Django REST框架:向ModelSerializer添加额外字段
- 如何阻止恶意代码欺骗“Origin”报头来利用CORS?
- 为什么说“HTTP是无状态协议”?
- 我需要HTTP GET请求的内容类型报头吗?
- REST和RPC之间的Web服务差异
- 如何让Chrome允许混合内容?
- 正确的方式删除cookies服务器端
- REST DELETE真的是幂等的吗?
- 如何用node.js实现一个安全的REST API
