不要動!把資料交出來(3) - GET & POST


Posted by TempuraEngineer on 2022-08-01

目錄


GET

GET用於撈資料。通常來說它不帶body
query string會顯示在URL上,也因此可被存到書籤、瀏覽歷史

GET is the primary mechanism of information retrieval and the focus of almost all performance optimizations.

// 網址中可以看到encode過的query string "$filter=ScenicSpotName ne null and $top=8 and $skip=8 and $format=JSON"

const res = await fetch(
  `https://ptx.transportdata.tw/MOTC/v2/Tourism/ScenicSpot?%24filter=ScenicSpotName%20ne%20null&%24top=8&%24skip=8&%24format=JSON`,
  {
    method: 'GET',
    headers: {
      Authorization:'...',
      'X-Date':'...'
    },
  },
);

但其實GET也能帶body,雖然並不推薦

Sending body/payload in a GET request may cause some existing implementations to reject the request — while not prohibited by the specification, the semantics are undefined. It is better to just avoid sending payloads in GET requests.

另外常看到有人說使用GET方法限制data長度為2048個字元,但其實HTTP並沒有限制限制是源於瀏覽器的URI長度限制,或server的處理能力

The HTTP protocol does not place any a priori limit on the length of a URI. Servers MUST be able to handle the URI of any resource they serve, and SHOULD be able to handle URIs of unbounded length if they provide GET-based forms that could generate such URIs. A server SHOULD return 414 (Request-URI Too Long) status if a URI is longer than the server can handle (see section 10.4.15).

詳細的解釋可以看What is the maximum length of a URL?


POST

POST用於新增、更新資料。會帶body

// query的條件放在body裡

const res = await fetch(`
  https://reqbin.com/echo/post/json`,
  {
    method: 'POST',
    headers: {
      Authorization:'...',
      'Content-Type':'application/json'
    },
    body: {
      Id: 78912,
      Customer: 'Jason Sweet',
      Quantity: 1,
      Price: 18.00      
    }    
  }
)

POST範例取自How do I send an HTTP POST request?

比GET安全但並不代表資料不會被劫持,所以還是需要SSL加密

HTTP POST is not encrypted, it can be intercepted by a network sniffer, by a proxy or leaked in the logs of the server with a customised logging level.
POST is better than GET because POST data is not usualy logged by a proxy or server, but it is not secure.
you must use SSL or encrypt the data before you POST.

另外也會聽到POSTdata長度限制,HTTP確實沒有限制,但瀏覽器限制,所以實際上最大值為min(serverMaximumSize, clientMaximumSize)

The maximum POST request body size is configured on the HTTP server and typically ranges from 1MB to 2GB

The HTTP client (browser or other user agent) can have its own limitations. Therefore, the maximum POST body request size is min(serverMaximumSize, clientMaximumSize).


比較

GET POST
url 帶有query string 不帶query string
安全度 比GET好,但仍需加上SSL加密
data types 只有字串(ASCII) 都可,甚至可以巢狀結構
data length 實務上會受限於瀏覽器、server 實務上會受限於瀏覽器、server限
存成書籤
瀏覽器歷史
快取 △ Responses to POST requests are only cacheable when they include explicit freshness information. However, POST caching is not widely implemented.
其他 不用encode,故效能比POST好 helps you to determine resource URI.


參考資料

GET Vs. POST: Key Difference Between HTTP Methods
Is either GET or POST more secure than the other?
How secure is a HTTP POST?
What is the maximum length of a URL?
Can HTTP POST be limitless?

RFC7231 - GET
RFC7231 - POST
RFC2068 - Hypertext Transfer Protocol -- HTTP/1.1


#get #post







Related Posts

Vue3 起手式

Vue3 起手式

JS30 Day 24 筆記

JS30 Day 24 筆記

C語言-主架構/輸出/變數

C語言-主架構/輸出/變數


Comments