Geek Answers Handbook

POST encoded wrong practice?

I'm (just for fun) trying to implement the High Score web service. I would like it to be compatible with REST principles. I want to add a new recorder using url options like http://mydomain.com/hs/add&name=John&score=987 . According to REST, this should be done using a POST request. This results in an empty POST request with all the data contained in the URL parameters. Would this be considered bad practice?

Update
Security is not a big concern right now.

+6
rest
source share
6 answers

The general way to do this is to send a POST to http://mydomain.com/hs/add with content:

name=John&score=987 (for simple data with urlencoded it will differ, for example, from multipage encoded data, the format of the body of the POST request is arbitrary and goes beyond the recommendations of REST - it can even be arbitrary encrypted data, as others suggested).

A GET request to add a new record will be not only a violation of REST principles, but also a violation of RFC 2616 , which requires that GET requests are idempotent.

EDIT

Is it wrong to pass data to the query string and send an empty body?

Yes. The URL should describe the resource that is exposed to the action described by the HTTP method. Therefore, probably the best option would be to have http://mydomain.com/hs as the URL and allow the body to fully describe the action.

The query string can be used to further process queries without a body, for example:

http://mydomain.com/hs?period=lastmonth (GET)

+12
source share

You use a question mark in front of the parameters, so it will be: http://mydomain.com/hs/add?name=John&score=987 . However, the idea is that the URL should be the name of the resource, and the request method should decide what to do.

So the correct URL would be just http://mydomain.com/hs , and you will send the parameters to the POST data. Since this is a POST request, it will add data to the resource.

+2
source share

No, using url parameters in POST is not bad practice regarding REST. This seems to be the perfect approach to me.

In terms of aesthetics, I would suggest a URL like

  POST http://mydomain.com/highscores?name=John&score=987
+1
source share

Very bad .. the user can manipulate the account. You need to use some kind of encryption, even if it’s simple, before submitting your assessment through a request

0
source share

GET should be used when receiving data. When adding or processing data, you should always use POST.

Thus, the user will not:

  • Go to the URL randomly and discard all your data.
  • It is advisable to change your database
0
source share

Use a POST request to prevent the following situation:

  • Login
  • Web browser saves authentication information between sessions
  • The user receives, for example, an email with an HTML tag, for example <img src = ' http://mydomain.com/hs/add?name=John&score=987 ' ... />
  • The email client tries to download the image, automatically uses the credentials stored in the web browser, and quietly adds or removes information from your system.
0
source share

More articles:


All Articles