本文翻譯自:400 BAD request HTTP error code meaning?
I have a JSON request which I'm posting to a HTTP URL. 我有一個要發佈到HTTP URL的JSON請求。
Should this be treated as 400 where requestedResource field exists but "Roman" is an invalid value for this field? 如果其中存在requestedResource字段,但"Roman"是該字段的無效值,則應將其視爲400 ?
[{requestedResource:"Roman"}]
Should this be treated as 400 where "blah" field doesn't exist at all? 應該將其視爲根本不存在"blah"字段的400嗎?
[{blah:"Roman"}]
#1樓
參考:https://stackoom.com/question/1KXPJ/BAD請求HTTP錯誤代碼的含義
#2樓
10.4.1 400 Bad Request 10.4.1 400錯誤的請求
The request could not be understood by the server due to malformed syntax. 由於語法格式錯誤,服務器無法理解該請求。 The client SHOULD NOT repeat the request without modifications. 客戶不應在沒有修改的情況下重複請求。
#3樓
Think about expectations. 考慮期望。
As a client app, you expect to know if something goes wrong on the server side. 作爲客戶端應用程序,您希望知道服務器端是否出了問題。 If the server needs to throw an error when blah is missing or the requestedResource value is incorrect than a 400 error would be appropriate. 如果服務器需要拋出一個錯誤,當blah丟失或requestedResource值不正確超過400錯誤是適當的。
#4樓
A 400 means that the request was malformed. 400表示請求格式錯誤。 In other words, the data stream sent by the client to the server didn't follow the rules. 換句話說,客戶端發送到服務器的數據流不遵循規則。
In the case of a REST API with a JSON payload, 400's are typically, and correctly I would say, used to indicate that the JSON is invalid in some way according to the API specification for the service. 對於具有JSON有效負載的REST API,通常,並且我會正確地說,根據服務的API規範,通常使用400來表示JSON無效。
By that logic, both the scenarios you provided should be 400's. 按照這種邏輯,您提供的兩種方案都應爲400。
Imagine instead this were XML rather than JSON. 想象一下,這是XML而不是JSON。 In both cases, the XML would never pass schema validation--either because of an undefined element or an improper element value. 在這兩種情況下,XML都永遠不會通過架構驗證-由於未定義元素或元素值不正確。 That would be a bad request. 那將是一個糟糕的要求。 Same deal here. 同樣的交易。
#5樓
In neither case is the "syntax malformed". 在兩種情況下,“語法都格式錯誤”。 It's the semantics that are wrong. 這是錯誤的語義。 Hence, IMHO a 400 is inappropriate. 因此,恕我直言400是不合適的。 Instead, it would be appropriate to return a 200 along with some kind of error object such as { "error": { "message": "Unknown request keyword" } } or whatever. 取而代之的是,返回200以及某種錯誤對象,例如{ "error": { "message": "Unknown request keyword" } } 。
Consider the client processing path(s). 考慮客戶端處理路徑。 An error in syntax (eg invalid JSON) is an error in the logic of the program, in other words a bug of some sort, and should be handled accordingly, in a way similar to a 403, say; 語法錯誤(例如無效的JSON)是程序邏輯中的錯誤,換句話說是某種錯誤,應按照類似於403的方式進行相應處理; in other words, something bad has gone wrong. 換句話說,壞事出了錯。
An error in a parameter value, on the other hand, is an error of semantics, perhaps due to say poorly validated user input. 另一方面,參數值中的錯誤是語義錯誤,這可能是由於用戶驗證輸入無效所致。 It is not an HTTP error (although I suppose it could be a 422). 這不是HTTP錯誤(儘管我想可能是422)。 The processing path would be different. 處理路徑將不同。
For instance, in jQuery, I would prefer not to have to write a single error handler that deals with both things like 500 and some app-specific semantic error. 例如,在jQuery中,我希望不必編寫處理500之類的錯誤處理程序和某些特定於應用程序的語義錯誤的錯誤處理程序。 Other frameworks, Ember for one, also treat HTTP errors like 400s and 500s identically as big fat failures, requiring the programmer to detect what's going on and branch depending on whether it's a "real" error or not. 其他框架,例如Ember,也將400s和500s之類的HTTP錯誤等同地視爲大錯誤,要求程序員檢測正在發生的事情並根據是否是“真正的”錯誤來分支。
#6樓
Using 400 status codes for any other purpose than indicating that the request is malformed is just plain wrong. 除了指示請求格式錯誤之外,將400狀態代碼用於其他任何目的都是錯誤的。
If the request payload contains a byte-sequence that could not be parsed as application/json (if the server expects that dataformat), the appropriate status code is 415 : 如果請求有效負載包含無法解析爲application/json的字節序列(如果服務器期望該數據格式),則相應的狀態碼爲415 :
The server is refusing to service the request because the entity of the request is in a format not supported by the requested resource for the requested method. 服務器拒絕爲請求提供服務,因爲請求的實體的格式不受請求的方法所請求的資源支持。
If the request payload is syntactically correct but semantically incorrect, the non-standard 422 response code may be used, or the standard 403 status code: 如果請求有效負載在語法上正確但在語義上不正確,則可以使用非標準的422響應代碼,或標準的403狀態代碼:
The server understood the request, but is refusing to fulfill it. 服務器理解了該請求,但拒絕執行該請求。 Authorization will not help and the request SHOULD NOT be repeated. 授權將無濟於事,不應重複該請求。