gpt4 book ai didi

javascript - OPTIONS 在 REST API 调用之前调用元数据

转载 作者:塔克拉玛干 更新时间:2023-11-03 04:48:34 24 4
gpt4 key购买 nike

我试图了解这个系统是如何在幕后运作的。该系统是基于 REST 的,这是非常标准的,我没有得到客户端在每次 API 调用和 XML 内容以格式返回之前进行 OPTIONS 调用。它使用 Jersey Java。

OPTIONS DELETE 方法的响应

Access-Control-Request-Method: DELETE 在 header 中传递

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<application xmlns="http://wadl.dev.java.net/2009/02">
<doc xmlns:jersey="http://jersey.java.net/" jersey:generatedBy="Jersey: 2.8 2014-04-29 01:25:26"/>
<grammars/>
<resources base=“http://example.com”>
<resource path=“data/gasdfasdg/entity”>
<method id="deleteEntity" name="DELETE">
<request>
<param xmlns:xs="http://www.w3.org/2001/XMLSchema" type="xs:string"/>
</request>
<response>
<representation mediaType="application/json"/>
</response>
</method>
<method id="getOneEntitysMetadata" name="GET">
<request>
<param xmlns:xs="http://www.w3.org/2001/XMLSchema" name="q" style="query" type="xs:string"/>
<param xmlns:xs="http://www.w3.org/2001/XMLSchema" name="x-dps-compute-content-size" style="header" type="xs:boolean"/>
<param xmlns:xs="http://www.w3.org/2001/XMLSchema" type="xs:string"/>
</request>
<response>
<representation mediaType="application/json"/>
</response>
</method>
<method id="createOrUpdateEntity" name="PUT">
<request>
<param xmlns:xs="http://www.w3.org/2001/XMLSchema" type="xs:string"/>
</request>
<response>
<representation mediaType="application/json"/>
</response>
</method>
</resource>
</resources>
</application>

问题:

一个。客户端首先调用OPTIONS、处理和分析响应并在进行实际调用之前确定 API、参数等是否是标准或行业惯例?早些时候,我一直在查看文档并相应地在客户端 (JavaScript) 中对我的 REST 调用进行编程。

B.此调用是由浏览器自动进行的(预检)还是在客户端中进行了编程?

最佳答案

To understand what's going on, you need to understand about CORS (cross origin resource sharing) . The OPTIONS request , is the pre-flight request (made by the browser, in response to the client trying to make a cross origin ajax request), which is an initial request to the server to check if that client is allowed to make a request to the server. The pre-flight request sends particular headers that the server understands, and the server will response back with different headers. For instance, the client might send

Origin: http://foo.example
Access-Control-Request-Method: DELETE

With these two request headers, there are two corresponding response headers that the browser expects. The request headers are basically asking "is this origin allowed"and "is this method allowed". The servers should respond with

Access-Control-Allow-Origin: http://foo.example
Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE

The above are the response headers, saying that the origin is allowed, and that those methods are allowed. If you are not seeing those headers, that means that you do not have CORS configured on your server. If the browser does not see those response headers, it will not make the actual request. To configure CORS, generally a simple filter is used. Some containers, like Tomcat and Jetty, have a simple filter implementation you can configure, or you can just whip up your own, for example .

Note the above scenario is usually only for browsers and XmlHTTPRequest requests, as mentioned in the above link.

What the XML is, is that WADL . The only reason you are getting this, is because Jersey has it's own WADL feature enabled by default. WADL is not something that is mandatory, but Jersey has it, and it's configured to respond to OPTIONS requests. If you disabled the WADL (which is possible), instead of getting the XML, you would just get a 405 Not Allowed response, meaning the OPTIONS method is not allowed for that endpoint. The WADL is nothing that is standard is regards to the CORS protocol. It's just a side effect of Jersey's WADL feature. WADL and CORS have nothing to do with each other.

关于javascript - OPTIONS 在 REST API 调用之前调用元数据,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/38298001/

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com