本文翻译自:400 BAD request HTTP error code meaning?
I have a JSON request which I'm posting to a HTTP URL. 我有一个要发布到HTTP URL的JSON请求。
Should this be treated as 400
where requestedResource
field exists but "Roman"
is an invalid value for this field? 如果其中存在requestedResource
字段,但"Roman"
是该字段的无效值,则应将其视为400
?
[{requestedResource:"Roman"}]
Should this be treated as 400
where "blah"
field doesn't exist at all? 应该将其视为根本不存在"blah"
字段的400
吗?
[{blah:"Roman"}]
#1楼
参考:https://stackoom.com/question/1KXPJ/BAD请求HTTP错误代码的含义
#2楼
10.4.1 400 Bad Request 10.4.1 400错误的请求
The request could not be understood by the server due to malformed syntax. 由于语法格式错误,服务器无法理解该请求。 The client SHOULD NOT repeat the request without modifications. 客户不应在没有修改的情况下重复请求。
#3楼
Think about expectations. 考虑期望。
As a client app, you expect to know if something goes wrong on the server side. 作为客户端应用程序,您希望知道服务器端是否出了问题。 If the server needs to throw an error when blah
is missing or the requestedResource
value is incorrect than a 400 error would be appropriate. 如果服务器需要抛出一个错误,当blah
丢失或requestedResource
值不正确超过400错误是适当的。
#4楼
A 400 means that the request was malformed. 400表示请求格式错误。 In other words, the data stream sent by the client to the server didn't follow the rules. 换句话说,客户端发送到服务器的数据流不遵循规则。
In the case of a REST API with a JSON payload, 400's are typically, and correctly I would say, used to indicate that the JSON is invalid in some way according to the API specification for the service. 对于具有JSON有效负载的REST API,通常,并且我会正确地说,根据服务的API规范,通常使用400来表示JSON无效。
By that logic, both the scenarios you provided should be 400's. 按照这种逻辑,您提供的两种方案都应为400。
Imagine instead this were XML rather than JSON. 想象一下,这是XML而不是JSON。 In both cases, the XML would never pass schema validation--either because of an undefined element or an improper element value. 在这两种情况下,XML都永远不会通过架构验证-由于未定义元素或元素值不正确。 That would be a bad request. 那将是一个糟糕的要求。 Same deal here. 同样的交易。
#5楼
In neither case is the "syntax malformed". 在两种情况下,“语法都格式错误”。 It's the semantics that are wrong. 这是错误的语义。 Hence, IMHO a 400 is inappropriate. 因此,恕我直言400是不合适的。 Instead, it would be appropriate to return a 200 along with some kind of error object such as { "error": { "message": "Unknown request keyword" } }
or whatever. 取而代之的是,返回200以及某种错误对象,例如{ "error": { "message": "Unknown request keyword" } }
。
Consider the client processing path(s). 考虑客户端处理路径。 An error in syntax (eg invalid JSON) is an error in the logic of the program, in other words a bug of some sort, and should be handled accordingly, in a way similar to a 403, say; 语法错误(例如无效的JSON)是程序逻辑中的错误,换句话说是某种错误,应按照类似于403的方式进行相应处理; in other words, something bad has gone wrong. 换句话说,坏事出了错。
An error in a parameter value, on the other hand, is an error of semantics, perhaps due to say poorly validated user input. 另一方面,参数值中的错误是语义错误,这可能是由于用户验证输入无效所致。 It is not an HTTP error (although I suppose it could be a 422). 这不是HTTP错误(尽管我想可能是422)。 The processing path would be different. 处理路径将不同。
For instance, in jQuery, I would prefer not to have to write a single error handler that deals with both things like 500 and some app-specific semantic error. 例如,在jQuery中,我希望不必编写处理500之类的错误处理程序和某些特定于应用程序的语义错误的错误处理程序。 Other frameworks, Ember for one, also treat HTTP errors like 400s and 500s identically as big fat failures, requiring the programmer to detect what's going on and branch depending on whether it's a "real" error or not. 其他框架,例如Ember,也将400s和500s之类的HTTP错误等同地视为大错误,要求程序员检测正在发生的事情并根据是否是“真正的”错误来分支。
#6楼
Using 400
status codes for any other purpose than indicating that the request is malformed is just plain wrong. 除了指示请求格式错误之外,将400
状态代码用于其他任何目的都是错误的。
If the request payload contains a byte-sequence that could not be parsed as application/json
(if the server expects that dataformat), the appropriate status code is 415
: 如果请求有效负载包含无法解析为application/json
的字节序列(如果服务器期望该数据格式),则相应的状态码为415
:
The server is refusing to service the request because the entity of the request is in a format not supported by the requested resource for the requested method. 服务器拒绝为请求提供服务,因为请求的实体的格式不受请求的方法所请求的资源支持。
If the request payload is syntactically correct but semantically incorrect, the non-standard 422
response code may be used, or the standard 403
status code: 如果请求有效负载在语法上正确但在语义上不正确,则可以使用非标准的422
响应代码,或标准的403
状态代码:
The server understood the request, but is refusing to fulfill it. 服务器理解了该请求,但拒绝执行该请求。 Authorization will not help and the request SHOULD NOT be repeated. 授权将无济于事,不应重复该请求。