响应 HTTPGET 返回202“ Accepted”是错误的吗?

我有一组资源,它们的表示是懒惰地创建的。构建这些表示的计算可能需要几毫秒到几个小时,具体取决于服务器负载、特定资源和月相。

为资源接收的第一个 GET 请求启动服务器上的计算。如果计算在几秒钟内完成,则返回计算的表示形式。否则,将返回202个“ Accepted”状态代码,客户端必须轮询资源,直到最终表示可用。

这种行为的原因如下: 如果结果在几秒钟内可用,则需要尽快检索它; 否则,何时可用并不重要。

由于有限的内存和大量的请求,NIO 和长轮询都不是一个选项(也就是说。我无法保持足够的连接打开,甚至无法在内存中容纳所有的请求; 一旦“几秒钟”过去,我将持久化多余的请求)。同样,客户机限制也是这样,它们不能处理完成回调。最后,请注意,我对创建一个 POST 到的“工厂”资源不感兴趣,因为额外的往返意味着我们失败的分段实时约束超出了预期(此外,这是额外的复杂性; 而且,这是一个从缓存中受益的资源)。

我想在返回202个“已接受”状态代码以响应 GET 请求的问题上存在一些争议,因为我从未在实践中见过它,它最直观的用法是响应不安全的方法,但我从未发现任何特别令人沮丧的东西。此外,难道我不能同时保持安全性和无效性吗?

那么,大家对这种方法有什么看法?

编辑 : 我应该提到的是,这是针对所谓的业务 web API 的,而不是针对浏览器的。

58602 次浏览
小开
最佳答案

If it's for a well-defined and -documented API, 202 sounds exactly right for what's happening.

If it's for the public Internet, I would be too worried about client compatibility. I've seen so many if (status == 200) hard-coded.... In that case, I would return a 200.

Also, the RFC makes no indication that using 202 for a GET request is wrong, while it makes clear distinctions in other code descriptions (e.g. 200).

The request has been accepted for processing, but the processing has not been completed.

小开

We did this for a recent application, a client (custom application, not a browser) POST'ed a query and the server would return 202 with a URI to the "job" being posted - the client would use that URI to poll for the result - this seems to fit nicely with what was being done.

The most important thing here is anyway to document how your service/API works, and what a response of 202 means.

小开

From what I can recall - GET is supposed to return a resource without modifying the server. Maybe activity will be logged or what have you, but the request should be rerunnable with the same result.

POST on the other hand is a request to change the state of something on the server. Insert a record, delete a record, run a job, something like that. 202 would be appropriate for a POST that returned but isn't finished, but not really a GET request.

It's all very puritan and not well practiced in the wild, so you're probably safe by returning 202. GET should return 200. POST can return 200 if it finished or 202 if it's not done.

http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html

小开

In case of a resource that is supposed to have a representation of an entity that is clearly specified by an ID (as opposed to a "factory" resource, as described in the question), I recommend staying with the GET method and, in a situation when the entity/representation is not available because of lazy-creation or any other temporary situation, use the 503 Service Unavailable response code that is more appropriate and was actually designed for situations like this one.

Reasoning for this can be found in the RFCs for HTTP itself (please verify the description of the 503 response code), as well as on numerous other resources.

Please compare with HTTP status code for temporarily unavailable pages. Although that question is about a different use case, it actually relates to the exact same feature of HTTP.


提交答案