I'm trying to design an endpoint that just does some loggings for the client-side applications. The implementation is simple, just log the events that the client send to some platforms. (We don't want the mobile app to integrate with the platforms directly) If the client doesn't care about the response and won't handle the response either, is there a need for the server to send back the 200 all the time? Or is it okay to just return nothing?
I can't seem to find any similar use cases. Maybe giving a status code is always a good practice?
I'm using sprint boot and the controller allows the return type of void.
If this is your product and you're not beholden to any other API expectations or other miscellaneous requirements, you can implement whatever behavior you'd like.
That said I can understand wanting to stick to best practices. In general if the response is going to be empty, a simple HTTP status code of 204 is typically the best option to conform to standard HTTP status codes.
Related
As I found, it is possible to manipulate and change Ajax code in browser console by client. For example, Ajax wants to call a method and pass id to controller. As I mentioned above, how we can secure our code from interference by client?
Thank you all
Security must always be implemented on the server side, because anything you do on the client side can be ignored, overstep, modified, etc very easily. In fact, anyone can use software like Postman to make a completely custom HTML request to any server.
Don't ever rely on any client-side software in terms of security for your server. If you want keep your server safe, then make a safe server.
I read documents online. They say that
A GET-Ajax request is used for getting data from the server.
A POST-Ajax request is used for change data on the server.
But why is it?
A Get-Ajax request can change the data on the server TOO, right?
Why should only the POST-Ajax request change the data?
Is it because of a security reason or something? Please explain to me
GET and POST are different methods for web requests that provide different features/describe different intentions for programmers and APIs. You are correct that, technically speaking, if you want to do some other CRUD operation on the server when using a GET request, you can. Most would probably argue that this is not a good idea, in part for security/performance features that either method provides. Example: GET requests can be cached, POST cannot.
More on that here: https://www.w3schools.com/tags/ref_httpmethods.asp
The DalekJS documentation for the open() action says "You can forge GET, POST, PUT, DELETE and HEAD requests".
Can anyone tell me how to do this? I need to send POST, PUT & DELETE requests to the server for some tests.
per definition the Webdriver Spec & the underlying JSON-Wire protocol do not support manipulation the HEADERS of a request.
That seems like a limitation, but makes sense if you think about what the protocol is designed for. It is designed to "simulate" a "real" user. What a real user normally doesn't do, is changing the HEADERS of its request.
There are other tools if you want to test a REST interface, Dalek isn't (becauseof the underlying protocol) not designed to test such things.
I'm new to the .NET web api. But I can't figure out what the best practice should be when returning status codes. I've followed the tutorial on creating a web api that supports crud operations to get a good idea on how it all works.
I have a spec where the response to every request returns a status code along with other data, I can change the spec if need be but I can't work out if it's good to return a status code and also return all the data requested or to just return the data on it's own.
For example if I made a request to GetAllCarManufacturers without being authenticated I'd return a custom statusCode of 1 (Indicating not authenticated), and message "User is not authenticated.". But if I was authenticated I'd like to send back a statusCode of 0 (indicating success) and all the car manufacturers. This seems to go against the way the tutorial is organised as only the car manufacturers are sent back without any additional data. Which leads me to believe passing around a statusCode isn't the correct thing to do.
I've seen in the example crud demo that HttpResponseExceptions are thrown which sets the HttpStatusCode to a certain value (see code below). Should I be using that instead of returning my own status code? But then my concern is it doesn't have enough different status codes that will match my custom scenarios.
// Setting the HTTPStatusCode example.
throw new HttpResponseException(HttpStatusCode.NotFound);
.NET Web API sets up a convention for HTTP calls to a server that supports a REST interface. So, if you follow the convention, you should return HTTP Status Codes as a way of indicating what happened to the request when the server processed it.
HTTP Status Codes are part of the HTTP spec and can be found here.
There are many benefits to using HTTP Status Codes. One is that the HTTP Status Code is a header, so the client doesn't have to look into the content of the response in order to find out what happened.
So, returning a custom status code (of say 0 or 1) is not very useful to HTTP clients if they expect a RESTful experience from your interface.
I'm debugging some tricky Ajax code without a server side, in fact I have no domain etc to even put any server-side code on.
I would like to find some very minimal Ajax JSON(P) testing or debugging webservice or web API that just sends something back. Something like a ping or noop or ack.
I would prefer something small, fast, and reliable, preferably provided by major Internet companies such as Google, Microsoft, or Yahoo.
Ideally it would support these features, though none are totally essential:
Support JSONP.
Parametrically return success or various kinds of failure.
Parametrically delay a specified time before responding.
Parametrically support or reject CORS requests.
Parametric control over HTTP headers.
Parametrically describe the object returned.
In fact the most basic form of such a service from a major provider would also be useful for determining that Internet access is available, at least to a degree beyond navigator.onLine.
jsFiddle actually supports some of the features I'm looking for with their “Echo Javascript file and XHR requests”.
To improve user experience “echo” features has been created. This allows to test XHR requests, add javascript files, create workers - all from one fiddle, so it is more transparent for the user reading the code. XHR requests are split to HTML, JSON, JSONP and XML. Gist and github responses are similar to the echo feature and go nicely in pair with storing fiddles in gist and github.
They're not really intended for use outside jsFiddle though. Some limitations:
HTTP POST must be used for everything except JSONP and JavaScript.
CORS is not supported.
Of the desired features I listed, it supports at least:
specifying a delay
describing an object to return