I read documents online. They say that
A GET-Ajax request is used for getting data from the server.
A POST-Ajax request is used for change data on the server.
But why is it?
A Get-Ajax request can change the data on the server TOO, right?
Why should only the POST-Ajax request change the data?
Is it because of a security reason or something? Please explain to me
GET and POST are different methods for web requests that provide different features/describe different intentions for programmers and APIs. You are correct that, technically speaking, if you want to do some other CRUD operation on the server when using a GET request, you can. Most would probably argue that this is not a good idea, in part for security/performance features that either method provides. Example: GET requests can be cached, POST cannot.
More on that here: https://www.w3schools.com/tags/ref_httpmethods.asp
I'm using GraphQL (Spring Boot, Kotlin), and I have a specific issue with headers.
We need the client to send three pieces of information that we combine to retrieve internal sensitive data. That data is then used inside resolver codes.
Getting the headers from rest is as easy as #RequestHeader, but in GraphQL it has proved quite challenging. Is there a way I can save the headers to check for the three pieces of information I need?
I looked closely at spring security, but I can't figure out how to get a custom method to work in my method chain, much less save the headers in a way that I can access them from the domain layer.
I could always simply request the auth as a GraphQL type, but that puts a fairly high burden on the client and complicates the schema.
Any and all feedback is welcome.
GraphQL has a FetchDataEnvironment. You can use it by passing FetchDataEnvironment as the last variable in any resolver/query. Then, just call
environment.getContext<GraphQLEnvironentClass>().getHttpServletRequest.headers()
To anyone in the future - I'm sorry this code isn't exact, but your strong typing in your IDE will show you what I mean.
Apiary provides a clean interface for declaring URI parameters allowing for easy experimentation via thier console with a nice fill in the blank interface.
Is this possible to do for json-rpc or any http body parameter? If not, this would be incredibly useful.
This is not possible yet, but it will be soon via message body description.
However, this is for arbitrary body parameters. I am not sure JSON-RPC is going to work well for API blueprint as it is modelled more around resources; as RPC "overloads" a single resource, the result is probably not going to look very nice.
So I've done quite a bit of reading on stackoverflow and found a lot of question about how to do cross domain calls with either ajax post or jsonp. I know how to do that in both ways but let's do a reality check:
AJAX Post, if I use phonegap to compile the package, cross domain call is automatically availability . Or iframe wrapper etc can be used to hack around the security constraint.
use JSONP format, it's HTTP GET but I get cross domain capability for free as that's what JSONP is for. The data to be posted will be passed as a parameter value instead of being a payload as in an HTTP POST request.
Now my question is that is there a best practice/preferred way among the two? Pros and Cons?
Personally I don't see a practical difference between two. i.e. in a non-encrypted request, both POST or GET expose everything in clear text anyway, so they are just same piece of text arranged in different formats. My main concerns are around extension to make the connection secure and spam proof but there could be other stuffs that I probably should be mindful about as well - educate me please! E.g. easeness to add HTTPS over SSL or if I want to restrict who can send request to my server. I'm new to web technology (i.e. defined standards, protocols, frameworks) but am reasonably experienced on general development/computer science topics.
In every MVC framework I've tried (Rails, Merb, Waves, Spring, and Struts), the idea of a Request (and Response) is tied to the HTTP notion of a Request. That is, even if there is an AbstractRequest that is a superclass of Request, the AbstractRequest has things like headers, request method (GET, POST, etc.), and all of the other things tied to HTTP.
I'd like to support a request-response cycle over SMS, Twitter, email, or any other medium for which I can make an adapter. Is there a framework that does this particularly well?
The only other option I've thought of is creating, for example, a Twitter poller that runs in a separate thread and translates messages into local HTTP requests, then sends the responses back out.
If there were a good framework for multiple request media, what would routing look like? In Rails, the HTTP routing looks something like:
map.connect 'some/path/with/:parameter_1/:paramter_2', :controller => 'foo', :action => 'bar'
How would a Twitter or SMS route look? Regular expressions to match keywords and parameters?
I haven't seen one. The issue is that the request is also tied to the host, and the response is tied to the request.
So if you get a request in via email, and a controller says to render view "aboutus", you'd need the MVC framework to know how to :
get the request in the first place - the MVC framework would almost need to be a host (IIS doesn't get notified on new emails, so how does your email polling code get fired?)
allow flexible route matching - matching by path/url wouldn't work for all, so request-specific controller routing would be needed
use the aboutus email view rather than the SMS or HTTP view named "aboutus"
send the response out via email, to the correct recipient
A web MVC framework isn't going to cut it - you'll need a MVC "host" that can handle activation through web, sms, email, whatever.
The Java Servlet specification was designed for Servlets to be protocol neutral, and to be extended in a protocol-specific way - HttpServlet being a protocol-specific Servlet extension. I always imagined that Sun, or other third poarty framework providers, would come up with other protocol-specific extensions like FtpServlet or MailServlet, or in this case SmsServlet and TwitterServlet.
Instead what has happened is that people either completely bypassed the Servlet framework, or have built their protocols on top of HTTP.
Of course, if you want to implement a protocol-specific extension for your required protocols, you would have to develop the whole stack - request object, response object, a mechanism of identifying sessions (for example using the MSISDN in an SMS instead of cookies), a templating and rendering framework (equivalent of JSP) - and then build an MVC framework on top of it.
You seem to be working mostly with Java and/or Ruby, so forgive me that this answer is based on Perl :-).
I'm very fond of the Catalyst MVC Framework (http://www.catalystframework.org/). It delegates the actual mapping of requests (in the general, generic sense) to code via engines. Granted, all the engine classes are currently based on HTTP, but I have toyed with the idea of trying to write an engine class that wasn't based on HTTP (or was perhaps tied to something like Twitter, but was separated from the HTTP interactions that Twitter uses). At the very least, I'm convinced it can be done, even if I haven't gotten around to trying it yet.
You could implement a REST-based Adapter over your website, which replaces the templates and redirects according to the input parameters.
All requestes coming in on api.yourhost.com will be handled by the REST based adapter.
This adapter would allow to call your website programmatically and have the result in a parseable format.
Practically this means: It replaces the Templates with an own Template Engine, on which this things happen:
instead of the assigned template, a generic xml/json template is called, which just outputs a xml that contains all template vars
then you can make your Twitter Poller, SMS Gateway or even call it from Javascript.