Talking about the difference between get and POST request mode in HTTP

Source: Internet
Author: User
Tags html header http post rfc

Talking about the difference between get and post requests in HTTP

    • HTTP Awareness:

    1. HTTP is a TCP/IP-based protocol about how data communicates in the World Wide Web. The underlying HTTP is TCP/IP. So the bottom of Get and post is TCP/IP, that is, get and post are essentially TCP links, and there is no difference. HTTP is just a code of conduct, and TCP is the basic of how get and post are implemented.

    2. HTTP defines the different ways to interact with the server, with 4 basic methods, GET, POST, PUT, DELETE, respectively. The URL name is the Uniform Resource Locator. They are essentially TCP links, but because of the HTTP rules and browser/server restrictions, they can manifest some differences in the application process.

    3. We can understand this: a URL address, which is used to describe a network of resources, and HTTP in the GET, POST, PUT, delete corresponding to the resource search, change, increase, delete 4 operations. Get is generally used to get/query resource information, while post is generally used to update resource information, put is generally used to increase resource information, delete is generally used to delete resource information

  • RFC Quest:

      1. RFC definition:

    Request for Comments (English: Request for Comments, abbreviated as RFC), is a series of memos published by the Internet Engineering Task Force (IETF). The document collects information about the Internet, as well as software files for the UNIX and Internet communities, to be numbered. The current RFC file is sponsored by the Internet Association (ISOC).

      1. RFC understands:

    A simple understanding of the RFC is the specification of the Internet, and what we usually call "protocols" is in the form of RFCs.

      1. The RFC7231 defines several properties of the HTTP method:

      • Safe-Security The "security" here is different from the commonly understood "security" meaning that if the semantics of a method are "read-only" in nature, then this method is safe. A client-initiated request to a server-side resource should not cause any state changes on the server, and therefore harmless, if it is using a secure method. This RFC definition, GET, HEAD, OPTIONS and TRACE are some of the methods that are safe. However, this definition is only a specification, and does not guarantee that the implementation of the method is also secure, the implementation of the server may not conform to the method semantics, as mentioned above using get to modify the user information. The idea of introducing security is designed to facilitate web crawlers and caches to avoid the unintended consequences of invoking or caching certain unsafe methods. The user Agent (browser) should make a distinction between executing a secure and unsafe method and giving users hints.

      • Idempotent-Idempotent

    The concept of idempotent means that the same request method executes more than once and performs exactly the same. According to RFC specification, Put,delete and security methods are idempotent. Again, this is just the norm, and the server implementation is not guaranteed to be idempotent. The introduction of idempotent is mainly to deal with the same request repeatedly sent, such as the request to lose the connection before the response, if the method is idempotent, you can safely resend the request. This is the reason why the browser will be prompted by the post when it is back/refreshed: Post semantics are not idempotent, and repeated requests can have unintended consequences.

      • Cacheable-cacheable As the name implies is whether a method can be cached, this RfC get,head and in some cases post is cacheable, but most of the browser's implementation only support get and head. More about caching can be seen in RFC7234.

  • Get and post requests differ in the way:

    1. Get and post are essentially TCP links, so they're essentially no different

    2. There is a significant difference between get and post: Get generates a TCP packet, and post generates two TCP packets. However, not all browsers will send two packets in post, and Firefox will send them only once.

    3. The most intuitive difference between get and post is that the get parameter is included in the URL, and the post passes the parameters through the request body.

    4. The difference between the get and post surfaces:

      ①get is to fetch data from the server, and post is to transfer data to the server.

      Get and post are just a way of passing data, and get can also send data to the server, and they are essentially sending requests and receiving results. There's a difference between the organization format and the amount of data.

      ②get is to add the parameter data queue to the URL that the Action property of the submission form refers to, and the value corresponds to the field one by one in the form, which is visible in the URL. Post is the HTTP post mechanism that places the fields within the form with their contents in the HTML header, along with the URL address referred to by the Action property. The user does not see the process.

      ③ for Get mode, the server side uses Request.QueryString to get the value of the variable, and for post, the server side uses Request.Form to get the submitted data.

      The amount of data transmitted by ④get is small and cannot be greater than 2KB. Post transmits a large amount of data, which is generally not restricted by default. In theory, however, the maximum amount of IIS4 is 100KB in 80KB,IIS5. Post basically has no limits.

      ⑤get security is very low and post security is high. Because parameters are directly exposed to URLs, it is not recommended to use get requests to pass sensitive information.

      ⑥get is harmless when the browser is rolled back, and post submits the request again.

      ⑦get requests can only be URL-encoded, while post supports multiple encodings.

      ⑧get requests are cached by the browser, and post is not, unless set manually. The GET request parameters are kept intact in the browser history, and the parameters in the post are not preserved

      ⑨get requests the parameters that are passed in the URL are of a length limit, and the post does not. For data types of parameters, get accepts only ASCII characters, while Post has no restrictions.

    5. Other related differences

      1). For the Get mode request, the browser will send the HTTP header and data, the server response 200 (return data), and for post, the browser first sends the header, the server responds to the continue, the browser sends data, the server response 200 OK (return data).

      2). The semantics of Get is the request to get the specified resource. The Get method is secure, idempotent, and cacheable. Because get requests are typically used for resource information acquisition rather than modification, get means so-called security. In other words, a GET request generally does not have a side effect, it simply gets the resource information, just like a database query, does not alter the data and does not affect the state of the resource. Therefore, a GET request does not generally change the server state. Idempotent means that multiple requests for the same URL should return the same result. The message body of the Get method does not have any semantics

      3). The semantics of post is to handle the specified resource according to the request load (the message body), depending on the resource type. Post unsafe, not idempotent, (most implementations) not cacheable

      4). Get is requested via URL, can be directly seen, clear text transmission. Post is requested by the request header, which can be seen by the developer tool or the grab bag, as well as in clear text.

Talking about the difference between get and POST request mode in HTTP

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.