为什么浏览器不支持 PUT 和 DELETE 请求,什么时候支持?
我最近看到许多框架决定伪造"表单提交中的 PUT 和 DELETE 请求(不是 ajax).就像 Ruby on Rails.他们似乎在等待浏览器迎头赶上.他们是在白白等待吗?
I'm seeing many frameworks recently that have decided to "fake" PUT and DELETE requests in form submissions (not ajax). Like Ruby on Rails. They seem to be waiting for browsers to catch up. Are they waiting in vain?
这甚至计划在任何地方实施吗?
Is this even slated to be implemented anywhere?
Browsers 确实支持 PUT 和 DELETE,但它是 HTML 没有.
Browsers do support PUT and DELETE, but it's HTML that doesn't.
例如,浏览器将通过 Javascript (AJAX) 发起 PUT 请求,但不会通过 HTML 提交.
For example, a browser will initiate a PUT request via Javascript (AJAX), but not via HTML <form> submission.
这是因为 HTML 4.01 和最终的 W3C HTML 5.0 规范都说它们的 form 元素应该允许的唯一 HTTP 方法是 GET 和 POST.
This is because HTML 4.01 and the final W3C HTML 5.0 spec both say that the only HTTP methods that their form elements should allow are GET and POST.
在 HTML 5 的开发过程中,有很多关于这个的讨论,有一次他们被添加到 HTML 5,只是再次被删除.从 HTML 5 规范中删除附加方法的原因是 HTML 4 级浏览器永远无法支持它们(它们在创建时不是 HTML 的一部分);如果没有 JavaScript shim,就无法让他们这样做;因此,您也可以使用 AJAX.
There was much discussion about this during the development of HTML 5, and at one point they got added to HTML 5, only to be removed again. The reason the additional methods were removed from the HTML 5 spec is because HTML 4-level browsers could never support them (not being part of HTML at the time they were made); and there is no way to allow them to do so without a JavaScript shim; thus, you may as well use AJAX.
尝试使用带有 method="PUT" 或 method="DELETE" 的表单的网页将回退到默认方法 GET 适用于所有当前浏览器.这打破了网络应用程序在 HTML 表单中使用适当方法执行预期操作的尝试,并最终导致更糟糕的结果 - GET 被用来删除内容!(你好爬虫.哦,哎呀!这是我的数据库)
Web pages trying to use forms with method="PUT" or method="DELETE" would fall back to the default method, GET for all current browsers. This breaks the web applications' attempts to use appropriate methods in HTML forms for the intended action, and ends up giving a worse result — GET being used to delete things! (hello crawler. oh, whoops! there goes my database)
将 HTML <form> 元素的默认方法更改为 POST 会有所帮助(IMO 默认应该一直是 POST,永远自 Moasic* 于 1993 年首次推出表单以来),但更改默认设置至少需要十年时间才能渗透到已安装的基础上.所以用两个词:因为遗产".:-(
Changing the default method for HTML <form> elements to POST would help (IMO the default should have always been POST, ever since Moasic* debuted forms in 1993), but to change the default would take at least a decade to percolate through the installed base. So in two words: ‘because legacy’. :-(
为了支持当前的浏览器,作者必须用覆盖来伪造它.我建议作者使用广为人知的a, b_method 参数,通过在 HTML 中包含 ;将表单方法切换为POST(因为请求是不安全的);然后在服务器端添加对 _method 的识别,然后它应该做任何必要的事情来改变请求并将其转发,就好像它是一个真正的 DELETE 请求一样.
To support current browsers, authors will have to fake it with an override. I recommend authors use the widely knowna, b_method argument by including <input type=hidden name=_method value=DELETE> in their HTML; switch the form method to POST (since the request is unsafe); then add recognition of _method on the server side, which should then do whatever's necessary to mutate the request and forward it on as if it were a real DELETE request.
另请注意,由于网络浏览器是最终的 HATEOAS 客户端,因此它们需要有一个新状态被转移到他们的 DELETE 请求.对于此类请求,现有 API 通常会返回 204 No Content.相反,您应该发回带有链接的超媒体响应,以便用户可以改进他们的浏览器状态.
Note also that, since web browsers are the ultimate HATEOAS client, they need to have a new state to be transferred to them for DELETE requests. existing APIs often return 204 No Content for such requests. You should instead send back a hypermedia response with links so that the user can progress their browser state.
另请参阅这些类似/相同问题的答案:
Also see the answers to these similar/identical questions:
- 为什么会有HTML 表单上没有 PUT 和 DELETE 方法吗?
- 是 PUT、DELETE、HEAD 等方法在大多数网络浏览器中可用?
- 在 HTML 表单中使用 PUT 方法
- 浏览器是否支持带有多部分/表单数据的 PUT 请求
* 由 Marc Andreessen 创建的 Mosaic 也引入了 <img src=...> 标签的复合错误——它应该是 <image source=...>fallback</图片>.
* Mosaic, created by Marc Andreessen, also introduced the compound mistake of the
<img src=…> tag — it should have been <image source=…>fallback</image>.