开发者

Using HTTP Vary header to decide on a strategy to process a request

I have a specific REST endpoint that creates a topic in a forum; but I want to apply different strategies when processing the request. e.g. If client A makes the call, perform moderation. if client B makes the call, do something else. The easiest would be to add a query param for differentiation:

 POST /resource?from=xyz

Another brilliant idea is to use the Vary HTTP header.

 POST /resource
 Va开发者_JAVA百科ry: xyz

Any problems with this approach ?


Well, for one, "Vary" is a response header, so this is not so brilliant :-)


If this is for security reasons, this is very bad security. Rather, use standard HTTP authentication (or your custom authentication scheme) to pass credentials to the backend, and only there, based on credential/roles do whatever moderation/audit is required.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜