Using HTTP Vary header to decide on a strategy to process a request
I have a specific REST endpoint that creates a topic in a forum; but I want to apply different strategies when processing the request. e.g. If client A makes the call, perform moderation. if client B makes the call, do something else. The easiest would be to add a query param for differentiation:
POST /resource?from=xyz
Another brilliant idea is to use the Vary HTTP header.
POST /resource
Va开发者_JAVA百科ry: xyz
Any problems with this approach ?
Well, for one, "Vary" is a response header, so this is not so brilliant :-)
If this is for security reasons, this is very bad security. Rather, use standard HTTP authentication (or your custom authentication scheme) to pass credentials to the backend, and only there, based on credential/roles do whatever moderation/audit is required.
精彩评论