昨天我不得不检查Oracle APEX REST Web服务中的一些代码,我发现开发人员要求通过HTTP Headers发布值。
POST http://IP#.IP#.IP#.IP#/api/direction/users/cre/ HTTP/1.1
Host: IP#.IP#.IP#.IP#
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:44.0) Gecko/20100101 Firefox/44.0
Accept: All
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://webSite.com/createAccount/validateUser.html
Content-Type: application/x-www-form-urlencoded
value_a: this is a form Value
value_b: this is another form value
value_c: this is another form value
value_card_d: this is a sensitive form value
Origin: http://webSite.com
Connection: keep-alive
Content-Length: 0
我不明白为什么有人会在帖子标题中放置表单值,这样做有什么好处,在HTTPS连接下它更安全吗?
而不是放:
value_a: this is a form Value
value_b: this is another form value
value_c: this is another form value
value_card_d: this is a sensitive form value
请求正文内部? 注意:这是一个POST请求,而不是HEAD请求。