Public account: wechat search front end tool person; Take more dry goods

foreplay

  • All the background interfaces arePOSTRequest, I said very puzzled why are allPOSTThe request?
  • GETPOSTSecurity, or for the convenience of the background, the background does not distinguish the packaging class (so all usePOSTRequest)?
  • Relatively speakingPOSTMore secure, but are all the interfaces in the background sensitive? Static data (data dictionary, province, type, etc.) is also neededpost ?

To the chase

  • Request with sensitivityPOSTAbsolutely, but ordinary requests (most requests to get data) should go toGETRequest to keep up with;
  • becauseGETRequest to the browserIt relieves its stress, and request thanPOSTRapid rise,Page data response,Rendering speed;

contrast

Let’s look at the differences and see in what ways why GET is faster? And how much faster:

classification GET POST contrast
Back button/refresh harmless Data will be resubmitted (browsers should inform users that data will be resubmitted) Resubmit every time and this is definitely a strain on the browser, which is an important aspect of performance optimization on the Web side
The cache Can be cached Can’t cache Caching can reduce the number of requests for the browser, which is an important direction of performance optimization on the Web side
history Parameters are retained in browser history Parameters are not saved in browser history Equivalent to caching, reduces browser stress
A limit on the length of data When sending data, the GET method adds data to the URL; URL length is limited (maximum URL length is 2048 characters) unlimited HTTP protocol has no length restrictions on Body and URL, which are mostly restricted by browsers and servers. Server because processing long URL to consume more resources, for performance and security (to prevent malicious construction of long URL to attack) consideration, will give THE URL length limit
security GET is less secure than POST because the data sent is part of the URL. Never use GET when sending passwords or other sensitive information POST is more secure than GET because parameters are not saved in browser history or Web server logs From a transport point of view, they are not secure, because HTTP is transmitted over the network in clear text, browser F12 can see everything at a glance, or grab a packet, you can get the data packet; In order to secure transmission, Encode is of course not safe for people who know; The only thing secure is encryption, which is HTTPS
Restrictions on data types Only ASCII characters are allowed There is no limit. Binary data is also allowed POST select more

Fast reasons:

Post requests contain more headers

Because the post part of the request contains data, there are a few more header fields in the data description section (such as the Content-Type), which are actually minimal

2. postThe request is sent to the server for confirmation before the data is actually accepted

Post request process:

  1. Browser requesttcpConnect (first handshake)
  2. Server allowed to proceedtcpConnect (second handshake)
  3. Browser confirms and sendspostRequest header (third handshake, this message is relatively small, sohttpThis is when the first data is sent.)
  4. Server return100 continueThe response
  5. The browser starts sending data
  6. Server return200 okThe response

The process of a GET request

  1. Browser requesttcpConnect (first handshake)
  2. Server allowed to proceedtcpConnect (second handshake)
  3. Browser confirms and sendsgetRequest header and data (third handshake, this message is relatively small, sohttpThis is when the first data is sent.)
  4. Server return200 okThe response

In other words, the total visual cost of get is about 2/3 of that of POST

3. getIt will cache the data, andpostDon’t

  • As a short test, ajax get requests for static data (such as HTML pages, images) will take less than 10ms after the second transfer if the data is the same (Chrome test), whereas post takes about the same time each time…

  • Chrome and Firefox will cache static resources if it detects a get request, but not data, but Internet Explorer will cache everything

  • Of course, no one would use post to get static data, but I’ve never seen it.

4. postCannot be piped

The definitive guide to HTTP says this:

  1. HTTP requires a TCP connection (most of which are TCP, but other security protocols are also available) to communicate with each other. If only one HTTP session is used for each connection, this is a large proportion of the connection process.

  2. Here comes the persistent connection: In HTTP /1.0+, the keep-alive value is added in the connection header. In HTTP /1.1, the persistent value is added in the connection header. A persistent connection is not closed unless it is displayed as adding close to the Connection, whereas HTTP /1.0+ does the opposite. Unless it is displayed as adding keep-alive to the connection header, the connection is broken upon receipt of the packet.

  3. A persistent connection is not enough, in the HTTP / 1.1, there is a speed optimization called pipeline communication way: put all requests needs to be sent to the server in the output queue, after the first request is sent out, not wait until receive the server’s response, the second request then send out, but there is a problem with this way: It’s not safe. If you have 10 connections in a pipe, and after 9 connections are sent, the server suddenly tells you that the connection is closed, the client will empty the contents of the first 9 requests even if it receives the reply of the first 9 requests. In this case, the client needs to resend the nine requests. This is fine for idempotent requests (like GET, it doesn’t matter how many times you send it, each time you get the same result), but not for non-idempotent requests like POST (like payment, it’s a disaster to send more times).

  4. Therefore, POST requests cannot be piped to communicate!

  5. Most likely, the POST request will need to be reconnected. Isn’t the process the same as it would be if it wasn’t optimized at all?

  6. Therefore, it is better for the user experience not to use POST requests when GET requests can be used for communication, although post is better if there are security requirements.

Source:

From ancient articles (blog) https://www.cnblogs.com/ljx20180807/p/10412427.html

Reference:

  1. https://segmentfault.com/a/1190000018129846
  2. https://www.cnblogs.com/strayling/p/3580048.html