我们有一个登录 REST 服务:
POST /sessions
当用户密码过期时,接下来必须发生的事情是客户端应用程序将显示一个更改对话框窗口,然后通过以下方式更改用户密码:
PUT /users/_ID_/password
向客户传达这一意图的最佳方式是什么?起初我想让 POST/sessions 返回 See Other (303)。但这会导致 /users/_ID_/password 上发生 GET。我可以返回一个 Multiple Choices (300) 响应,客户端不会自动获取该响应,或者我可以返回一个 OK (200) 并在 JSON session 中标记返回对象。
最佳答案
看看HTTP status code definitions ,我认为以下是最合适的:
409 Conflict
The request could not be completed due to a conflict with the current state of the resource. This code is only allowed in situations where it is expected that the user might be able to resolve the conflict and resubmit the request. The response body SHOULD include enough information for the user to recognize the source of the conflict. Ideally, the response entity would include enough information for the user or user agent to fix the problem
与 session 资源的当前状态存在冲突,因为用户需要更改密码才能创建 session 。您可以在此响应中返回更改密码屏幕的 URL,以便客户端知道去哪里解决冲突。
关于rest - "You must POST here before doing anything else"的正确 REST 响应,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/10313878/