Using Json string in the Http Header

2018-06-25 11:38:34

Recently I run into some weird issue with http header usage ( Adding multiple custom http request headers mystery) To avoid the problem at that time, I have put the fields into json string and add that json string into header instead of adding those fields into separate http headers.

For example, instead of

request.addHeader("UserName", mUserName);
request.addHeader("AuthToken", mAuthorizationToken);
request.addHeader("clientId","android_client");

I have created a json string and add it to the single header

String jsonStr="{"UserName":"myname","AuthToken":"123456","clientId":"android_client"}";
request.addHeader("JSonStr",jsonStr);

Since I am new to writing Rest and dealing with the Http stuff, I don't know if my usage is proper or not. I would appreciate some insight into this.

Some links

http://lists.w3.org/Archives/Public/ietf-http-wg/2011OctDec/0133.html

Yes , JSON is allowed in HTTP headers.

According to the HTTP spec (which references the ARPA internet messages spec for header format), the only constraint is that your header field-body must be ASCII, and must not contain CR or LF characters (ie new lines).

Since almost all JSON encoders will encode both CR and LF characters as "r" and "n", and encode non-ASCII characters (eg "é" becomes "u00e9"), this is not an issue. Check the docs for your encoder to be sure.

The aforementioned ARPA spec (RFC 822) has a special description of this exact use case:

Certain field-bodies of headers may be interpreted according to an internal syntax that some systems may wish to parse. These fields are called "structured fields".

Also, RFC 822 is explicit that there are no length constraints:

For readability, the field-body portion of long header fields may be "folded" onto multiple lines of the actual field. "Long" is commonly interpreted to mean greater than 65 or 72 characters. The former length serves as a limit, when the message is to be viewed on most simple terminals which use simple display software; however, the limit is not imposed by this standard.

Generally speaking you do not send data in the header for a REST API. If you need to send a lot of data it best to use an HTTP POST and send the data in the body of the request. But it looks like you are trying to pass credentials in the header, which some REST API's do use. Here is an example for passing the credentials in a REST API for a service called SMSIfied, which allows you to send SMS text message via the Internet. This example is using basic authentication, which is aa common technique for REST API's. But you will need to use SSL with this technique to make it secure. Here is an example on how to implement basic authentication with WCF and REST.

From what I understand using a json string in the header option is not as much of an abuse of usage as using http DELETE for http GET, thus there has even been proposal to use json in http header. Of course more thorough insights are still welcome and the accepted answer is still to be given.

链接地址: http://www.djcxy.com/p/71342.html

上一篇: 从iOS App安全地访问数据库

下一篇: 在Http标题中使用Json字符串