1 the introduction
I think you will often be asked in an interview about the difference between POST and GET requests. Many people will say things like POST is more secure than GET, GET is less long than POST, etc. However, is this the answer that the interviewer is looking for? Such an answer sounds inevitably like being memorized without understanding, and even if it is memorized, more or less also need to know the principle of it. Today, Let’s look at the difference between POST and GET requests.
2 the HTTP protocol
2.1 Features of HTTP
First, we should know that both POST and GET requests are based onHypertext transfer protocol(HTTPHTTP is an application layer protocol of the TCP/IP protocol family.
The HTTP client requests a request message in the following formats: Request line, header, blank line, and request data.
The server response response is also composed of four parts, namely: response line, response header, blank line, response body.
2.2 Request Method
The HTTP protocol defines multiple request modes, including: GET: obtains resources and requests access to resources identified by a URI (Uniform Resource Identifier (URI)). POST: Used to transfer the body of the entity, although GET can be implemented, but generally not. PUT: transfers files. However, because the PUT method does not have an authentication mechanism, anyone can upload files and there are security issues, so most websites do not use this method. HEAD: obtains the packet HEAD. This is the same as a GET request, except that the body part of the message is not returned. DELETE: deletes a file. There are also security problems without authentication mechanism. OPTIONS: Asks which methods are supported by the specified request URI. TRACE: Method of tracing a path that allows the Web server to loop back previous request traffic to the client. CONNECT: a tunnel must be established during communication with the proxy server to implement TCP communication through the tunnel protocol.
Common misunderstandings about the difference between POST and GET requests
3.1 maximum length of request parameters: the maximum length of a GET request is 1024kb, and the maximum length of a POST request is not limited
In this regard, there is no restriction on URL length in HTTP protocol. This restriction is imposed by different browsers and servers due to different specifications.
3.2 GET requests must not transfer data using the Request Body
GET can have a request body, but there is no guarantee that it will be received. If you use the GET service to hide data in the request body, different servers will handle it differently. Some will read the data for you, while others will ignore it.
3.3 POST is more secure than GET
Security here is relative, the data submitted by GET will be displayed in the URL, the page will be cached by the browser, other people looking at the history will see the submitted data, but not POST. In addition, GET submission data may cause CSRF attacks.
3.4 GET Generates one TCP packet, and POST generates two TCP packets
For GET requests, the browser sends HTTP headers and data together, and the server responds with 200 OK. For POST, the browser sends a header, the server responds with 100 continue, the browser sends data, and the server responds with 200 OK(returns data). Note that although the POST request is made twice, the body is sent immediately after the header, and there is no “waiting for the server to respond.”
4 Summary of differences between POST and GET requests
Request parameters: GET request parameters are passed through the URL, multiple parameters are concatenated with &, and the POST request is placed in the request body. Request caching: GET requests are cached, but POST requests are not, unless manually set. Bookmarks: GET requests are supported, POST requests are not. Security: POST is safer than GET. GET requests are harmless when the browser falls back, and POST requests again. History: GET request parameters are fully retained in the browsing history, while POST parameters are not. Encoding mode: ONLY URL encoding can be used for GET requests, while POST supports multiple encoding modes. Data types for arguments: GET accepts only ASCII characters, while POST has no restrictions.
Shaoxia would also like to add that access to resources through the browser address bar URL input is a GET request.