Ad

Passing GET-Request-parameters In Header

So, I am in the process of learning JavaScript and was wondering whether I could use a custom header field of a GET request to pass certain parameters to tell the Node-Server how to handle the data passed in the URL.

As I understand, this is not standard practice, but are there actually technical reasons that would prohibit such a use case?

Ad

Answer

It is possible to pass the actions via Headers to the Server.

Though it is not in practice because it brings security risks to the application. Complete control of operation is with the Client and Clients can be compromised to do some malicious activity.

The whole point of having a Back End in between your app data and your client is to mitigate the security risks by having more control over the operation.

One thumb rule that you can continue with: The Clint (The Website, Apps etc) are dumb and its the responsibility of Server to take preventive measures.

That's why passing operations via headers could be dangerous.

But if you are asking operations like Add, Delete, Update etc; you can use REST API specs. This gives you different type of HTTP request for different kind of operations.

  • GET - Read
  • POST - Create
  • PUT - Update
  • DELETE - Delete

And response can be a good readable message and/or HTTP Codes like

  • 200 - Ok
  • 404 - Not Found
  • 403 - Unauthorized
  • 204 - Ok but no content

More descriptive list: https://httpstatuses.com/

Ad
source: stackoverflow.com
Ad