首先,您应该考虑要公开哪些错误:
通常会披露4xx错误(归因于客户端的错误),以便用户可以更正请求.
On the other side, 5xx errors (Errors that are attributed to the server-side) are usually only presented without information. In my opinion for those you should use tools like Sentry do monitor and resolve this errors, that may have security issues embedded in them.
Having this is mind in my opinion for a correct Ajax request you should return a status code and then some json to help understand what happened like a message and an explanation (when applicable).
如果你的目标是使用ajax来提交信息,我建议将你想要的设置为form.这样你就可以轻松地通过一些验证过程.我假设例子中的情况就是这样.
First - Is the request correct?
def test_view(request):
message = None
explanation = None
status_code = 500
# First, is the request correct?
if request.is_ajax() and request.method == "POST":
....
else:
status_code = 400
message = "The request is not valid."
# You should log this error because this usually means your front end has a bug.
# do you whant to explain anything?
explanation = "The server could not accept your request because it was not valid. Please try again and if the error keeps happening get in contact with us."
return JsonResponse({'message':message,'explanation':explanation}, status=status_code)
Second-表格中是否有错误?
form = TestForm(request.POST)
if form.is_valid():
...
else:
message = "The form has errors"
explanation = form.errors.as_data()
# Also incorrect request but this time the only flag for you should be that maybe JavaScript validation can be used.
status_code = 400
You may even get error field by field so you may presented in a better way in the form itself.
Third - Let's process the request
try:
test_method(form.cleaned_data)
except `PermissionError` as e:
status_code= 403
message= "Your account doesn't have permissions to go so far!"
except `Conflict` as e:
status_code= 409
message= "Other user is working in the same information, he got there first"
....
else:
status_code= 201
message= "Object created with success!"
根据您定义的例外,可能需要不同的代码.go Wikipedia家查一下名单.
不要忘记,响应在代码中也会有所不同.如果向数据库中添加了某些内容,则应返回201.如果您刚刚获得信息,那么您正在寻找GET请求.
Responding to the questions
Django exceptions will return 500 errors if not dealt with, because if you don't know that an exception is going to happen then it is an error in the server. With exception to 404 and login requirements I would do try catch blocks for everything. (For 404 you may raise it and if you do @login_requiredor a permission required django will respond with the appropriate code without you doing anything).
I don't agree completely to the approach. As you said errors should be explicit so you should know allways what is suppose to happen and how to explain it, and make it dependable on the operation performed.
我认为400个错误就可以了.这是一个糟糕的请求,你只需要解释为什么,错误代码是为你和你的js代码,所以要保持一致
(提供的示例)-在text_view中,您应该具有第三个示例中的test_method.
测试方法应具有以下 struct :
def test_method(validated_data):
try:
my_business_logic_is_violated():
catch BusinessLogicViolation:
raise
else:
... #your code
The in my example:
try:
test_method(form.cleaned_data)
except `BusinessLogicViolation` as e:
status_code= 400
message= "You violated the business logic"
explanation = e.explanation
...
我认为业务逻辑违规是一个客户端错误,因为如果在请求之前需要进行某些操作,客户端应该意识到这一点,并要求用户首先执行该操作.(来自Error Definition名):
The 400 (Bad Request) status code indicates that the server cannot or
will not process the request due to something that is perceived to be
a client error (e.g., malformed request syntax, invalid request
message framing, or deceptive request routing).
By the way, you can see the Python Docs on User-defined Exceptions so you may give appropriate error messages. The idea behind this example is that you raise a BusinessLogicViolationexception with a different message in my_business_logic_is_violated()according to the place where it was generated.