I have already googled a lot this subject, read various articles about this header , its use on Heroku or projects based on Django too.
我已经搜索了很多这个主题,阅读了关于这个标题的各种文章,它在Heroku上的使用,或者基于Django的项目。
However, it's still all confused in my head.
然而,我的脑子里还是一片混乱。
- What is the purpose of this header?
- 这个标题的目的是什么?
- Does it violate user privacy?
- 它是否侵犯了用户的隐私?
- Can it help tracking a user?
- 它能帮助跟踪用户吗?
3 个解决方案
#1
74
When you're operating a webservice that is accessed by clients, it might be difficult to correlate requests (that a client can see) with server logs (that the server can see).
当您操作一个由客户机访问的web服务时,可能很难将请求(客户机可以看到的)与服务器日志(服务器可以看到)联系起来。
The idea of the X-Request-ID is that a client can create some random ID and pass it to the server. The server then include that ID in every log statement that it creates. If a client receives an error it can include the ID in a bug report, allowing the server operator to look up the corresponding log statements (without having to rely on timestamps, IPs, etc).
X-Request-ID的概念是,客户机可以创建一些随机ID并将其传递给服务器。然后,服务器在其创建的每个日志语句中包含该ID。如果客户端收到错误,它可以在错误报告中包含ID,允许服务器操作员查找相应的日志语句(不必依赖时间戳、IPs等)。
As this ID is generated (randomly) by the client it does not contain any sensitive information, and should thus not violate the user's privacy. As a unique ID is created per request it does also not help with tracking users.
由于该ID是由客户端(随机)生成的,它不包含任何敏感信息,因此不应侵犯用户的隐私。由于每个请求都创建了一个惟一的ID,所以它也不能帮助跟踪用户。
#2
0
Explanation by analogy/story
Your internet is playing up (as usual), so you call up Crapstra and you're waiting on the phone for like ever....20 minutes..60 minutes.........your call is really important to Craptus so finally you give up and slam the phone down in frustration.
你的互联网是玩(像往常一样),所以你打电话给Crapstra和你在电话里等待像....20分钟. .60分钟.........你的电话对Craptus非常重要,所以最后你放弃了,在沮丧的时候把手机放下。
"That's it, I'm writing to the Ombudsman!"
“就是这样,我给司法特派员写信了!”
Dear Ombudsman, I called the Crapstra and ....
亲爱的监察员,我把它叫做Crapstra和
But the Obmudsman has thousands of call records to go through (all the failed queries of Craptus): how will they know which one is yours?
但是Obmudsman有成千上万的通话记录(Craptus的所有失败的查询):他们怎么知道哪一个是你的?
That's where the X-Request-ID comes in: everytime you dial a call centre, you give them a random number (the X-Request-ID) and they will log it in their records. That way, the ombudsman (having access to all records) will be able to find your incoming call to find out what went wrong.
这就是X-Request-ID的来源:每次你拨号呼叫中心时,你给他们一个随机数(X-Request-ID),他们会把它记录在他们的记录中。这样,申诉专员(有权查阅所有记录)就能找到你的来电,找出哪里出了问题。
#3
-4
This request header can be used for syncrhonization. Let's say you've built a ToDo list that offers offline capability. Your user creates 3 items and each of them are given a unique UUID on the offline application. When network connectivity is available, the records are POSTed to the server and the corresponding IDs auto-generated from the database are returned. You can then replace the IDs in your app (e.g. "id" attribute of HTML "li" element).
这个请求头可以用于同步化。假设您已经构建了一个提供离线功能的ToDo列表。您的用户创建了3个条目,并且每个条目在脱机应用程序中都有一个惟一的UUID。当网络连接可用时,将记录发送到服务器,并返回来自数据库的相应id。然后可以在应用程序中替换id。HTML“li”元素的“id”属性。
#1
74
When you're operating a webservice that is accessed by clients, it might be difficult to correlate requests (that a client can see) with server logs (that the server can see).
当您操作一个由客户机访问的web服务时,可能很难将请求(客户机可以看到的)与服务器日志(服务器可以看到)联系起来。
The idea of the X-Request-ID is that a client can create some random ID and pass it to the server. The server then include that ID in every log statement that it creates. If a client receives an error it can include the ID in a bug report, allowing the server operator to look up the corresponding log statements (without having to rely on timestamps, IPs, etc).
X-Request-ID的概念是,客户机可以创建一些随机ID并将其传递给服务器。然后,服务器在其创建的每个日志语句中包含该ID。如果客户端收到错误,它可以在错误报告中包含ID,允许服务器操作员查找相应的日志语句(不必依赖时间戳、IPs等)。
As this ID is generated (randomly) by the client it does not contain any sensitive information, and should thus not violate the user's privacy. As a unique ID is created per request it does also not help with tracking users.
由于该ID是由客户端(随机)生成的,它不包含任何敏感信息,因此不应侵犯用户的隐私。由于每个请求都创建了一个惟一的ID,所以它也不能帮助跟踪用户。
#2
0
Explanation by analogy/story
Your internet is playing up (as usual), so you call up Crapstra and you're waiting on the phone for like ever....20 minutes..60 minutes.........your call is really important to Craptus so finally you give up and slam the phone down in frustration.
你的互联网是玩(像往常一样),所以你打电话给Crapstra和你在电话里等待像....20分钟. .60分钟.........你的电话对Craptus非常重要,所以最后你放弃了,在沮丧的时候把手机放下。
"That's it, I'm writing to the Ombudsman!"
“就是这样,我给司法特派员写信了!”
Dear Ombudsman, I called the Crapstra and ....
亲爱的监察员,我把它叫做Crapstra和
But the Obmudsman has thousands of call records to go through (all the failed queries of Craptus): how will they know which one is yours?
但是Obmudsman有成千上万的通话记录(Craptus的所有失败的查询):他们怎么知道哪一个是你的?
That's where the X-Request-ID comes in: everytime you dial a call centre, you give them a random number (the X-Request-ID) and they will log it in their records. That way, the ombudsman (having access to all records) will be able to find your incoming call to find out what went wrong.
这就是X-Request-ID的来源:每次你拨号呼叫中心时,你给他们一个随机数(X-Request-ID),他们会把它记录在他们的记录中。这样,申诉专员(有权查阅所有记录)就能找到你的来电,找出哪里出了问题。
#3
-4
This request header can be used for syncrhonization. Let's say you've built a ToDo list that offers offline capability. Your user creates 3 items and each of them are given a unique UUID on the offline application. When network connectivity is available, the records are POSTed to the server and the corresponding IDs auto-generated from the database are returned. You can then replace the IDs in your app (e.g. "id" attribute of HTML "li" element).
这个请求头可以用于同步化。假设您已经构建了一个提供离线功能的ToDo列表。您的用户创建了3个条目,并且每个条目在脱机应用程序中都有一个惟一的UUID。当网络连接可用时,将记录发送到服务器,并返回来自数据库的相应id。然后可以在应用程序中替换id。HTML“li”元素的“id”属性。