I am having some thoughts of how to design my server in node js. I had some thoughts about allowing or not the client to send data to the server using query parameters my.site.com?data=some data by the client
or via the body when using the POST method {data:'some data by the client'}
.
I was questioning:
1) Is there a proper way to design my server by some constraints? I am thinking about data come to the server without needed so why accepting that is a good practice?
2) If I should not allow the client to send query or body data when not needed what HTTP status should I return (404 or 400)?
EXAMPLE
I have an URI path for a GET method and I expect the path alone like this
http://my.site.com/something
or like this
http://my.site.com/something?search=I search for anything
when the user send me this GET URL:
http://my.site.com/something?here=not something that is useful to the server
Should I send a 400 HTTP status for BAD REQUEST or 404 for NOT FOUND or respond with 200 OK? And if OK why should I allow other queries if the server is not using them?
Same question applies for POST method if I need for example
{uname:'username',pwd:'password'}
why should I allow the user to send me for example
{uname:'username',pwd:'password',some:'other data here'}
??
If a user sends extra url parameters, you should simply ignore it. This is what most servers do. For example, a Google search for https://www.google.com/#q=ant&coolness=true
returns the exact same thing as https://www.google.com/#q=ant
because coolness
is not a url parameter keyword used by Google.
The same goes for extra POST parameters, although if you have a form or website, you should probably make sure the user only sends whatever data is necessary.