Is there any reason not to use HTTP PUT and DELETE in a web application?

Question

Looking around, I can't name a single web application (not web service) that uses anything besides GET and POST requests. Is there a specific reason for this? Do some browsers (or servers) not support any other types of requests? Or is this only for historical reasons? I'd like to make use of PUT and DELETE requests to make my life a little easier on the server-side, but I'm reluctant to because no one else does.

Answer 1

Some proxy servers with tough security policies might drop them. I'm using PUT and DELETE anyways.

Answer 2

I've read that some browsers do not support other HTTP methods properly, though I can't name any specifics.

Rails, in particular, will pack your forms with a method parameter to explicitly set this even if the browser doesn't support those methods. That seems like a reasonable precaution if you're going to do this.

Answer 3

Actually a fair amount of people use PUT and DELETE, mostly for non-browser APIs. Some examples are the Atom Publishing Protocol and the Google Data APIs:

• http://www.ietf.org/rfc/rfc5023.txt
• http://code.google.com/apis/gdata/docs/2.0/basics.html

Beyond that, you don't see PUT/DELETE in common usage because most browsers don't support PUT and DELETE through Forms. HTML5 seems to be fixing this:

• http://www.w3.org/TR/html5/forms.html#form-submission-0

The way it works for browser applications is: people design RESTful applications with PUT and DELETE in mind, then "tunnel" those requests through POSTs from the browser. For example, see this SO question on how Ruby on Rails accomplishes this using hidden fields:

• http://stackoverflow.com/questions/286321/how-can-i-emulate-put-delete-for-rails-and-gwt

So, you wouldn't be on your own designing your application with the larger set of HTTP verbs in mind.

EDIT: By the way, if you're curious about why PUT/DELETE are missing from browser based form posts, it turns out there's no real good technical reason. Reading around this thread on the rest-discuss mailing list, especially Roy Fielding's comments, is interesting for some context:

• http://tech.groups.yahoo.com/group/rest-discuss/message/9620?threaded=1&var=1&l=1&p=13

EDIT: There are some comments on whether AJAX libraries support all the methods. It does come down to the actual browser implementation of XMLHttpRequest. I thought someone might find this link handy, which tests your browser to see how compliant the HttpRequest object is with various HTTP options.

• http://www.mnot.net/javascript/xmlhttprequest/

Unfortunately, I don't know of a reference which collects these results.

Answer 4

Quite simply, the HTML 4.01 form element only allows the values "POST" and "GET" in its method attribute

Answer 5

This depends on your browser and Ajax library. For example jQuery supports all HTTP methods even though the browser may not. See for example the jQuery "ajax" documentation on the "type" attribute.

The Restlet Java framework lets you tunnel PUT and DELETE requests through HTML POST operations. To do this, you just add method=put or method=delete to your URI's query string, eg:

http://www.example.com/user=xyz?method=delete ...

This is the same as Ruby on Rails' approach (as described by @ars above).

Answer 6

I say use all the features of HTTP, browsers be damned, lol. Maybe it'll inspire more complete and proper use of the HTTP protocol moving forward. There's more happening on the net than just POSTs and GETs. About time browser implementations reflected this.