tags:

views:

2237

answers:

6
+11  Q: 

HTTP GET with request body

I'm developing a new REST-full webservice for our application.

When doing a GET on certain entities, clients can request the contents of the entity. If they want to add some parameters (for example sorting a list) they can add these parameters in the query string.

Alternatively I want people to be able to specify these parameters in the request body. HTTP/1.1 does not seem to explicitly forbid this. This will allow them to specify more information, might make it easier to specify complex xml requests.

My questions:

  • Is this a good idea altogether?
  • Will HTTP clients have issues with using request bodies within a GET request?

http://tools.ietf.org/html/rfc2616

+11  A: 

While you can do that, insofar as it isn't explicitly precluded by the HTTP specification, I would suggest avoiding it simply because people don't expect things to work that way. There are many phases in an HTTP request chain and while they "mostly" conform to the HTTP spec, the only thing you're assured is that they will behave as traditionally used by web browsers. (I'm thinking of things like transparent proxies, accelerators, A/V toolkits, etc.)

This is the spirit behind the Robustness Principle roughly "be liberal in what you accept, and conservative in what you send", you don't want to push the boundaries of a specification without good reason.

However, if you have a good reason, go for it.

caskey  2009-06-10 20:53:43
A: 

I wouldn't advise this, it goes against standard practices, and doesn't offer that much in return. You want to keep the body for content, not options.

cloudhead  2009-06-10 20:56:09
+6  A: 

You will likely encounter problems if you ever try to take advantage of caching. Proxies are not going to look in the GET body to see if the parameters have an impact on the response.

Darrel Miller  2009-06-10 21:10:50
Good answer; I'll find a way around it
Evert  2009-06-10 21:50:19
Using ETag/Last-Modified header fields help in this way: when a "conditional GET" is used, the proxies/caches can act on this information.
jldupont  2010-01-15 11:42:48
A: 

Perhaps I am missing the point, but why don't you use a POST instead if you want to send the data in the body and not the URL?

Flavius Stef  2009-06-10 21:12:38
POST, GET, DELETE and PUT all have very different meanings.. POST is already used on some urls for a different purpose.
Evert  2009-06-10 21:49:39
POST is not the right verb for a RESTful request to read a resource.
Andrew Vit  2010-09-13 07:25:34
+1  A: 

What you're trying to achieve has been done for a long time with a much more common method, and one that doesn't rely on using a payload with GET.

You can simply build your specific search mediatype, or if you want to be more RESTful, use somehting like OpenSearch, and POST the request to the URI the server instructed, say /search. The server can then generate the search result or build the final URI and redirect using a 303.

This has the advantage of following the traditional PRG method, helps cache intermediaries cache the results, etc.

That said, URIs are encoded anyway for anything that is not ascii, and so are application/x-www-form-urlencoded and multipart/form-data. I'd recommend using this rather than create yet another custom json format if your intention is to support ReSTful scenarios.

serialseb  2009-06-10 22:47:04
+5  A: 

Roy Fielding's comment about including a body with a GET request. Yes, you can send a request body with GET but the server will ignore it.

Paul Morgan  2009-06-11 20:27:36

related questions

Retrieving HTTP status code from loaded iframe with Javascript
How to specify an authenticated proxy for a python http connection?
Why does HttpCacheability.Private suppress ETags?
How to respond to an alternate URI in a RESTful web service
Is there a reason to use BufferedReader over InputStreamReader when reading all characters?
What would be a good, windows and iis (http) based distributed version control system
Database query representation impersonating file on Windows share?
How do I use NTLM authentication with Active Directory
Process raw HTTP request content
How would you implement FORM based authentication without a backing database?
Reading "chunked" response with HttpWebResponse
Best way to let users download a file from my website: http or ftp
How do I convert a date to a HTTP-formatted date in .Net / C#
What is the best way to upload a file via an HTTP POST with a web form?
How do I stop IIS7 dropping my cookies?
Checking FTP status codes with a PHP script.
HTTP Libraries for Emacs
Accessing post variables using Java Servlets
HTTP: Generating ETag Header
HTTP: How to know when to send a 304 Not Modified response
How do I best detect an ASP.NET expired session?
How can I make the browser see CSS and Javascript changes?
How to curl or wget a web page?
The Definitive Guide To Website Authentication
Implementation of "Remember me" in a Rails application.