whatwg / xhr

XMLHttpRequest Standard
https://xhr.spec.whatwg.org/
Other
314 stars 131 forks source link

GET method removing body #265

Closed hrodic closed 4 years ago

hrodic commented 4 years ago

Regarding to the send() method

If the request method is GET or HEAD, set body to null.

This, obviously is implemented in browser engines, like chromium. https://chromium.googlesource.com/chromium/blink.git/+/99b8c9800ac123eddc3e199088d22569c5294b22/Source/core/xml/XMLHttpRequest.cpp#600

The Hypertext Transfer Protocol (HTTP/1.1) RFC https://tools.ietf.org/html/rfc7231#section-4.3.2

states that

A payload within a GET request message has no defined semantics; sending a payload body on a GET request might cause some existing implementations to reject the request.

So, You cannot rely on sending payload in GET request being processed by "some" servers. This, does not mean that we should forbid having this use case, or being able to send payload in GET http requests.

My question is, due the fact that some API implementations have huge benefits of using structured payload data (xml, json, or others...) when retrieving resources, like we do with REST APIs, what is the reason of putting efforts on removing payloads when GET http requests? Because, by default, it will just work, but there has been work on top of the default to avoid this behaviour and scenarios. There is any reasoning and strong technical explanation to forbid and avoid at all costs to send payloads with GET verbs in all cases?

Could it be possible to allow it, just in case some implementors need it (like we do?).

Thank you!

annevk commented 4 years ago

There's no real interest in changing this per https://github.com/whatwg/fetch/issues/551 and it would also be a lot of work to do in a safe way. It'd be best if such APIs also accepted a method such as SEARCH or some such.