Hacker News new | ask | show | jobs
by insanitybit 1268 days ago
The spec is actually pretty clear on this - do not specify a body on a GET request.

> A payload within a GET request message has no defined semantics; sending a payload body on a GET request might cause some existing implementations to reject the request.

Previously it was "SHOULD ignore the payload".

It's nothing to do with laziness or security - people are writing spec conforming software. And indeed every library I've used allows interacting with a body, even on a GET.
1 comments
simplotek 1268 days ago
> The spec is actually pretty clear on this - do not specify a body on a GET request.

That's not what your quote says.

Not having a defined semantics does not mean if is not supported. Just because some implementations fail to support GET with a request body that it does not mean all implementations should interpret it as a malformed request.

I can roll out a service with endpoints that require GET with request bodies and it would still be valid HTTP.

link
masklinn 1268 days ago
> That's not what your quote says.

Yes it does. "No defined semantics" = "out of spec".

> I can roll out a service with endpoints that require GET with request bodies and it would still be valid HTTP.

You're out of the HTTP spec entirely.

link
mekster 1268 days ago
How are you interpreting that English?

Not defined means, it could be anything. If accepting body in GET is out of spec, then spec is supposed to say, GET cannot send body.

link
isityouyesitsme 1268 days ago
"out of spec" means that it is out of specification. It is literally not specified. You are doing something that is not specified. It is therefore an action that is out of specification. it is therefore out of spec.

If there was an utter ban, then it would be against specification and not compliant, not merely out of specification.

link
simplotek 1266 days ago
> "out of spec" means that it is out of specification. It is literally not specified.

That's not what it means at all. Being out of spec means the spec explicitly stating that a request with a body should be reject. If the spec does not state that a request with a body should be rejected then you are not required to reject a request which packs a body.

link
masklinn 1268 days ago
> Not defined means, it could be anything.

No, not defined means it's not within the purview of the spec. Spec doesn't care. You can send one. Maybe it'll work, maybe it won't, maybe it'll crash, maybe it'll be rejected, maybe some proxy along the way will strip it and the server won't even get it, maybe it'll get your client banned forever.

All of these are fine, because spec doesn't care.

> If accepting body in GET is out of spec, then spec is supposed to say, GET cannot send body.

No, then it would be against spec, like HEAD with a response body.

link
insanitybit 1268 days ago
You can do whatever the fuck you want, the spec defines what it defines.
link