|
|
|
|
|
|
by paulddraper
823 days ago
|
|
|
That's why I said: > (Well, it's a syntactically valid HTTP message, but there's no semantic meaning to the body.) To quote RFC 9110: > Although request message framing is independent of the method used, content received in a GET request has no generally defined semantics, cannot alter the meaning or target of the request, and might lead some implementations to reject the request and close the connection because of its potential as a request smuggling attack (Section 11.2 of [HTTP/1.1]). A client SHOULD NOT generate content in a GET request unless it is made directly to an origin server that has previously indicated, in or out of band, that such a request has a purpose and will be adequately supported. An origin server SHOULD NOT rely on private agreements to receive content, since participants in HTTP communication are often unaware of intermediaries along the request chain. For this reason, Elasticsearch also accepts queries as POST. |
|
|