[CodesInChaos]

I wonder if HTML forms will add support for QUERY:

    <form action="..." method="query">

This would avoid the annoying re-submission warnings you're getting if you refresh a page that was returned by a POST form submission, since QUERY is required to be idempotent.

[acabal]

Supporting more than GET/POST in HTML forms has been my dream for decades. There's a WHATWG proposal to do just that if you want to add your voice: https://github.com/whatwg/html/pull/11347

[CodesInChaos]

I'm not convinced of the benefit of allowing PUT/PATCH/DELETE in forms. But QUERY sounds more useful, and its lack of side-effects (plus the lack of legacy code using it) would avoid the need for CORS preflight requests.

There is a separate issue for QUERY: https://github.com/whatwg/html/issues/12594

[MBCook]

What’s the use case for that?

[acabal]

Because if HTTP is the language of the web, then HTML forms are how humans speak that language to computers. Right now we humans can only speak GET and POST.

In other words, right now if a human wants to DELETE a widget, the human has click on an HTML form to `POST /widgets/123/delete` - i.e. use an incorrect verb on an incorrect URL/object - or use some other workaround like smuggling a special `_method=DELETE` variable. This is unnatural and semantically incorrect, resulting in ugly hacks that break HTTP-level expectations like idempotency; and it also requires additional app-level logic to process.

Meanwhile a machine is allowed to simply `DELETE /widgets/123` because their interface to HTTP is not clicking on HTML forms.

We humans could converse with websites in semantically correct HTTP, have clean URLs in which both REST APIs and human-facing URLs are identical without hacks, and require no extra app/framework logic, if HTML forms simply allowed all (human-relevant) HTTP verbs.

[imtringued]

Things like that are why it's completely unreasonable to expect websites to work without first party Javascript. Utterly basic and mundane functionality is gated behind Javascript.

Building the mundane in the absence of JavaScript isn't some small thing you can build. It's going to require you to rebuild your entire site around the idea. Things like a searchable dropdown will now turn a single page form into a horrifying multi page mess where you get sent to a page for just the dropdown and the search box and selectable options, which then send you back to the original form. That is going to require you to store a lot of the form data on the server to keep track of what you entered across pages rather than let the browser do its thing.

The noscript crowd should have lobbied for a better HTML instead of rallying against JavaScript.

[lenkite]

I don't want to write Javascript for what should be a core feature of Basic HTML forms.

[Balthild]

It is almost a use case in itself: to make an form in pure HTML to allow user to update/delete a resource on the server, without violating the HTTP semantics with routes like `POST /items/:id/delete`.

[bob1029]

This is better solved with the post redirect get pattern.

[CodesInChaos]

The redirect pattern makes sense for a POST request that creates a resource, where you can then redirect to the newly created resource.

QUERY on the other hand makes sense for cases where the request doesn't cause any state changes on the server, and there is no resource to redirect to.

[diroussel]

That is the good old fashion workaround. But why is it better than a form causing an HTTP QUERY.

If we can do QUERY forms, it would be an ideal time to add JSON encoding for forms.

[amluto]

One oddity of forms: the result of a form POST is a page that has a location (the URL) but that cannot loaded via that location. As far as I know, the fact that the page is a POST and not a GET is not stored anywhere visible to the user or to JS. And refresh works oddly.

If method=QUERY were added, there would be a new variety of this weirdness.

[sheept]

At least browsers wouldn't have to warn users that they'd be resubmitting data if they reload the page after submitting a query form, since query requests are intended to be idempotent

[amluto]

You still get the nastiness that the Sec-Fetch-* state gets mostly trashed when you hit refresh. And someone would need to figure out how CORS preflight interacts with refresh, which is not currently an issue with POST. (The current "simple request" behavior or whatever it's called is a real mess and is the cause of a lot of CSRF vulnerabilities.)

[XYen0n]

If new method support is added, PUT should be used in this scenario.

[conorcleary]

We do already have CALL

[chrismorgan]

See https://github.com/whatwg/html/issues/12594.

[paradox460]

They never added support for any other verbs, but it's a brave new world, so who knows

[tempfile]

Depends whether your form submission should expect side effects or not. Most forms submissions have side effects. If the effect is truly idempotent, wouldn't PUT be a better verb? That is also supposed to be idempotent.

[echoangle]

You can’t use PUT as a form action though.

[tempfile]

I always forget this, because it makes no sense. Fair enough!

[diroussel]

GET and QUERY are both idempotent.

[tempfile]

I know, but neither GET nor QUERY may have side effects.

[mring33621]

Hold my beer!

[100ms]

Forms, HTTP implementations, public API surfaces, and all for what exactly. Introducing a new verb for this feels profoundly misplaced

[jagged-chisel]

Idempotency is an important attribute for correctness. Yep, you can document that POSTing to $ENDPOINT is idempotent, but you can't communicate that to caching layers throughout the network. QUERY, by definition, is idempotent and cacheable.

[resters]

Great point. I wish more people realized that intuitively.

[alpinisme]

At least support - or lack thereof - for a new verb is unambiguous (compared to changing the semantics of GET)