[CommonGuy]

Proxies are allowed to drop bodies of HTTP GET requests.

RFC 9110 states:

> [..] content received in a GET request has no generally defined semantics, cannot alter the meaning or target of the request [..]

> A client SHOULD NOT generate content in a GET request [..]

[degamad]

> ... unless it is made directly to an origin server that has previously indicated, in or out of band, that such a request has a purpose and will be adequately supported.

You left out the important part.

[lightningspirit]

How does the origin server indicate that?

[magicalhippo]

Even HTTP 1.0 RFC[11] is fairly clear on this, although it doesn't explicitly spell it out like RFC 9110. GET requests should only consider the Request-URI and request bodies should only be included if the method calls for it.

[1]: https://www.rfc-editor.org/info/rfc1945/