Re: POST with empty body from Nathan on 2010-09-03 (ietf-http-wg@w3.org from July to September 2010)

From: Nathan <nathan@webr3.org>
Date: Fri, 03 Sep 2010 13:38:42 +0100
To: Mark Nottingham <mnot@mnot.net>
CC: Darrel Miller <darrel@tavis.ca>, ietf-http-wg@w3.org
Message-ID: <4C80EC52.2010207@webr3.org>

Is there any chance of a slight clarification to zero-body POST, message 
in URI?

Specifically I'm thinking that for years the message of don't do things 
like 'GET /transfer-funds?account=1234&to=4567&amount=100000000' has 
been common, whereas this seems to indicate that simply swapping the 
verb to POST makes it 'okay' (please do infer the human readable meaning 
of the example conveyed by the URI).

I guess (personally) I have a gut feeling that this could create 
problems somewhere down the line - but the specifics of how and what 
escape me for the time being.

Best,

Nathan

Mark Nottingham wrote:
> It's important to note that a message without a body can still carry a representation, because a representation is the combination of the body (which can be zero-length) *and* headers.
> 
> See:
>   http://tools.ietf.org/html/draft-ietf-httpbis-p3-payload-11#section-4
> 
> Cheers,
> 
> 
> On 02/09/2010, at 10:31 AM, Darrel Miller wrote:
> 
>> In the description of POST here [1], it starts with:
>>
>> "The POST method is used to request that the origin server accept the
>> representation enclosed in the request as data to be processed by the
>> target resource."
>>
>> This seems to infer that it is expected that a POST include a body.  Is it
>> required to have a body?  Is it unreasonable to expect a client to issue 
>>
>> POST http://example.org/tokens
>>
>> ...and expect a token to be created, despite the fact that no representation
>> is passed to the origin server?
>>
>> Taking this a step further, is the use of query string parameters instead of
>> a post body considered a valid request.  Could a client make the following
>> request?
>>
>> POST http://mapservice.org/Waypoints?latitude=51&longiitude=114
>>
>> I realize this is not a common usage, but my question is whether this is
>> prohibited by the HTTP specification, whether it is discouraged due to
>> negative impacts, or whether it a reasonable usage that is just not clear
>> from the description of POST.
>>
>> Thanks for your time,
>>
>> Darrel Miller
>>
>> [1] http://tools.ietf.org/html/draft-ietf-httpbis-p2-semantics-11#page-17
>>
>>
>>
>>
>>
> 
> 
> --
> Mark Nottingham     http://www.mnot.net/
> 
> 
> 
>

Received on Friday, 3 September 2010 12:39:55 UTC