Re: POST with empty body from Jan Algermissen on 2010-09-02 (ietf-http-wg@w3.org from July to September 2010)

From: Jan Algermissen <algermissen1971@mac.com>
Date: Thu, 02 Sep 2010 23:14:22 +0200
To: 'HTTP Working Group' <ietf-http-wg@w3.org>
Message-id: <5FAD6378-1AFB-46C9-AFCF-798CCD6779B5@mac.com>

On Sep 2, 2010, at 10:49 PM, David Morris wrote:

> 
> 
> On Thu, 2 Sep 2010, Darrel Miller wrote:
> 
>> In the description of POST here [1], it starts with:
>> 
>> "The POST method is used to request that the origin server accept the
>> representation enclosed in the request as data to be processed by the
>> target resource."

Wouldn't an empty POST body make the above equivalent to 'do something'? And wouldn't that equate to method tunneling?
(along the lines of POST [empty] to /orders/42/ship )

Isn't the body what prevents the semantic of the target resource to be a function of the state of some other resource?
(In the example, the semantic of /orders/42/ship would depend on the state of /orders/42)

[Sorry for maybe going way-off here]

Jan


>> 
>> This seems to infer that it is expected that a POST include a body.  Is it
>> required to have a body?  Is it unreasonable to expect a client to issue 
>> 
>> POST http://example.org/tokens
>> 
>> ...and expect a token to be created, despite the fact that no representation
>> is passed to the origin server?
> 
> Nothing is said in the description of POST re. creating anything. It says
> "processed by the target resource". I can't conceive of why an empty
> body would be an error. It is up to the processing resource to make that
> determnation, not the HTTP protocol.
> 
> 
>> 
>> Taking this a step further, is the use of query string parameters instead of
>> a post body considered a valid request.  Could a client make the following
>> request?
>> 
>> POST http://mapservice.org/Waypoints?latitude=51&longiitude=114
> 
> Perhaps not common usage when combined with an empty body, but from a
> protocol perspective, the query string parameters are just part of
> the URL. I've worked with a number of platforms over the years which
> make it easy to just treat query string name value pairs and name
> value pairs in the POST body as a single name space such that the
> resource processing logic author need not care how the values were
> transported.
> 
> In some cases, I had to look hard to determine how a value was
> transported.
> 
> But I don't see any protocol issue with the above URL.
> 
>> I realize this is not a common usage, but my question is whether this is
>> prohibited by the HTTP specification, whether it is discouraged due to
>> negative impacts, or whether it a reasonable usage that is just not clear
>> from the description of POST.
>> 
>> Thanks for your time,
>> 
>> Darrel Miller
>> 
>> [1] http://tools.ietf.org/html/draft-ietf-httpbis-p2-semantics-11#page-17
>> 
>> 
>> 
>> 
>

Received on Thursday, 2 September 2010 21:15:01 UTC