IETF Logo Mail Archive

Re: GET / DELETE request bodies

Cory Benfield <cory@lukasa.co.uk> Mon, 24 February 2020 16:23 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B2B613A0F36 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 24 Feb 2020 08:23:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.65
X-Spam-Level:
X-Spam-Status: No, score=-2.65 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, MAILING_LIST_MULTI=-1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lukasa-co-uk.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w8JhZCkcoN2S for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 24 Feb 2020 08:23:09 -0800 (PST)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B87063A0F23 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 24 Feb 2020 08:23:08 -0800 (PST)
Received: from lists by lyra.w3.org with local (Exim 4.92) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1j6GSS-0004rf-Kb for ietf-http-wg-dist@listhub.w3.org; Mon, 24 Feb 2020 16:19:48 +0000
Resent-Date: Mon, 24 Feb 2020 16:19:48 +0000
Resent-Message-Id: <E1j6GSS-0004rf-Kb@lyra.w3.org>
Received: from mimas.w3.org ([128.30.52.79]) by lyra.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <cory@lukasa.co.uk>) id 1j6GSL-0004q6-LK for ietf-http-wg@listhub.w3.org; Mon, 24 Feb 2020 16:19:41 +0000
Received: from mail-lj1-x22d.google.com ([2a00:1450:4864:20::22d]) by mimas.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.92) (envelope-from <cory@lukasa.co.uk>) id 1j6GSH-0007aX-48 for ietf-http-wg@w3.org; Mon, 24 Feb 2020 16:19:41 +0000
Received: by mail-lj1-x22d.google.com with SMTP id x14so10718117ljd.13 for <ietf-http-wg@w3.org>; Mon, 24 Feb 2020 08:19:36 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lukasa-co-uk.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=AQEY9THYOvyHRoafBPLBEDP4sPF64JgPjvdtEsmZ5FE=; b=BoawlIrmlJyLJiDaagqmn5zxDAJbYLHvo0Jnh5PFVbagC2equkx6YA8cphu9kisQRD 7iUIRQAqbjZYvqw8PdgPytBY9a0INmDtYlivCzPmE63Hnf9Pxdx9bnm1dhCYj+UZvnKw TYpTvVEGxL3k96dCGhmJuUofEjN2R8e+DG9+ygaWqpTnmXDChxB9guOgOJQun16/1284 p9GGOpov5JT0NZ1Hg2Rup89GS7Y5fil3GGBK1d7Z5GyOM1sVRw6MUmsJhqT0pMaflHnn n5HWR/CCFe0m7u9O9XlNp8RDPFcaWD4d1XsZXwIv31HC+La31nbjvEiqVdk609W4izxv Na0g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=AQEY9THYOvyHRoafBPLBEDP4sPF64JgPjvdtEsmZ5FE=; b=h0bfCvhAopxAXuzuXdhx+pESc/FMU6S82rfT/5mk8muPGl3KfUUdw1IiL2els9R15r jy2tsrUykC5ARSq9FPnfXl2YDszSOmNryRsDP75mfC/BJcefHy/Fz8kcZ37/3eE8qS3v 6KVThsNOiQFGzjDEJm7Axp6f+xQCgwDLg5xOU2GkBH9m9OQIemr7RNL5b6bLLUeIs7fI VaHYIb8UYoGid3npLWJ1BNAygVCWXjJa71MhIqTrIx/o0CIZSyadw5lURsuMobmvtUTQ lUbTxdfZu68yo524p1POtwZf4kYFYw/Jrz+W4mil5ITlWlOAF6hZXjPF22iOriFahgAH VFnQ==
X-Gm-Message-State: APjAAAUCowM75PHMB0SMdZUfzpz00MY2YmAv0l/5RtzDd6Q9uX69GLcf N0yKRrJ4aV1uIx+wY9r+speauqkcf3uNd1mGLdmaPQ==
X-Google-Smtp-Source: APXvYqwaCswf6JZ+XsiJv6Xle5kDgTUU0LXikv3VEKAnUZ2Co3nNdIou76w5S5SlWgmwD+tCyy+Mk4f586R9spRXsAc=
X-Received: by 2002:a2e:b0f5:: with SMTP id h21mr32170777ljl.9.1582561164356; Mon, 24 Feb 2020 08:19:24 -0800 (PST)
MIME-Version: 1.0
References: <CAChr6SyZN4ceSeHkfQVnKRX7=RPnKjX_vAsL1mTHs18-MKRphQ@mail.gmail.com> <CAH_hAJEdM+NeVKAwEC+8uQf_0Dv-ArEtetuSoOW3wcV9WMeMZw@mail.gmail.com> <22665322-3F2B-4B2A-AE8F-91A53DE75B9E@gbiv.com>
In-Reply-To: <22665322-3F2B-4B2A-AE8F-91A53DE75B9E@gbiv.com>
From: Cory Benfield <cory@lukasa.co.uk>
Date: Mon, 24 Feb 2020 16:19:13 +0000
Message-ID: <CAH_hAJFF-o_iPzU-DxvjC2YafgTnep1xCW9pnsiRvuLncjWD0g@mail.gmail.com>
To: "Roy T. Fielding" <fielding@gbiv.com>
Cc: Rob Sayre <sayrer@gmail.com>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass client-ip=2a00:1450:4864:20::22d; envelope-from=cory@lukasa.co.uk; helo=mail-lj1-x22d.google.com
X-W3C-Hub-Spam-Status: No, score=-3.9
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1j6GSH-0007aX-48 e02c54186d5bc6ec11871a8bd7fe90ae
X-Original-To: ietf-http-wg@w3.org
Subject: Re: GET / DELETE request bodies
Archived-At: <https://www.w3.org/mid/CAH_hAJFF-o_iPzU-DxvjC2YafgTnep1xCW9pnsiRvuLncjWD0g@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/37380
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On Mon, 17 Feb 2020 at 18:44, Roy T. Fielding <fielding@gbiv.com> wrote:
>
> > On Feb 17, 2020, at 1:53 AM, Cory Benfield <cory@lukasa.co.uk> wrote:
> >
> > The semantic requirement missing is that DELETE bodies have no
> > spec-defined semantics. This is not that they can't have semantics, or
> > that they shouldn't have spec-defined semantics, only that no
> > specification has ever said what a body in a DELETE request means.
>
> FTR, this is a common misinterpretation, but that is not what it says and
> certainly not what it means.
>
> They have no semantics in the sense that a body cannot change the meaning
> of a received request. They are absolutely forbidden to have any impact
> whatsoever on the processing or interpretation of the request aside from
> the necessity to read and discard the bytes received in order to maintain
> the message framing. The only reason we didn't forbid sending a body is
> because that would lead to lazy implementations assuming no body would
> be sent.
>
> This has always been the case for HTTP and GET/HEAD/PUT/DELETE.
> They were defined that way so that the URL would identify the resource
> and intermediaries would not have to delve into the body to reinterpret
> the semantics defined by method and header fields.

I'm finding this...confusing. Did you mean to put PUT in that list?
Because RFC 7231 doesn't say bodies in PUT have no defined semantics,
and it's distinctly not like the others in your list. Was CONNECT what
you had in mind instead?

The requirement to handle the body seems covered by RFC 7230 ยง 3.3:

> Request message framing is independent of method semantics, even if the method does
> not define any use for a message body.

But your forceful response on this seems to be out of line with the
highly equivocal language in the RFC. It would have cost nothing for
the RFC, instead of saying "A payload within a GET request has no
defined semantics", to say "A payload in a GET request MUST be
ignored". This doesn't forbid sending it, just forbids doing anything
with it, and seems closer to your intent.

Are you open to considering a work item for the next round of drafts
to consider adding normative language that matches your position on
request bodies?

v2.23.0 | Report a Bug | By Email