forked from httpwg/wg-materials
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ietf-93-httpbis-search.xhtml
executable file
·112 lines (106 loc) · 3.42 KB
/
ietf-93-httpbis-search.xhtml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>IETF 93 - SEARCH method</title>
<style type="text/css">
body {
color: black;
font-family: cambria, helvetica, arial, sans-serif;
font-size: 18pt;
}
h1 {
font-size: 36pt;
}
li {
margin-top: 0.5em;
}
q {
font-style: italic;
}
.break {
page-break-before: always;
}
@page {
size: a4 landscape;
}
@page {
@bottom-left {
content: "Julian Reschke, greenbytes";
}
@bottom-right {
content: counter(page);
}
@top-center {
content: "IETF 93 - SEARCH method";
}
}
</style>
</head>
<body>
<h1>IETF 93 - SEARCH method</h1>
<p>
<a href="mailto:[email protected]">Julian Reschke</a>, greenbytes
</p>
<h2 class="break">Why?</h2>
<p>
One of the most FAQs on StackOverflow is: can I send a GET request
with a payload?
</p>
<p>
We should have material that explains why GET with body doesn't work, and
what the alternatives are.
</p>
<h2 class="break">Proposal:</h2>
<p>
Explain the situation:
</p>
<ul>
<li>
Bookmarkability/Cacheability
</li>
<li>
Drawbacks of using GET: URIs might leak more frequently than payloads (log files, Referer), some components might fail for long URIs
</li>
<li>
Drawbacks of using POST: not safe, thus not repeatable without knowig the semantics of the request
</li>
<li>
Explore Content-Location, making the GET-table resource discoverable
</li>
<li>
Can URI templates help?
</li>
</ul>
<h2 class="break">Alternatives to GET and POST</h2>
<ul>
<li>Use an HTTP method that is defined to support a request payload <b>and</b>
is safe.</li>
<li>The method registry already contains three candidates: PROPFIND,
REPORT, and SEARCH; all of which defined for WebDAV.
</li>
<li>There is existing code out there which knows about them being safe,
so it makes sense to use one of these. It also avoids using
yet another method name.
</li>
<li>The most generic of these is SEARCH; we could un-tangle it from
WebDAV (without breaking existing uses) by allowing any media type
as payload (as in PATCH), and open up the response format as well.
</li>
</ul>
<h2 class="break">Specifically...:</h2>
<ul>
<li>Make it as simple as possible.</li>
<li>Format discovery using Accept-Search response header field (mirrors PATCH).</li>
<li>Discuss concrete formats in separate specs.</li>
<li>Explore ways to make the response to SEARCH GET-table and to leverage
URI templates so clients can directly construct GET requests once they know about the URI format.</li>
</ul>
<h2 class="break">Further reading:</h2>
<ul>
<li><a href="https://tools.ietf.org/html/draft-snell-search-method">draft-snell-search-method</a></li>
<li><a href="https://tools.ietf.org/html/draft-hunt-scim-search">draft-hunt-scim-search</a></li>
<li><a href="http://greenbytes.de/tech/webdav/rfc5323.html">RFC 5323: Web Distributed Authoring and Versioning (WebDAV) SEARCH</a></li>
</ul>
</body>
</html>