DELETE with body should not be allowed #763
Comments
|
+1 |
|
Agree with everything you say - BUT REST does not DISALLOW and I recall one resource that required a body in delete - suggest we leave as is (ie. apibuilder remains agnostic) |
|
Akamai got back to us and said that indeed, default configuration is to strip the body from DELETE methods, however, they can change that if we'd like. @mbryzek should we then say that all generators (including kotlin) should implement DELETE with body? In that case, perhaps, I should not roll back my change apicollective/apibuilder-generator@a0d764e |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
HTTP spec is vague on this, and some frameworks choose not to support this.
https://tools.ietf.org/html/rfc7231#section-4.3.5
A payload within a DELETE request message has no defined semantics; sending a payload body on a DELETE request might cause some existing implementations to reject the request.For example:
http4s supports this
retrofit (android) does not support it but has a workaround
akamai does not seem to support this (we didn't get a definitive answer on this, but from our experementation it looks like method body is not passed down to the server for DELETE calls)
So, overall, I think, allowing DELETE with body is trouble - generators may produce code that will not work, or will have to deal with workarounds, and things could fail in surprising ways, like when we pointed our application to akamai, and a single point was misbehaving.
P.S. this is the workaround that we implemented for android/kotlin/retrofit, but we're going to roll it back: apicollective/apibuilder-generator@a0d764e
The text was updated successfully, but these errors were encountered: