This week at the HTTP Reading Group, we read RFC 7231 § 4.1 and 4.2, and learnt or discussed a bunch of interesting things:
-
HTTP request methods are case-sensitive, it’s not just by convention that we use uppercase words.
-
There are more standardised extensions to the list of HTTP methods than we expected, including a bunch of version-control related methods from RFC 3253.
-
Django’s generic class-based views support the
OPTIONSmethod out of the box (see: theoptionsmethod ondjango.views.generic.View). -
The
OPTIONSmethod is used in the wild as part of the CORS spec. -
Link pre-fetching is defined in the HTML 5 specification, and Firefox supports pre-fetching for
linkelements, but notaelements. -
We talked about possible browser UIs to confirm unsafe (
POST,PUT, andDELETE) requests: A user agent SHOULD distinguish between safe and unsafe methods when presenting potential actions to a user, such that the user can be made aware of an unsafe action before it is requested. -
We talked about whether our tools should enforce safe methods: should Rails provide a read-only database connection during
GETandHEADrequests? -
We expected the
PATCHmethod to be idempotent, but learnt thatPATCHis not idempotent because some patch formats need to operate from a known base-point
/cc @joannecheng @joelq