This week at the HTTP Reading Group, we read RFC 7231 § 4.1 and 4.2, and learnt or discussed a bunch of interesting things:
HTTP request methods are case-sensitive, it’s not just by convention that we use uppercase words.
There are more standardised extensions to the list of HTTP methods than we expected, including a bunch of version-control related methods from RFC 3253.
Django’s generic class-based views support the
OPTIONSmethod out of the box (see: the
OPTIONSmethod is used in the wild as part of the CORS spec.
We talked about possible browser UIs to confirm unsafe (
DELETE) requests: A user agent SHOULD distinguish between safe and unsafe methods when presenting potential actions to a user, such that the user can be made aware of an unsafe action before it is requested.
We talked about whether our tools should enforce safe methods: should Rails provide a read-only database connection during
We expected the
PATCHmethod to be idempotent, but learnt that
PATCHis not idempotent because some patch formats need to operate from a known base-point
/cc @joannecheng @joelq