This week at the HTTP Reading Group, we read RFC 7231 § 4.1 and 4.2, and learnt or discussed a bunch of interesting things:
-
HTTP request methods are case-sensitive, it’s not just by convention that we use uppercase words.
-
There are more standardised extensions to the list of HTTP methods than we expected, including a bunch of version-control related methods from RFC 3253.
-
Django’s generic class-based views support the
OPTIONS
method out of the box (see: theoptions
method ondjango.views.generic.View
). -
The
OPTIONS
method is used in the wild as part of the CORS spec. -
Link pre-fetching is defined in the HTML 5 specification, and Firefox supports pre-fetching for
link
elements, but nota
elements. -
We talked about possible browser UIs to confirm unsafe (
POST
,PUT
, andDELETE
) requests: A user agent SHOULD distinguish between safe and unsafe methods when presenting potential actions to a user, such that the user can be made aware of an unsafe action before it is requested. -
We talked about whether our tools should enforce safe methods: should Rails provide a read-only database connection during
GET
andHEAD
requests? -
We expected the
PATCH
method to be idempotent, but learnt thatPATCH
is not idempotent because some patch formats need to operate from a known base-point
/cc @joannecheng @joelq