You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
That excerpt you referenced refers to the body on HEAD responses. Here, I'm refering to the body on GET/HEAD requests. This is actually mentioned in that spec in a separate paragraph:
A payload within a GET request message has no defined semantics;
sending a payload body on a GET request might cause some existing
implementations to reject the request.
"no defined semantics" does sound a little worrying, but I can't see anything here that disallows it.
Currently, the body is ignored when the request method is either GET or HEAD.
I had a look through the HTTP 1.1 spec and didn't find any mention of restricting request bodies to certian methods (http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.3).
I have also seen this behaviour used in the wild. For example, Elasticsearch uses it for passing the search query when performing a search request (https://www.elastic.co/guide/en/elasticsearch/reference/1.4/search-request-body.html).
Relevant code: https://github.com/hyperium/hyper/blob/master/src/server/request.rs#L44-L45
Introduced in: a60a67c
The text was updated successfully, but these errors were encountered: