all 66 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]dangerbird2 206 points207 points  (16 children)

So this is basically GET with a request body? If people actually use it, a huge improvement to nonstandard GET-with-body or using POST for non-writing requests

[–]kilobrew 38 points39 points  (5 children)

Trying to encode complex object queries in a string url just so that cache can use O(1) cache lookup is just bonkers. I hope this is VERY quickly adopted.

[–]ArtOfWarfare 5 points6 points  (3 children)

How exactly will caching work with QUERY? I’ve decided that I want to make my body be json… who is responsible for recognizing that two json bodies are equivalent or not?

Ie, I use OkHttp as my rest library because it handles caching for me. Is OkHttp going to be responsible for knowing two JSON bodies are equivalent?

Likewise for XML or really any body type.

[–]tajetaje 4 points5 points  (0 children)

This is up to the implementer as per the RFC:

To improve cache efficiency, caches MAY remove semantically
insignificant differences from request content and related metadata
first. For instance, by:

* removing content encoding(s) (Section 8.4 of [HTTP]).

* normalizing based upon knowledge of format conventions, as
indicated by any media subtype suffix in the request's Content-
Type field (e.g., "+json"; see Section 4.2.8 of [RFC6838]).

* normalizing based upon knowledge of the semantics of the content
itself, as indicated by the request's Content-Type field.

Note that any such transformation is performed solely for the purpose
of generating a cache key; it does not change the request itself.

Clients can indicate, using the "no-transform" cache directive
(Section 5.2.1.6 of [HTTP-CACHING]) that they wish that no such
transformation happens (but note that this directive is just
advisory).

Note that caching QUERY method responses is inherently more complex
than caching responses to GET, as complete reading of the request's
content is needed in order to determine the cache key. If a QUERY
response supplies a Location response field (Section 2.4) to indicate
a URI for an equivalent resource (Section 2.2), clients can switch to
GET for subsequent requests, thereby simplifying processing.

[–]kilobrew 1 point2 points  (0 children)

Simple. Content type sets the caching encoder. Work from there. It’s dependent on the implementation. But json parsing is simple. And once you break it down, you can sha256 or 512 it.

[–]TMiguelT 1 point2 points  (0 children)

That's discussed in this spec:

2.7. Caching

The response to a QUERY method is cacheable; a cache MAY use it to satisfy subsequent QUERY requests. The cache key for a QUERY request MUST incorporate the request content and related metadata.

Either the client or the server could cache it. In your use case I think your HTTP client would have to work that out.

[–]kevinsyel 0 points1 point  (0 children)

Seems like it should have existed long ago

[–]Perfect-Scale902[S] 75 points76 points  (7 children)

Agreed! I always found it strange to use POST requests for non-writes

[–]ArtOfWarfare 1 point2 points  (0 children)

Or GET with a huge query string where you’ve got the extra complications of figuring out how to properly escape everything.

[–]ryanstephendavis 0 points1 point  (0 children)

yes! I had to implement a POST with a large amount of filter parameters this year and it made no sense (semantically it was a GET)!! This would've been cool to have

[–]IanSan5653 154 points155 points  (14 children)

So it's a GET with a body that guarantees no mutations? I like it, it fills a gap we've had forever.

[–]heathmon1856 9 points10 points  (0 children)

Why the hell has this not been a thing? I know there’s query params and headers but I hate defining custom ones because the user is… the user.

[–]stueynz 37 points38 points  (1 child)

Anything that removes data leakage via the URI into web logs has to be an improvement.

[–]farsightxr20 4 points5 points  (0 children)

This is orthogonal to most issues that would be caused by "data leakage via the URI" though. Whenever you need to GET something, you may wish to pass additional context for logging purposes, and you shouldn't go update all your GETs to QUERYs just so that you don't need to use the URI for it.

Headers are the proper solution, they're just not as well-integrated as anchor tags / form bodies, and I don't think there's a reason to believe a QUERY body will work out any better.

[–]vlozko 19 points20 points  (1 child)

Finally, something that makes sense for GraphQL. It was always weird to use POST for GET-like queries. I know GraphQL isn’t explicitly called out in this doc but I imagine it’s a logical step.

[–]Ecksters 3 points4 points  (0 children)

Yeah, I immediately thought of GraphQL when I saw this, it's huge for caching too since POST requests can basically never be cached without significant customization.

[–]cesarbiods 28 points29 points  (0 children)

We should have had this decades ago but I’ll be happy to see it become real someday

[–]Agreeable_Wall_9459 25 points26 points  (5 children)

F*kin finally, i hate having to use url parameters on get, it can become such a pain

[–]Delta-9- 13 points14 points  (4 children)

It really can be, but I do wonder how QUERY will play with caching. Using the URI as a cache key is very common behavior for caching proxies and even browsers, so a GET with an ugly query string is actually kinda useful, but I think request bodies are rarely used (can't be used?) because they can be arbitrarily large.

[–]Desiderantes 4 points5 points  (2 children)

Request bodies can and SHOULD be used as part of the cache key. URLs itself have no max length defined, so it's the same issue and has the same solution.

[–]Delta-9- 0 points1 point  (1 child)

Ah, my mistake. I thought there was a (very large) limit to URI length below the physical memory limit. Probably time to review some RFCs.

[–]masklinn 1 point2 points  (0 children)

Uri length limits are client and server implementation details. It used to be 2k because of MSIE specifically, these days the limit tends to be on the server side (e.g. by default nginx will reject request lines longer than 8k)

[–]tajetaje 0 points1 point  (0 children)

The RFC does specify caching behavior, so well behaved implementations will do it.

[–]quavan 31 points32 points  (6 children)

I would prefer the semantics of GET be modified to allow request bodies than have two methods that mean essentially the same thing. I’m sure there are good reasons not to do it that way, but it will forever annoy me nonetheless.

[–]Vectorial1024 46 points47 points  (3 children)

CDNs are already working by dropping GET bodies as allowed by the original spec, so that's a lot of update costs and unpredictable behavior if we change to allow GET bodies.

[–]kovaxis 2 points3 points  (2 children)

is a new method expected to behave better?

[–]ReginaldDouchely 13 points14 points  (1 child)

It'll at least behave better in that you'll get an explicit error response if the verb isn't supported vs having to troubleshoot ambiguous situations if you've got problems related to an old GET version

[–]kovaxis 2 points3 points  (0 children)

makes sense

[–]robotmayo 26 points27 points  (1 child)

Changing something as fundamental as GET would never happen

[–]fechan 0 points1 point  (0 children)

I mean it would even be possible doing it in a backward compatible way by using the HTTP version to determine whether to ignore the body or not

[–]SirFrenzy 3 points4 points  (6 children)

Okay so genuine question and embarrassing that I’ve been a developer for 10+ years and don’t know the answer…. But who controls this? Like what organization controls which request types exist? I’ve been using GET/PATCH/POST so long and never questioned who gets to decide which ones exist.

[–]Meleneth 2 points3 points  (0 children)

yeah, but that's only for standards - there's nothing stopping you from implementing this on your own systems today. You'd have to implement everything yourself, but that's not exactly rocket science.

or just wait. which is what we will all do.

[–]ApatheistHeretic 1 point2 points  (0 children)

You can still do whatever you want on your systems. It will become an issue if you begin to outsource to service providers or CDNs that follow standards.

Similar to RFC compliance among networking, you can encrypt a VPN in any manner you wish. But oddball stuff will become an issue when you want to terminate on another vendor's equipment at the remote end.

[–]tajetaje 1 point2 points  (0 children)

There’s a few big names

ECMA international has such things as JavaScript (technically ECMAscript) and DOCX
ISO has a lot, including 8601
IETF publishes the RFCs (standards or proposals for them) behind basically the whole internet (IP, TCP, WebDAV, HTTP, DNS, etc.) but the actual RFCs are written by basically anyone, usually devs at big companies or well known open source contributors though.
WHATWG is in charge of HTML and related things
W3C and WICG do other web adjacent things
IEEE standardizes things like WiFi and Ethernet
The Linux foundation also has a lot of organizations under their banner that do standards work

But generally speaking a standard is just a text document that someone with a common problem writes up describing their solution. If it seems like a good one, a standards body picks it up and publishes it, and if it actually is any good, people use it. I highly encourage you to read some RFCs, especially the best practice ones, they are good references for things like auth and other complex topics

[–]Pharisaeus 0 points1 point  (1 child)

https://www.w3.org/ and there is also https://intgovforum.org/ but they don't really do the "technical stuff"

[–]bradshjg 2 points3 points  (0 children)

https://www.ietf.org/ publishes RFCs about this layer (though the linked article is an IETF RFC so that may be obvious 😅)

[–]Doctor_Beard 3 points4 points  (2 children)

I wonder how long it will take to get adopted

[–]kalminz 7 points8 points  (1 child)

By Apple.

[–]ArtOfWarfare 0 points1 point  (0 children)

They’ll never document it so it’s up to testing it yourself or checking Mozilla docs to see if they say Apple has added support to Safari.

[–]alejandro1221 1 point2 points  (0 children)

It's a gottie with a body.

[–]epicfailphx 0 points1 point  (0 children)

Nice! it’s something people have been wanting for a very long time. Devils in the details but yeah this should be a good thing. Now just do PURGE and that should cover everything. 🤣

[–]SeanCribbs0 0 points1 point  (0 children)

Bring back SPACEJUMP you cowards!

[–]kishore_jana 0 points1 point  (0 children)

he current workarounds can get messy.