On 2006/04/22, at 7:45 AM, Mark Baker wrote:
On 4/21/06, Mark Nottingham <[EMAIL PROTECTED]> wrote:
RFC2616, section 4.3;
"A message-body MUST NOT be included in a request if the
specification of the request method (section 5.1.1) does not allow
sending an entity-body in requests. "
Right.
GET, HEAD and DELETE do not allow for an entity-body in requests.
You'd think so, wouldn't you? But that's not the case; they all
permit them.
It depends on how you read "does not allow"; the definitions of those
methods do not explicitly allow a body, so if you're a "everything
not allowed is forbidden" kind of guy (which is how the MUST NOT
requirement above is written), they *don't* permit them.
I do agree that HTTP isn't very clear on this matter, but I couldn't
find any immediately apparent discussion in the WG. Do you have a ref?
What do you think a request body on GET will mean? What developers
will probably do with it -- especially if forthcoming access control
mechanisms have a higher barrier for POST -- makes me shudder.
We wouldn't want to profile HTTP, would we? 8-)
*tbbtttbbhbt*
--
Mark Nottingham
[EMAIL PROTECTED]
