IETF publishes QUERY method to allow safe and idempotent HTTP requests

POST requests do not always fulfill those criteria. But QUERY requests do. The input to the QUERY operation is, like POST, passed as the content of the request, rather than as part of the request URI as it is with GET. Unlike POST, QUERY allows functions such as caching and automatic retries to operate, precisely because it is safe and idempotent.

Read-only in disguise

“RFC 10008 matters because it gives the web’s favorite workaround a protocol identity,” said Sanchit Vir Gogia, chief analyst at Greyhound Research. “Developers have disguised read-only questions as POST commands for two decades; QUERY carries the question in the request body while declaring it safe to retry and cache. The significance is machine-readable intent; retry engines, caches, and autonomous agents act on what a method declares, not on what documentation intends. Under automation, semantics become policy.”

“GET works while a request fits comfortably in a URI, and stops working the moment a developer needs deep filters, long identifier sets or an entire query document,” Gogia explained. “URIs also attract exposure through histories, bookmarks, and access logs, and encoding every input combination into the address quietly turns each permutation into a distinct resource.”

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *