The new HTTP QUERY method explained

Posted by CommonGuy 17 hours ago

The new HTTP QUERY method explained(kreya.app)

208 points | 159 commentspage 2

piterrro 9 hours ago|

I wish there was an HTTP method that directly signals async intent of the server. I know we have 202 Accepted status, but these days there are so many APIs that use the async patterns and each one differs a bit. Having a standard for accepting async jobs with idempotency and notification about results via webhook

austin-cheney 10 hours ago||

It blows my mind that people are invested in this. HTTP is a 35+ year old text-based protocol. Its becoming the COBOL of digital transmission.

Just as one example, among many, you could try WebSockets (or some other similar protocol) and then push anything over it. Your message could be plain text, JSON, binary, whatever. Web Sockets and protobufs are bidirectional (full duplex) too.

lightningspirit 9 hours ago||

The internet is complex, and you have tons of protocols that are not well supported. TCP/HTTP are well supported by proxies and have well-defined, stable specs, which also help with caching, throttling, etc.

Just because it's old doesn't mean it is worse than alternatives, most likely it is quite the contrary.

austin-cheney 5 hours ago||

Its worse than alternatives because it imposes greater complexity on everybody that uses it. COBOL is also old. That also does not mean COBOL is bad, but nobody wants to write COBOL any more when there are so many better options available.

mekdoonggi 10 hours ago|||

WONIBDFI (whether or not it's broke, don't fix it)

lmariscal 8 hours ago||

a 35+ year old text-based protocol with 3 major variants (two of them supporting binary frames), and which is used to communicate most of the internet

yeah, I also don't get the hype, let's go back to everyone declaring their own communication protocol

austin-cheney 5 hours ago||

Its like saying nobody should bother with IPv6 when IPv4 is more common when the real reason is because people don't want to migrate.

haburka 13 hours ago||

This is awesome and very much needed. Sending massive get requests always felt like shit and support for body parsing of GET was all over the place. I hope it will be adopted quickly.

doctor_phil 15 hours ago||

Nice, not having bodies on GET has been a pet peeve of mine for a long time. It would be nice to allow bodies on DELETE as well, but that is less of a problem in most cases.

ralferoo 13 hours ago||

If you're doing anything complicated enough to need so much data that it'd be better to send the data in a body, it's probably not a DELETE and so POST would be more appropriate anyway.

DELETE is intended to delete one specific object, pointed to by a unique URL, not to delete arbitrary objects matching some criteria.

beardyw 12 hours ago||

DELETE is idempotent, so I am not sure what the body would do?

nesarkvechnep 10 hours ago||

I still don't get the need for QUERY. One can create a search or filter resource with a POST request and then query it using GET. As a bonus, creating a resource allows it to be shared and cached.

WorldMaker 5 hours ago||

Right, that process works today just fine, but that's application code that the browser (and middleboxes) can't assume. The idea is that QUERY directly represents that flow to the browser as a direct participant (and to caching middleboxes as well). A QUERY can (optionally) create a search or filter resource and return a Location: response header that points to a GET resource to refresh the next time the same QUERY is asked. The browser can directly cache that Location and associate it with that QUERY body. (So can middleboxes.)

A POST can return Content-Location: to the GET resource, but the browser can't assume that the same POST body contents create the same result Content-Location, whereas the QUERY Location represents the QUERY itself as a repeatable object. (Also, QUERY can return Content-Location instead of or in addition to Location for subtly different caching implications.)

theowaway213456 10 hours ago||

Obviously the approach you mentioned has the downside of two server round-trips being necessary while the QUERY request only requires a single round-trip. Not to mention the two-request approach adds more complexity to both clients and servers, as it mandates that both the client and server have to physically create and manage those resources.

nesarkvechnep 10 hours ago||

Obviously, yes, but is it simpler to add a new HTTP method and add support for it everywhere?

lightningspirit 9 hours ago||

Because HTTP is stateless by definition, you now need to support persistence (state) on the server side whenever you want to run a slightly different query, which contradicts the preamble.

I understand the confusion around GraphQL's cached/persisted queries, but this is not the intention of HTTP.

koolala 16 hours ago||

What do you think people will make the Query request body? Most everything will use this for JSON but it could be anything so what other interesting things do you think will go in there? Query 1 + 1 and get 2?

miggol 15 hours ago||

Considering the guideline that QUERY should be idempotent and cacheable, file querying requests come to mind. Reverse image search, for example.

CommonGuy 14 hours ago|||

GraphQL implementations could switch to this

dreambigwrkhard 15 hours ago|||

I'm curious too. Unless the developer is really passionate about this I don't think a dev will risk (potential) compatibility issues or unexpected footguns to use this when the workarounds do seem to work quite well already. I just dont see the benefit but maybe it's because I am just not aware of a real world use case; happy to be corrected.

unilynx 15 hours ago||

Elastic/Opensearch uses GET requests with a body for search, which is complicated or forbidden (not exactly sure) with the HTTP spec. Not all HTTP clients are willing to submit a body with a GET.

So opensearch also allows you to POST search requests, but those are uncacheable

QUERY would fit here perfectly - it's probably trivial for opensearch to add but it will take some time for clients to catch up.

topham 11 hours ago|||

Fixing GET would be easier.

And yes,it would be fixing a flawed interpretation of what should be implemented.you are, by definition GETting something.

Tools dropping body from GET by default are violating the spec today.

Rules configured to drop it are just that, temporarily configured constraints readily modified.

Adding QUERY will make it unpredictable in effectively the same manner as GET/body. It'll take even longer to resolve it though.

Yokohiii 10 hours ago||

> Fixing GET would be easier.

I disagree. I think the adoption (or dismissal) of QUERY will show.

First thing that comes to mind is that the idempotency of GET resources are easy to handle. URL's have a fixed size, they can be efficiently hashed, cached and are unambiguous about how they serve this purpose.

It is unclear how the ecosystem will deal with the QUERY requirements. It's easy for apps, but browsers, http caches and servers will take some time to figure out solutions.

Fixing GET would have the same amount of uncertainty in addition to the need to keep current expectations valid. It's not easier, it's harder.

topham 8 hours ago||

Browsers won't.

No, really, they simply won't implement it.

koolala 5 hours ago|||

Did they say why? I kinda thought that was the main point.

Yokohiii 7 hours ago|||

Okay, great.

dreambigwrkhard 1 hour ago|||

that's a legit use case. thanks for the info!

pmontra 13 hours ago|||

We might start using QUERY for the search requests from our web app to our server, if nothing in the stack in between the app and our server side code does not drop the body. A JSON body beats the spaghetti arguments of most filters.

victorbjorklund 12 hours ago||

Graphql?

tndibona 11 hours ago||

Good use case for graphQL requests which use POST for all queries? But then again what about mutations

WorldMaker 4 hours ago|

Presumably good GraphQL libraries would support requiring POST for mutation and QUERY as acceptable for all queries that don't involve mutation.

IshKebab 14 hours ago||

What are the chances sites start using this to prevent sharing links...

0x073 13 hours ago|

With some post websites (banking) and spa already present.

Yokohiii 10 hours ago||

Unironically QUERY seems to me a "quality of life" feature for the SPA world and the ultimate legitimation to kill link sharing. It is too hard to keep links and app state consistent, so lets just drop it.

grugdev42 15 hours ago||

We should have just added optional body support for GET requests.

So much simpler...

tumetab1 13 hours ago||

The only valid argument against HTTP GET with a body is that it has privacy/security risks.

Exist stuff (caches, CDN, etc.) could serve private information because the HTTP GET is cached without checking the request contents. The new standard can avoid this because old stuff does not know about HTTP QUERY.

ComodoHacker 15 hours ago||

More complex actually

johnnyevert 14 hours ago|

Will this be compatible with graphql?

lightningspirit 9 hours ago|

It won't break GraphQL, as it uses POST. It can very much improve it if adopted: - use QUERY method when querying resources - use POST method for mutations

More comments...