Misuse of HTTP GET is a cardinal sin

According to the RESTful style, you should make use of the four HTTP methods GET, POST, PUT and DELETE. However, in many cases only GET and POST is used, and POST is used when you really should use PUT or DELETE. I consider this as a quite minor issue.

However, using GET instead of POST (or PUT or DELETE) is much worse.

The current HTTP 1.1 specfication (RFC-2616) clearly states that a GET request must be safe, i.e. not have any significant side-effect on the server. So in order to change anything on the server, you must use POST (or PUT or DELETE). The older HTTP 1.0 specification (RFC-1945) from 1996 said the same.

This is important because the HTTP protocol supports caching, both in the client and in intermediate proxies. This caching may result in that GET requests will not get through to the server all the time. If you use GET to perform some action on the server, it will not work reliably unless you do ugly workarounds to circumvent the caching.

Public specifications of the HTTP protocol has made this clear for more than 12 years now. Misuse of the GET method in a web application, web service or any other application of HTTP is a cardinal sin.

This entry was posted in web. Bookmark the permalink.

4 Responses to Misuse of HTTP GET is a cardinal sin

  1. Couldn’t agree more. However, what is not so clear is in which situations POST is preferred over PUT. Both can send data in the body (which you don’t do with GET’s). As I understand it, PUT should be used when an entity is created, and POST when an entity is modified.

  2. PUT is used to modify an existing entity, or to create a new entity at the URL you use in the PUT request.

    POST is used to create “subordinate”, i.e. an entity with another URL than the one used in the request

    PUT must be idempotent, POST doesn’t have to be.

  3. On-spot explanation! On an on-spot blog!
    Keep up the good work! 🙂

  4. Mats Henricson says:

    Hoppas jag inte aer den skyldıge… 🙂

Comments are closed.