4

I'm using ASP.NET MVC to build a RESTful web application and I plan to tunnel PUT and DELETE requests through POST as it seems like the most pragmatic workaround.

What I'd like to know is, should I tunnel the information through the url like this:

<form method='post' action='resource?_method=DELETE'>
    <!-- fields -->
</form>

Or should I tunnel it through the posted form data like this:

<form method='post' action='resource'>
    <input type='hidden' name='_method' value='DELETE' />
    <!-- fields -->
</form>

And what are the pros and cons of each?

EDIT: One of the reasons I asked the question is that I read somewhere that putting information like this in the url is a good thing as post data usually gets lost, but urls hang around (in log files, etc) - unfortunately it makes the url look ugly

Jacob Stanley
  • 4,704
  • 3
  • 33
  • 36

4 Answers4

4

Have you seen this question? From what I understand, the x-http-method-override header is the preferred solution to this problem.

Community
  • 1
  • 1
Darrel Miller
  • 139,164
  • 32
  • 194
  • 243
2

It's more of personal preference. Restful Web Services, OReilly, describes both somewhat interchangeably.

That being said, I prefer the first method for reasons of programmer intent. In Rest, when I'm looking at the code, I mentally read

VERB http://someuri.com/someresource/id

The verb and the resource are close together.

With PUT and DELETE you have to use a workaround like the ones that you've shown. In the first example, the resource and the verb are still close together on the same line.

In your second example, however, the resource is split into two lines. The verb is included on the same line as the resource id, but away from the resource name. It's very, very minor, but to me, that makes the second example less readable.

John
  • 3,332
  • 5
  • 33
  • 55
  • This is the conclusion I came to as well, so I'm marking it as the accepted answer. From the point of view of HTTP, the first line of the packet should have the verb and the resource to access. Putting it in the url is closer to this ideal than having it hidden in the post information. The user won't really see the url anyway because a successful PUT can then be redirected to GET the relevant resource. – Jacob Stanley Jun 27 '12 at 10:05
  • 1
    I don't recommend to put verbs into the URL since it is for resource identification and not for operation identification. From my point of view the hidden input or the method override headers are better solutions. Maybe another possible solution by plain HTML to add MIME type parameters to the enctype of the form. – inf3rno Sep 10 '14 at 13:27
0

Not that I have, but shouldn't you use:

<form method="put" action="resource">
    <!-- fields -->
</form>

And / or

<form method="delete" action="resource">
    <!-- fields -->
</form>

...?

Charlino
  • 15,802
  • 3
  • 58
  • 74
  • I'd love to, but this is not supported by most web browsers (and indeed the HTML/XHTML spec) – Jacob Stanley Mar 20 '09 at 04:04
  • I see. Personally I'd put it in the post because that's where all the other info for the request is. Where did you read that it's better in the URL? – Charlino Mar 20 '09 at 04:11
  • I can't remember, but it's a good point that things like urls are logged. If I check my request log I can see 'POST /resource?_method=DELETE' instead of just 'POST /resource' – Jacob Stanley Mar 20 '09 at 05:51
  • A GET request should never modify data. You should never place _method in the queryparam because it allows a URL to change a GET request into a different request verb. Say I sent your users an e-mail with a link saying "click here for free puppies", but the link actually went to your website with the path "/message/delete/1?_method=DELETE". What do you think would happen when some users inevitably click it? – Jansky Jul 08 '16 at 10:08
-1

They are equivalent.

Though if pressed I'd prefer sending it in the post myself, but it's subjective.

Allain Lalonde
  • 91,574
  • 70
  • 187
  • 238