Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint
Share this Page URL
Help

8. REST and ROA Best Practices > Faking PUT and DELETE

Faking PUT and DELETE

Not all clients support HTTP PUT and DELETE. The action of an XHTML 4 form can only be GET or POST, and this has made a lot of people think that PUT and DELETE aren’t real HTTP methods. Some firewalls block HTTP PUT and DELETE but not POST. If the server supports it, a client can get around these limitations by tunneling PUT and DELETE requests through overloaded POST. There’s no reason these techniques can’t work with other HTTP actions like HEAD, but PUT and DELETE are the most common.

I recommend a tunneling technique pioneered by today’s most RESTful web frameworks: include the “real” HTTP method in the query string. Ruby on Rails defines a hidden form field called _method which references the “real” HTTP method. If a client wants to delete the resource at /my/resource but can’t make an HTTP DELETE request, it can make a POST request to /my/resource?_method=delete, or include _method=delete in the entity-body. Restlet uses the method variable for the same purpose.


  

You are currently reading a PREVIEW of this book.

                                                                                                                    

Get instant access to over $1 million worth of books and videos.

  

Start a Free 10-Day Trial


  
  • Safari Books Online
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint