Is there any data regarding how browsers actually support rest http verbs (especially PUT, DELETE). This question is mostly motivated by the fact that many sources (such as this stackoverflow answer) inform that most browsers don't suport PUT and DELETE but don't say which.
Rails solves this using a patch on the client, and reversing the patch on the server, but I wonder, for instance, which browsers wouldn't need such hack.
When in doubt, ask Anne:
http://annevankesteren.nl/2007/10/http-method-support
It's a couple of years old, but it gives a clean bill of health to PUT and DELETE, but it also tries different cases of more obscure verbs like TRACE and PROPFIND:
Van Kesteren tested Firefox 3, Opera 9.5 and Internet Explorer 7, a mix of pre-release and releases. GET and POST worked as expected, and all supported the standard set of http methods from RFC 2616. There are some casing issues, so you should try to stick with uppercase always; TRACE and OPTIONS are edge cases with problems found in Firefox and Opera, respectively. CONNECT and TRACE and SEARCH are problematic for IE. Bear in mind that this was written in 2007 so YMMV.
I think the whole confusion over browsers not supporting other than GET and POST stems from the fact that the HTML specification lists only these two in the HTML <form>
element:
The method attribute of the FORM element specifies the HTTP method used to send the form to the processing agent. This attribute may take two values:
get: With the HTTP "get" method, the form data set is appended to the URI specified by the action attribute (with a question-mark ("?") as separator) and this new URI is sent to the processing agent.
post: With the HTTP "post" method, the form data set is included in the body of the form and sent to the processing agent.
This is the reason why browsers only support GET and POST natively in HTML; since the standard says so.
The current (January 2014) XMLHttpRequest specification on the other hand states explicitly that request methods should be allowed through with some exceptions (CONNECT, TRACE or TRACK), and that RFC2616 methods should be uppercased:
\6. If method is a case-insensitive match for CONNECT, DELETE, GET, HEAD, OPTIONS, POST, PUT, TRACE, or TRACK, subtract 0x20 from each byte in the range 0x61 (ASCII a) to 0x7A (ASCII z).
If it does not match any of the above, it is passed through literally, including in the final request.
EDIT Another source that has come to more or less the same conclusion: That XMLHttpRequest supports PUT and DELETE: http://jshirley.vox.com/library/post/xmlhttprequest-and-rest.html (warning, broken link as of May 2014).
EDIT The question has been asked before of course, but the two year old answers are still valid.
EDIT Short resume of Anne van Kesteren's page from 2007, and added section on HTML vs XMLHttpRequest
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With