Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Using GET for a non-idempotent request

Simply put, I have a website where you can sign up as a user and add data. Currently it only makes sense to add specific data once, so an addition should be idempotent, but theoretically you could add the same data multiple times. I won't get into that here.

According to RFC 2616, GET requests should be idempotent (really nullipotent). I want users to be able to do something like visit

http://example.com/<username>/add/?data=1

And this would add that data. It would make sense to have a PUT request do this with REST, but I have no idea how to make a PUT request with a browser and I highly doubt most people do or would want to bother to. Even using POST would be appropriate, but this has a similar problem.

Is there some technically correct way to allow users to add data using only GET (e.g. by visiting the link manually, or allowing external websites to use the link). When they visit this page I could make my own POST/PUT request either with javascript or cURL, but this still seems to violate the spirit of idempotent GET requests.

like image 891
Explosion Pills Avatar asked Dec 28 '11 14:12

Explosion Pills


People also ask

Does get have to be idempotent?

Implemented correctly, the GET , HEAD , PUT , and DELETE methods are idempotent, but not the POST method. All safe methods are also idempotent.

Which HTTP request method is non-idempotent get?

HTTP method POST is non-idempotent method and we should use post method when implementing something that that dynamic in nature or we can say changes with every request.

WHY GET method is idempotent?

GET, HEAD, OPTIONS and TRACE methods are defined as safe, meaning they are only intended for retrieving data. This makes them idempotent as well since multiple, identical requests will behave the same.

Can non-idempotent be put?

PUT – Updates/replaces a resource. PUT is idempotent but it is not safe. PATCH – Partially updates a resource. PATCH is not idempotent and it is not safe.


1 Answers

Is there some technically correct way to allow users to add data using only GET ... ?

No matter how you go about letting clients access it, you'll end up violating RFC2616. It's ultimately up to you how you handle requests (nothing's going to stop you from doing this), but keep in mind that if you go against the HTTP specification, you might cause unexpected side-effects to clients and proxies who do abide by it.

Also see: Why shouldn't data be modified on an HTTP GET request?


As far as not being able to PUT from the browser, there are workarounds for that [1], [2], most of which use POST but also pass some sort of _method request parameter that's intercepted by the server and routes to the appropriate server-side action.

like image 172
Rob Hruska Avatar answered Sep 19 '22 23:09

Rob Hruska