HTML4 / XHTML1 allows only GET and POST in forms, now it seems like HTML5 will do the same. There is a proposal to add these two but it doesn't seem to be gaining traction. What were the technical or political reasons for not including PUT and DELETE in HTML5 specification draft?
Take the 2-minute tour
×
Programmers Stack Exchange is a question and answer site for professional programmers interested in conceptual questions about software development. It's 100% free, no registration required.
|
This is a fascinating question. The other answers here are all speculative, and in some cases flat-out incorrect. Instead of writing my opinion here, I actually did some research and found original sources that discuss why delete and put are not part of the HTML5 form standard. As it turns out, these methods were included in several, early HTML5 drafts (!), but were later removed in the subsequent drafts. Mozilla had actually implemented this in a Firefox beta, too. What was the rationale for removing these methods from the draft? The W3C discussed this topic in bug report 10671. Mike Amundsen argued in favor of this support:
It's worth reading his entire post. Tom Wardrop also makes an interesting point:
The bug was eventually closed as Won't Fix by Ian Hickson, with the following rationale:
However, that's not the end of the story! The issue was closed in the W3C bug tracker and escalated to the HTML Working Group issue tracker: https://www.w3.org/html/wg/tracker/issues/195 At this point, it seems that the main reason why there is no support for these methods is simply that nobody has taken the time to write a comprehensive specification for it. |
|||||
|
|
GET and POST have a clear content-neutral rationale. GET is to retrieve the content of an URL in a way that is safe to repeat and possibly cache. POST is to do something in a way that is not safe to repeat, execute speculatively, or cache. There was no similar rationale for PUT or DELETE. They are both completely covered by POST. Creating or destroying a resource are operations that are not safe to repeat, not safe to execute speculatively, and should not be cached. There are no additional special semantics needed for them. So basically there is no benefit. |
|||||||||||||||||||||
|
|
My understanding is that browsers don't know what to do once they send a PUT or a DELETE. A POST will redirect to an appropriate page usually, but PUT and DELETE typically don't. This makes them appropriate for calling via ajax or a native program, but not from a web browser form. I can't hind it right now, but I remember reading one of the html5 mailing lists when they were discussing this. |
|||||||||
|
|
Just throwing out a wild guess, but probably because HTTP isn't terribly good with access control at the best of times, and the last thing everyone needs is even more ways for malicious URLs to compromise a poorly secured website and/or application. HTTP isn't really a good protocol for file transfers other than downloading from server to client. Use FTP - or better yet, SFTP. |
|||||||||
|
|
Get and post are are formats of transmitting the the data of the request. I suppose you are asking about making form submission into a RESTFUL service. But it does not make sense to change the http request standard to make assumptions the purpose of the http request. Information of about the purpose that the request fills is best handled in the input fields. Having an address and get and post allows the server to interpret the request and it's input values correctly. From there the input values allow you to make open ended requests to the server and do what ever you want. For example, you can have a field whose values are "put" and "delete" |
|||||
|
<form>methods. – FilipK Oct 13 '11 at 14:01