Comments (10)
I'm aware that the spec technically allows it. But IMO that's not a good enough reason on its own. This is almost always going to be user error. I'd rather give the user clear and helpful feedback when they make a mistake than allow them to do something that's weird and unnecessary. If this causes genuine problems for people in an edge case, maybe we can come up with a pattern to do it using a custom instance or something so it's not too painful.
I'd say let's give this a try and see how it goes.
from ky.
Thanks for those links. The ElasticSearch API is certainly a surprise to me. I might spend some time trying to convince them to make it a POST
with a body or a GET
with query parameters.
I'm inclined to say Ky should still disallow this as it's almost certainly a mistake. But with a popular API using it, that might become harder to justify. Ergh, this is why we can't have nice things!
from ky.
from ky.
Hi. I tried to implement with conditional types but I think it is not possible use them in this context. If there was some generics then It would be easier to use conditional types. However I came up with union types. It works to but it is more verbose.
Here is PR for that #87
from ky.
FWIW, at fuel
we are running into servers now wanting GET
requests with body.
Between RFC2616's obsoletion and RFCs 7230-7237 a few changes were made regarding this. Most importantly the following has been removed
RFC 216 Section 4.3
[...] if the request method does not include defined semantics for an entity-body, then the message-body SHOULD be ignored when handling the request.
To my understanding this means that servers and peers may now accept bodies for GET (and HEAD) requests. The behaviour, just like with DELETE
requests are not defined.
RFC 7231 Section 4.3.1 and Section 4.3.2
A payload within a GET request message has no defined semantics;
sending a payload body on a GET request might cause some existing
implementations to reject the request.
from ky.
servers now wanting
GET
requests with body
Do you have some examples? I believe you but it's hard to understand why anyone would be doing this.
from ky.
Issues wanting GET and DELETE with bodies:
kittinunf/fuel#567
kittinunf/fuel#306
kittinunf/fuel#245
From the spec:
The presence of a message body in a request is signaled by a
Content-Length or Transfer-Encoding header field. Request message
framing is independent of method semantics, even if the method does
not define any use for a message body.
Actual example in the wild:
https://www.elastic.co/guide/en/elasticsearch/guide/master/analysis-intro.html
(and an issue filed against this requirement for Postman: postmanlabs/postman-app-support#131, and another one in swagger referencing elastic: swagger-api/swagger-ui#2136)
from ky.
Yep, I understand that reasoning. I think if it's documented with the workaround (cast to any
or to unknown
and then to working
) the reasoning holds up!
from ky.
Waiting for the day Mozilla wakes up and changes this to say GET requests have a body...
https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/GET
Until then, I'll be debating with myself which workaround is less wrong... (1) putting secret, complex queries into a publicly visible, URL-encoded query string parameter that could potentially exceed the URL size limit... or (2) sending requests for data with a POST method.
from ky.
Waiting for the day Mozilla wakes up and changes this to say GET requests have a body..
Maybe it should be updated to clarify that GET
requests can technically have a body, but should not. The simplicity is nice, though.
Until then, I'll be debating with myself which workaround is less wrong... (1) putting secret, complex queries into a publicly visible, URL-encoded query string parameter that could potentially exceed the URL size limit... or (2) sending requests for data with a POST method.
A few thoughts:
- Consider that URLs can actually be very long. Many thousands of characters, unless you need to support ancient browsers. See: https://stackoverflow.com/questions/417142/what-is-the-maximum-length-of-a-url-in-different-browsers
- Regarding complex queries, that sounds like a problem all on its own. Even in large apps with niche business logic, complex queries over HTTP are rarely a good idea. Think about why your client has to provide so much information to the server. Why doesn't your server have better knowledge of the desired "view" of the data to begin with? Not only do complex queries make your system more brittle, they are probably having an impact on performance. Consider having named collections for commonly requested slices of data. See if you can optimize your data structures so that more data can be fetched up front or in fewer requests, thus hopefully minimizing the URL-based querying you need to do. Optimize the names of each parameter, etc.
- Consider sorting, and maybe filtering, more of the data on the client. I see a lot of people send a
sort=
parameter to the server for things that could really be sorted on the client. Unless the response is huge, this could even apply to filtering data. Depending on the workload, it may even be better for overall system performance if these CPU-intensive tasks are done on the client (and thus in a distributed manner) rather than a centralized server. - As for the URL being "publicly visible", well, the entire request is publicly visible by most definitions. Passing a query in the body doesn't encrypt it or anything. If your argument is that a URL-based query is visible in the address bar... well, that might apply to someone using form actions where the page reloads with a query, but that doesn't apply to anyone using Ky, as AJAX / fetch requests are only visible in the network tools.
from ky.
Related Issues (20)
- TypeError: signal.throwIfAborted is not a function HOT 9
- Support for SSL client certificate in Nodejs undici HOT 1
- How to abort retry before hitting the retry limit?
- Cannot use import statement outside a module, Jest HOT 1
- Types for headers HOT 2
- How to handle HTTP Delete Method (204) with ky?
- [BUG] When Response is a string(not valid JSON), `json` method occurs error
- Cannot find module 'undici-types' or its corresponding type declarations
- ky response is an empty string sometimes HOT 2
- response.clone(...).arrayBuffer is not a function
- Content-Type detection HOT 3
- In Next.js app: Only absolute URLs are supported HOT 1
- Compatibility issue with Cloudflare Worker HOT 2
- FormData & Files Encoding
- Why I keep getting HTTPError when the throwHttpErrors is already set to `false` HOT 2
- Uncaught (in promise) TypeError: Cannot read properties of undefined (reading 'headers') HOT 1
- beforeError hook isn't called on 500 responses HOT 2
- how to send binary data? HOT 1
- Error: unsupported BodyInit type
- retry not working? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ky.