Summary
In a recent blog post, Elliotte Rusty Harold complains that the only HTTP verbs browsers support are GET and POST, and explains why he feels it would be useful if browsers also supported PUT and DELETE.
Advertisement
In Why REST Failed, Elliotte Rusty Harold explains the difference between GET, POST, PUT, and DELETE:
GET is used for safe operations: ones without any side effects. GETable operations can be completely specified by the URL and can be bookmarked, linked to, prefetched, cached, and otherwise optimized.
POST is used for unsafe operations: ones that cause things to happen. You can’t even use the back button on a post without seeing a warning. For example, pressing the buy button in an online store should be a post because it cause the credit card to be charged. Pushing the buy button twice, causes you to be charged twice. That’s unsafe and shouldn’t be done by a machine without a human decision. Furthermore, a lot of the data for a POST request is actually encapsulated in the the HTTP request body, not in the URL as with a GET. Thus POST operations cannot be bookmarked, linked to, prefetched, cached, and otherwise optimized. However, POST is the most general method and can be used for almost anything.
PUT is used to create or update a resource at a specific URL. PUT is not safe (it changes or creates a new resource) but it is idempotent. That means that if you aren’t sure if a request succeeded, try it again. PUTting the same content twice is not a problem. The end result is the same as PUTting it once.
DELETE is the simplest method. It deletes the resource at a specified URL. It too is idempotent, since deleting a previously deleted resource has no effect.
The main point of Harold's blog entry is that although these four verbs are all you need to do anything you want over HTTP, browsers unfortunately only support GET and POST:
The beauty of REST is that those four verbs are all you need. Everything you need to do can be done with GET, PUT, POST, and DELETE. You don’t need to invent a new verb for every operation you can imagine. This make HTTP scalable, flexible, and extensible. Simplicity leads to power.
The problem is that GET, PUT, POST, and DELETE really are a minimal set. You truly do need all four, and we only have two; and I’ve never understood why. In 2006 browser vendors still don’t support PUT and DELETE. A few browsers over the years have tried to implement these as parts of editing functionality, but they’ve never allowed it in a real web application as opposed to a thick client GUI. The method of an HTML form is limited to GET and POST. PUT and DELETE are not allowed. This isn’t some failure of browser vendors to properly implement the specification either. The HTML specification only allows GET and POST as form actions. XHTML and even XForms 1.0 don’t change this. This means it’s impossible to build a fully RESTful client application inside a web browser. Consequently everyone tunnels everything through POST, and simply ignores PUT and DELETE.
One of the key differences between POST and PUT that Harold has identified is that PUT is supposed to be idempotent and POST is not necessarily idempotent. If browsers were to support PUT and DELETE, how would you use them? How would you want that support to be implemented, and how would it make your life easier?
Well, for a start, it would make publishing Atom entries a lot easier. Same would also be true for editing e.g. wikis or websites (assuming suitable levels of authentication, of course). It would also make it useful for treating a website like a file server ...
IMHO, Rest didn't fail because browsers don't support PUT and DELETE. REST failed because there was not enough demand for browsers to support them. REST is a nice piece of technology, but it really doesn't add much over the other existing technologies.
> Well, for a start, it would make publishing Atom entries a > lot easier. Same would also be true for editing e.g. wikis > or websites (assuming suitable levels of authentication, > of course). It would also make it useful for treating a > website like a file server ...
Could you elaborate on how it would help publishing Atom entries and editing wikis on websites? And what is the use case for treating a website like a file server?
I don't think it correct to say that REST has failed. REST does fail when we fail to adhere to REST. The web industry has largely failed to adhere to REST. I believe this largely because of the introduction of the capability to have a session that stores state information on the server. Using a session to store application state information destroys REST. Unfortuneately, the convenience of using a session to store state information server side has lured much of web application developers into inadverantly falling away from maintaining REST. The session concept has it's place, but it in general it is terrible paradigm to build your applications on. Kris www.authenteo.com