Skip to main content

Bug Tracker

Side navigation

#7285 closed bug (fixed)

Opened October 22, 2010 11:08AM UTC

Closed October 25, 2010 08:06PM UTC

Last modified August 24, 2012 04:11PM UTC

Ajax Data Body Regression

Reported by: Mal Owned by: dmethvin
Priority: low Milestone: 1.4.4
Component: ajax Version: 1.4.3
Keywords: Cc:
Blocked by: Blocking:
Description

Problem:

Any data sent using GET, HEAD or DELETE is ignored. This is inappropriate behavior for DELETE as the spec leaves it open to carrying a data body.

Test Case:

http://www.locatetv.com/blog/test/test.php

PUT echos as expected, DELETE does not.

Cause:

http://github.com/jquery/jquery/commit/c4e653237f258ce618ad5a9ec677917166fbed16

Possible Solution:

http://github.com/malibu/jquery/commit/e0a604b90e1d927233d936851c07a427eaa53a2d

Remove DELETE from rnoContent (ajax.js:7).

Attachments (0)
Change History (7)

Changed October 22, 2010 02:18PM UTC by dmethvin comment:1

Can you provide a link to the spec? When researching it I convinced myself DELETE couldn't have a body.

Changed October 22, 2010 02:54PM UTC by Mal comment:2

_comment0: HTTP 1.1 DELETE Spec can be found here in section 9.7[[BR]] \ http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html \ \ This question was also asked on StackOverflow, and has a very good answer:[[BR]] \ http://stackoverflow.com/questions/299628/is-an-entity-body-allowed-for-an-http-delete-request \ \ Basic gist of it is that; the only method forbidden from having an entity body is TRACE (see section 9.8 "A TRACE request MUST NOT include an entity."), all other methods offer no such clarity. \ \ Perhaps the ideal solution would be to ban bodies from TRACE, and fallback to checking the contents of data for everything else.1287760330412324

HTTP 1.1 DELETE Spec can be found here in section 9.7

http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html#sec9.7

This question was also asked on StackOverflow, and has a very good answer:

http://stackoverflow.com/questions/299628/is-an-entity-body-allowed-for-an-http-delete-request

Basic gist of it is that; the only method forbidden from having an entity body is TRACE (see section 9.8 "A TRACE request MUST NOT include an entity."), all other methods offer no such clarity.

Perhaps the ideal solution would be to ban bodies from TRACE, and fallback to checking the contents of data for everything else.

Changed October 22, 2010 03:42PM UTC by dmethvin comment:3

component: unfiledajax
milestone: 1.51.4.4
owner: → dmethvin
priority: undecidedlow
status: newassigned

Ugh, thanks Mal. I agree after reading the spec and SO link.

Right now,

$.ajax
automagically serializes the
data
property and appends it to the
url
string for methods that it thinks can't have a body. We can't do that if everything can have a body.

http://github.com/jquery/jquery/blob/master/src/ajax.js#L218

http://github.com/jquery/jquery/blob/master/src/ajax.js#L280

(Need to see if we can do that sooner to avoid duplication.)

Let's all agree that GET and HEAD can't have a body, no matter what the spec says. That way we can retain url-serialization for

data
only on GET (which we already do) and HEAD (which I'll fix in the patch).

Changed October 24, 2010 08:48PM UTC by snover comment:4

Regression from what version of jQuery?

Changed October 25, 2010 09:50AM UTC by mal comment:5

@dmethvin:

Sounds good, happy to help.

@snover:

It was working as expected in 1.4.2.

Changed October 25, 2010 08:06PM UTC by dmethvin comment:6

resolution: → fixed
status: assignedclosed

Allow DELETE requests to have a content body, and properly serialize data to the url for HEAD requests. Fixes #7285.

Changeset: 09022e0b09db71259751e7146bb64727615028af

Changed August 24, 2012 04:11PM UTC by jaubourg comment:7

#11586 is a duplicate of this ticket.