As we all know, file uploading is most often accomplished using POST method. So, why can't the GET method be used for file uploads instead? Is there a specific prohibition against HTTP GET uploads?
Asked
Active
Viewed 4.6k times
49
Pradip Kharbuja
- 3,442
- 6
- 29
- 50
-
15Because an URL is roughly limited to 2000 characters...trying to squeeze an entire file in there...not the smartest idea... – Till Helge Mar 04 '13 at 12:49
-
6plus the file would have to be url_encoded, which is also not a smart idea – x4rf41 Mar 04 '13 at 12:50
-
2Mainly because GET is used to get information, while POST is used to posting it to the server. Very basically, use GET only for things that do not change anything on the server, and POST only for things that do. – Madara's Ghost Mar 04 '13 at 20:46
-
Uploading data in a GET command makes perfect sense when the data is a parameter for the GET. Eg. a JSON encoded list of resource id's to obtain. Thanks for the clarifications below! – TheMadsen Mar 29 '17 at 07:27
-
Except for the long URLs, uploading images via GET to do a "similar images" search seems perfectly sensible. – Max Jan 30 '19 at 16:22
2 Answers
45
GET requests may contain an entity body
RFC 2616 does not prevent an entity body as part of a GET request. This is often misunderstood because PHP muddies the waters with its poorly-named $_GET superglobal. $_GET technically has nothing to do with the HTTP GET request method -- it's nothing more than a key-value list of url-encoded parameters from the request URI query string. You can access the $_GET array even if the request was made via POST/PUT/etc. Weird, right? Not a very good abstraction, is it?
Why a GET entity body is a bad idea
So what does the spec say about the GET method ... well:
In particular, the convention has been established that the GET and HEAD methods SHOULD NOT have the significance of taking an action other than retrieval. These methods ought to be considered "safe."
So the important thing with GET is to make sure any GET request is safe. Still, the prohibition is only "SHOULD NOT" ... technically HTTP still allows a GET requests to result in an action that isn't strictly based around "retrieval."
Of course, from a semantic standpoint using a method named GET to perform an action other than
"getting" a resource doesn't make very much sense either.
When a GET entity body is flat-out wrong
Regarding idempotence, the spec says:
Methods can also have the property of "idempotence" in that (aside from error or expiration issues) the side-effects of N > 0 identical requests is the same as for a single request. The methods GET, HEAD, PUT and DELETE share this property.
This means that a GET method must not have differing side-effects for multiple requests for the same resource. So, regardless of the entity body present as part of a GET request, the side-effects must always be the same. In layman's terms this means that if you send a GET with an entity body 100 times the server cannot create 100 new resources. Whether sent once or 100 times the request must have the same result. This severely limits the usefulness of the GET method for sending entity bodies.
When in doubt, always fall back to the safety/idempotence tests when evaluating the efficacy of a method and its resulting side-effects.
-
5Hello. If the end purpose of the request is to retrive information. For exmaple, if I have an endpoint that accept a file and returns the first line in the file as a JSON response. Then why should I not make it a GET? – variable Dec 06 '19 at 14:03
-
1I second @variable. It think in this case either safety and idempotency is preserved. – Piotr Karnasiewicz Feb 16 '21 at 14:22
-3
In case of GET Method
- Appends form-data into the URL in name/value pairs and length of URL is limited(3000 characters).
- File content can't be put inside a URL parameter using a form.So use POST
- In Get method, the value of action, appends a `?' to it, then appends the form data set, encoded using the "application/x-www-form-urlencoded" content type. The user agent then traverses the link to this URI. In this scenario, form data are restricted to ASCII codes.
So, that file upload is not possible in GET Method
Sudhir
- 835
- 11
- 31