What alternative is advised when a client can't make a PUT/DELETE request?

Question

I'm looking to implement a RESTful API and I was wondering what parameter is advised when the browser client can't do a PUT/DELETE request to the server. (since some browser apparently doesn't support these requests)

Does it exist a specific parameter name for that? (something like request_method=DELETE on a POST request, that should indicate to the server that the client really want a DELETE but can't indicate it)? or there is no specifications like that?

My searches lead me to the parameters "_method" used by prototype.js. But is this parameters a standard? For example, how jQuery handle it?

Thanks for your help.

Answer 1

What you are essentially asking about is called method overloading - although it's not 100% RESTful, it's an approach which you can fallback to in case that the client doesn't support PUT/DELETE methods. Richardson's/Ruby's book RESTful Web Services mentions this method as well.

You coined the basic principle yourself in your question - the difference when compared to the fully RESTful approach is that you introduce a new parameter which is submitted as part of the request body via POST. This parameter indicates the intended method (e.g. POST/PUT/DELETE) which is being submitted via an (overloaded) POST request. This allows you to overcome the HTTP method limitation of the client while still keeping your URI design clean and RESTful (e.g. without verbs). However you should still aim to be as much RESTful as possible, i.e. keep using GET for read-only requests (thus not impacting caching, etc) and use overloaded post for any write requests. As to how to name the parameter which holds the true HTTP method - I'm not aware of any standardized naming policies myself, so going with what's used by Prototype.js (or with any name that fits well into your naming policy) should be fine.

Regarding jQuery and XmlHttpRequest in general, these should support PUT and DELETE methods. See:

• XmlHttpRequest spec (see bullet #3)
• jQuery.ajax documentation (see type)

Note that the jQuery documentation warns about support of PUT/DELETE being browser-dependent. The way I understand it is that these methods should be supported when using XHR ... however you should rather test if all your target browsers support these methods before making a decision between POST overloading vs. the full HTTP method stack.

jQuery by default provides access to .get() and .post() methods which are both built on top of .ajax(). For doing PUT/DELETE calls via jQuery you need to use .ajax() method directly and specify the method in type in settings. This however does a true PUT/DELETE request, as jQuery itself does not provide any automatic means how to handle method overloading (so you need to code it yourself so that it fits into your API design).

If you won't be using XHR and need to rely on standard forms, then I'm afraid that you will have to use method overloading because support for PUT/DELETE methods as valid form action values has been dropped from the HTML5 spec (this was also noted in the SO question which you are referring to).

Answer 2

The methods PUT/DELETE/GET are usually determiend by the HTTP headers sent with the request. While you should stick to using the methods you can do what you want really in your service with the call that comes in - tho then you're kinda of breaking the idea of RESTfull services :)

Here is a very informative post on REST that should help clear your thoughts - Understanding REST: Verbs, error codes, and authentication