| ▲ | ronbenton 2 hours ago | |
I’ve seen a framework strip body content off GET requests, so doing hacky things doesn’t even always work. The QUERY method is a welcome addition | ||
| ▲ | pdpi 2 hours ago | parent | next [-] | |
Insofar as I'm concerned, a GET request with a body is an attack-shaped aberration. E.g. Somebody who's trying to get me to mix up validating query string parameters and request body parameters. Hacky things not working is a feature, not a bug. | ||
| ▲ | tgv an hour ago | parent | prev | next [-] | |
I'd say it's the framework doing the hacky thing. It should be optional. AFAIK, the HTTP spec allows for it, under certain conditions. "A client SHOULD NOT generate content in a GET request unless it is made directly to an origin server that has previously indicated, in or out of band, that such a request has a purpose and will be adequately supported." | ||
| ▲ | psychoslave 2 hours ago | parent | prev [-] | |
Is the stripper service in question already implementing it? | ||