ReST :: Framework support for body with GET method

[AJ Mercer]

Hello Adam, Luis and framework fans,

A ticket was raised for Railo for cfhttp to support BODy with a GET method request.

At first I thought this seemed a bit bazaar and found some posts that say HTTP specs support it, but it isn't really the ReSTfull way of doing things.

So I was wondering what people thought about this and if Taffy or ColdBox Relax support it?

I just did a quick test on Railo 4.1 and it does not support it.

If some one is Keen to test on ColdFusion 10 I will send me test code.

Anyhoo, I am now thinking that this use case might be a good reason to use it: Client Login.

Normally a login is done via a form so I would guess most people would use the POST method in ReST.

But with a login you are not creating or updating a resource; so is POST a good method to use?

If you were to use a GET method, you would not want to send username and password on the query_string.

If you are using HTTPS, and put the username in the BODY, the data would be encrypted.

Interested in what other people think about this and how they do logins over ReST.

​ ​

--

AJ Mercer
<webonix:net strength="Industrial" /> | <webonix:org community="Open" />
http://twitter.com/webonix

Railo Community Manager

[Adam Tuttle]

AJ,

I'd be glad to run your tests on ACF10.

Taffy would accept HTTP Request Body arguments for a GET request, if CF exposed them (No idea if it does... never tried)

Here's how I grab them:

<cffunction name="getRequestBody" access="private" output="false" hint="Gets request body data, which CF doesn't do automatically for some verbs">

<!--- Special thanks to Jason Dean (@JasonPDean) and Ray Camden (@ColdFusionJedi) who helped me figure out how to do this --->

<cfset var body = getHTTPRequestData().content />

<!--- on input with content-type "application/json" CF seems to expose it as binary data. Here we convert it back to plain text --->

<cfif isBinary(body)>

<cfset body = charsetEncode(body, "UTF-8") />

</cfif>

<cfreturn body />

</cffunction>

I would tend to agree that body content for a GET request is not RESTful, and that's why I've never even bothered trying.

To your SSL example, my understanding is that (when using SSL) the URL is encrypted as well, so there would be no extra security had by using body arguments over query string parameters.

Adam

Adam

--
You received this message because you are subscribed to the Google Groups "Taffy Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to taffy-users...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.