Possess, all possess¹. The body is an attribute of an abstraction superior to the entity of the request; i.e., every HTTP request is, like every HTTP response, a message HTTP and any message can be composed of start line, headings and body.
HTTP-message = start-line
*( header-field CRLF )
CRLF
[ message-body ]
In fact, the only thing that differentiates a request from an answer is just the start line.
Including, in RFC 7231, which is the most current specification, when defining the get method, does not cite that it has no body; on the contrary, it brings the following quote:
A payload Within a GET request message has no defined Semantics; sending a payload body on a GET request Might cause some existing implementations to Reject the request.
That in free translation, would be that the cargo (body) of a GET request has no defined semantics; a GET request with body content may eventually be rejected in some implementations. So, if your application needs a body in a GET request, there is nothing wrong.
A simple case to visualize is to imagine that you own a route that brings the products sold in a virtual store:
/produtos
And you want to implement filters so that you can select which products will be returned.
/produtos?data_cadastro.de=2018-05-01&data_cadastro.ate=2018-05-05
/produtos?preco.ate=100
/produtos?condicao=novo,usado
/produtos?possui_garantia=1
/produtos?nome.contem=camiseta
/produtos?frete_gratis=1
And a hundred other possible filters. Imagine the size of the URL to load so much information? To simplify, you might as well pass all the information through the body of the request.
The same happens with the DELETE method, although much less often, since you would hardly have such complexity in deleting a resource, but, if necessary, no problem at all.
(1): All methods have body, including HEAD, but by definition any content present in your body should be ignored by the server when generating the HTTP response.
In that there is no problem at all, does that mean no contraindication? In my case I would like to pass the username and password of an account to validate the deletion
– Costamilam
If you are implemented the server, there is no problem, because the server will know what to do with the body. What is not recommended is to send the body in a request without knowing if the resource on the server has support, because if it does not, the request can be denied even before it is processed.
– Woss
Yeah, I’m doing the back and front. Just out of curiosity (at least for now), how do I make a GET request by passing a body and how do I get this body on the back? Could I give a simple example?
– Costamilam
With PHP, for example, if I’m not mistaken, it can be done with
file_get_contents('php://input')
. I’m just not sure if Apache, by default, transfers the GET request body to PHP.– Woss
You know how I could pass a glass in the requisition with js?
– Costamilam