What are practical use-cases for the HTTP verb REPORT and why is it neglected over time?
Asked Answered
F

1

15

Whenever I have to create a RESTful web service and the use case implies on getting data based on a set of search criteria, I always opted for a POST request with the parameters in the body instead of a GET request for all the obvious reasons. I've seen it a dozen of times so I figured is was best practice.

Most recently I stumbled upon this interesting blog article by Evert Pot where he comments on the downsides of the POST verb and simply notes on using the REPORT verb instead. He also states that "its semantics are well defined and it works everywhere". After reading the post I've been trying to find some more information on this REPORT verb but not much can be found. I know it was part of RFC-3253 as a way to obtain information about a resource but other than that I am clueless.

My question are the following:

  1. Is REPORT really a better alternative than POST in the case of requesting a resource based on a set of search criteria?
  2. Is it wise to start using it or is it too risky? I'm seeing lots of HTTP Method REPORT not supported issues from various tools and frameworks.
  3. Why does it seem like it is neglected over the years and why do we know so little about it?
  4. What could other valid use-cases be for using this verb?

Thank you in advance.

Fabrianne answered 1/3, 2017 at 14:15 Comment(1)
I'm looking for a better verb to use for arbitrary user input when searching. We don't want sensitive personal information to be stored in web server logs and can't use GET with query parameters. Our solution right now is to use POST to "hide" the search parameters in the request body. REPORT could be a better solution.Eubank
L
3

The REPORT method is defined in the webdav scope, including the Depth header field, and the DAV:version-tree report request.

Using it outside webdav you may incur in some unspecified behavior.

A REPORT request is an extensible mechanism for obtaining information about a resource.

This is semantically different from a POST request, where you usually transfer the expected representation you want to convey to the server.

Consider that in the HTTP method registry REPORT is marked as "safe" and "idempotent", while that's not the case for POST

the value of a report can depend on additional information specified in the REPORT request body and in the REPORT request headers.

Those are tied to webdav. To foster REPORT usage we should extend its definition and disentangle it from webdav.

Lilliamlillian answered 29/8, 2019 at 15:19 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.