I actually come into this issue, when I am testing an API, which it does not accept a HTTP DELETE with body parameters, but accept query parameters.This is fine, but I am not convinced why body parameters are not handled.
I actually looked in W3C Specification, and it says the following
A payload within a DELETE request message has no defined semantics;sending a payload body on a DELETE request might cause some existingimplementations to reject the request.
Source: https://datatracker.ietf.org/doc/html/rfc7231#section-4.3.5
But still, it does not explain why the original design is in this way. Just ask user to be cautious when using body parameters in HTTP DELETE.
I continued searching, and found people suggest query parameters can exactly do the same thing.Why is not a good practice to have an entity body in a HTTP DELETE request?
Yes, I know query parameter work. But why not supporting body parameter? I also come up with someone mentioning RESTful, and think that the URL should identify the resource to be deleted already.
However, some APIs I found on the web, e.g. the one below, seems not able to identify the resources to be deleted from my understanding. e.g. /quotes?side=BUY, which delete ALL buy quotes, but you have no idea which quote you are cancelling.
Definitely, RESTful is just a concept, and is not a rule in HTTP specification which everyone need to obey. So the server can reply properly.
So back to the question, why some server libraries / standard does not accept body parameters in HTTP DELETE?
e.g. server side does not support HTTP DELETE body parameter https://github.com/lukeautry/tsoa/issues/362
e.g. frontend library does not support HTTP DELETE body parameterhttps://github.com/vercel/next.js/issues/49353