REST API rule about tunneling

https://softwareengineering.stackexchange.com/questions/171412

05-11-2019
|

Question

Just read this in the REST API Rulebook: GET and POST must not be used to tunnel other request methods.

Tunneling refers to any abuse of HTTP that masks or misrepresents a message’s intent and undermines the protocol’s transparency. A REST API must not compromise its design by misusing HTTP’s request methods in an effort to accommodate clients with limited HTTP vocabulary. Always make proper use of the HTTP methods as specified by the rules in this section. [highlights by me]

But then a lot of frameworks use tunneling to expose REST interfaces via HTML forms, since <form> knows only about GET and POST. My most recent example is a MethodRewriteMiddleware for flask (submitted by the author of the framework): http://flask.pocoo.org/snippets/38/.

Any ways to comply to the "Rule" without hacks or add-ons in web frameworks?

No correct solution

Licensed under: CC-BY-SA with attribution

Not affiliated with softwareengineering.stackexchange