HTTP QUERY Ratified as RFC 10008 The First New HTTP Method in Over 20 Years.

IETF Ratifies RFC 10008: 'HTTP QUERY' Becomes the First New Official HTTP Method in Over Two Keys

The Internet Engineering Task Force (IETF) has officially published RFC 10008, formalizing the HTTP QUERY method as the 9th official command in the HTTP protocol suite. Architected to optimize data retrieval, the QUERY method operates similarly to a traditional GET request but introduces a critical structural shift: it allows complex query parameters to be encapsulated directly within the request body rather than appending them to the URL string, effectively eliminating URL length constraints.

The official history of HTTP methods has remained remarkably conservative over the decades:

• 1997 (RFC 2068): The first official HTTP/1.1 specification defined 7 core methods: OPTIONS, GET, HEAD, POST, PUT, DELETE, and TRACE.

• 1999 (RFC 2616): The core suite expanded to 8 with the introduction of the CONNECT method.

• 2022 (RFC 9110): Despite comprehensive modernization overhauls to clarify HTTP semantics, no new base methods were added until now.

Prior to RFC 10008, developers handling complex, deeply nested, or lengthy database queries were forced to repurpose the POST method to bypass URL length limitations. However, POST is architecturally non-idempotent and unsafe.

The breakthrough of the new QUERY method is its classification under "Safe Methods." This explicit designation guarantees that executing a QUERY request will never alter server-side data state. With this update, the matrix of official HTTP methods is structurally classified as follows:

HTTP Method	Safe? (Does not alter data)	Idempotent? (Repeatable with identical side effects)	Request Body Support
GET / HEAD / OPTIONS / TRACE	🟢 Yes	🟢 Yes	❌ Not Recommended
QUERY (New - RFC 10008)	🟢 Yes	🟢 Yes	🚀 Fully Supported
PUT / DELETE	❌ No	🟢 Yes	🟢 Supported
POST / CONNECT	❌ No	❌ No	🟢 Supported

Beyond its technical capabilities, RFC 10008 holds a unique milestone in internet history as the first-ever RFC to feature a 5-digit document index number. While the sequential pipeline reached RFC 9969 without unassigned gaps, the IETF deliberately skipped intermediate blocks to allocate this historic five-digit milestone specifically for the QUERY specification.

In the past, in the world of API development (such as REST APIs), developers often encountered a major problem when creating "advanced data retrieval" systems with numerous filters. Using the GET request, the parameters in the URL would exceed the limitations of web browsers or proxies (typically 2,048 characters). Sending data through the request body in a GET request was not recommended by the native protocol specification, and many libraries would immediately truncate the body. This forced developers to use the POST request instead, even though it contradicts the semantic design principles because POST is designed to "create new data," not retrieve it. The emergence of QUERY therefore provided the most official and cleanest solution to this problem.

Data Privacy: When users search for sensitive information (such as patient IDs or financial data) using the traditional GET request, those query values ​​are stored in the web server's logs, browser history, and are easily visible through URLs on the network, making them vulnerable to data leaks. Switching to queries that hide data within the request body ensures that query data is encrypted along with all HTTPS traffic and is not logged in URL logs, significantly enhancing security for large organizations and financial systems.

The internet's arrival at a five-digit RFC number (RFC 10008) is a momentous symbolic event since the initial recording of RFC 1 in 1969. The IETF's decision to skip 9969 and directly initiate a five-digit number for HTTP queries reflects the immense importance the global internet standards organization places on this directive, marking a fundamental shift in the infrastructure of the World Wide Web we use daily for over 20 years.

 

 

India Imposes Nationwide Telegram Ban to Block Massive Medical Exam Paper-Leak Syndicates. 

 

Source: IETF 

💬 AI Content Assistant

Ask me anything about this article. No data is stored for your question.

IETF Ratifies RFC 10008: 'HTTP QUERY' Becomes the First New Official HTTP Method in Over Two Keys

The Internet Engineering Task Force (IETF) has officially published RFC 10008, formalizing the HTTP QUERY method as the 9th official command in the HTTP protocol suite. Architected to optimize data retrieval, the QUERY method operates similarly to a traditional GET request but introduces a critical structural shift: it allows complex query parameters to be encapsulated directly within the request body rather than appending them to the URL string, effectively eliminating URL length constraints.

The official history of HTTP methods has remained remarkably conservative over the decades:

• 1997 (RFC 2068): The first official HTTP/1.1 specification defined 7 core methods: OPTIONS, GET, HEAD, POST, PUT, DELETE, and TRACE.

• 1999 (RFC 2616): The core suite expanded to 8 with the introduction of the CONNECT method.

• 2022 (RFC 9110): Despite comprehensive modernization overhauls to clarify HTTP semantics, no new base methods were added until now.

Prior to RFC 10008, developers handling complex, deeply nested, or lengthy database queries were forced to repurpose the POST method to bypass URL length limitations. However, POST is architecturally non-idempotent and unsafe.

The breakthrough of the new QUERY method is its classification under "Safe Methods." This explicit designation guarantees that executing a QUERY request will never alter server-side data state. With this update, the matrix of official HTTP methods is structurally classified as follows:

HTTP Method	Safe? (Does not alter data)	Idempotent? (Repeatable with identical side effects)	Request Body Support
GET / HEAD / OPTIONS / TRACE	🟢 Yes	🟢 Yes	❌ Not Recommended
QUERY (New - RFC 10008)	🟢 Yes	🟢 Yes	🚀 Fully Supported
PUT / DELETE	❌ No	🟢 Yes	🟢 Supported
POST / CONNECT	❌ No	❌ No	🟢 Supported

Beyond its technical capabilities, RFC 10008 holds a unique milestone in internet history as the first-ever RFC to feature a 5-digit document index number. While the sequential pipeline reached RFC 9969 without unassigned gaps, the IETF deliberately skipped intermediate blocks to allocate this historic five-digit milestone specifically for the QUERY specification.

In the past, in the world of API development (such as REST APIs), developers often encountered a major problem when creating "advanced data retrieval" systems with numerous filters. Using the GET request, the parameters in the URL would exceed the limitations of web browsers or proxies (typically 2,048 characters). Sending data through the request body in a GET request was not recommended by the native protocol specification, and many libraries would immediately truncate the body. This forced developers to use the POST request instead, even though it contradicts the semantic design principles because POST is designed to "create new data," not retrieve it. The emergence of QUERY therefore provided the most official and cleanest solution to this problem.

Data Privacy: When users search for sensitive information (such as patient IDs or financial data) using the traditional GET request, those query values ​​are stored in the web server's logs, browser history, and are easily visible through URLs on the network, making them vulnerable to data leaks. Switching to queries that hide data within the request body ensures that query data is encrypted along with all HTTPS traffic and is not logged in URL logs, significantly enhancing security for large organizations and financial systems.

The internet's arrival at a five-digit RFC number (RFC 10008) is a momentous symbolic event since the initial recording of RFC 1 in 1969. The IETF's decision to skip 9969 and directly initiate a five-digit number for HTTP queries reflects the immense importance the global internet standards organization places on this directive, marking a fundamental shift in the infrastructure of the World Wide Web we use daily for over 20 years.

 

 

India Imposes Nationwide Telegram Ban to Block Massive Medical Exam Paper-Leak Syndicates. 

 

Source: IETF