|
|
Post by AMI_Mani on Apr 5, 2024 10:16:46 GMT
Hi, Is it possible to pass request body(with attributes) for delete operation? Like for network firewall rules we need to mention all attributes to delete, so can we accept all these attributes in delete request. As per RFC we have below details datatracker.ietf.org/doc/html/rfc7231#section-4.3.5A payload within a DELETE request message has no defined semantics;
sending a payload body on a DELETE request might cause some existing
implementations to reject the request.As per above implementation can support delete request with payload(request data). I'm unable to find any details about request body in delete operation in latest redfish specification(1.20.0) Thanks, Mani |
|
|
|
Post by mraineri on Apr 5, 2024 12:10:04 GMT
Like with HTTP, we don't define payload semantics with the DELETE operation. You could allow a client to provide a request body, but at that point you're stepping outside of the Redfish spec. There is an update about this in RFC9110: datatracker.ietf.org/doc/html/rfc9110#name-delete> Although request message framing is independent of the method used, content received in a DELETE request has no generally defined semantics, cannot alter the meaning or target of the request, and might lead some implementations to reject the request and close the connection because of its potential as a request smuggling attack (Section 11.2 of [HTTP/1.1]). A client SHOULD NOT generate content in a DELETE request unless it is made directly to an origin server that has previously indicated, in or out of band, that such a request has a purpose and will be adequately supported. An origin server SHOULD NOT rely on private agreements to receive content, since participants in HTTP communication are often unaware of intermediaries along the request chain. So, while you can do that, it's certainly frowned upon. The semantics of DELETE are to remove the URI specified by the client; you don't need a payload to augment that sort of request. |
|
|
|
Post by AMI_Mani on Apr 5, 2024 17:32:38 GMT
Thanks for reply. Can we use post action instead of delete operation for achieving same result?
Thanks,
Mani
|
|
|
|
Post by mraineri on Apr 5, 2024 17:58:59 GMT
You can define an action with a side effect that deletes a resource. For example, the ClearLog action on LogService can be thought of as a glorified "delete all" for the members of the log entry collection. You just need to define the action in schema, give clear descriptions for its behaviors, and show the action in the resource in question where you want to perform this type of operation.
|
|
|
|
Post by ginugeorge on Apr 8, 2024 7:10:16 GMT
You can define an action with a side effect that deletes a resource. For example, the ClearLog action on LogService can be thought of as a glorified "delete all" for the members of the log entry collection. You just need to define the action in schema, give clear descriptions for its behaviors, and show the action in the resource in question where you want to perform this type of operation. As per the Redfish Specification, we see that the DELETE Method on any Instance doesnt require a request body to be passed as input and the Instance will be deleted as a end-result. But, in case, if we have an Action as mentioned below, with the support for the DELETE Method, DELETE https://{{ip}}/redfish/v1/Managers/{{ManagerInstance}}/EthernetInterfaces/{{EthernetInstance}}/Actions/Oem/{{OemName}}/{{ActionName}}Is it ok to allow the end user to pass a request body to be passed as input ? or similar to DELETE Method on any Instance, we need to block the DELETE Action request, if user passes any request body ? |
|
|
|
Post by mraineri on Apr 10, 2024 13:34:00 GMT
If you're using an action, then it would be a POST operation. All actions are performed via POST operations, and you can specify requirements for the request body with action parameters.
|
|
