2012-10-13 18:07:43 +04:00
# Browser enhancements
2012-08-29 23:57:37 +04:00
2012-09-01 23:26:27 +04:00
> "There are two noncontroversial uses for overloaded POST. The first is to *simulate* HTTP's uniform interface for clients like web browsers that don't support PUT or DELETE"
>
2012-10-30 14:30:41 +04:00
> — [RESTful Web Services][cite], Leonard Richardson & Sam Ruby.
2012-08-29 23:57:37 +04:00
2015-09-28 18:37:48 +03:00
In order to allow the browsable API to function, there are a couple of browser enhancements that REST framework needs to provide.
As of version 3.3.0 onwards these are enabled with javascript, using the [ajax-form][ajax-form] library.
2012-08-29 23:57:37 +04:00
2015-09-28 18:37:48 +03:00
## Browser based PUT, DELETE, etc...
2012-10-30 14:30:41 +04:00
2015-09-28 18:37:48 +03:00
The [AJAX form library][ajax-form] supports browser-based `PUT` , `DELETE` and other methods on HTML forms.
2012-08-29 23:57:37 +04:00
2015-09-28 18:37:48 +03:00
After including the library, use the `data-method` attribute on the form, like so:
2012-08-29 23:57:37 +04:00
2015-09-28 18:37:48 +03:00
< form action = "/" data-method = "PUT" >
< input name = 'foo' / >
...
2012-10-30 14:30:41 +04:00
< / form >
2012-08-29 23:57:37 +04:00
2015-09-28 18:37:48 +03:00
Note that prior to 3.3.0, this support was server-side rather than javascript based. The method overloading style (as used in [Ruby on Rails][rails]) is no longer supported due to subtle issues that it introduces in request parsing.
2012-08-29 23:57:37 +04:00
2015-09-28 18:37:48 +03:00
## Browser based submission of non-form content
2013-03-12 06:48:40 +04:00
2015-09-28 18:37:48 +03:00
Browser-based submission of content types such as JSON are supported by the [AJAX form library][ajax-form], using form fields with `data-override='content-type'` and `data-override='content'` attributes.
2013-03-13 00:49:20 +04:00
2015-09-28 18:37:48 +03:00
For example:
2013-03-12 06:48:40 +04:00
2015-09-28 18:37:48 +03:00
< form action = "/" >
< input data-override = 'content-type' value = 'application/json' type = 'hidden' / >
< textarea data-override = 'content' > {}< / textarea >
< input type = "submit" / >
< / form >
2013-03-12 06:48:40 +04:00
2015-09-28 18:37:48 +03:00
Note that prior to 3.3.0, this support was server-side rather than javascript based.
2013-03-12 06:48:40 +04:00
2015-09-28 18:37:48 +03:00
## URL based format suffixes
2012-08-29 23:57:37 +04:00
2015-09-28 18:37:48 +03:00
REST framework can take `?format=json` style URL parameters, which can be a
useful shortcut for determining which content type should be returned from
the view.
2012-08-29 23:57:37 +04:00
2015-09-28 18:37:48 +03:00
This behavior is controlled using the `URL_FORMAT_OVERRIDE` setting.
2012-08-29 23:57:37 +04:00
2015-09-28 18:37:48 +03:00
## HTTP header based method overriding
2012-08-29 23:57:37 +04:00
2015-09-28 18:37:48 +03:00
Prior to version 3.3.0 the semi extension header `X-HTTP-Method-Override` was supported for overriding the request method. This behavior is no longer in core, but can be adding if needed using middleware.
2012-08-29 23:57:37 +04:00
2015-09-28 18:37:48 +03:00
For example:
2012-08-29 23:57:37 +04:00
2015-09-28 18:37:48 +03:00
METHOD_OVERRIDE_HEADER = 'HTTP_X_HTTP_METHOD_OVERRIDE'
2017-11-09 22:57:53 +03:00
2015-09-28 18:37:48 +03:00
class MethodOverrideMiddleware(object):
def process_view(self, request, callback, callback_args, callback_kwargs):
if request.method != 'POST':
return
if METHOD_OVERRIDE_HEADER not in request.META:
return
request.method = request.META[METHOD_OVERRIDE_HEADER]
2012-10-30 14:30:41 +04:00
2015-09-28 18:37:48 +03:00
## URL based accept headers
2012-10-30 14:30:41 +04:00
2015-09-28 18:37:48 +03:00
Until version 3.3.0 REST framework included built-in support for `?accept=application/json` style URL parameters, which would allow the `Accept` header to be overridden.
2012-08-29 23:57:37 +04:00
2015-09-28 18:37:48 +03:00
Since the introduction of the content negotiation API this behavior is no longer included in core, but may be added using a custom content negotiation class, if needed.
For example:
2012-10-30 14:30:41 +04:00
2015-09-28 18:37:48 +03:00
class AcceptQueryParamOverride()
def get_accept_list(self, request):
header = request.META.get('HTTP_ACCEPT', '*/*')
header = request.query_params.get('_accept', header)
return [token.strip() for token in header.split(',')]
2012-10-30 14:30:41 +04:00
2012-09-01 23:26:27 +04:00
## Doesn't HTML5 support PUT and DELETE forms?
2012-08-29 23:57:37 +04:00
2012-10-30 14:30:41 +04:00
Nope. It was at one point intended to support `PUT` and `DELETE` forms, but
was later [dropped from the spec][html5]. There remains
[ongoing discussion][put_delete] about adding support for `PUT` and `DELETE` ,
as well as how to support content types other than form-encoded data.
2012-08-29 23:57:37 +04:00
2018-01-08 18:22:32 +03:00
[cite]: https://www.amazon.com/RESTful-Web-Services-Leonard-Richardson/dp/0596529260
2019-02-22 13:11:52 +03:00
[ajax-form]: https://github.com/tomchristie/ajax-form
2018-10-02 09:28:58 +03:00
[rails]: https://guides.rubyonrails.org/form_helpers.html#how-do-forms-with-put-or-delete-methods-work
2018-01-08 18:22:32 +03:00
[html5]: https://www.w3.org/TR/html5-diff/#changes-2010-06-24
2012-10-30 14:30:41 +04:00
[put_delete]: http://amundsen.com/examples/put-delete-forms/