<!DOCTYPE html> <html lang="en"> <head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta charset="utf-8"> <title>Browser enhancements - Django REST framework</title> <link href="http://www.django-rest-framework.org/img/favicon.ico" rel="icon" type="image/x-icon"> <link rel="canonical" href="http://www.django-rest-framework.org/topics/browser-enhancements"/> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="description" content="Django, API, REST, Browser enhancements"> <meta name="author" content="Tom Christie"> <!-- Le styles --> <link href="http://www.django-rest-framework.org/css/prettify.css" rel="stylesheet"> <link href="http://www.django-rest-framework.org/css/bootstrap.css" rel="stylesheet"> <link href="http://www.django-rest-framework.org/css/bootstrap-responsive.css" rel="stylesheet"> <link href="http://www.django-rest-framework.org/css/default.css" rel="stylesheet"> <!-- Le HTML5 shim, for IE6-8 support of HTML5 elements --> <!--[if lt IE 9]> <script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script> <![endif]--> <script type="text/javascript"> var _gaq = _gaq || []; _gaq.push(['_setAccount', 'UA-18852272-2']); _gaq.push(['_trackPageview']); (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })(); </script> <style> span.fusion-wrap a { display: block; margin-top: 10px; color: black; } a.fusion-poweredby { display: block; margin-top: 10px; } @media (max-width: 767px) { div.promo {display: none;} } </style> </head> <body onload="prettyPrint()" class="browser-enhancements-page"> <div class="wrapper"> <div class="navbar navbar-inverse navbar-fixed-top"> <div class="navbar-inner"> <div class="container-fluid"> <a class="repo-link btn btn-primary btn-small" href="https://github.com/tomchristie/django-rest-framework/tree/master">GitHub</a> <a class="repo-link btn btn-inverse btn-small " href="../topics/browsable-api">Next <i class="icon-arrow-right icon-white"></i></a> <a class="repo-link btn btn-inverse btn-small " href="../topics/ajax-csrf-cors"><i class="icon-arrow-left icon-white"></i> Previous</a> <a class="repo-link btn btn-inverse btn-small" href="#searchModal" data-toggle="modal"><i class="icon-search icon-white"></i> Search</a> <a class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse"> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </a> <a class="brand" href="http://www.django-rest-framework.org">Django REST framework</a> <div class="nav-collapse collapse"> <ul class="nav"> <li><a href="http://www.django-rest-framework.org">Home</a></li> <li class="dropdown"> <a href="#" class="dropdown-toggle" data-toggle="dropdown">Tutorial <b class="caret"></b></a> <ul class="dropdown-menu"> <li><a href="http://www.django-rest-framework.org/tutorial/quickstart">Quickstart</a></li> <li><a href="http://www.django-rest-framework.org/tutorial/1-serialization">1 - Serialization</a></li> <li><a href="http://www.django-rest-framework.org/tutorial/2-requests-and-responses">2 - Requests and responses</a></li> <li><a href="http://www.django-rest-framework.org/tutorial/3-class-based-views">3 - Class based views</a></li> <li><a href="http://www.django-rest-framework.org/tutorial/4-authentication-and-permissions">4 - Authentication and permissions</a></li> <li><a href="http://www.django-rest-framework.org/tutorial/5-relationships-and-hyperlinked-apis">5 - Relationships and hyperlinked APIs</a></li> <li><a href="http://www.django-rest-framework.org/tutorial/6-viewsets-and-routers">6 - Viewsets and routers</a></li> </ul> </li> <li class="dropdown"> <a href="#" class="dropdown-toggle" data-toggle="dropdown">API Guide <b class="caret"></b></a> <ul class="dropdown-menu"> <li><a href="http://www.django-rest-framework.org/api-guide/requests">Requests</a></li> <li><a href="http://www.django-rest-framework.org/api-guide/responses">Responses</a></li> <li><a href="http://www.django-rest-framework.org/api-guide/views">Views</a></li> <li><a href="http://www.django-rest-framework.org/api-guide/generic-views">Generic views</a></li> <li><a href="http://www.django-rest-framework.org/api-guide/viewsets">Viewsets</a></li> <li><a href="http://www.django-rest-framework.org/api-guide/routers">Routers</a></li> <li><a href="http://www.django-rest-framework.org/api-guide/parsers">Parsers</a></li> <li><a href="http://www.django-rest-framework.org/api-guide/renderers">Renderers</a></li> <li><a href="http://www.django-rest-framework.org/api-guide/serializers">Serializers</a></li> <li><a href="http://www.django-rest-framework.org/api-guide/fields">Serializer fields</a></li> <li><a href="http://www.django-rest-framework.org/api-guide/relations">Serializer relations</a></li> <li><a href="http://www.django-rest-framework.org/api-guide/authentication">Authentication</a></li> <li><a href="http://www.django-rest-framework.org/api-guide/permissions">Permissions</a></li> <li><a href="http://www.django-rest-framework.org/api-guide/throttling">Throttling</a></li> <li><a href="http://www.django-rest-framework.org/api-guide/filtering">Filtering</a></li> <li><a href="http://www.django-rest-framework.org/api-guide/pagination">Pagination</a></li> <li><a href="http://www.django-rest-framework.org/api-guide/content-negotiation">Content negotiation</a></li> <li><a href="http://www.django-rest-framework.org/api-guide/format-suffixes">Format suffixes</a></li> <li><a href="http://www.django-rest-framework.org/api-guide/reverse">Returning URLs</a></li> <li><a href="http://www.django-rest-framework.org/api-guide/exceptions">Exceptions</a></li> <li><a href="http://www.django-rest-framework.org/api-guide/status-codes">Status codes</a></li> <li><a href="http://www.django-rest-framework.org/api-guide/testing">Testing</a></li> <li><a href="http://www.django-rest-framework.org/api-guide/settings">Settings</a></li> </ul> </li> <li class="dropdown"> <a href="#" class="dropdown-toggle" data-toggle="dropdown">Topics <b class="caret"></b></a> <ul class="dropdown-menu"> <li><a href="http://www.django-rest-framework.org/topics/documenting-your-api">Documenting your API</a></li> <li><a href="http://www.django-rest-framework.org/topics/ajax-csrf-cors">AJAX, CSRF & CORS</a></li> <li><a href="http://www.django-rest-framework.org/topics/browser-enhancements">Browser enhancements</a></li> <li><a href="http://www.django-rest-framework.org/topics/browsable-api">The Browsable API</a></li> <li><a href="http://www.django-rest-framework.org/topics/rest-hypermedia-hateoas">REST, Hypermedia & HATEOAS</a></li> <li><a href="http://www.django-rest-framework.org/topics/contributing">Contributing to REST framework</a></li> <li><a href="http://www.django-rest-framework.org/topics/rest-framework-2-announcement">2.0 Announcement</a></li> <li><a href="http://www.django-rest-framework.org/topics/2.2-announcement">2.2 Announcement</a></li> <li><a href="http://www.django-rest-framework.org/topics/2.3-announcement">2.3 Announcement</a></li> <li><a href="http://www.django-rest-framework.org/topics/2.4-announcement">2.4 Announcement</a></li> <li><a href="http://www.django-rest-framework.org/topics/kickstarter-announcement">Kickstarter Announcement</a></li> <li><a href="http://www.django-rest-framework.org/topics/release-notes">Release Notes</a></li> <li><a href="http://www.django-rest-framework.org/topics/credits">Credits</a></li> </ul> </li> </ul> <ul class="nav pull-right"> <!-- TODO <li class="dropdown"> <a href="#" class="dropdown-toggle" data-toggle="dropdown">Version: 2.0.0 <b class="caret"></b></a> <ul class="dropdown-menu"> <li><a href="#">Trunk</a></li> <li><a href="#">2.0.0</a></li> </ul> </li> --> </ul> </div><!--/.nav-collapse --> </div> </div> </div> <div class="body-content"> <div class="container-fluid"> <!-- Search Modal --> <div id="searchModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button> <h3 id="myModalLabel">Documentation search</h3> </div> <div class="modal-body"> <!-- Custom google search --> <script> (function() { var cx = '015016005043623903336:rxraeohqk6w'; var gcse = document.createElement('script'); gcse.type = 'text/javascript'; gcse.async = true; gcse.src = (document.location.protocol == 'https:' ? 'https:' : 'http:') + '//www.google.com/cse/cse.js?cx=' + cx; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(gcse, s); })(); </script> <gcse:search></gcse:search> </div> <div class="modal-footer"> <button class="btn" data-dismiss="modal" aria-hidden="true">Close</button> </div> </div> <div class="row-fluid"> <div class="span3"> <!-- TODO <p style="margin-top: -12px"> <a class="btn btn-mini btn-primary" style="width: 60px">« previous</a> <a class="btn btn-mini btn-primary" style="float: right; margin-right: 8px; width: 60px;">next »</a> </p> --> <div id="table-of-contents"> <ul class="nav nav-list side-nav well sidebar-nav-fixed"> <li class="main"><a href="#browser-enhancements">Browser enhancements</a></li> <li><a href="#browser-based-put,-delete,-etc">Browser based PUT, DELETE, etc...</a></li> <li><a href="#http-header-based-method-overriding">HTTP header based method overriding</a></li> <li><a href="#browser-based-submission-of-non-form-content">Browser based submission of non-form content</a></li> <li><a href="#url-based-accept-headers">URL based accept headers</a></li> <li><a href="#url-based-format-suffixes">URL based format suffixes</a></li> <li><a href="#doesnt-html5-support-put-and-delete-forms">Doesn't HTML5 support PUT and DELETE forms?</a></li> <div class="promo"> </div> </ul> </div> </div> <div id="main-content" class="span9"> <h1 id="browser-enhancements">Browser enhancements</h1> <blockquote> <p>"There are two noncontroversial uses for overloaded POST. The first is to <em>simulate</em> HTTP's uniform interface for clients like web browsers that don't support PUT or DELETE"</p> <p>— <a href="http://www.amazon.com/Restful-Web-Services-Leonard-Richardson/dp/0596529260">RESTful Web Services</a>, Leonard Richardson & Sam Ruby.</p> </blockquote> <h2 id="browser-based-put-delete-etc">Browser based PUT, DELETE, etc...</h2> <p>REST framework supports browser-based <code>PUT</code>, <code>DELETE</code> and other methods, by overloading <code>POST</code> requests using a hidden form field.</p> <p>Note that this is the same strategy as is used in <a href="http://guides.rubyonrails.org/form_helpers.html#how-do-forms-with-put-or-delete-methods-work">Ruby on Rails</a>.</p> <p>For example, given the following form:</p> <pre class="prettyprint lang-py"><code><form action="/news-items/5" method="POST"> <input type="hidden" name="_method" value="DELETE"> </form> </code></pre> <p><code>request.method</code> would return <code>"DELETE"</code>.</p> <h2 id="http-header-based-method-overriding">HTTP header based method overriding</h2> <p>REST framework also supports method overriding via the semi-standard <code>X-HTTP-Method-Override</code> header. This can be useful if you are working with non-form content such as JSON and are working with an older web server and/or hosting provider that doesn't recognise particular HTTP methods such as <code>PATCH</code>. For example <a href="https://forums.aws.amazon.com/thread.jspa?messageID=400724">Amazon Web Services ELB</a>.</p> <p>To use it, make a <code>POST</code> request, setting the <code>X-HTTP-Method-Override</code> header.</p> <p>For example, making a <code>PATCH</code> request via <code>POST</code> in jQuery:</p> <pre class="prettyprint lang-py"><code>$.ajax({ url: '/myresource/', method: 'POST', headers: {'X-HTTP-Method-Override': 'PATCH'}, ... }); </code></pre> <h2 id="browser-based-submission-of-non-form-content">Browser based submission of non-form content</h2> <p>Browser-based submission of content types other than form are supported by using form fields named <code>_content</code> and <code>_content_type</code>:</p> <p>For example, given the following form:</p> <pre class="prettyprint lang-py"><code><form action="/news-items/5" method="PUT"> <input type="hidden" name="_content_type" value="application/json"> <input name="_content" value="{'count': 1}"> </form> </code></pre> <p><code>request.content_type</code> would return <code>"application/json"</code>, and <code>request.stream</code> would return <code>"{'count': 1}"</code></p> <h2 id="url-based-accept-headers">URL based accept headers</h2> <p>REST framework can take <code>?accept=application/json</code> style URL parameters, which allow the <code>Accept</code> header to be overridden.</p> <p>This can be useful for testing the API from a web browser, where you don't have any control over what is sent in the <code>Accept</code> header.</p> <h2 id="url-based-format-suffixes">URL based format suffixes</h2> <p>REST framework can take <code>?format=json</code> style URL parameters, which can be a useful shortcut for determining which content type should be returned from the view.</p> <p>This is a more concise than using the <code>accept</code> override, but it also gives you less control. (For example you can't specify any media type parameters)</p> <h2 id="doesnt-html5-support-put-and-delete-forms">Doesn't HTML5 support PUT and DELETE forms?</h2> <p>Nope. It was at one point intended to support <code>PUT</code> and <code>DELETE</code> forms, but was later <a href="http://www.w3.org/TR/html5-diff/#changes-2010-06-24">dropped from the spec</a>. There remains <a href="http://amundsen.com/examples/put-delete-forms/">ongoing discussion</a> about adding support for <code>PUT</code> and <code>DELETE</code>, as well as how to support content types other than form-encoded data.</p> </div><!--/span--> </div><!--/row--> </div><!--/.fluid-container--> </div><!--/.body content--> <div id="push"></div> </div><!--/.wrapper --> <footer class="span12"> <p>Sponsored by <a href="http://dabapps.com/">DabApps</a>.</a></p> </footer> <!-- Le javascript ================================================== --> <!-- Placed at the end of the document so the pages load faster --> <script src="http://www.django-rest-framework.org/js/jquery-1.8.1-min.js"></script> <script src="http://www.django-rest-framework.org/js/prettify-1.0.js"></script> <script src="http://www.django-rest-framework.org/js/bootstrap-2.1.1-min.js"></script> <script> //$('.side-nav').scrollspy() var shiftWindow = function() { scrollBy(0, -50) }; if (location.hash) shiftWindow(); window.addEventListener("hashchange", shiftWindow); $('.dropdown-menu').on('click touchstart', function(event) { event.stopPropagation(); }); // Dynamically force sidenav to no higher than browser window $('.side-nav').css('max-height', window.innerHeight - 130); $(function(){ $(window).resize(function(){ $('.side-nav').css('max-height', window.innerHeight - 130); }); }); </script> </body></html>