Skip to content

feat: support HTTP QUERY method (RFC 10008)#5459

Open
mcollina wants to merge 3 commits into
mainfrom
feat-http-query-rfc10008
Open

feat: support HTTP QUERY method (RFC 10008)#5459
mcollina wants to merge 3 commits into
mainfrom
feat-http-query-rfc10008

Conversation

@mcollina

@mcollina mcollina commented Jun 29, 2026

Copy link
Copy Markdown
Member

Description

Adds support for the HTTP QUERY method standardized in RFC 10008 (June 2026), enabling safe/idempotent requests with bodies.

Changes

  • lib/core/util.js: Added QUERY to normalized method records and safeHTTPMethods
  • lib/core/request.js: QUERY is idempotent by default (safe to retry)
  • lib/handler/redirect-handler.js: Comment clarifying QUERY is safe (like GET) and won't change method on 301/302 redirects
  • lib/handler/retry-handler.js: QUERY added to default retryable methods
  • lib/web/fetch/constants.js: QUERY added to safeMethods for the Fetch API

Closes #5454

@mcollina
Support HTTP QUERY method (RFC 10008)
83cfccc 
Add QUERY to normalized method records, safe HTTP methods, idempotent
default, retryable methods, and fetch safe methods.

Closes #5454
@codecov-commenter

codecov-commenter commented Jun 29, 2026
edited
Loading

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 93.46%. Comparing base (0f1f890) to head (7a574ee).
⚠️ Report is 4 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #5459      +/-   ##
==========================================
- Coverage   93.46%   93.46%   -0.01%     
==========================================
  Files         110      110              
  Lines       37106    37118      +12     
==========================================
+ Hits        34682    34693      +11     
- Misses       2424     2425       +1

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@jeswr jeswr mentioned this pull request Jun 29, 2026
Draft
@jeswr

jeswr commented Jun 29, 2026
edited
Loading

Copy link
Copy Markdown

One correctness note before this lands: adding QUERY to safeHTTPMethods also lets it into the cache/deduplicate interceptors' methods, but their keys ignore the request body. A QUERY's response depends on its body (RFC 10008 §2.7), so cache({ methods: ['GET','QUERY'] }) / deduplicate({ methods: ['QUERY'] }) could serve the wrong response for a different body. As this is opt-in only (default ['GET']), nothing breaks by default — but might be worth excluding QUERY there, or making the key body-aware. Redirects/retry/preflight look correct.

I'm creating issues/PRs for improved retries and caching on my fork (GenAI-assisted), I am happy to upstream those issues/PRs once I have reviewed them.

This was referenced Jun 29, 2026
Open
Open
Open
Open
Draft
Draft
Draft
Draft
jeswr added a commit to jeswr/undici that referenced this pull request Jun 29, 2026
@jeswr @claude
feat(cache,deduplicate): stream-aware body keying for QUERY (bounded …
7ccd119 
…memory)

Make streaming QUERY request bodies cacheable/deduplicable instead of
bypassing them. Both interceptors buffer a stream body up to a configurable
cap (maxRequestBodyKeySize, default 1 MiB) to compute the body-aware key:
- body <= cap: buffered, hashed, cached/deduplicated (no re-upload on hit)
- body  > cap: reconstructed (read prefix + piped remainder) and forwarded
  uncached, keeping peak memory at ~cap (no OOM on huge bodies)

Adds readRequestBodyForKey/isStreamingRequestBody to lib/util/cache.js,
the maxRequestBodyKeySize option + validation to both interceptors, and types.

Deliberately omits request-body prefix-hash checkpoints and the
forward-then-abort-before-last-chunk trick: hashing is cheap relative to the
transfer; prefix-optimistic dedup is unsound (bodies can diverge after the
prefix); and aborting after uploading ~all of an unbufferable body saves
nothing. Avoiding the upload of a body too large to buffer requires a
protocol-level request digest (RFC 9530), not a client-side trick.

Refs: nodejs#5454, nodejs#5459
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
mcollina added 2 commits June 30, 2026 11:07
@mcollina
test: add QUERY method tests
9cf7fa2 
Add comprehensive tests for HTTP QUERY (RFC 10008):
- QUERY with string, Buffer, stream bodies
- QUERY without body and with null body
- Content-Type and Accept-Query headers
- Content-Length header sending
- Content-Length mismatch error handling
- Fetch API with QUERY method
- FormData body with QUERY
- Redirect 301 (QUERY stays QUERY - safe method)
- Redirect 303 (QUERY changes to GET)
@mcollina
fix: remove QUERY from safeHTTPMethods
7a574ee 
QUERY responses depend on the request body (RFC 10008 §2.7), but the
cache/deduplicate interceptors' cache keys ignore the request body.
Removing QUERY from safeHTTPMethods prevents these interceptors from
accepting QUERY, avoiding serving wrong responses.

The fetch API's separate safeMethods list in web/fetch/constants.js
still includes QUERY, which is correct for cache invalidation purposes.
This was referenced Jun 30, 2026
Open
Open
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ronag ronag ronag approved these changes

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Support for HTTP QUERY rfc10008

4 participants

@mcollina @codecov-commenter @jeswr @ronag