Allow DELETE method pass payload in Akamai


We have a RESTful API endpoint for DELETE request sitting behind Akamai. And the DELETE request contains some data in the payload. By default, Akamai strips off the payload in DELETE method when you only turn on ‘Allow DELETE’.

Selection_332.png

To allow Akamai to pass the payload in DELETE method, you have to:

  1. Enable ‘Allow All Methods on Parent Servers’ on the top level rule.

    Selection_330.png

  2. Add a new rule to enable WebDAV for DELETE method.

    Selection_331.png

I know it sounds a bit strange, but it is Akamai’s implementation of WebDAV. According to their internal documents:

In the current implementation, allowing the DELETE method with the tag security:allow-delete tag enables use of the DELETE method, but does not support passing a body as part of the request. If you want to support passing a body with the DELETE method, you need to enable support for WebDAV. You can limit this support to the DELETE method by enclosing it inside a match on the DELETE method, like this:

<match:request.method value="HTTP_DELETE">
  <edgeservices:webdav.status>on</edgeservices:webdav.status>
</match:request.method>

I understand why Akamai disallows it by default, as it is what RFC 7231 recommends. Well, my opinion is that architects/ developers should take the RFC’s recommendations into consideration when doing design.

A payload within a DELETE request message has no defined semantics; sending a payload body on a DELETE request might cause some existing implementations to reject the request.

Selection_329.png

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s