We have a RESTful API endpoint for DELETE request sitting behind Akamai. And the DELETE request contains some data in the payload. By default, Akamai strips off the payload in DELETE method when you only turn on ‘Allow DELETE’.
To allow Akamai to pass the payload in DELETE method, you have to:
- Enable ‘Allow All Methods on Parent Servers’ on the top level rule.
- Add a new rule to enable WebDAV for DELETE method.
I know it sounds a bit strange, but it is Akamai’s implementation of WebDAV. According to their internal documents:
In the current implementation, allowing the DELETE method with the tag security:allow-delete tag enables use of the DELETE method, but does not support passing a body as part of the request. If you want to support passing a body with the DELETE method, you need to enable support for WebDAV. You can limit this support to the DELETE method by enclosing it inside a match on the DELETE method, like this: <match:request.method value="HTTP_DELETE"> <edgeservices:webdav.status>on</edgeservices:webdav.status> </match:request.method>
I understand why Akamai disallows it by default, as it is what RFC 7231 recommends. Well, my opinion is that architects/ developers should take the RFC’s recommendations into consideration when doing design.
A payload within a DELETE request message has no defined semantics; sending a payload body on a DELETE request might cause some existing implementations to reject the request.