Secure HTTP queries with the QUERY method

The Italian Interoperability Framework relies on HTTP Methods for increasing security and isolation between services. One of the main issues for doing this is that the POST method can be used even for read-only requests.

The HTTP Workgroup is working on a new QUERY method that can be used for idempotent requests with body instead of POST. Once standardized, this method will allow blocking requests at method level, even before checking authorization credentials.

The QUERY method will support caching functionalities too.

Have a look at the draft specifications and let us know what you think!