<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/">
  <channel>
    <title>DEV Community: Shahriar Rahman Niloy</title>
    <description>The latest articles on DEV Community by Shahriar Rahman Niloy (@srniloy).</description>
    <link>https://dev.to/srniloy</link>
    <image>
      <url>https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F4029061%2F2457dcf9-e332-4ad1-bf4e-cd2fe629077c.png</url>
      <title>DEV Community: Shahriar Rahman Niloy</title>
      <link>https://dev.to/srniloy</link>
    </image>
    <atom:link rel="self" type="application/rss+xml" href="https://dev.to/feed/srniloy"/>
    <language>en</language>
    <item>
      <title>HTTP Just Got a New Method Called QUERY (RFC 10008) — And It Finally Made Something Click For Me</title>
      <dc:creator>Shahriar Rahman Niloy</dc:creator>
      <pubDate>Tue, 14 Jul 2026 17:32:12 +0000</pubDate>
      <link>https://dev.to/srniloy/http-just-got-a-new-method-called-query-rfc-10008-and-it-finally-made-something-click-for-me-42dk</link>
      <guid>https://dev.to/srniloy/http-just-got-a-new-method-called-query-rfc-10008-and-it-finally-made-something-click-for-me-42dk</guid>
      <description>&lt;p&gt;When I started learning backend development, GET and POST felt simple. GET to read data, POST to send data. But building a few real search and filter features made me realize it's not that clean in practice.&lt;/p&gt;

&lt;p&gt;Here's the issue I kept running into.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F1p0vnpwjwsbo945ga5yk.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F1p0vnpwjwsbo945ga5yk.png" alt="GET vs POST vs QUERY caching comparison" width="799" height="436"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  The problem with GET
&lt;/h2&gt;

&lt;p&gt;GET is &lt;strong&gt;safe&lt;/strong&gt; and &lt;strong&gt;idempotent&lt;/strong&gt;. That means calling it multiple times never changes anything on the server, so it's always safe to cache or retry.&lt;/p&gt;

&lt;p&gt;But all the data has to go in the URL as query parameters.&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight http"&gt;&lt;code&gt;&lt;span class="err"&gt;GET /products?category=electronics&amp;amp;price_min=100&amp;amp;price_max=500&amp;amp;brand=sony&amp;amp;brand=apple&amp;amp;in_stock=true&amp;amp;sort=price_desc
&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Once filters get even a little complex, the URL turns messy fast, hits length limits on some proxies, and gets logged more often than a request body would. Not great if any of that data is sensitive.&lt;/p&gt;

&lt;h2&gt;
  
  
  The problem with POST
&lt;/h2&gt;

&lt;p&gt;POST lets you send a proper request body, so no size or structure problems there.&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight http"&gt;&lt;code&gt;&lt;span class="err"&gt;POST /products/search
Content-Type: application/json

{
  "category": "electronics",
  "price_range": { "min": 100, "max": 500 },
  "brands": ["sony", "apple"],
  "in_stock": true,
  "sort": "price_desc"
}
&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Much cleaner. But here's the catch: the protocol has no way of knowing this POST is &lt;em&gt;just reading data&lt;/em&gt;. It gets treated like it might change something on the server. That means:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;No caching, since caches don't trust POST to be safe&lt;/li&gt;
&lt;li&gt;No automatic retry if the connection drops, since retrying could accidentally repeat a state-changing action
So a lot of APIs (including ones I've seen and built) use POST for search endpoints anyway, even though it's technically not meant for that. It works, but you lose the caching and safety guarantees GET was designed to give you.&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  Enter QUERY
&lt;/h2&gt;

&lt;p&gt;This is the exact gap the new &lt;strong&gt;QUERY&lt;/strong&gt; method (standardized as &lt;a href="https://www.rfc-editor.org/info/rfc10008" rel="noopener noreferrer"&gt;RFC 10008&lt;/a&gt; in June 2026) is meant to close.&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight http"&gt;&lt;code&gt;&lt;span class="err"&gt;QUERY /products
Content-Type: application/json
Accept: application/json

{
  "category": "electronics",
  "price_range": { "min": 100, "max": 500 },
  "brands": ["sony", "apple"],
  "in_stock": true,
  "sort": "price_desc"
}
&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Or with curl:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;curl &lt;span class="nt"&gt;-X&lt;/span&gt; QUERY https://api.example.com/products &lt;span class="se"&gt;\&lt;/span&gt;
  &lt;span class="nt"&gt;-H&lt;/span&gt; &lt;span class="s2"&gt;"Content-Type: application/json"&lt;/span&gt; &lt;span class="se"&gt;\&lt;/span&gt;
  &lt;span class="nt"&gt;-d&lt;/span&gt; &lt;span class="s1"&gt;'{
    "category": "electronics",
    "price_range": { "min": 100, "max": 500 },
    "brands": ["sony", "apple"],
    "in_stock": true,
    "sort": "price_desc"
  }'&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;QUERY lets you send a full request body, like POST, but keeps the safety and idempotency of GET. So:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Responses &lt;strong&gt;can be cached&lt;/strong&gt;
&lt;/li&gt;
&lt;li&gt;Requests &lt;strong&gt;can be retried safely&lt;/strong&gt; without worrying about side effects&lt;/li&gt;
&lt;li&gt;Servers can advertise support via the &lt;code&gt;Allow&lt;/code&gt; header, and declare accepted formats via the new &lt;code&gt;Accept-Query&lt;/code&gt; header
Basically, it's a proper middle ground between the two methods I thought I already understood.&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  A couple of things worth knowing before using it
&lt;/h2&gt;

&lt;p&gt;&lt;strong&gt;Cache keys need to include the request body.&lt;/strong&gt; Since QUERY is cacheable but the "query" itself lives in the body rather than the URL, a cache that only keys off the URL will serve the wrong response to the wrong request. This is a real gotcha for anyone rolling out edge caching with QUERY.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Adoption is still early.&lt;/strong&gt; HTML forms still only support GET and POST, so browsers need to catch up before you can use QUERY in a plain &lt;code&gt;&amp;lt;form&amp;gt;&lt;/code&gt;. Some older WAFs, proxies, and API gateways built around the classic method list (GET/POST/PUT/DELETE/PATCH) might not recognize QUERY yet either, so it's worth checking your infrastructure before relying on it in production.&lt;/p&gt;

&lt;h2&gt;
  
  
  Why I'm writing this
&lt;/h2&gt;

&lt;p&gt;Honestly, writing this out helped me understand the "why" behind QUERY, not just the definition. If you've been quietly abusing POST for search endpoints (no judgment, I have too), this is worth keeping an eye on.&lt;/p&gt;

&lt;p&gt;Curious if anyone here has already tried implementing a QUERY endpoint, or run into it while integrating with an API. Would love to hear how it went. 🙌&lt;/p&gt;

</description>
      <category>webdev</category>
      <category>api</category>
      <category>http</category>
      <category>backend</category>
    </item>
  </channel>
</rss>
