Skip to content

Optional support for body in GET requests #6283

New issue
New issue
Closed
Closed
Optional support for body in GET requests#6283
@Farenheith

Description

@Farenheith
Farenheith
opened on Aug 9, 2025

Prerequisites

  • I have written a descriptive issue title
  • I have searched existing issues to ensure the feature has not already been requested

🚀 Feature Proposal

Creating an option called allowGetBody (or something similar) so we can make a server that supports receiving bodies in GET requests

Motivation

Although sending bodies in GET requests has been strongly discouraged or even prohibited for a long time, the HTTP specification has evolved over the years.

In 2014, if I'm not mistaken, the sentence the message-body SHOULD be ignored when handling the request we can find here has been removed, and now it is stated Request message framing is independent of method semantics. (here). But some concerns about this practice still exists that are stated here

Although request message framing is independent of the method used, content received in a GET request has no generally defined semantics, cannot alter the meaning or target of the request, and might lead some implementations to reject the request and close the connection because of its potential as a request smuggling attack (Section 11.2 of [HTTP/1.1]). A client SHOULD NOT generate content in a GET request unless it is made directly to an origin server that has previously indicated, in or out of band, that such a request has a purpose and will be adequately supported. An origin server SHOULD NOT rely on private agreements to receive content, since participants in HTTP communication are often unaware of intermediaries along the request chain.

So, for the current specification we have, GET requests containing a payload are no longer prohibited, but still can be tricky to deal with due to how HTTP communication has evolved, and we need to be very careful when deciding to use them.

So, I think it'd be a good option to have in Fastify, letting the decision to use it or not be in the hands of the team using the library.

Example

We have some players in the market that already use GET with bodies. For example, opensearch and elasticsearch

GET /movies/_search
{
  "query": {
    "match": {
      "text_entry": "I am the night"
    }
  }
}

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions