Non-standard HTTP: DELETE endpoints use request body instead of query params #809
Description
Problem
Several API controllers use non-standard HTTP by reading the resource ID from the request body in DELETE endpoints, rather than using query parameters.
Affected Controllers
The following controllers use escape.json_decode(self.request.body) in their DELETE methods:
server/controllers/api/show/cast.py(line 135)server/controllers/api/show/microphones.pyserver/controllers/api/show/cues.pyserver/controllers/api/show/scenes.pyserver/controllers/api/show/characters.pyserver/controllers/api/show/acts.pyserver/controllers/api/show/script/stage_direction_styles.py(line 209)
Correct Pattern
The correct pattern is already used in server/controllers/api/show/script/revisions.py (line 193):
try:
rev_id: int = int(self.get_query_argument("rev_id"))
except MissingArgumentError:
self.set_status(400)
await self.finish({"message": "Revision missing"})
returnProposed Solution
Update all affected controllers to use query parameters instead of request body for DELETE operations:
- Change from:
DELETE /api/v1/show/castwith body{"id": 123} - Change to:
DELETE /api/v1/show/cast?id=123
This will require:
- Updating controller DELETE methods to use
self.get_query_argument("id") - Updating any frontend code that calls these endpoints
- Updating tests to pass IDs as query params
Benefits
- Follows HTTP standards
- Improves API consistency
- Avoids issues with HTTP clients that don't support DELETE with body
- Better RESTful API design