Firemonkey App using RESTRequest is sending POST instead of GET on Android

[Jon R 1]

I have a FireMonkey app developed using Delphi 11.3 (version 28.0.48361.3236) where I have a RESTRequest component for sending GET requests. Running on Windows everything works fine, but when I run the same app on an Android device the app is executing a POST request instead of the GET request. Before I execute the request I set

       RESTRequest1.Method := rmGET;

but the RESTRequest is sending a POST anyway on Android. The Android SDK is version 25.2.5, level 31.

Any idea how I can solve this?

[Dave Nottage 554]

1 hour ago, Jon R said:

Any idea how I can solve this?

A brief example of how to reproduce it would help.

[Jon R 1]

After some more testing I have found that the problem is when I add a body to the RESTRequest.
Here is code from a small test application. The form contains a TRESTClient and a TRESTRequest and thats it:

procedure TForm7.test;  
var  
  jsRequest: TJSONObject;  
begin  
   restclient1.Accept := 'application/json';  
   restclient1.BaseURL := 'https://myserver/v1/api';  
   jsRequest := TJSONObject.Create();  
   jsRequest.AddPair('test', '123');  
   RESTRequest1.AddBody(jsRequest);  // --> This causes the problem  
   jsRequest.Free();  
   RESTRequest1.Method := rmGET;  
   RESTRequest1.Execute();  
end;  

If I add the body the method changes from GET to POST on Android (not on WIndows).

If I dont add body the method is not changed.

 

[Brian Evans 105]

A HTTP GET doesn't use a body. If you want to pass a body use POST or if supported QUERY (preferred as it is supposed to be idempotent where POST may not be).

Edited August 28, 2023 by Brian Evans

[Dave Nottage 554]

59 minutes ago, Brian Evans said:

A HTTP GET doesn't use a body

It can, but there are warnings against doing it. This is an interesting article on the topic.

 

The fact that it is possible (even though ill advised) means that the code in Delphi that turns the GET into a POST on Android, is a bug.

Jon R should describe why they need to subvert the warnings against doing it 🙂

[Dmitry Arefiev 101]

Android HttpURLConnection converts GET to POST when there is a request body:

https://stackoverflow.com/questions/8760052/httpurlconnection-sends-a-post-request-even-though-httpcon-setrequestmethodget

 

[Dave Nottage 554]

36 minutes ago, Dmitry Arefiev said:

Android HttpURLConnection converts GET to POST when there is a request body:

Well, that explains it - a bug in Android 😉

 

[Uwe Raabe 2056]

5 hours ago, Dave Nottage said:

a bug in Android

More a convention that can be worked around as shown in the answer to that SO question.

[Dave Nottage 554]

1 hour ago, Uwe Raabe said:

can be worked around

I must be missing the part in the answer where a body is being sent in the request.

[Jon R 1]

Thank you for the response and input. I was replacing an older application and was copying the content of the requests and in the search request the search parameters was in a JSON payload in the body. But I have checked the server documentation and it seems like it is also possible to send the data using the query string. So this alternative will solve my problem.

[Fr0sT.Brutal 900]

On 8/29/2023 at 12:56 PM, Jon R said:

But I have checked the server documentation and it seems like it is also possible to send the data using the query string

IDK how good this practice is but you also can add your payload to headers

[Kas Ob. 121]

12 minutes ago, Fr0sT.Brutal said:

IDK how good this practice is but you also can add your payload to headers

In fact that is bad practice, it is allowed and will work though, unless proxies and cache managers on the road interfere.

CloudFlare and Firewalls also might suspect such payload in header and remove them.

 

[Fr0sT.Brutal 900]

On 9/5/2023 at 10:59 AM, Kas Ob. said:

In fact that is bad practice, it is allowed and will work though, unless proxies and cache managers on the road interfere.

CloudFlare and Firewalls also might suspect such payload in header and remove them.

 

You're probably right. However I'd consider proxy that removes headers it doesn't like an ill one.