"Microsoft.XMLHTTP = delete request?

[czechboy]

Hi,
I would like to send DELETE request to google calendar but nothing of
this works:
xmlhttp.open("POST",del,false);
xmlhttp.setRequestHeader("X-HTTP-Method-Override", "DELETE");
xmlhttp.send();
or
xmlhttp.open("DELETE",del,false);
xmlhttp.send();

MSE debugger displays error: Access denied to both of the solutions..
is there any way how to solve it?
Thanks

 

[GArlington]

Hi,
I would like to send DELETE request to google calendar but nothing of
this works:
xmlhttp.open("POST",del,false);
xmlhttp.setRequestHeader("X-HTTP-Method-Override", "DELETE");
xmlhttp.send();
or
xmlhttp.open("DELETE",del,false);
xmlhttp.send();

MSE debugger displays error: Access denied to both of the solutions..
is there any way how to solve it?
Thanks

What are you trying to "DELETE"?
Read a bit more about "xmlhttp" ansd then ...
read a little bit more still...

 

[czechboy]

I am try

What are you trying to "DELETE"?
Read a bit more about "xmlhttp" ansd then ...
read a little bit more still...

I am trying to delete Calendar Event (see
http://code.google.com/apis/calendar/developers_guide_protocol.html#DeletingEvents
).

 

[Janwillem Borleffs]

czechboy schreef:

I am trying to delete Calendar Event (see
http://code.google.com/apis/calendar/developers_guide_protocol.html#DeletingEvents
).

It appears that you need to send the XML describing the item you want to
delete along with the DELETE request method.


JW

 

[czechboy]

czechboy schreef:


It appears that you need to send the XML describing the item you want to
delete along with the DELETE request method.

JW

I do not think so. It is already described in the url of the reguest.
But generaly. Is it allowed to send DELETE request via WSH jscript new
ActiveXObject("Microsoft.XMLHTTP"); ? Here http://safari.oreilly.com/9780596529260/faking-put
I can read that:

"Not all clients support HTTP PUT and DELETE. The action of an XHTML 4
form can only be GET or POST, and this has made a lot of people think
that PUT and DELETE aren't real HTTP methods. Some firewalls block
HTTP PUT and DELETE but not POST. If the server supports it, a client
can get around these limitations by tunneling PUT and DELETE requests
through overloaded POST. There's no reason these techniques can't work
with other HTTP actions like HEAD, but PUT and DELETE are the most
common.

I recommend a tunneling technique pioneered by today's most RESTful
web frameworks: include the "real" HTTP method in the query string.
Ruby on Rails defines a hidden form field called _method which
references the "real" HTTP method. If a client wants to delete the
resource at /my/resource but can't make an HTTP DELETE request, it can
make a POST request to /my/resource?_method=delete, or include
_method=delete in the entity-body. Restlet uses the method variable
for the same purpose.

The second way is to include the "real" HTTP action in the X-HTTP-
Method-Override HTTP request header. Google's GData API recognizes
this header. I recommend appending to the query string instead. A
client that doesn't support PUT and DELETE is also likely to not
support custom HTTP request headers."

I have also tried to send ordinary POST request and as paramater to
use "_method=delete" but it did not work either...

 

[Janwillem Borleffs]

czechboy schreef:

I do not think so. It is already described in the url of the reguest.
But generaly. Is it allowed to send DELETE request via WSH jscript new
ActiveXObject("Microsoft.XMLHTTP"); ? Here http://safari.oreilly.com/9780596529260/faking-put
I can read that:

[...]

What happens when you try doing this through a manual telnet session?


telnet google_host port_no
DELETE /path HTTP/1.0
[enter]
[enter]


JW

 

[GArlington]

I am try




I am trying to delete Calendar Event (seehttp://code.google.com/apis/calendar/developers_guide_protocol.html#D...
).

OK, it looks like you are right in using http DELETE method to delete
calendar events (this is what I understood from reading their docs).
The problem is that either xmlhttp considers it "unsafe" or the server
does not receive your authenticated user info and decides that you are
NOT authorised to delete the event.

 

[Thomas 'PointedEars' Lahn]

[<http://safari.oreilly.com/9780596529260/faking-put>:]
"Not all clients support HTTP PUT and DELETE. The action of an XHTML 4
form can only be GET or POST, [...]

There is no XHTML 4 yet.


PointedEars

 

[Bart Van der Donck]

But generaly. Is it allowed to send DELETE request via WSH jscript new
ActiveXObject("Microsoft.XMLHTTP"); ? Herehttp://safari.oreilly.com/9
780596529260/faking-put
I can read that:

"Not all clients support HTTP PUT and DELETE. The action of an XHTML 4
form can only be GET or POST, and this has made a lot of people think
that PUT and DELETE aren't real HTTP methods. Some firewalls block
HTTP PUT and DELETE but not POST. If the server supports it, a client
can get around these limitations by tunneling PUT and DELETE requests
through overloaded POST. There's no reason these techniques can't work
with other HTTP actions like HEAD, but PUT and DELETE are the most
common.

I recommend a tunneling technique pioneered by today's most RESTful
web frameworks: include the "real" HTTP method in the query string.
Ruby on Rails defines a hidden form field called _method which
references the "real" HTTP method. If a client wants to delete the
resource at /my/resource but can't make an HTTP DELETE request, it can
make a POST request to /my/resource?_method=delete, or include
_method=delete in the entity-body. Restlet uses the method variable
for the same purpose.

The second way is to include the "real" HTTP action in the X-HTTP-
Method-Override HTTP request header. Google's GData API recognizes
this header. I recommend appending to the query string instead. A
client that doesn't support PUT and DELETE is also likely to not
support custom HTTP request headers."

I think this quote is not relevant. XMLHttpRequest doesn't care about
(X)HTML versions. The only requirement here is that it supports the
DELETE method, which it does.

From http://www.w3.org/TR/XMLHttpRequest/

| *should* support any HTTP method that matches the Method
| production and *must* at least support the following methods:
| GET
| POST
| HEAD
| PUT
| DELETE
| OPTIONS

From http://msdn2.microsoft.com/en-us/library/ms536648(VS.85).aspx

| DELETE [...] Delete data for URI

Once that is known, the next step is to verify whether the DELETE-
method is accepted at the remote machine. This should be okay; why
else would Google Calendar write an application/docs for it. To make
sure, you could use the test of Janwillem Borleffs earlier in this
thread. This test would also reveal whether DELETE-requests could
maybe be blocked somewhere between client and server (?), because
DELETE over HTTP is rarely used. But I would also councel to reread
the docs to make sure your code is correct.

I agree with the author of the article to avoid 'X-HTTP-Method-
Override'.

Hope this helps,

 

[Thomas 'PointedEars' Lahn]

[<http://safari.oreilly.com/9780596529260/faking-put>]

I think this quote is not relevant. XMLHttpRequest doesn't care about
(X)HTML versions. The only requirement here is that it supports the
DELETE method, which it does.

From http://www.w3.org/TR/XMLHttpRequest/

| *should* support any HTTP method that matches the Method
| production and *must* at least support the following methods:
| GET
| POST
| HEAD
| PUT
| DELETE
| OPTIONS

That's irrelevant either. You are quoting from a *working draft*.

From http://msdn2.microsoft.com/en-us/library/ms536648(VS.85).aspx

| DELETE [...] Delete data for URI

Relevant, but only to MSXML.


PointedEars