Some libraries support it, while some others go out of their way to forbid it. In Javascript, for instance, both XHR and fetch
forbid it. In Haskell, wreq
doesn’t allow for it (although I guess you could hack around that using customPayloadMethod
), and req
(a HTTP client library that takes a very strong approach to encoding everything possible in the type signatures) sets up complicated type-level machinery to explicitly rule it out.
Other libraries do support it: Python’s requests
makes GET requests with bodies if you ask it to, and so does cURL
both as a command line tool and as a C library. It’s not cut and dry if this is allowed or not, but it definitely isn’t something that everybody is set up to handle.
I’ll argue with the assertion that the HTTP standard explicitly allows for GET requests with bodies. Yes, it doesn’t categorically exclude them, but RFC 2616 says:
[…] if the request method does not include defined semantics for an entity-body, then the message-body SHOULD be ignored when handling the request.
That’s SHOULD, and not MUST, sure. And RFC 2616 is outdated and no longer the latest HTTP/1.1 spec. So there is definitely room for argument. Anyway, the newer RFC 7231 says:
A payload within a GET request message has no defined semantics; sending a payload body on a GET request might cause some existing implementations to reject the request.
This is about as clear a statement as you’re going to get that there is no good answer to this and that the whole topic is unclear, with no real agreed upon behavior for GET requests with bodies.
I’ll also point out that RFC 7540 (the HTTP/2 spec) says:
An HTTP GET request includes request header fields and no payload body and is therefore transmitted as a single HEADERS frame, […]
But on the other hand that’s part of an example, so it’s non-normative. Anyway, you could argue that it’s talking just about a specific example GET request and not GET requests in general, although I’d consider that to be a fairly tortured reading.
All in all, I think this supports what I said previously: there is no one good answer. It’s far from clear to what extent GET requests with bodies are or should be allowed, or what behavior should be enforced by conforming implementations.