Why the HTTP QUERY Method Is a Bad Idea, and Accept-Query Is Why
In June 2026 the IETF published RFC 10008 and gave HTTP a new method: QUERY. New HTTP methods are rare. Most engineers have not seen one added in about twenty years, so this is worth understanding before it shows up in your stack.
At first, when I saw this new method, I thought, "OK, we need to support it in our WAF." But after reading the RFC... I changed my mind...
Here is what QUERY does, in plain terms. It works like GET, but it can carry a request body. A client uses it to send a read-onl