对Body使用DELETE是有风险的…比起REST，我更喜欢这种列表操作方法:

常规操作

GET /objects/获取所有对象

GET /object/ID获取指定ID的对象

POST /objects添加一个新对象

PUT /object/ID添加指定ID的对象，更新对象

DELETE /object/ID删除指定ID的对象

所有自定义操作都是POST

POST /objects/addList添加body中包含的对象列表或数组

POST /objects/deleteList删除包含在body中的对象列表

POST /objects/customQuery基于body中的自定义查询创建一个List

如果客户不支持您的扩展操作，他们可以以常规方式工作。

在删除请求中使用主体的一个原因是为了进行乐观并发控制。

你读了唱片的第一个版本。

GET /some-resource/1
200 OK { id:1, status:"unimportant", version:1 }

你的同事读了记录的第一个版本。

GET /some-resource/1
200 OK { id:1, status:"unimportant", version:1 }

你的同事更改了记录并更新了数据库，数据库将版本更新为2:

PUT /some-resource/1 { id:1, status:"important", version:1 }
200 OK { id:1, status:"important", version:2 }

你试着删除记录:

DELETE /some-resource/1 { id:1, version:1 }
409 Conflict

您应该得到一个乐观锁异常。重新阅读记录，确认它的重要性，也许不要删除它。

使用它的另一个原因是一次删除多条记录(例如，具有行选择复选框的网格)。

DELETE /messages
[{id:1, version:2},
{id:99, version:3}]
204 No Content

注意，每个消息都有自己的版本。也许您可以使用多个头文件指定多个版本，但对于George来说，这更简单、更方便。

这适用于Tomcat(7.0.52)和Spring MVC(4.05)，可能也适用于更早的版本:

@RestController
public class TestController {

    @RequestMapping(value="/echo-delete", method = RequestMethod.DELETE)
    SomeBean echoDelete(@RequestBody SomeBean someBean) {
        return someBean;
    }
}

在我看来，RFC 2616并没有规定这一点。

从第4.3节开始:

The presence of a message-body in a request is signaled by the inclusion of a Content-Length or Transfer-Encoding header field in the request's message-headers. A message-body MUST NOT be included in a request if the specification of the request method (section 5.1.1) does not allow sending an entity-body in requests. A server SHOULD read and forward a message-body on any request; if the request method does not include defined semantics for an entity-body, then the message-body SHOULD be ignored when handling the request.

9.7节:

The DELETE method requests that the origin server delete the resource identified by the Request-URI. This method MAY be overridden by human intervention (or other means) on the origin server. The client cannot be guaranteed that the operation has been carried out, even if the status code returned from the origin server indicates that the action has been completed successfully. However, the server SHOULD NOT indicate success unless, at the time the response is given, it intends to delete the resource or move it to an inaccessible location. A successful response SHOULD be 200 (OK) if the response includes an entity describing the status, 202 (Accepted) if the action has not yet been enacted, or 204 (No Content) if the action has been enacted but the response does not include an entity. If the request passes through a cache and the Request-URI identifies one or more currently cached entities, those entries SHOULD be treated as stale. Responses to this method are not cacheable.c

因此，它没有显式地允许或禁止，并且代理可能会删除消息体(尽管它应该读取并转发它)。

我认为这个问题还没有一个好的答案，尽管已经有很多关于现有答案的很好的评论。我将把这些评论的要点升华为一个新的答案:

RFC7231中的这段话已经被引用了几次，这确实总结了它。

DELETE请求消息中的有效负载没有定义的语义; 在DELETE请求上发送有效负载主体可能会导致一些现有的问题 实现来拒绝请求。

我忽略了其他答案的含义。是的，允许在DELETE请求中包含一个主体，但这在语义上是没有意义的。这实际上意味着，发出带有请求体的DELETE请求在语义上等同于不包含请求体。

包含一个请求体不应该对请求有任何影响，所以包含它是没有意义的。

tl;dr:从技术上讲，一个带有请求体的DELETE请求是允许的，但是这样做是没有用的。

其他几个回答提到了RFC 7231，它有效地说了DELETE请求可以有一个主体，但不推荐。

在2022年，RFC 7231被RFC 9110: HTTP语义所取代，它现在说:

[...] content received in a DELETE request has no generally defined semantics, cannot alter the meaning or target of the request, and might lead some implementations to reject the request and close the connection [...]. A client SHOULD NOT generate content in a DELETE request unless it is made directly to an origin server that has previously indicated, in or out of band, that such a request has a purpose and will be adequately supported. An origin server SHOULD NOT rely on private agreements to receive content, since participants in HTTP communication are often unaware of intermediaries along the request chain.

这种语言在之前的语言基础上得到了加强，也就是说，即使它是允许的，在使用它时也需要非常小心，因为(例如)一些用户可能在代理的背后，为了打击“请求走私”而从请求中剥离主体。

有些版本的Tomcat和Jetty似乎会忽略存在的实体体。如果你想要收到它，那就麻烦了。