只是一个提示，如果你在你的DELETE请求中提供了一个主体，并且使用了谷歌云HTTPS负载均衡器，它将拒绝你的请求，错误为400。我的头撞到墙上，然后发现谷歌，不管出于什么原因，认为一个带有主体的DELETE请求是一个畸形的请求。

其他几个回答提到了RFC 7231，它有效地说了DELETE请求可以有一个主体，但不推荐。

在2022年，RFC 7231被RFC 9110: HTTP语义所取代，它现在说:

[...] content received in a DELETE request has no generally defined semantics, cannot alter the meaning or target of the request, and might lead some implementations to reject the request and close the connection [...]. A client SHOULD NOT generate content in a DELETE request unless it is made directly to an origin server that has previously indicated, in or out of band, that such a request has a purpose and will be adequately supported. An origin server SHOULD NOT rely on private agreements to receive content, since participants in HTTP communication are often unaware of intermediaries along the request chain.

这种语言在之前的语言基础上得到了加强，也就是说，即使它是允许的，在使用它时也需要非常小心，因为(例如)一些用户可能在代理的背后，为了打击“请求走私”而从请求中剥离主体。

规范并没有明确禁止或阻止它，所以我倾向于说它是允许的。

微软也是这么看的(我能听到听众的嘀嘀声)，他们在MSDN的文章中提到了ADO的DELETE方法。NET数据服务框架:

如果一个DELETE请求包含一个实体体，该实体体将被忽略[…]

此外，这里是RFC2616 (HTTP 1.1)在请求方面所说的:

只有当消息体出现时，entity-body才会出现(第7.2节) 消息体的存在通过包含内容长度或传输编码头来表示(第4.3节)。 当请求方法的规范不允许发送实体体时(第4.3节)，就不能包含消息体。 仅在TRACE请求中明确禁止使用实体体，所有其他类型的请求都不受限制(第9节，特别是9.8节)

对于响应，这已被定义为:

是否包含消息体取决于请求方法和响应状态(第4.3节) 明确禁止在HEAD请求的响应中使用消息体(第9节和9.4节) 1xx(信息)、204(无内容)和304(未修改)响应中明确禁止消息体(第4.3节) 所有其他响应都包含消息体，尽管消息体可能为零长度(第4.3节)

更新

在RFC 9110(2022年6月)中，明确了GET、HEAD和DELETE上的请求体不可互操作的事实。

9.3.5删除

Although request message framing is independent of the method used, content received in a DELETE request has no generally defined semantics, cannot alter the meaning or target of the request, and might lead some implementations to reject the request and close the connection because of its potential as a request smuggling attack (Section 11.2 of [HTTP/1.1]). A client SHOULD NOT generate content in a DELETE request unless it is made directly to an origin server that has previously indicated, in or out of band, that such a request has a purpose and will be adequately supported. An origin server SHOULD NOT rely on private agreements to receive content, since participants in HTTP communication are often unaware of intermediaries along the request chain.

在我看来，RFC 2616并没有规定这一点。

从第4.3节开始:

The presence of a message-body in a request is signaled by the inclusion of a Content-Length or Transfer-Encoding header field in the request's message-headers. A message-body MUST NOT be included in a request if the specification of the request method (section 5.1.1) does not allow sending an entity-body in requests. A server SHOULD read and forward a message-body on any request; if the request method does not include defined semantics for an entity-body, then the message-body SHOULD be ignored when handling the request.

9.7节:

The DELETE method requests that the origin server delete the resource identified by the Request-URI. This method MAY be overridden by human intervention (or other means) on the origin server. The client cannot be guaranteed that the operation has been carried out, even if the status code returned from the origin server indicates that the action has been completed successfully. However, the server SHOULD NOT indicate success unless, at the time the response is given, it intends to delete the resource or move it to an inaccessible location. A successful response SHOULD be 200 (OK) if the response includes an entity describing the status, 202 (Accepted) if the action has not yet been enacted, or 204 (No Content) if the action has been enacted but the response does not include an entity. If the request passes through a cache and the Request-URI identifies one or more currently cached entities, those entries SHOULD be treated as stale. Responses to this method are not cacheable.c

因此，它没有显式地允许或禁止，并且代理可能会删除消息体(尽管它应该读取并转发它)。

有些版本的Tomcat和Jetty似乎会忽略存在的实体体。如果你想要收到它，那就麻烦了。

2014年更新的HTTP 1.1规范(RFC 7231)明确地允许在DELETE请求中使用实体:

DELETE请求消息中的有效负载没有定义的语义;在DELETE请求上发送有效负载主体可能会导致某些现有实现拒绝该请求。