`ERROR: DELETE operations cannot have a requestBody` contradicts RFC 7231 Section 4.3.5

Q&A (please complete the following information)

• OS: maxOS
• Browser: chrome
• Version: 71
• Method of installation: https://editor.swagger.io/
• Swagger-Editor version: unclear (would be nice if the version was shown on the UI
• Swagger/OpenAPI version: OpenAPI 3.0

Content & configuration

openapi: 3.0.2  
info:
  title: I can haz delete with request body
  version: 1.x
paths:
  /test:
    delete:
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object 
      responses:
        '204':
          description: No Content

Describe the bug you’re encountering

RFC 7231 Section 4.3.5 states:

A payload within a DELETE request message has no defined semantics; sending a payload body on a DELETE request might cause some existing implementations to reject the request.

In other words, a DELETE request may have a request body, it is up to the server to define the semantics.

Given that OpenAPI is specifically designed to specify semantics, we should not get an error message such as this:

Semantic error at paths./test.delete.requestBody
DELETE operations cannot have a requestBody.

To reproduce…

Steps to reproduce the behavior:

1. Go to https://editor.swagger.io/
2. Replace the editor content with the sample yaml above

Expected behavior

It shall not be an error for a DELETE request to define the semantics with respect to request bodies.

Screenshots

Additional context or thoughts

From looking at the HTTP 1.1. spec, the only request type that is forbidden from having a request body is TRACE

A client MUST NOT send a message body in a TRACE request.

Thus if the spec authors wanted to exclude request bodies from DELETE requests they would have included a MUST NOT in the DELETE section, but they didn’t therefore request bodies are allowed