Why are there no PUT and DELETE methods on HTML forms?

This is a fascinating question. The other answers here are all speculative, and in some cases flat-out incorrect. Instead of writing my opinion here, I actually did some research and found original sources that discuss why delete and put are not part of the HTML5 form standard.

As it turns out, these methods were included in several, early HTML5 drafts (!), but were later removed in the subsequent drafts. Mozilla had actually implemented this in a Firefox beta, too.

What was the rationale for removing these methods from the draft? The W3C discussed this topic in bug report 10671. Mike Amundsen argued in favor of this support:

Executing PUT and DELETE to modify resources on the origin server is straight-forward for modern Web browsers using the XmlHttpRequest object. For unscripted browser interactions this not so simple. [...]

This pattern is required so often that several commonly-used Web frameworks/libraries have created a "built-in" work-around. [...]

Other considerations:

• Using POST as a tunnel instead of using PUT/DELETE can lead to caching mis-matches (e.g. POST responses are cachable, PUT responses are not(6), DELETE responses are not(7))
• Using a non-idempotent method (POST) to perform an idempotent operation (PUT/DELETE) complicates recovery due to network failures (e.g. "Is is safe to repeat this action?").
• [...]

It's worth reading his entire post.

Tom Wardrop also makes an interesting point (href):

HTML is inextricably bound to HTTP. HTML is the human interface of HTTP. It's therefore automatically questionable why HTML does not support all relevant methods in the HTTP specification. Why can machines PUT and DELETE resources, but humans cannot? [...]

It's contradictory that while HTML goes to great lengths to ensure semantic markup, it has to date made no such effort to ensure semantic HTTP requests.

The bug was eventually closed as Won't Fix by Ian Hickson, with the following rationale (href):

PUT as a form method makes no sense, you wouldn't want to PUT a form payload. DELETE only makes sense if there is no payload, so it doesn't make much sense with forms either.

However, that's not the end of the story! The issue was closed in the W3C bug tracker and escalated to the HTML Working Group issue tracker:

https://www.w3.org/html/wg/tracker/issues/195

At this point, it seems that the main reason why there is no support for these methods is simply that nobody has taken the time to write a comprehensive specification for it.

This is was raised in 2010 as Bug 10671 consider adding support for PUT and DELETE as form methods.

There was a moderate amount of pushback for this "feature" and some heavy-handedness but eventually this was escalated as two issues on the Working Groups bug tracker:

The issue ISSUE-196 resulted in a concensus decision to perform no change to the specification as the HTML specification does not currently restrict how responses to POST requests are handled. I believe this particular issue was raised in attempting to reconcile POST redirect patterns commonly in use and how ReSTful servers often provide 2xx responses with short messages rather than something useful to be rendered in a browser.

The issue ISSUE-195 was presented to the chairs. Cameron Jones stepped up to volunteer in writing a change proposal on the 18th of January 2012 which he submitted to become the first working draft on the 29th May 2014. The draft will go through the W3C recommendations process.

With any luck, this will soon become a W3C recommendation and implemented by browser vendors, and would be a great forward step in removing the blockers to produce unified, semantic and browser friendly ReSTful services. I imagine this will spark an interesting evolution in service patterns. There's a good talk by Jon Moore - Hypermedia APIs worth watching, this got my interest but fell down at the first hurdle (this one).

GET and POST have a clear content-neutral rationale. GET is to retrieve the content of an URL in a way that is safe to repeat and possibly cache. POST is to do something in a way that is not safe to repeat, execute speculatively, or cache.

There was no similar rationale for PUT or DELETE. They are both completely covered by POST. Creating or destroying a resource are operations that are not safe to repeat, not safe to execute speculatively, and should not be cached. There are no additional special semantics needed for them.

So basically there is no benefit.

My understanding is that browsers don't know what to do once they send a PUT or a DELETE. A POST will redirect to an appropriate page usually, but PUT and DELETE typically don't. This makes them appropriate for calling via ajax or a native program, but not from a web browser form.

I can't hind it right now, but I remember reading one of the html5 mailing lists when they were discussing this.

History

I think it's worth mentioning the first appearance of html forms in the RFC1866 (Section 8.1). Here the method attribute is defined as the following:

     METHOD
            selects a method of accessing the action URI. The set of
            applicable methods is a function of the scheme of the
            action URI of the form. See 8.2.2, "Query Forms:
            METHOD=GET" and 8.2.3, "Forms with Side-Effects:
            METHOD=POST".

Further explainations are located in Section 8.2.2 - GET and Section 8.2.3 - POST

Keep in mind, that HTML 2.0 (Nov. 1995) was specified before HTTP 1.0 (May 1996). So everybody used HTTP only with GET (as of HTTP 0.9) or with the extension POST. But only a few web servers supported PUT and DELETE (like stated in the HTTP 1.0 Appendix).

Thoughts

If you think about how Berners-Lee's development of the semantic web could have evolved it seems clear that it went from actual problems to a general concept. First he wanted to share documents. Therefore he needed markup. Then he wanted to query databases for content, so he needed forms. Then he wanted to put new data into the database. So he used forms with GET and POST. After that he may have realized that you could do every CRUD operation on data from remote, so HTTP was extended but never HTML because it was too late (only a few servers supported the new CRUD operations).

Get and post are are formats of transmitting the the data of the request.

I suppose you are asking about making form submission into a RESTFUL service. But it does not make sense to change the http request standard to make assumptions the purpose of the http request. Information of about the purpose that the request fills is best handled in the input fields.

Having an address and get and post allows the server to interpret the request and it's input values correctly. From there the input values allow you to make open ended requests to the server and do what ever you want. For example, you can have a field whose values are "put" and "delete"

Just throwing out a wild guess, but probably because HTTP isn't terribly good with access control at the best of times, and the last thing everyone needs is even more ways for malicious URLs to compromise a poorly secured website and/or application.

HTTP isn't really a good protocol for file transfers other than downloading from server to client. Use FTP - or better yet, SFTP.