draft-ietf-httpbis-p1-messaging-05.txt   draft-ietf-httpbis-p1-messaging-06.txt 
Network Working Group R. Fielding, Ed. HTTPbis Working Group R. Fielding, Ed.
Internet-Draft Day Software Internet-Draft Day Software
Obsoletes: 2616 (if approved) J. Gettys Obsoletes: 2616 (if approved) J. Gettys
Intended status: Standards Track One Laptop per Child Intended status: Standards Track One Laptop per Child
Expires: May 20, 2009 J. Mogul Expires: September 10, 2009 J. Mogul
HP HP
H. Frystyk H. Frystyk
Microsoft Microsoft
L. Masinter L. Masinter
Adobe Systems Adobe Systems
P. Leach P. Leach
Microsoft Microsoft
T. Berners-Lee T. Berners-Lee
W3C/MIT W3C/MIT
Y. Lafon, Ed. Y. Lafon, Ed.
W3C W3C
J. Reschke, Ed. J. Reschke, Ed.
greenbytes greenbytes
November 16, 2008 March 9, 2009
HTTP/1.1, part 1: URIs, Connections, and Message Parsing HTTP/1.1, part 1: URIs, Connections, and Message Parsing
draft-ietf-httpbis-p1-messaging-05 draft-ietf-httpbis-p1-messaging-06
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any This Internet-Draft is submitted to IETF in full conformance with the
applicable patent or other IPR claims of which he or she is aware provisions of BCP 78 and BCP 79. This document may contain material
have been or will be disclosed, and any of which he or she becomes from IETF Documents or IETF Contributions published or made publicly
aware will be disclosed, in accordance with Section 6 of BCP 79. available before November 10, 2008. The person(s) controlling the
copyright in some of this material may not have granted the IETF
Trust the right to allow modifications of such material outside the
IETF Standards Process. Without obtaining an adequate license from
the person(s) controlling the copyright in such materials, this
document may not be modified outside the IETF Standards Process, and
derivative works of it may not be created outside the IETF Standards
Process, except to format it for publication as an RFC or to
translate it into languages other than English.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet- other groups may also distribute working documents as Internet-
Drafts. Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
skipping to change at page 1, line 42 skipping to change at page 2, line 4
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet- other groups may also distribute working documents as Internet-
Drafts. Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on May 20, 2009. This Internet-Draft will expire on September 10, 2009.
Copyright Notice
Copyright (c) 2009 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents in effect on the date of
publication of this document (http://trustee.ietf.org/license-info).
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document.
Abstract Abstract
The Hypertext Transfer Protocol (HTTP) is an application-level The Hypertext Transfer Protocol (HTTP) is an application-level
protocol for distributed, collaborative, hypermedia information protocol for distributed, collaborative, hypertext information
systems. HTTP has been in use by the World Wide Web global systems. HTTP has been in use by the World Wide Web global
information initiative since 1990. This document is Part 1 of the information initiative since 1990. This document is Part 1 of the
seven-part specification that defines the protocol referred to as seven-part specification that defines the protocol referred to as
"HTTP/1.1" and, taken together, obsoletes RFC 2616. Part 1 provides "HTTP/1.1" and, taken together, obsoletes RFC 2616. Part 1 provides
an overview of HTTP and its associated terminology, defines the an overview of HTTP and its associated terminology, defines the
"http" and "https" Uniform Resource Identifier (URI) schemes, defines "http" and "https" Uniform Resource Identifier (URI) schemes, defines
the generic message syntax and parsing requirements for HTTP message the generic message syntax and parsing requirements for HTTP message
frames, and describes general security concerns for implementations. frames, and describes general security concerns for implementations.
Editorial Note (To be removed by RFC Editor) Editorial Note (To be removed by RFC Editor)
Discussion of this draft should take place on the HTTPBIS working Discussion of this draft should take place on the HTTPBIS working
group mailing list (ietf-http-wg@w3.org). The current issues list is group mailing list (ietf-http-wg@w3.org). The current issues list is
at <http://tools.ietf.org/wg/httpbis/trac/report/11> and related at <http://tools.ietf.org/wg/httpbis/trac/report/11> and related
documents (including fancy diffs) can be found at documents (including fancy diffs) can be found at
<http://tools.ietf.org/wg/httpbis/>. <http://tools.ietf.org/wg/httpbis/>.
The changes in this draft are summarized in Appendix E.6. The changes in this draft are summarized in Appendix E.7.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 5 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 6
1.1. Requirements . . . . . . . . . . . . . . . . . . . . . . . 5 1.1. Requirements . . . . . . . . . . . . . . . . . . . . . . . 7
1.2. Overall Operation . . . . . . . . . . . . . . . . . . . . 6 1.2. Syntax Notation . . . . . . . . . . . . . . . . . . . . . 7
2. Notational Conventions and Generic Grammar . . . . . . . . . . 8 1.2.1. ABNF Extension: #rule . . . . . . . . . . . . . . . . 7
2.1. ABNF Extension: #rule . . . . . . . . . . . . . . . . . . 8 1.2.2. Basic Rules . . . . . . . . . . . . . . . . . . . . . 8
2.2. Basic Rules . . . . . . . . . . . . . . . . . . . . . . . 8 1.2.3. ABNF Rules defined in other Parts of the
2.3. ABNF Rules defined in other Parts of the Specification . . 10 Specification . . . . . . . . . . . . . . . . . . . . 9
3. Protocol Parameters . . . . . . . . . . . . . . . . . . . . . 11 2. HTTP architecture . . . . . . . . . . . . . . . . . . . . . . 10
3.1. HTTP Version . . . . . . . . . . . . . . . . . . . . . . . 11 2.1. Uniform Resource Identifiers . . . . . . . . . . . . . . . 10
3.2. Uniform Resource Identifiers . . . . . . . . . . . . . . . 12 2.1.1. http URI scheme . . . . . . . . . . . . . . . . . . . 11
3.2.1. http URI scheme . . . . . . . . . . . . . . . . . . . 13 2.1.2. https URI scheme . . . . . . . . . . . . . . . . . . . 11
3.2.2. URI Comparison . . . . . . . . . . . . . . . . . . . . 13 2.1.3. URI Comparison . . . . . . . . . . . . . . . . . . . . 11
3.3. Date/Time Formats . . . . . . . . . . . . . . . . . . . . 14 2.1.4. Scheme aliases considered harmful . . . . . . . . . . 12
3.3.1. Full Date . . . . . . . . . . . . . . . . . . . . . . 14 2.2. Overall Operation . . . . . . . . . . . . . . . . . . . . 12
3.4. Transfer Codings . . . . . . . . . . . . . . . . . . . . . 16 2.3. Use of HTTP for proxy communication . . . . . . . . . . . 14
3.4.1. Chunked Transfer Coding . . . . . . . . . . . . . . . 17 2.4. Interception of HTTP for access control . . . . . . . . . 14
3.5. Product Tokens . . . . . . . . . . . . . . . . . . . . . . 18 2.5. Use of HTTP by other protocols . . . . . . . . . . . . . . 14
4. HTTP Message . . . . . . . . . . . . . . . . . . . . . . . . . 19 2.6. Use of HTTP by media type specification . . . . . . . . . 14
4.1. Message Types . . . . . . . . . . . . . . . . . . . . . . 19 3. Protocol Parameters . . . . . . . . . . . . . . . . . . . . . 14
4.2. Message Headers . . . . . . . . . . . . . . . . . . . . . 20 3.1. HTTP Version . . . . . . . . . . . . . . . . . . . . . . . 14
4.3. Message Body . . . . . . . . . . . . . . . . . . . . . . . 21 3.2. Date/Time Formats . . . . . . . . . . . . . . . . . . . . 15
4.4. Message Length . . . . . . . . . . . . . . . . . . . . . . 22 3.2.1. Full Date . . . . . . . . . . . . . . . . . . . . . . 15
4.5. General Header Fields . . . . . . . . . . . . . . . . . . 23 3.3. Transfer Codings . . . . . . . . . . . . . . . . . . . . . 17
5. Request . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 3.3.1. Chunked Transfer Coding . . . . . . . . . . . . . . . 18
5.1. Request-Line . . . . . . . . . . . . . . . . . . . . . . . 24 3.4. Product Tokens . . . . . . . . . . . . . . . . . . . . . . 20
5.1.1. Method . . . . . . . . . . . . . . . . . . . . . . . . 24 3.5. Quality Values . . . . . . . . . . . . . . . . . . . . . . 21
5.1.2. Request-URI . . . . . . . . . . . . . . . . . . . . . 24 4. HTTP Message . . . . . . . . . . . . . . . . . . . . . . . . . 21
5.2. The Resource Identified by a Request . . . . . . . . . . . 26 4.1. Message Types . . . . . . . . . . . . . . . . . . . . . . 21
6. Response . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 4.2. Message Headers . . . . . . . . . . . . . . . . . . . . . 22
6.1. Status-Line . . . . . . . . . . . . . . . . . . . . . . . 27 4.3. Message Body . . . . . . . . . . . . . . . . . . . . . . . 23
6.1.1. Status Code and Reason Phrase . . . . . . . . . . . . 27 4.4. Message Length . . . . . . . . . . . . . . . . . . . . . . 24
7. Connections . . . . . . . . . . . . . . . . . . . . . . . . . 27 4.5. General Header Fields . . . . . . . . . . . . . . . . . . 26
7.1. Persistent Connections . . . . . . . . . . . . . . . . . . 28 5. Request . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
7.1.1. Purpose . . . . . . . . . . . . . . . . . . . . . . . 28 5.1. Request-Line . . . . . . . . . . . . . . . . . . . . . . . 27
7.1.2. Overall Operation . . . . . . . . . . . . . . . . . . 28 5.1.1. Method . . . . . . . . . . . . . . . . . . . . . . . . 27
7.1.3. Proxy Servers . . . . . . . . . . . . . . . . . . . . 30 5.1.2. request-target . . . . . . . . . . . . . . . . . . . . 27
7.1.4. Practical Considerations . . . . . . . . . . . . . . . 30 5.2. The Resource Identified by a Request . . . . . . . . . . . 29
7.2. Message Transmission Requirements . . . . . . . . . . . . 31 6. Response . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
7.2.1. Persistent Connections and Flow Control . . . . . . . 31 6.1. Status-Line . . . . . . . . . . . . . . . . . . . . . . . 30
7.2.2. Monitoring Connections for Error Status Messages . . . 31 6.1.1. Status Code and Reason Phrase . . . . . . . . . . . . 30
7.2.3. Use of the 100 (Continue) Status . . . . . . . . . . . 32 7. Connections . . . . . . . . . . . . . . . . . . . . . . . . . 31
7.1. Persistent Connections . . . . . . . . . . . . . . . . . . 31
7.1.1. Purpose . . . . . . . . . . . . . . . . . . . . . . . 31
7.1.2. Overall Operation . . . . . . . . . . . . . . . . . . 32
7.1.3. Proxy Servers . . . . . . . . . . . . . . . . . . . . 33
7.1.4. Practical Considerations . . . . . . . . . . . . . . . 33
7.2. Message Transmission Requirements . . . . . . . . . . . . 34
7.2.1. Persistent Connections and Flow Control . . . . . . . 34
7.2.2. Monitoring Connections for Error Status Messages . . . 35
7.2.3. Use of the 100 (Continue) Status . . . . . . . . . . . 35
7.2.4. Client Behavior if Server Prematurely Closes 7.2.4. Client Behavior if Server Prematurely Closes
Connection . . . . . . . . . . . . . . . . . . . . . . 34 Connection . . . . . . . . . . . . . . . . . . . . . . 37
8. Header Field Definitions . . . . . . . . . . . . . . . . . . . 34 8. Header Field Definitions . . . . . . . . . . . . . . . . . . . 38
8.1. Connection . . . . . . . . . . . . . . . . . . . . . . . . 35 8.1. Connection . . . . . . . . . . . . . . . . . . . . . . . . 38
8.2. Content-Length . . . . . . . . . . . . . . . . . . . . . . 36 8.2. Content-Length . . . . . . . . . . . . . . . . . . . . . . 39
8.3. Date . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 8.3. Date . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
8.3.1. Clockless Origin Server Operation . . . . . . . . . . 37 8.3.1. Clockless Origin Server Operation . . . . . . . . . . 41
8.4. Host . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 8.4. Host . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
8.5. TE . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 8.5. TE . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
8.6. Trailer . . . . . . . . . . . . . . . . . . . . . . . . . 39 8.6. Trailer . . . . . . . . . . . . . . . . . . . . . . . . . 43
8.7. Transfer-Encoding . . . . . . . . . . . . . . . . . . . . 40 8.7. Transfer-Encoding . . . . . . . . . . . . . . . . . . . . 43
8.8. Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . 41 8.8. Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . 44
8.9. Via . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 8.9. Via . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 43 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 47
9.1. Message Header Registration . . . . . . . . . . . . . . . 43 9.1. Message Header Registration . . . . . . . . . . . . . . . 47
9.2. URI Scheme Registration . . . . . . . . . . . . . . . . . 44 9.2. URI Scheme Registration . . . . . . . . . . . . . . . . . 47
9.3. Internet Media Type Registrations . . . . . . . . . . . . 44 9.3. Internet Media Type Registrations . . . . . . . . . . . . 47
9.3.1. Internet Media Type message/http . . . . . . . . . . . 44 9.3.1. Internet Media Type message/http . . . . . . . . . . . 47
9.3.2. Internet Media Type application/http . . . . . . . . . 45 9.3.2. Internet Media Type application/http . . . . . . . . . 48
10. Security Considerations . . . . . . . . . . . . . . . . . . . 46 10. Security Considerations . . . . . . . . . . . . . . . . . . . 50
10.1. Personal Information . . . . . . . . . . . . . . . . . . . 47 10.1. Personal Information . . . . . . . . . . . . . . . . . . . 50
10.2. Abuse of Server Log Information . . . . . . . . . . . . . 47 10.2. Abuse of Server Log Information . . . . . . . . . . . . . 50
10.3. Attacks Based On File and Path Names . . . . . . . . . . . 47 10.3. Attacks Based On File and Path Names . . . . . . . . . . . 50
10.4. DNS Spoofing . . . . . . . . . . . . . . . . . . . . . . . 47 10.4. DNS Spoofing . . . . . . . . . . . . . . . . . . . . . . . 51
10.5. Proxies and Caching . . . . . . . . . . . . . . . . . . . 48 10.5. Proxies and Caching . . . . . . . . . . . . . . . . . . . 51
10.6. Denial of Service Attacks on Proxies . . . . . . . . . . . 49 10.6. Denial of Service Attacks on Proxies . . . . . . . . . . . 52
11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 49 11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 52
12. References . . . . . . . . . . . . . . . . . . . . . . . . . . 50 12. References . . . . . . . . . . . . . . . . . . . . . . . . . . 53
12.1. Normative References . . . . . . . . . . . . . . . . . . . 50 12.1. Normative References . . . . . . . . . . . . . . . . . . . 53
12.2. Informative References . . . . . . . . . . . . . . . . . . 51 12.2. Informative References . . . . . . . . . . . . . . . . . . 54
Appendix A. Tolerant Applications . . . . . . . . . . . . . . . . 53 Appendix A. Tolerant Applications . . . . . . . . . . . . . . . . 56
Appendix B. Conversion of Date Formats . . . . . . . . . . . . . 54 Appendix B. Compatibility with Previous Versions . . . . . . . . 57
Appendix C. Compatibility with Previous Versions . . . . . . . . 54 B.1. Changes from HTTP/1.0 . . . . . . . . . . . . . . . . . . 58
C.1. Changes from HTTP/1.0 . . . . . . . . . . . . . . . . . . 55 B.1.1. Changes to Simplify Multi-homed Web Servers and
C.1.1. Changes to Simplify Multi-homed Web Servers and Conserve IP Addresses . . . . . . . . . . . . . . . . 58
Conserve IP Addresses . . . . . . . . . . . . . . . . 55 B.2. Compatibility with HTTP/1.0 Persistent Connections . . . . 59
C.2. Compatibility with HTTP/1.0 Persistent Connections . . . . 56 B.3. Changes from RFC 2068 . . . . . . . . . . . . . . . . . . 59
C.3. Changes from RFC 2068 . . . . . . . . . . . . . . . . . . 57 B.4. Changes from RFC 2616 . . . . . . . . . . . . . . . . . . 60
C.4. Changes from RFC 2616 . . . . . . . . . . . . . . . . . . 57 Appendix C. Terminology . . . . . . . . . . . . . . . . . . . . . 60
Appendix D. Terminology . . . . . . . . . . . . . . . . . . . . . 58 Appendix D. Collected ABNF . . . . . . . . . . . . . . . . . . . 64
Appendix E. Change Log (to be removed by RFC Editor before Appendix E. Change Log (to be removed by RFC Editor before
publication) . . . . . . . . . . . . . . . . . . . . 61 publication) . . . . . . . . . . . . . . . . . . . . 68
E.1. Since RFC2616 . . . . . . . . . . . . . . . . . . . . . . 61 E.1. Since RFC2616 . . . . . . . . . . . . . . . . . . . . . . 68
E.2. Since draft-ietf-httpbis-p1-messaging-00 . . . . . . . . . 61 E.2. Since draft-ietf-httpbis-p1-messaging-00 . . . . . . . . . 68
E.3. Since draft-ietf-httpbis-p1-messaging-01 . . . . . . . . . 62 E.3. Since draft-ietf-httpbis-p1-messaging-01 . . . . . . . . . 70
E.4. Since draft-ietf-httpbis-p1-messaging-02 . . . . . . . . . 63 E.4. Since draft-ietf-httpbis-p1-messaging-02 . . . . . . . . . 71
E.5. Since draft-ietf-httpbis-p1-messaging-03 . . . . . . . . . 64 E.5. Since draft-ietf-httpbis-p1-messaging-03 . . . . . . . . . 71
E.6. Since draft-ietf-httpbis-p1-messaging-04 . . . . . . . . . 64 E.6. Since draft-ietf-httpbis-p1-messaging-04 . . . . . . . . . 72
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 E.7. Since draft-ietf-httpbis-p1-messaging-05 . . . . . . . . . 72
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 69 Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Intellectual Property and Copyright Statements . . . . . . . . . . 72 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 77
1. Introduction 1. Introduction
The Hypertext Transfer Protocol (HTTP) is an application-level The Hypertext Transfer Protocol (HTTP) is an application-level
request/response protocol that uses extensible semantics and MIME- request/response protocol that uses extensible semantics and MIME-
like message payloads for flexible interaction with network-based like message payloads for flexible interaction with network-based
hypermedia information systems. HTTP relies upon the Uniform hypertext information systems. HTTP relies upon the Uniform Resource
Resource Identifier (URI) standard [RFC3986] to indicate resource Identifier (URI) standard [RFC3986] to indicate request targets and
targets for interaction and to identify other resources. Messages relationships between resources. Messages are passed in a format
are passed in a format similar to that used by Internet mail similar to that used by Internet mail [RFC5322] and the Multipurpose
[RFC5322] and the Multipurpose Internet Mail Extensions (MIME) Internet Mail Extensions (MIME) [RFC2045] (see Appendix A of [Part3]
[RFC2045] (see Appendix A of [Part3] for the differences between HTTP for the differences between HTTP and MIME messages).
and MIME messages).
HTTP is a generic interface protocol for information systems. It is
designed to hide the details of how a service is implemented by
presenting a uniform interface to clients that is independent of the
types of resources provided. Likewise, servers do not need to be
aware of each client's purpose: an HTTP request can be considered in
isolation rather than being associated with a specific type of client
or a predetermined sequence of application steps. The result is a
protocol that can be used effectively in many different contexts and
for which implementations can evolve independently over time.
HTTP is also designed for use as a generic protocol for translating HTTP is also designed for use as a generic protocol for translating
communication to and from other Internet information systems, such as communication to and from other Internet information systems. HTTP
USENET news services via NNTP [RFC3977], file services via FTP proxies and gateways provide access to alternative information
[RFC959], Gopher [RFC1436], and WAIS [WAIS]. HTTP proxies and services by translating their diverse protocols into a hypertext
gateways provide access to alternative information services by format that can be viewed and manipulated by clients in the same way
translating their diverse protocols into a hypermedia format that can as HTTP services.
be viewed and manipulated by clients in the same way as HTTP
services. One consequence of HTTP flexibility is that the protocol cannot be
defined in terms of what occurs behind the interface. Instead, we
are limited to defining the syntax of communication, the intent of
received communication, and the expected behavior of recipients. If
the communication is considered in isolation, then successful actions
should be reflected in corresponding changes to the observable
interface provided by servers. However, since multiple clients may
act in parallel and perhaps at cross-purposes, we cannot require that
such changes be observable beyond the scope of a single response.
This document is Part 1 of the seven-part specification of HTTP, This document is Part 1 of the seven-part specification of HTTP,
defining the protocol referred to as "HTTP/1.1" and obsoleting defining the protocol referred to as "HTTP/1.1" and obsoleting
[RFC2616]. Part 1 defines how clients determine when to use HTTP, [RFC2616]. Part 1 describes the architectural elements that are used
the URI schemes specific to HTTP-based resources, overall network or referred to in HTTP and defines the URI schemes specific to HTTP-
operation with transport protocol connection management, and HTTP based resources, overall network operation, connection management,
message framing. Our goal is to define all of the mechanisms and HTTP message framing and forwarding requirements. Our goal is to
necessary for HTTP message handling that are independent of message define all of the mechanisms necessary for HTTP message handling that
semantics, thereby defining the complete set of requirements for an are independent of message semantics, thereby defining the complete
HTTP message relay or generic message parser. set of requirements for message parsers and message-forwarding
intermediaries.
1.1. Requirements 1.1. Requirements
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
An implementation is not compliant if it fails to satisfy one or more An implementation is not compliant if it fails to satisfy one or more
of the MUST or REQUIRED level requirements for the protocols it of the MUST or REQUIRED level requirements for the protocols it
implements. An implementation that satisfies all the MUST or implements. An implementation that satisfies all the MUST or
REQUIRED level and all the SHOULD level requirements for its REQUIRED level and all the SHOULD level requirements for its
protocols is said to be "unconditionally compliant"; one that protocols is said to be "unconditionally compliant"; one that
satisfies all the MUST level requirements but not all the SHOULD satisfies all the MUST level requirements but not all the SHOULD
level requirements for its protocols is said to be "conditionally level requirements for its protocols is said to be "conditionally
compliant." compliant."
1.2. Overall Operation 1.2. Syntax Notation
This specification uses the Augmented Backus-Naur Form (ABNF)
notation of [RFC5234].
The following core rules are included by reference, as defined in
[RFC5234], Appendix B.1: ALPHA (letters), CR (carriage return), CRLF
(CR LF), CTL (controls), DIGIT (decimal 0-9), DQUOTE (double quote),
HEXDIG (hexadecimal 0-9/A-F/a-f), LF (line feed), OCTET (any 8-bit
sequence of data), SP (space), VCHAR (any visible [USASCII]
character), and WSP (whitespace).
1.2.1. ABNF Extension: #rule
One extension to the ABNF rules of [RFC5234] is used to improve
readability.
A construct "#" is defined, similar to "*", for defining lists of
elements. The full form is "<n>#<m>element" indicating at least <n>
and at most <m> elements, each separated by a single comma (",") and
optional whitespace (OWS).
Thus,
1#element => element *( OWS "," OWS element )
and:
#element => [ 1#element ]
and for n >= 1 and m > 1:
<n>#<m>element => element <n-1>*<m-1>( OWS "," OWS element )
For compatibility with legacy list rules, recipients SHOULD accept
empty list elements. In other words, consumers would follow the list
productions:
#element => [ ( "," / element ) *( OWS "," [ OWS element ] ) ]
1#element => *( "," OWS ) element *( OWS "," [ OWS element ] )
Appendix D shows the collected ABNF, with the list rules expanded as
explained above.
1.2.2. Basic Rules
HTTP/1.1 defines the sequence CR LF as the end-of-line marker for all
protocol elements except the entity-body (see Appendix A for tolerant
applications). The end-of-line marker within an entity-body is
defined by its associated media type, as described in Section 2.3 of
[Part3].
This specification uses three rules to denote the use of linear
whitespace: OWS (optional whitespace), RWS (required whitespace), and
BWS ("bad" whitespace).
The OWS rule is used where zero or more linear whitespace characters
may appear. OWS SHOULD either not be produced or be produced as a
single SP character. Multiple OWS characters that occur within
field-content SHOULD be replaced with a single SP before interpreting
the field value or forwarding the message downstream.
RWS is used when at least one linear whitespace character is required
to separate field tokens. RWS SHOULD be produced as a single SP
character. Multiple RWS characters that occur within field-content
SHOULD be replaced with a single SP before interpreting the field
value or forwarding the message downstream.
BWS is used where the grammar allows optional whitespace for
historical reasons but senders SHOULD NOT produce it in messages.
HTTP/1.1 recipients MUST accept such bad optional whitespace and
remove it before interpreting the field value or forwarding the
message downstream.
OWS = *( [ obs-fold ] WSP )
; "optional" whitespace
RWS = 1*( [ obs-fold ] WSP )
; "required" whitespace
BWS = OWS
; "bad" whitespace
obs-fold = CRLF
; see Section 4.2
Many HTTP/1.1 header field values consist of words separated by
whitespace or special characters. These special characters MUST be
in a quoted string to be used within a parameter value (as defined in
Section 3.3).
tchar = "!" / "#" / "$" / "%" / "&" / "'" / "*"
/ "+" / "-" / "." / "^" / "_" / "`" / "|" / "~"
/ DIGIT / ALPHA
token = 1*tchar
A string of text is parsed as a single word if it is quoted using
double-quote marks.
quoted-string = DQUOTE *( qdtext / quoted-pair ) DQUOTE
qdtext = *( OWS / %x21 / %x23-5B / %x5D-7E / obs-text )
obs-text = %x80-FF
The backslash character ("\") MAY be used as a single-character
quoting mechanism only within quoted-string and comment constructs.
quoted-text = %x01-09 /
%x0B-0C /
%x0E-FF ; Characters excluding NUL, CR and LF
quoted-pair = "\" quoted-text
1.2.3. ABNF Rules defined in other Parts of the Specification
The ABNF rules below are defined in other parts:
request-header = <request-header, defined in [Part2], Section 3>
response-header = <response-header, defined in [Part2], Section 5>
entity-body = <entity-body, defined in [Part3], Section 3.2>
entity-header = <entity-header, defined in [Part3], Section 3.1>
Cache-Control = <Cache-Control, defined in [Part6], Section 3.4>
Pragma = <Pragma, defined in [Part6], Section 3.4>
Warning = <Warning, defined in [Part6], Section 3.6>
2. HTTP architecture
HTTP was created with a specific architecture in mind, the World Wide
Web, and has evolved over time to support the scalability needs of a
worldwide hypertext system. Much of that architecture is reflected
in the terminology and syntax productions used to define HTTP.
2.1. Uniform Resource Identifiers
Uniform Resource Identifiers (URIs) [RFC3986] are used throughout
HTTP as the means for identifying resources. URI references are used
to target requests, redirect responses, and define relationships.
HTTP does not limit what a resource may be; it merely defines an
interface that can be used to interact with a resource via HTTP.
More information on the scope of URIs and resources can be found in
[RFC3986].
This specification adopts the definitions of "URI-reference",
"absolute-URI", "relative-part", "fragment", "port", "host", "path-
abempty", "path-absolute", "query", and "authority" from [RFC3986].
In addition, we define a partial-URI rule for protocol elements that
allow a relative URI without a fragment.
URI = <URI, defined in [RFC3986], Section 3>
URI-reference = <URI-reference, defined in [RFC3986], Section 4.1>
absolute-URI = <absolute-URI, defined in [RFC3986], Section 4.3>
relative-part = <relative-part, defined in [RFC3986], Section 4.2>
authority = <authority, defined in [RFC3986], Section 3.2>
fragment = <fragment, defined in [RFC3986], Section 3.5>
path-abempty = <path-abempty, defined in [RFC3986], Section 3.3>
path-absolute = <path-absolute, defined in [RFC3986], Section 3.3>
port = <port, defined in [RFC3986], Section 3.2.3>
query = <query, defined in [RFC3986], Section 3.4>
uri-host = <host, defined in [RFC3986], Section 3.2.2>
partial-URI = relative-part [ "?" query ]
Each protocol element in HTTP that allows a URI reference will
indicate in its ABNF production whether the element allows only a URI
in absolute form (absolute-URI), any relative reference (relative-
ref), or some other subset of the URI-reference grammar. Unless
otherwise indicated, URI references are parsed relative to the
request target (the default base URI for both the request and its
corresponding response).
2.1.1. http URI scheme
The "http" scheme is used to locate network resources via the HTTP
protocol.
http-URI = "http:" "//" authority path-abempty [ "?" query ]
If the port is empty or not given, port 80 is assumed. The semantics
are that the identified resource is located at the server listening
for TCP connections on that port of that host, and the request-target
for the resource is path-absolute (Section 5.1.2). The use of IP
addresses in URLs SHOULD be avoided whenever possible (see
[RFC1900]). If the path-absolute is not present in the URL, it MUST
be given as "/" when used as a request-target for a resource
(Section 5.1.2). If a proxy receives a host name which is not a
fully qualified domain name, it MAY add its domain to the host name
it received. If a proxy receives a fully qualified domain name, the
proxy MUST NOT change the host name.
2.1.2. https URI scheme
[[anchor1: TBD: Define and explain purpose of https scheme.]]
Note: the "https" scheme is defined in [RFC2818].
2.1.3. URI Comparison
When comparing two URIs to decide if they match or not, a client
SHOULD use a case-sensitive octet-by-octet comparison of the entire
URIs, with these exceptions:
o A port that is empty or not given is equivalent to the default
port for that URI-reference;
o Comparisons of host names MUST be case-insensitive;
o Comparisons of scheme names MUST be case-insensitive;
o An empty path-absolute is equivalent to a path-absolute of "/".
o Characters other than those in the "reserved" set are equivalent
to their percent-encoded octets (see [RFC3986], Section 2.1).
For example, the following three URIs are equivalent:
http://example.com:80/~smith/home.html
http://EXAMPLE.com/%7Esmith/home.html
http://EXAMPLE.com:/%7esmith/home.html
2.1.4. Scheme aliases considered harmful
2.2. Overall Operation
HTTP is a request/response protocol. A client sends a request to the HTTP is a request/response protocol. A client sends a request to the
server in the form of a request method, URI, and protocol version, server in the form of a request method, URI, and protocol version,
followed by a MIME-like message containing request modifiers, client followed by a MIME-like message containing request modifiers, client
information, and possible body content over a connection with a information, and possible body content over a connection with a
server. The server responds with a status line, including the server. The server responds with a status line, including the
message's protocol version and a success or error code, followed by a message's protocol version and a success or error code, followed by a
MIME-like message containing server information, entity MIME-like message containing server information, entity
metainformation, and possible entity-body content. The relationship metainformation, and possible entity-body content.
between HTTP and MIME is described in Appendix A of [Part3].
Most HTTP communication is initiated by a user agent and consists of Most HTTP communication is initiated by a user agent and consists of
a request to be applied to a resource on some origin server. In the a request to be applied to a resource on some origin server. In the
simplest case, this may be accomplished via a single connection (v) simplest case, this may be accomplished via a single connection (v)
between the user agent (UA) and the origin server (O). between the user agent (UA) and the origin server (O).
request chain ------------------------> request chain ------------------------>
UA -------------------v------------------- O UA -------------------v------------------- O
<----------------------- response chain <----------------------- response chain
skipping to change at page 8, line 5 skipping to change at page 14, line 10
only presumes a reliable transport; any protocol that provides such only presumes a reliable transport; any protocol that provides such
guarantees can be used; the mapping of the HTTP/1.1 request and guarantees can be used; the mapping of the HTTP/1.1 request and
response structures onto the transport data units of the protocol in response structures onto the transport data units of the protocol in
question is outside the scope of this specification. question is outside the scope of this specification.
In HTTP/1.0, most implementations used a new connection for each In HTTP/1.0, most implementations used a new connection for each
request/response exchange. In HTTP/1.1, a connection may be used for request/response exchange. In HTTP/1.1, a connection may be used for
one or more request/response exchanges, although connections may be one or more request/response exchanges, although connections may be
closed for a variety of reasons (see Section 7.1). closed for a variety of reasons (see Section 7.1).
2. Notational Conventions and Generic Grammar 2.3. Use of HTTP for proxy communication
2.1. ABNF Extension: #rule
One extension to the ABNF rules of [RFC5234] is used to improve
readability.
A construct "#" is defined, similar to "*", for defining lists of
elements. The full form is "<n>#<m>element" indicating at least <n>
and at most <m> elements, each separated by one or more commas (",")
and OPTIONAL linear white space (OWS). This makes the usual form of
lists very easy; a rule such as
( *OWS element *( *OWS "," *OWS element ))
can be shown as
1#element
Wherever this construct is used, null elements are allowed, but do
not contribute to the count of elements present. That is,
"(element), , (element) " is permitted, but counts as only two
elements. Therefore, where at least one element is required, at
least one non-null element MUST be present. Default values are 0 and
infinity so that "#element" allows any number, including zero;
"1#element" requires at least one; and "1#2element" allows one or
two.
[[abnf.list: At a later point of time, we may want to add an appendix
containing the whole ABNF, with the list rules expanded to strict RFC
5234 notation.]]
2.2. Basic Rules
This specification uses the Augmented Backus-Naur Form (ABNF)
notation of [RFC5234]. The following core rules are included by
reference, as defined in [RFC5234], Appendix B.1: ALPHA (letters),
CHAR (any [USASCII] character, excluding NUL), CR (carriage return),
CRLF (CR LF), CTL (controls), DIGIT (decimal 0-9), DQUOTE (double
quote), HEXDIG (hexadecimal 0-9/A-F/a-f), HTAB (horizontal tab), LF
(line feed), OCTET (any 8-bit sequence of data), SP (space) and WSP
(white space).
HTTP/1.1 defines the sequence CR LF as the end-of-line marker for all
protocol elements except the entity-body (see Appendix A for tolerant
applications). The end-of-line marker within an entity-body is
defined by its associated media type, as described in Section 3.3 of
[Part3].
All linear white space (LWS) in header field-values has the same
semantics as SP. A recipient MAY replace any such linear white space
with a single SP before interpreting the field value or forwarding
the message downstream.
Historically, HTTP/1.1 header field values allow linear white space
folding across multiple lines. However, this specification
deprecates its use; senders MUST NOT produce messages that include
LWS folding (i.e., use the obs-fold rule), except within the message/
http media type (Section 9.3.1). Receivers SHOULD still parse folded
linear white space.
This specification uses three rules to denote the use of linear white
space; BWS ("Bad" White Space), OWS (Optional White Space), and RWS
(Required White Space).
"Bad" white space is allowed by the BNF, but senders SHOULD NOT
produce it in messages. Receivers MUST accept it in incoming
messages.
Required white space is used when at least one linear white space
character is required to separate field tokens. In all such cases, a
single SP character SHOULD be used.
OWS = *( [ obs-fold ] WSP )
; "optional" white space
RWS = 1*( [ obs-fold ] WSP )
; "required" white space
BWS = OWS
; "bad" white space
obs-fold = CRLF
The TEXT rule is only used for descriptive field contents and values
that are not intended to be interpreted by the message parser. Words
of *TEXT MAY contain characters from character sets other than ISO-
8859-1 [ISO-8859-1] only when encoded according to the rules of
[RFC2047].
TEXT = %x20-7E / %x80-FF / OWS
; any OCTET except CTLs, but including OWS
A CRLF is allowed in the definition of TEXT only as part of a header
field continuation. It is expected that the folding LWS will be
replaced with a single SP before interpretation of the TEXT value.
Many HTTP/1.1 header field values consist of words separated by LWS
or special characters. These special characters MUST be in a quoted
string to be used within a parameter value (as defined in
Section 3.4).
tchar = "!" / "#" / "$" / "%" / "&" / "'" / "*"
/ "+" / "-" / "." / "^" / "_" / "`" / "|" / "~"
/ DIGIT / ALPHA
token = 1*tchar
Comments can be included in some HTTP header fields by surrounding
the comment text with parentheses. Comments are only allowed in
fields containing "comment" as part of their field value definition.
In all other fields, parentheses are considered part of the field
value.
comment = "(" *( ctext / quoted-pair / comment ) ")"
ctext = <any TEXT excluding "(" and ")">
A string of text is parsed as a single word if it is quoted using
double-quote marks.
quoted-string = DQUOTE *(qdtext / quoted-pair ) DQUOTE
qdtext = <any TEXT excluding DQUOTE and "\">
The backslash character ("\") MAY be used as a single-character [[anchor2: TBD: Configured to use HTTP to proxy HTTP or other
quoting mechanism only within quoted-string and comment constructs. protocols.]]
quoted-text = %x01-09 / 2.4. Interception of HTTP for access control
%x0B-0C /
%x0E-FF ; Characters excluding NUL, CR and LF
quoted-pair = "\" quoted-text
2.3. ABNF Rules defined in other Parts of the Specification [[anchor3: TBD: Interception of HTTP traffic for initiating access
control.]]
The ABNF rules below are defined in other parts: 2.5. Use of HTTP by other protocols
request-header = <request-header, defined in [Part2], Section 4> [[anchor4: TBD: Profiles of HTTP defined by other protocol.
response-header = <response-header, defined in [Part2], Section 6> Extensions of HTTP like WebDAV.]]
accept-params = <accept-params, defined in [Part3], Section 6.1> 2.6. Use of HTTP by media type specification
entity-body = <entity-body, defined in [Part3], Section 4.2>
entity-header = <entity-header, defined in [Part3], Section 4.1>
Cache-Control = <Cache-Control, defined in [Part6], Section 16.4> [[anchor5: TBD: Instructions on composing HTTP requests via hypertext
Pragma = <Pragma, defined in [Part6], Section 16.4> formats.]]
Warning = <Warning, defined in [Part6], Section 16.6>
3. Protocol Parameters 3. Protocol Parameters
3.1. HTTP Version 3.1. HTTP Version
HTTP uses a "<major>.<minor>" numbering scheme to indicate versions HTTP uses a "<major>.<minor>" numbering scheme to indicate versions
of the protocol. The protocol versioning policy is intended to allow of the protocol. The protocol versioning policy is intended to allow
the sender to indicate the format of a message and its capacity for the sender to indicate the format of a message and its capacity for
understanding further HTTP communication, rather than the features understanding further HTTP communication, rather than the features
obtained via that communication. No change is made to the version obtained via that communication. No change is made to the version
skipping to change at page 12, line 15 skipping to change at page 15, line 41
Due to interoperability problems with HTTP/1.0 proxies discovered Due to interoperability problems with HTTP/1.0 proxies discovered
since the publication of [RFC2068], caching proxies MUST, gateways since the publication of [RFC2068], caching proxies MUST, gateways
MAY, and tunnels MUST NOT upgrade the request to the highest version MAY, and tunnels MUST NOT upgrade the request to the highest version
they support. The proxy/gateway's response to that request MUST be they support. The proxy/gateway's response to that request MUST be
in the same major version as the request. in the same major version as the request.
Note: Converting between versions of HTTP may involve modification Note: Converting between versions of HTTP may involve modification
of header fields required or forbidden by the versions involved. of header fields required or forbidden by the versions involved.
3.2. Uniform Resource Identifiers 3.2. Date/Time Formats
Uniform Resource Identifiers (URIs) [RFC3986] are used in HTTP to
indicate the target of a request and to identify additional resources
related to that resource, the request, or the response. Each
protocol element in HTTP that allows a URI reference will indicate in
its ABNF whether the element allows only a URI in absolute form, any
relative reference, or some limited subset of the URI-reference
grammar. Unless otherwise indicated, relative URI references are to
be parsed relative to the URI corresponding to the request target
(the base URI).
This specification adopts the definitions of "URI-reference",
"absolute-URI", "fragment", "port", "host", "path-abempty", "path-
absolute", "query", and "authority" from [RFC3986]:
absolute-URI = <absolute-URI, defined in [RFC3986], Section 4.3>
authority = <authority, defined in [RFC3986], Section 3.2>
fragment = <fragment, defined in [RFC3986], Section 3.5>
path-abempty = <path-abempty, defined in [RFC3986], Section 3.3>
path-absolute = <path-absolute, defined in [RFC3986], Section 3.3>
port = <port, defined in [RFC3986], Section 3.2.3>
query = <query, defined in [RFC3986], Section 3.4>
uri-host = <host, defined in [RFC3986], Section 3.2.2>
relative-part = <relative-part, defined in [RFC3986], Section 4.2>
relativeURI = relative-part [ "?" query ]
HTTP does not place an a priori limit on the length of a URI.
Servers MUST be able to handle the URI of any resource they serve,
and SHOULD be able to handle URIs of unbounded length if they provide
GET-based forms that could generate such URIs. A server SHOULD
return 414 (Request-URI Too Long) status if a URI is longer than the
server can handle (see Section 9.4.15 of [Part2]).
Note: Servers ought to be cautious about depending on URI lengths
above 255 bytes, because some older client or proxy
implementations might not properly support these lengths.
3.2.1. http URI scheme
The "http" scheme is used to locate network resources via the HTTP
protocol. This section defines the syntax and semantics for
identifiers using the http or https URI schemes.
http-URI = "http:" "//" authority path-abempty [ "?" query ]
If the port is empty or not given, port 80 is assumed. The semantics
are that the identified resource is located at the server listening
for TCP connections on that port of that host, and the Request-URI
for the resource is path-absolute (Section 5.1.2). The use of IP
addresses in URLs SHOULD be avoided whenever possible (see
[RFC1900]). If the path-absolute is not present in the URL, it MUST
be given as "/" when used as a Request-URI for a resource
(Section 5.1.2). If a proxy receives a host name which is not a
fully qualified domain name, it MAY add its domain to the host name
it received. If a proxy receives a fully qualified domain name, the
proxy MUST NOT change the host name.
Note: the "https" scheme is defined in [RFC2818].
3.2.2. URI Comparison
When comparing two URIs to decide if they match or not, a client
SHOULD use a case-sensitive octet-by-octet comparison of the entire
URIs, with these exceptions:
o A port that is empty or not given is equivalent to the default
port for that URI-reference;
o Comparisons of host names MUST be case-insensitive;
o Comparisons of scheme names MUST be case-insensitive;
o An empty path-absolute is equivalent to an path-absolute of "/".
Characters other than those in the "reserved" set (see [RFC3986],
Section 2.2) are equivalent to their ""%" HEXDIG HEXDIG" encoding.
For example, the following three URIs are equivalent:
http://example.com:80/~smith/home.html
http://EXAMPLE.com/%7Esmith/home.html
http://EXAMPLE.com:/%7esmith/home.html
3.3. Date/Time Formats
3.3.1. Full Date 3.2.1. Full Date
HTTP applications have historically allowed three different formats HTTP applications have historically allowed three different formats
for the representation of date/time stamps: for the representation of date/time stamps:
Sun, 06 Nov 1994 08:49:37 GMT ; RFC 822, updated by RFC 1123 Sun, 06 Nov 1994 08:49:37 GMT ; RFC 1123
Sunday, 06-Nov-94 08:49:37 GMT ; obsolete RFC 850 format Sunday, 06-Nov-94 08:49:37 GMT ; obsolete RFC 850 format
Sun Nov 6 08:49:37 1994 ; ANSI C's asctime() format Sun Nov 6 08:49:37 1994 ; ANSI C's asctime() format
The first format is preferred as an Internet standard and represents The first format is preferred as an Internet standard and represents
a fixed-length subset of that defined by [RFC1123] (an update to a fixed-length subset of that defined by [RFC1123]. The other
[RFC822]). The other formats are described here only for formats are described here only for compatibility with obsolete
compatibility with obsolete implementations. HTTP/1.1 clients and implementations. HTTP/1.1 clients and servers that parse the date
servers that parse the date value MUST accept all three formats (for value MUST accept all three formats (for compatibility with
compatibility with HTTP/1.0), though they MUST only generate the RFC HTTP/1.0), though they MUST only generate the RFC 1123 format for
1123 format for representing HTTP-date values in header fields. See representing HTTP-date values in header fields. See Appendix A for
Appendix A for further information. further information.
Note: Recipients of date values are encouraged to be robust in Note: Recipients of date values are encouraged to be robust in
accepting date values that may have been sent by non-HTTP accepting date values that may have been sent by non-HTTP
applications, as is sometimes the case when retrieving or posting applications, as is sometimes the case when retrieving or posting
messages via proxies/gateways to SMTP or NNTP. messages via proxies/gateways to SMTP or NNTP.
All HTTP date/time stamps MUST be represented in Greenwich Mean Time All HTTP date/time stamps MUST be represented in Greenwich Mean Time
(GMT), without exception. For the purposes of HTTP, GMT is exactly (GMT), without exception. For the purposes of HTTP, GMT is exactly
equal to UTC (Coordinated Universal Time). This is indicated in the equal to UTC (Coordinated Universal Time). This is indicated in the
first two formats by the inclusion of "GMT" as the three-letter first two formats by the inclusion of "GMT" as the three-letter
abbreviation for time zone, and MUST be assumed when reading the abbreviation for time zone, and MUST be assumed when reading the
asctime format. HTTP-date is case sensitive and MUST NOT include asctime format. HTTP-date is case sensitive and MUST NOT include
additional LWS beyond that specifically included as SP in the additional whitespace beyond that specifically included as SP in the
grammar. grammar.
HTTP-date = rfc1123-date / obsolete-date HTTP-date = rfc1123-date / obsolete-date
obsolete-date = rfc850-date / asctime-date obsolete-date = rfc850-date / asctime-date
rfc1123-date = wkday "," SP date1 SP time SP GMT rfc1123-date = wkday "," SP date1 SP time SP GMT
rfc850-date = weekday "," SP date2 SP time SP GMT rfc850-date = weekday "," SP date2 SP time SP GMT
asctime-date = wkday SP date3 SP time SP 4DIGIT asctime-date = wkday SP date3 SP time SP 4DIGIT
date1 = 2DIGIT SP month SP 4DIGIT date1 = 2DIGIT SP month SP 4DIGIT
; day month year (e.g., 02 Jun 1982) ; day month year (e.g., 02 Jun 1982)
date2 = 2DIGIT "-" month "-" 2DIGIT date2 = 2DIGIT "-" month "-" 2DIGIT
skipping to change at page 16, line 5 skipping to change at page 17, line 36
s-Sep = %x53.65.70 ; "Sep", case-sensitive s-Sep = %x53.65.70 ; "Sep", case-sensitive
s-Oct = %x4F.63.74 ; "Oct", case-sensitive s-Oct = %x4F.63.74 ; "Oct", case-sensitive
s-Nov = %x4E.6F.76 ; "Nov", case-sensitive s-Nov = %x4E.6F.76 ; "Nov", case-sensitive
s-Dec = %x44.65.63 ; "Dec", case-sensitive s-Dec = %x44.65.63 ; "Dec", case-sensitive
Note: HTTP requirements for the date/time stamp format apply only to Note: HTTP requirements for the date/time stamp format apply only to
their usage within the protocol stream. Clients and servers are not their usage within the protocol stream. Clients and servers are not
required to use these formats for user presentation, request logging, required to use these formats for user presentation, request logging,
etc. etc.
3.4. Transfer Codings 3.3. Transfer Codings
Transfer-coding values are used to indicate an encoding Transfer-coding values are used to indicate an encoding
transformation that has been, can be, or may need to be applied to an transformation that has been, can be, or may need to be applied to an
entity-body in order to ensure "safe transport" through the network. entity-body in order to ensure "safe transport" through the network.
This differs from a content coding in that the transfer-coding is a This differs from a content coding in that the transfer-coding is a
property of the message, not of the original entity. property of the message, not of the original entity.
transfer-coding = "chunked" / transfer-extension transfer-coding = "chunked" / transfer-extension
transfer-extension = token *( OWS ";" OWS parameter ) transfer-extension = token *( OWS ";" OWS parameter )
skipping to change at page 16, line 45 skipping to change at page 18, line 27
Transfer-codings are analogous to the Content-Transfer-Encoding Transfer-codings are analogous to the Content-Transfer-Encoding
values of MIME [RFC2045], which were designed to enable safe values of MIME [RFC2045], which were designed to enable safe
transport of binary data over a 7-bit transport service. However, transport of binary data over a 7-bit transport service. However,
safe transport has a different focus for an 8bit-clean transfer safe transport has a different focus for an 8bit-clean transfer
protocol. In HTTP, the only unsafe characteristic of message-bodies protocol. In HTTP, the only unsafe characteristic of message-bodies
is the difficulty in determining the exact body length (Section 4.4), is the difficulty in determining the exact body length (Section 4.4),
or the desire to encrypt data over a shared transport. or the desire to encrypt data over a shared transport.
The Internet Assigned Numbers Authority (IANA) acts as a registry for The Internet Assigned Numbers Authority (IANA) acts as a registry for
transfer-coding value tokens. Initially, the registry contains the transfer-coding value tokens. Initially, the registry contains the
following tokens: "chunked" (Section 3.4.1), "gzip", "compress", and following tokens: "chunked" (Section 3.3.1), "gzip", "compress", and
"deflate" (Section 3.2 of [Part3]). "deflate" (Section 2.2 of [Part3]).
New transfer-coding value tokens SHOULD be registered in the same way New transfer-coding value tokens SHOULD be registered in the same way
as new content-coding value tokens (Section 3.2 of [Part3]). as new content-coding value tokens (Section 2.2 of [Part3]).
A server which receives an entity-body with a transfer-coding it does A server which receives an entity-body with a transfer-coding it does
not understand SHOULD return 501 (Not Implemented), and close the not understand SHOULD return 501 (Not Implemented), and close the
connection. A server MUST NOT send transfer-codings to an HTTP/1.0 connection. A server MUST NOT send transfer-codings to an HTTP/1.0
client. client.
3.4.1. Chunked Transfer Coding 3.3.1. Chunked Transfer Coding
The chunked encoding modifies the body of a message in order to The chunked encoding modifies the body of a message in order to
transfer it as a series of chunks, each with its own size indicator, transfer it as a series of chunks, each with its own size indicator,
followed by an OPTIONAL trailer containing entity-header fields. followed by an OPTIONAL trailer containing entity-header fields.
This allows dynamically produced content to be transferred along with This allows dynamically produced content to be transferred along with
the information necessary for the recipient to verify that it has the information necessary for the recipient to verify that it has
received the full message. received the full message.
Chunked-Body = *chunk Chunked-Body = *chunk
last-chunk last-chunk
skipping to change at page 18, line 41 skipping to change at page 20, line 28
append entity-header to existing header fields append entity-header to existing header fields
read entity-header read entity-header
} }
Content-Length := length Content-Length := length
Remove "chunked" from Transfer-Encoding Remove "chunked" from Transfer-Encoding
All HTTP/1.1 applications MUST be able to receive and decode the All HTTP/1.1 applications MUST be able to receive and decode the
"chunked" transfer-coding, and MUST ignore chunk-ext extensions they "chunked" transfer-coding, and MUST ignore chunk-ext extensions they
do not understand. do not understand.
3.5. Product Tokens 3.4. Product Tokens
Product tokens are used to allow communicating applications to Product tokens are used to allow communicating applications to
identify themselves by software name and version. Most fields using identify themselves by software name and version. Most fields using
product tokens also allow sub-products which form a significant part product tokens also allow sub-products which form a significant part
of the application to be listed, separated by white space. By of the application to be listed, separated by white space. By
convention, the products are listed in order of their significance convention, the products are listed in order of their significance
for identifying the application. for identifying the application.
product = token ["/" product-version] product = token ["/" product-version]
product-version = token product-version = token
skipping to change at page 19, line 16 skipping to change at page 21, line 5
User-Agent: CERN-LineMode/2.15 libwww/2.17b3 User-Agent: CERN-LineMode/2.15 libwww/2.17b3
Server: Apache/0.8.4 Server: Apache/0.8.4
Product tokens SHOULD be short and to the point. They MUST NOT be Product tokens SHOULD be short and to the point. They MUST NOT be
used for advertising or other non-essential information. Although used for advertising or other non-essential information. Although
any token character MAY appear in a product-version, this token any token character MAY appear in a product-version, this token
SHOULD only be used for a version identifier (i.e., successive SHOULD only be used for a version identifier (i.e., successive
versions of the same product SHOULD only differ in the product- versions of the same product SHOULD only differ in the product-
version portion of the product value). version portion of the product value).
3.5. Quality Values
Both transfer codings (TE request header, Section 8.5) and content
negotiation (Section 4 of [Part3]) use short "floating point" numbers
to indicate the relative importance ("weight") of various negotiable
parameters. A weight is normalized to a real number in the range 0
through 1, where 0 is the minimum and 1 the maximum value. If a
parameter has a quality value of 0, then content with this parameter
is `not acceptable' for the client. HTTP/1.1 applications MUST NOT
generate more than three digits after the decimal point. User
configuration of these values SHOULD also be limited in this fashion.
qvalue = ( "0" [ "." 0*3DIGIT ] )
/ ( "1" [ "." 0*3("0") ] )
Note: "Quality values" is a misnomer, since these values merely
represent relative degradation in desired quality.
4. HTTP Message 4. HTTP Message
4.1. Message Types 4.1. Message Types
HTTP messages consist of requests from client to server and responses HTTP messages consist of requests from client to server and responses
from server to client. from server to client.
HTTP-message = Request / Response ; HTTP/1.1 messages HTTP-message = Request / Response ; HTTP/1.1 messages
Request (Section 5) and Response (Section 6) messages use the generic Request (Section 5) and Response (Section 6) messages use the generic
skipping to change at page 20, line 5 skipping to change at page 22, line 7
In the interest of robustness, servers SHOULD ignore any empty In the interest of robustness, servers SHOULD ignore any empty
line(s) received where a Request-Line is expected. In other words, line(s) received where a Request-Line is expected. In other words,
if the server is reading the protocol stream at the beginning of a if the server is reading the protocol stream at the beginning of a
message and receives a CRLF first, it should ignore the CRLF. message and receives a CRLF first, it should ignore the CRLF.
Certain buggy HTTP/1.0 client implementations generate extra CRLF's Certain buggy HTTP/1.0 client implementations generate extra CRLF's
after a POST request. To restate what is explicitly forbidden by the after a POST request. To restate what is explicitly forbidden by the
BNF, an HTTP/1.1 client MUST NOT preface or follow a request with an BNF, an HTTP/1.1 client MUST NOT preface or follow a request with an
extra CRLF. extra CRLF.
Whitespace (WSP) MUST NOT be sent between the start-line and the
first header field. The presence of whitespace might be an attempt
to trick a noncompliant implementation of HTTP into ignoring that
field or processing the next line as a new request, either of which
may result in security issues when implementations within the request
chain interpret the same message differently. HTTP/1.1 servers MUST
reject such a message with a 400 (Bad Request) response.
4.2. Message Headers 4.2. Message Headers
HTTP header fields, which include general-header (Section 4.5), HTTP header fields follow the same general format as Internet
request-header (Section 4 of [Part2]), response-header (Section 6 of messages in Section 2.1 of [RFC5322]. Each header field consists of
[Part2]), and entity-header (Section 4.1 of [Part3]) fields, follow a name followed by a colon (":"), optional whitespace, and the field
the same generic format as that given in Section 2.1 of [RFC5322]. value. Field names are case-insensitive.
Each header field consists of a name followed by a colon (":") and
the field value. Field names are case-insensitive. The field value
MAY be preceded by any amount of LWS, though a single SP is
preferred. Header fields can be extended over multiple lines by
preceding each extra line with at least one SP or HTAB. Applications
ought to follow "common form", where one is known or indicated, when
generating HTTP constructs, since there might exist some
implementations that fail to accept anything beyond the common forms.
message-header = field-name ":" [ field-value ] message-header = field-name ":" OWS [ field-value ] OWS
field-name = token field-name = token
field-value = *( field-content / OWS ) field-value = *( field-content / OWS )
field-content = <field content> field-content = *( WSP / VCHAR / obs-text )
[[anchor1: whitespace between field-name and colon is an error and Historically, HTTP has allowed field-content with text in the ISO-
MUST NOT be accepted]] 8859-1 [ISO-8859-1] character encoding (allowing other character sets
through use of [RFC2047] encoding). In practice, most HTTP header
field-values use only a subset of the US-ASCII charset [USASCII].
Newly defined header fields SHOULD constrain their field-values to
US-ASCII characters. Recipients SHOULD treat other (obs-text) octets
in field-content as opaque data.
The field-content does not include any leading or trailing LWS: No whitespace is allowed between the header field-name and colon.
linear white space occurring before the first non-whitespace For security reasons, any request message received containing such
whitespace MUST be rejected with a response code of 400 (Bad Request)
and any such whitespace in a response message MUST be removed.
The field value MAY be preceded by optional whitespace; a single SP
is preferred. The field-value does not include any leading or
trailing white space: OWS occurring before the first non-whitespace
character of the field-value or after the last non-whitespace character of the field-value or after the last non-whitespace
character of the field-value. Such leading or trailing LWS MAY be character of the field-value is ignored and MAY be removed without
removed without changing the semantics of the field value. Any LWS changing the meaning of the header field.
that occurs between field-content MAY be replaced with a single SP
before interpreting the field value or forwarding the message Historically, HTTP header field values could be extended over
downstream. multiple lines by preceding each extra line with at least one space
or horizontal tab character (line folding). This specification
deprecates such line folding except within the message/http media
type (Section 9.3.1). HTTP/1.1 senders MUST NOT produce messages
that include line folding (i.e., that contain any field-content that
matches the obs-fold rule) unless the message is intended for
packaging within the message/http media type. HTTP/1.1 recipients
SHOULD accept line folding and replace any embedded obs-fold
whitespace with a single SP prior to interpreting the field value or
forwarding the message downstream.
Comments can be included in some HTTP header fields by surrounding
the comment text with parentheses. Comments are only allowed in
fields containing "comment" as part of their field value definition.
In all other fields, parentheses are considered part of the field
value.
comment = "(" *( ctext / quoted-pair / comment ) ")"
ctext = *( OWS / %x21-27 / %x2A-7E / obs-text )
The order in which header fields with differing field names are The order in which header fields with differing field names are
received is not significant. However, it is "good practice" to send received is not significant. However, it is "good practice" to send
general-header fields first, followed by request-header or response- general-header fields first, followed by request-header or response-
header fields, and ending with the entity-header fields. header fields, and ending with the entity-header fields.
Multiple message-header fields with the same field-name MAY be Multiple message-header fields with the same field-name MAY be
present in a message if and only if the entire field-value for that present in a message if and only if the entire field-value for that
header field is defined as a comma-separated list [i.e., #(values)]. header field is defined as a comma-separated list [i.e., #(values)].
It MUST be possible to combine the multiple header fields into one It MUST be possible to combine the multiple header fields into one
skipping to change at page 21, line 27 skipping to change at page 24, line 10
been applied, as indicated by the Transfer-Encoding header field been applied, as indicated by the Transfer-Encoding header field
(Section 8.7). (Section 8.7).
message-body = entity-body message-body = entity-body
/ <entity-body encoded as per Transfer-Encoding> / <entity-body encoded as per Transfer-Encoding>
Transfer-Encoding MUST be used to indicate any transfer-codings Transfer-Encoding MUST be used to indicate any transfer-codings
applied by an application to ensure safe and proper transfer of the applied by an application to ensure safe and proper transfer of the
message. Transfer-Encoding is a property of the message, not of the message. Transfer-Encoding is a property of the message, not of the
entity, and thus MAY be added or removed by any application along the entity, and thus MAY be added or removed by any application along the
request/response chain. (However, Section 3.4 places restrictions on request/response chain. (However, Section 3.3 places restrictions on
when certain transfer-codings may be used.) when certain transfer-codings may be used.)
The rules for when a message-body is allowed in a message differ for The rules for when a message-body is allowed in a message differ for
requests and responses. requests and responses.
The presence of a message-body in a request is signaled by the The presence of a message-body in a request is signaled by the
inclusion of a Content-Length or Transfer-Encoding header field in inclusion of a Content-Length or Transfer-Encoding header field in
the request's message-headers. A message-body MUST NOT be included the request's message-headers. A message-body MUST NOT be included
in a request if the specification of the request method (Section 3 of in a request if the specification of the request method (Section 2 of
[Part2]) explicitly disallows an entity-body in requests. When a [Part2]) explicitly disallows an entity-body in requests. When a
request message contains both a message-body of non-zero length and a request message contains both a message-body of non-zero length and a
method that does not define any semantics for that request message- method that does not define any semantics for that request message-
body, then an origin server SHOULD either ignore the message-body or body, then an origin server SHOULD either ignore the message-body or
respond with an appropriate error message (e.g., 413). A proxy or respond with an appropriate error message (e.g., 413). A proxy or
gateway, when presented the same request, SHOULD either forward the gateway, when presented the same request, SHOULD either forward the
request inbound with the message-body or ignore the message-body when request inbound with the message-body or ignore the message-body when
determining a response. determining a response.
For response messages, whether or not a message-body is included with For response messages, whether or not a message-body is included with
skipping to change at page 22, line 21 skipping to change at page 25, line 6
transfer-length of that body is determined by one of the following transfer-length of that body is determined by one of the following
(in order of precedence): (in order of precedence):
1. Any response message which "MUST NOT" include a message-body 1. Any response message which "MUST NOT" include a message-body
(such as the 1xx, 204, and 304 responses and any response to a (such as the 1xx, 204, and 304 responses and any response to a
HEAD request) is always terminated by the first empty line after HEAD request) is always terminated by the first empty line after
the header fields, regardless of the entity-header fields present the header fields, regardless of the entity-header fields present
in the message. in the message.
2. If a Transfer-Encoding header field (Section 8.7) is present and 2. If a Transfer-Encoding header field (Section 8.7) is present and
the "chunked" transfer-coding (Section 3.4) is used, the the "chunked" transfer-coding (Section 3.3) is used, the
transfer-length is defined by the use of this transfer-coding. transfer-length is defined by the use of this transfer-coding.
If a Transfer-Encoding header field is present and the "chunked" If a Transfer-Encoding header field is present and the "chunked"
transfer-coding is not present, the transfer-length is defined by transfer-coding is not present, the transfer-length is defined by
the sender closing the connection. the sender closing the connection.
3. If a Content-Length header field (Section 8.2) is present, its 3. If a Content-Length header field (Section 8.2) is present, its
decimal value in OCTETs represents both the entity-length and the decimal value in OCTETs represents both the entity-length and the
transfer-length. The Content-Length header field MUST NOT be transfer-length. The Content-Length header field MUST NOT be
sent if these two lengths are different (i.e., if a Transfer- sent if these two lengths are different (i.e., if a Transfer-
Encoding header field is present). If a message is received with Encoding header field is present). If a message is received with
skipping to change at page 23, line 4 skipping to change at page 25, line 37
A range header might be forwarded by a 1.0 proxy that does not A range header might be forwarded by a 1.0 proxy that does not
understand multipart/byteranges; in this case the server MUST understand multipart/byteranges; in this case the server MUST
delimit the message using methods defined in items 1, 3 or 5 delimit the message using methods defined in items 1, 3 or 5
of this section. of this section.
5. By the server closing the connection. (Closing the connection 5. By the server closing the connection. (Closing the connection
cannot be used to indicate the end of a request body, since that cannot be used to indicate the end of a request body, since that
would leave no possibility for the server to send back a would leave no possibility for the server to send back a
response.) response.)
For compatibility with HTTP/1.0 applications, HTTP/1.1 requests For compatibility with HTTP/1.0 applications, HTTP/1.1 requests
containing a message-body MUST include a valid Content-Length header containing a message-body MUST include a valid Content-Length header
field unless the server is known to be HTTP/1.1 compliant. If a field unless the server is known to be HTTP/1.1 compliant. If a
request contains a message-body and a Content-Length is not given, request contains a message-body and a Content-Length is not given,
the server SHOULD respond with 400 (Bad Request) if it cannot the server SHOULD respond with 400 (Bad Request) if it cannot
determine the length of the message, or with 411 (Length Required) if determine the length of the message, or with 411 (Length Required) if
it wishes to insist on receiving a valid Content-Length. it wishes to insist on receiving a valid Content-Length.
All HTTP/1.1 applications that receive entities MUST accept the All HTTP/1.1 applications that receive entities MUST accept the
"chunked" transfer-coding (Section 3.4), thus allowing this mechanism "chunked" transfer-coding (Section 3.3), thus allowing this mechanism
to be used for messages when the message length cannot be determined to be used for messages when the message length cannot be determined
in advance. in advance.
Messages MUST NOT include both a Content-Length header field and a Messages MUST NOT include both a Content-Length header field and a
transfer-coding. If the message does include a transfer-coding, the transfer-coding. If the message does include a transfer-coding, the
Content-Length MUST be ignored. Content-Length MUST be ignored.
When a Content-Length is given in a message where a message-body is When a Content-Length is given in a message where a message-body is
allowed, its field value MUST exactly match the number of OCTETs in allowed, its field value MUST exactly match the number of OCTETs in
the message-body. HTTP/1.1 user agents MUST notify the user when an the message-body. HTTP/1.1 user agents MUST notify the user when an
invalid length is received and detected. invalid length is received and detected.
4.5. General Header Fields 4.5. General Header Fields
There are a few header fields which have general applicability for There are a few header fields which have general applicability for
both request and response messages, but which do not apply to the both request and response messages, but which do not apply to the
entity being transferred. These header fields apply only to the entity being transferred. These header fields apply only to the
message being transmitted. message being transmitted.
general-header = Cache-Control ; [Part6], Section 16.2 general-header = Cache-Control ; [Part6], Section 3.2
/ Connection ; Section 8.1 / Connection ; Section 8.1
/ Date ; Section 8.3 / Date ; Section 8.3
/ Pragma ; [Part6], Section 16.4 / Pragma ; [Part6], Section 3.4
/ Trailer ; Section 8.6 / Trailer ; Section 8.6
/ Transfer-Encoding ; Section 8.7 / Transfer-Encoding ; Section 8.7
/ Upgrade ; Section 8.8 / Upgrade ; Section 8.8
/ Via ; Section 8.9 / Via ; Section 8.9
/ Warning ; [Part6], Section 16.6 / Warning ; [Part6], Section 3.6
General-header field names can be extended reliably only in General-header field names can be extended reliably only in
combination with a change in the protocol version. However, new or combination with a change in the protocol version. However, new or
experimental header fields may be given the semantics of general experimental header fields may be given the semantics of general
header fields if all parties in the communication recognize them to header fields if all parties in the communication recognize them to
be general-header fields. Unrecognized header fields are treated as be general-header fields. Unrecognized header fields are treated as
entity-header fields. entity-header fields.
5. Request 5. Request
A request message from a client to a server includes, within the A request message from a client to a server includes, within the
first line of that message, the method to be applied to the resource, first line of that message, the method to be applied to the resource,
the identifier of the resource, and the protocol version in use. the identifier of the resource, and the protocol version in use.
Request = Request-Line ; Section 5.1 Request = Request-Line ; Section 5.1
*(( general-header ; Section 4.5 *(( general-header ; Section 4.5
/ request-header ; [Part2], Section 4 / request-header ; [Part2], Section 3
/ entity-header ) CRLF) ; [Part3], Section 4.1 / entity-header ) CRLF ) ; [Part3], Section 3.1
CRLF CRLF
[ message-body ] ; Section 4.3 [ message-body ] ; Section 4.3
5.1. Request-Line 5.1. Request-Line
The Request-Line begins with a method token, followed by the Request- The Request-Line begins with a method token, followed by the request-
URI and the protocol version, and ending with CRLF. The elements are target and the protocol version, and ending with CRLF. The elements
separated by SP characters. No CR or LF is allowed except in the are separated by SP characters. No CR or LF is allowed except in the
final CRLF sequence. final CRLF sequence.
Request-Line = Method SP Request-URI SP HTTP-Version CRLF Request-Line = Method SP request-target SP HTTP-Version CRLF
5.1.1. Method 5.1.1. Method
The Method token indicates the method to be performed on the resource The Method token indicates the method to be performed on the resource
identified by the Request-URI. The method is case-sensitive. identified by the request-target. The method is case-sensitive.
Method = token Method = token
5.1.2. Request-URI 5.1.2. request-target
The Request-URI is a Uniform Resource Identifier (Section 3.2) and The request-target identifies the resource upon which to apply the
identifies the resource upon which to apply the request. request.
Request-URI = "*" request-target = "*"
/ absolute-URI / absolute-URI
/ ( path-absolute [ "?" query ] ) / ( path-absolute [ "?" query ] )
/ authority / authority
The four options for Request-URI are dependent on the nature of the The four options for request-target are dependent on the nature of
request. The asterisk "*" means that the request does not apply to a the request. The asterisk "*" means that the request does not apply
particular resource, but to the server itself, and is only allowed to a particular resource, but to the server itself, and is only
when the method used does not necessarily apply to a resource. One allowed when the method used does not necessarily apply to a
example would be resource. One example would be
OPTIONS * HTTP/1.1 OPTIONS * HTTP/1.1
The absolute-URI form is REQUIRED when the request is being made to a The absolute-URI form is REQUIRED when the request is being made to a
proxy. The proxy is requested to forward the request or service it proxy. The proxy is requested to forward the request or service it
from a valid cache, and return the response. Note that the proxy MAY from a valid cache, and return the response. Note that the proxy MAY
forward the request on to another proxy or directly to the server forward the request on to another proxy or directly to the server
specified by the absolute-URI. In order to avoid request loops, a specified by the absolute-URI. In order to avoid request loops, a
proxy MUST be able to recognize all of its server names, including proxy MUST be able to recognize all of its server names, including
any aliases, local variations, and the numeric IP address. An any aliases, local variations, and the numeric IP address. An
example Request-Line would be: example Request-Line would be:
GET http://www.example.org/pub/WWW/TheProject.html HTTP/1.1 GET http://www.example.org/pub/WWW/TheProject.html HTTP/1.1
To allow for transition to absolute-URIs in all requests in future To allow for transition to absolute-URIs in all requests in future
versions of HTTP, all HTTP/1.1 servers MUST accept the absolute-URI versions of HTTP, all HTTP/1.1 servers MUST accept the absolute-URI
form in requests, even though HTTP/1.1 clients will only generate form in requests, even though HTTP/1.1 clients will only generate
them in requests to proxies. them in requests to proxies.
The authority form is only used by the CONNECT method (Section 8.9 of The authority form is only used by the CONNECT method (Section 7.9 of
[Part2]). [Part2]).
The most common form of Request-URI is that used to identify a The most common form of request-target is that used to identify a
resource on an origin server or gateway. In this case the absolute resource on an origin server or gateway. In this case the absolute
path of the URI MUST be transmitted (see Section 3.2.1, path- path of the URI MUST be transmitted (see Section 2.1.1, path-
absolute) as the Request-URI, and the network location of the URI absolute) as the request-target, and the network location of the URI
(authority) MUST be transmitted in a Host header field. For example, (authority) MUST be transmitted in a Host header field. For example,
a client wishing to retrieve the resource above directly from the a client wishing to retrieve the resource above directly from the
origin server would create a TCP connection to port 80 of the host origin server would create a TCP connection to port 80 of the host
"www.example.org" and send the lines: "www.example.org" and send the lines:
GET /pub/WWW/TheProject.html HTTP/1.1 GET /pub/WWW/TheProject.html HTTP/1.1
Host: www.example.org Host: www.example.org
followed by the remainder of the Request. Note that the absolute followed by the remainder of the Request. Note that the absolute
path cannot be empty; if none is present in the original URI, it MUST path cannot be empty; if none is present in the original URI, it MUST
be given as "/" (the server root). be given as "/" (the server root).
The Request-URI is transmitted in the format specified in If a proxy receives a request without any path in the request-target
Section 3.2.1. If the Request-URI is encoded using the "% HEXDIG and the method specified is capable of supporting the asterisk form
HEXDIG" encoding ([RFC3986], Section 2.4), the origin server MUST of request-target, then the last proxy on the request chain MUST
decode the Request-URI in order to properly interpret the request. forward the request with "*" as the final request-target.
Servers SHOULD respond to invalid Request-URIs with an appropriate
status code. For example, the request
OPTIONS http://www.example.org:8001 HTTP/1.1
would be forwarded by the proxy as
OPTIONS * HTTP/1.1
Host: www.example.org:8001
after connecting to port 8001 of host "www.example.org".
The request-target is transmitted in the format specified in
Section 2.1.1. If the request-target is percent-encoded ([RFC3986],
Section 2.1), the origin server MUST decode the request-target in
order to properly interpret the request. Servers SHOULD respond to
invalid request-targets with an appropriate status code.
A transparent proxy MUST NOT rewrite the "path-absolute" part of the A transparent proxy MUST NOT rewrite the "path-absolute" part of the
received Request-URI when forwarding it to the next inbound server, received request-target when forwarding it to the next inbound
except as noted above to replace a null path-absolute with "/". server, except as noted above to replace a null path-absolute with
"/".
Note: The "no rewrite" rule prevents the proxy from changing the Note: The "no rewrite" rule prevents the proxy from changing the
meaning of the request when the origin server is improperly using meaning of the request when the origin server is improperly using
a non-reserved URI character for a reserved purpose. Implementors a non-reserved URI character for a reserved purpose. Implementors
should be aware that some pre-HTTP/1.1 proxies have been known to should be aware that some pre-HTTP/1.1 proxies have been known to
rewrite the Request-URI. rewrite the request-target.
HTTP does not place a pre-defined limit on the length of a request-
target. A server MUST be prepared to receive URIs of unbounded
length and respond with the 414 (URI Too Long) status if the received
request-target would be longer than the server wishes to handle (see
Section 8.4.15 of [Part2]).
Various ad-hoc limitations on request-target length are found in
practice. It is RECOMMENDED that all HTTP senders and recipients
support request-target lengths of 8000 or more OCTETs.
5.2. The Resource Identified by a Request 5.2. The Resource Identified by a Request
The exact resource identified by an Internet request is determined by The exact resource identified by an Internet request is determined by
examining both the Request-URI and the Host header field. examining both the request-target and the Host header field.
An origin server that does not allow resources to differ by the An origin server that does not allow resources to differ by the
requested host MAY ignore the Host header field value when requested host MAY ignore the Host header field value when
determining the resource identified by an HTTP/1.1 request. (But see determining the resource identified by an HTTP/1.1 request. (But see
Appendix C.1.1 for other requirements on Host support in HTTP/1.1.) Appendix B.1.1 for other requirements on Host support in HTTP/1.1.)
An origin server that does differentiate resources based on the host An origin server that does differentiate resources based on the host
requested (sometimes referred to as virtual hosts or vanity host requested (sometimes referred to as virtual hosts or vanity host
names) MUST use the following rules for determining the requested names) MUST use the following rules for determining the requested
resource on an HTTP/1.1 request: resource on an HTTP/1.1 request:
1. If Request-URI is an absolute-URI, the host is part of the 1. If request-target is an absolute-URI, the host is part of the
Request-URI. Any Host header field value in the request MUST be request-target. Any Host header field value in the request MUST
ignored. be ignored.
2. If the Request-URI is not an absolute-URI, and the request 2. If the request-target is not an absolute-URI, and the request
includes a Host header field, the host is determined by the Host includes a Host header field, the host is determined by the Host
header field value. header field value.
3. If the host as determined by rule 1 or 2 is not a valid host on 3. If the host as determined by rule 1 or 2 is not a valid host on
the server, the response MUST be a 400 (Bad Request) error the server, the response MUST be a 400 (Bad Request) error
message. message.
Recipients of an HTTP/1.0 request that lacks a Host header field MAY Recipients of an HTTP/1.0 request that lacks a Host header field MAY
attempt to use heuristics (e.g., examination of the URI path for attempt to use heuristics (e.g., examination of the URI path for
something unique to a particular host) in order to determine what something unique to a particular host) in order to determine what
exact resource is being requested. exact resource is being requested.
6. Response 6. Response
After receiving and interpreting a request message, a server responds After receiving and interpreting a request message, a server responds
with an HTTP response message. with an HTTP response message.
Response = Status-Line ; Section 6.1 Response = Status-Line ; Section 6.1
*(( general-header ; Section 4.5 *(( general-header ; Section 4.5
/ response-header ; [Part2], Section 6 / response-header ; [Part2], Section 5
/ entity-header ) CRLF) ; [Part3], Section 4.1 / entity-header ) CRLF ) ; [Part3], Section 3.1
CRLF CRLF
[ message-body ] ; Section 4.3 [ message-body ] ; Section 4.3
6.1. Status-Line 6.1. Status-Line
The first line of a Response message is the Status-Line, consisting The first line of a Response message is the Status-Line, consisting
of the protocol version followed by a numeric status code and its of the protocol version followed by a numeric status code and its
associated textual phrase, with each element separated by SP associated textual phrase, with each element separated by SP
characters. No CR or LF is allowed except in the final CRLF characters. No CR or LF is allowed except in the final CRLF
sequence. sequence.
Status-Line = HTTP-Version SP Status-Code SP Reason-Phrase CRLF Status-Line = HTTP-Version SP Status-Code SP Reason-Phrase CRLF
6.1.1. Status Code and Reason Phrase 6.1.1. Status Code and Reason Phrase
The Status-Code element is a 3-digit integer result code of the The Status-Code element is a 3-digit integer result code of the
attempt to understand and satisfy the request. These codes are fully attempt to understand and satisfy the request. These codes are fully
defined in Section 9 of [Part2]. The Reason Phrase exists for the defined in Section 8 of [Part2]. The Reason Phrase exists for the
sole purpose of providing a textual description associated with the sole purpose of providing a textual description associated with the
numeric status code, out of deference to earlier Internet application numeric status code, out of deference to earlier Internet application
protocols that were more frequently used with interactive text protocols that were more frequently used with interactive text
clients. A client SHOULD ignore the content of the Reason Phrase. clients. A client SHOULD ignore the content of the Reason Phrase.
The first digit of the Status-Code defines the class of response. The first digit of the Status-Code defines the class of response.
The last two digits do not have any categorization role. There are 5 The last two digits do not have any categorization role. There are 5
values for the first digit: values for the first digit:
o 1xx: Informational - Request received, continuing process o 1xx: Informational - Request received, continuing process
skipping to change at page 27, line 39 skipping to change at page 31, line 4
o 1xx: Informational - Request received, continuing process o 1xx: Informational - Request received, continuing process
o 2xx: Success - The action was successfully received, understood, o 2xx: Success - The action was successfully received, understood,
and accepted and accepted
o 3xx: Redirection - Further action must be taken in order to o 3xx: Redirection - Further action must be taken in order to
complete the request complete the request
o 4xx: Client Error - The request contains bad syntax or cannot be o 4xx: Client Error - The request contains bad syntax or cannot be
fulfilled fulfilled
o 5xx: Server Error - The server failed to fulfill an apparently o 5xx: Server Error - The server failed to fulfill an apparently
valid request valid request
Status-Code = 3DIGIT Status-Code = 3DIGIT
Reason-Phrase = *<TEXT, excluding CR, LF> Reason-Phrase = *( WSP / VCHAR / obs-text )
7. Connections 7. Connections
7.1. Persistent Connections 7.1. Persistent Connections
7.1.1. Purpose 7.1.1. Purpose
Prior to persistent connections, a separate TCP connection was Prior to persistent connections, a separate TCP connection was
established to fetch each URL, increasing the load on HTTP servers established to fetch each URL, increasing the load on HTTP servers
and causing congestion on the Internet. The use of inline images and and causing congestion on the Internet. The use of inline images and
skipping to change at page 29, line 34 skipping to change at page 32, line 44
case the client does not want to maintain a connection for more than case the client does not want to maintain a connection for more than
that request, it SHOULD send a Connection header including the that request, it SHOULD send a Connection header including the
connection-token close. connection-token close.
If either the client or the server sends the close token in the If either the client or the server sends the close token in the
Connection header, that request becomes the last one for the Connection header, that request becomes the last one for the
connection. connection.
Clients and servers SHOULD NOT assume that a persistent connection is Clients and servers SHOULD NOT assume that a persistent connection is
maintained for HTTP versions less than 1.1 unless it is explicitly maintained for HTTP versions less than 1.1 unless it is explicitly
signaled. See Appendix C.2 for more information on backward signaled. See Appendix B.2 for more information on backward
compatibility with HTTP/1.0 clients. compatibility with HTTP/1.0 clients.
In order to remain persistent, all messages on the connection MUST In order to remain persistent, all messages on the connection MUST
have a self-defined message length (i.e., one not defined by closure have a self-defined message length (i.e., one not defined by closure
of the connection), as described in Section 4.4. of the connection), as described in Section 4.4.
7.1.2.2. Pipelining 7.1.2.2. Pipelining
A client that supports persistent connections MAY "pipeline" its A client that supports persistent connections MAY "pipeline" its
requests (i.e., send multiple requests without waiting for each requests (i.e., send multiple requests without waiting for each
skipping to change at page 30, line 9 skipping to change at page 33, line 21
Clients which assume persistent connections and pipeline immediately Clients which assume persistent connections and pipeline immediately
after connection establishment SHOULD be prepared to retry their after connection establishment SHOULD be prepared to retry their
connection if the first pipelined attempt fails. If a client does connection if the first pipelined attempt fails. If a client does
such a retry, it MUST NOT pipeline before it knows the connection is such a retry, it MUST NOT pipeline before it knows the connection is
persistent. Clients MUST also be prepared to resend their requests persistent. Clients MUST also be prepared to resend their requests
if the server closes the connection before sending all of the if the server closes the connection before sending all of the
corresponding responses. corresponding responses.
Clients SHOULD NOT pipeline requests using non-idempotent methods or Clients SHOULD NOT pipeline requests using non-idempotent methods or
non-idempotent sequences of methods (see Section 8.1.2 of [Part2]). non-idempotent sequences of methods (see Section 7.1.2 of [Part2]).
Otherwise, a premature termination of the transport connection could Otherwise, a premature termination of the transport connection could
lead to indeterminate results. A client wishing to send a non- lead to indeterminate results. A client wishing to send a non-
idempotent request SHOULD wait to send that request until it has idempotent request SHOULD wait to send that request until it has
received the response status for the previous request. received the response status for the previous request.
7.1.3. Proxy Servers 7.1.3. Proxy Servers
It is especially important that proxies correctly implement the It is especially important that proxies correctly implement the
properties of the Connection header field as specified in properties of the Connection header field as specified in
Section 8.1. Section 8.1.
skipping to change at page 31, line 10 skipping to change at page 34, line 21
time. For example, a client might have started to send a new request time. For example, a client might have started to send a new request
at the same time that the server has decided to close the "idle" at the same time that the server has decided to close the "idle"
connection. From the server's point of view, the connection is being connection. From the server's point of view, the connection is being
closed while it was idle, but from the client's point of view, a closed while it was idle, but from the client's point of view, a
request is in progress. request is in progress.
This means that clients, servers, and proxies MUST be able to recover This means that clients, servers, and proxies MUST be able to recover
from asynchronous close events. Client software SHOULD reopen the from asynchronous close events. Client software SHOULD reopen the
transport connection and retransmit the aborted sequence of requests transport connection and retransmit the aborted sequence of requests
without user interaction so long as the request sequence is without user interaction so long as the request sequence is
idempotent (see Section 8.1.2 of [Part2]). Non-idempotent methods or idempotent (see Section 7.1.2 of [Part2]). Non-idempotent methods or
sequences MUST NOT be automatically retried, although user agents MAY sequences MUST NOT be automatically retried, although user agents MAY
offer a human operator the choice of retrying the request(s). offer a human operator the choice of retrying the request(s).
Confirmation by user-agent software with semantic understanding of Confirmation by user-agent software with semantic understanding of
the application MAY substitute for user confirmation. The automatic the application MAY substitute for user confirmation. The automatic
retry SHOULD NOT be repeated if the second sequence of requests retry SHOULD NOT be repeated if the second sequence of requests
fails. fails.
Servers SHOULD always respond to at least one request per connection, Servers SHOULD always respond to at least one request per connection,
if at all possible. Servers SHOULD NOT close a connection in the if at all possible. Servers SHOULD NOT close a connection in the
middle of transmitting a response, unless a network or client failure middle of transmitting a response, unless a network or client failure
skipping to change at page 31, line 46 skipping to change at page 35, line 11
flow control mechanisms to resolve temporary overloads, rather than flow control mechanisms to resolve temporary overloads, rather than
terminating connections with the expectation that clients will retry. terminating connections with the expectation that clients will retry.
The latter technique can exacerbate network congestion. The latter technique can exacerbate network congestion.
7.2.2. Monitoring Connections for Error Status Messages 7.2.2. Monitoring Connections for Error Status Messages
An HTTP/1.1 (or later) client sending a message-body SHOULD monitor An HTTP/1.1 (or later) client sending a message-body SHOULD monitor
the network connection for an error status while it is transmitting the network connection for an error status while it is transmitting
the request. If the client sees an error status, it SHOULD the request. If the client sees an error status, it SHOULD
immediately cease transmitting the body. If the body is being sent immediately cease transmitting the body. If the body is being sent
using a "chunked" encoding (Section 3.4), a zero length chunk and using a "chunked" encoding (Section 3.3), a zero length chunk and
empty trailer MAY be used to prematurely mark the end of the message. empty trailer MAY be used to prematurely mark the end of the message.
If the body was preceded by a Content-Length header, the client MUST If the body was preceded by a Content-Length header, the client MUST
close the connection. close the connection.
7.2.3. Use of the 100 (Continue) Status 7.2.3. Use of the 100 (Continue) Status
The purpose of the 100 (Continue) status (see Section 9.1.1 of The purpose of the 100 (Continue) status (see Section 8.1.1 of
[Part2]) is to allow a client that is sending a request message with [Part2]) is to allow a client that is sending a request message with
a request body to determine if the origin server is willing to accept a request body to determine if the origin server is willing to accept
the request (based on the request headers) before the client sends the request (based on the request headers) before the client sends
the request body. In some cases, it might either be inappropriate or the request body. In some cases, it might either be inappropriate or
highly inefficient for the client to send the body if the server will highly inefficient for the client to send the body if the server will
reject the message without looking at the body. reject the message without looking at the body.
Requirements for HTTP/1.1 clients: Requirements for HTTP/1.1 clients:
o If a client will wait for a 100 (Continue) response before sending o If a client will wait for a 100 (Continue) response before sending
the request body, it MUST send an Expect request-header field the request body, it MUST send an Expect request-header field
(Section 10.2 of [Part2]) with the "100-continue" expectation. (Section 9.2 of [Part2]) with the "100-continue" expectation.
o A client MUST NOT send an Expect request-header field (Section o A client MUST NOT send an Expect request-header field (Section 9.2
10.2 of [Part2]) with the "100-continue" expectation if it does of [Part2]) with the "100-continue" expectation if it does not
not intend to send a request body. intend to send a request body.
Because of the presence of older implementations, the protocol allows Because of the presence of older implementations, the protocol allows
ambiguous situations in which a client may send "Expect: 100- ambiguous situations in which a client may send "Expect: 100-
continue" without receiving either a 417 (Expectation Failed) status continue" without receiving either a 417 (Expectation Failed) status
or a 100 (Continue) status. Therefore, when a client sends this or a 100 (Continue) status. Therefore, when a client sends this
header field to an origin server (possibly via a proxy) from which it header field to an origin server (possibly via a proxy) from which it
has never seen a 100 (Continue) status, the client SHOULD NOT wait has never seen a 100 (Continue) status, the client SHOULD NOT wait
for an indefinite period before sending the request body. for an indefinite period before sending the request body.
Requirements for HTTP/1.1 origin servers: Requirements for HTTP/1.1 origin servers:
skipping to change at page 33, line 49 skipping to change at page 37, line 12
HTTP/1.0 or lower, it MUST NOT forward the request, and it MUST HTTP/1.0 or lower, it MUST NOT forward the request, and it MUST
respond with a 417 (Expectation Failed) status. respond with a 417 (Expectation Failed) status.
o Proxies SHOULD maintain a cache recording the HTTP version numbers o Proxies SHOULD maintain a cache recording the HTTP version numbers
received from recently-referenced next-hop servers. received from recently-referenced next-hop servers.
o A proxy MUST NOT forward a 100 (Continue) response if the request o A proxy MUST NOT forward a 100 (Continue) response if the request
message was received from an HTTP/1.0 (or earlier) client and did message was received from an HTTP/1.0 (or earlier) client and did
not include an Expect request-header field with the "100-continue" not include an Expect request-header field with the "100-continue"
expectation. This requirement overrides the general rule for expectation. This requirement overrides the general rule for
forwarding of 1xx responses (see Section 9.1 of [Part2]). forwarding of 1xx responses (see Section 8.1 of [Part2]).
7.2.4. Client Behavior if Server Prematurely Closes Connection 7.2.4. Client Behavior if Server Prematurely Closes Connection
If an HTTP/1.1 client sends a request which includes a request body, If an HTTP/1.1 client sends a request which includes a request body,
but which does not include an Expect request-header field with the but which does not include an Expect request-header field with the
"100-continue" expectation, and if the client is not directly "100-continue" expectation, and if the client is not directly
connected to an HTTP/1.1 origin server, and if the client sees the connected to an HTTP/1.1 origin server, and if the client sees the
connection close before receiving any status from the server, the connection close before receiving any status from the server, the
client SHOULD retry the request. If the client does retry this client SHOULD retry the request. If the client does retry this
request, it MAY use the following "binary exponential backoff" request, it MAY use the following "binary exponential backoff"
skipping to change at page 36, line 5 skipping to change at page 39, line 15
An HTTP/1.1 server that does not support persistent connections MUST An HTTP/1.1 server that does not support persistent connections MUST
include the "close" connection option in every response message that include the "close" connection option in every response message that
does not have a 1xx (informational) status code. does not have a 1xx (informational) status code.
A system receiving an HTTP/1.0 (or lower-version) message that A system receiving an HTTP/1.0 (or lower-version) message that
includes a Connection header MUST, for each connection-token in this includes a Connection header MUST, for each connection-token in this
field, remove and ignore any header field(s) from the message with field, remove and ignore any header field(s) from the message with
the same name as the connection-token. This protects against the same name as the connection-token. This protects against
mistaken forwarding of such header fields by pre-HTTP/1.1 proxies. mistaken forwarding of such header fields by pre-HTTP/1.1 proxies.
See Appendix C.2. See Appendix B.2.
8.2. Content-Length 8.2. Content-Length
The entity-header field "Content-Length" indicates the size of the The entity-header field "Content-Length" indicates the size of the
entity-body, in decimal number of OCTETs, sent to the recipient or, entity-body, in decimal number of OCTETs, sent to the recipient or,
in the case of the HEAD method, the size of the entity-body that in the case of the HEAD method, the size of the entity-body that
would have been sent had the request been a GET. would have been sent had the request been a GET.
Content-Length = "Content-Length" ":" OWS 1*Content-Length-v Content-Length = "Content-Length" ":" OWS 1*Content-Length-v
Content-Length-v = 1*DIGIT Content-Length-v = 1*DIGIT
skipping to change at page 36, line 41 skipping to change at page 39, line 51
used within the "message/external-body" content-type. In HTTP, it used within the "message/external-body" content-type. In HTTP, it
SHOULD be sent whenever the message's length can be determined prior SHOULD be sent whenever the message's length can be determined prior
to being transferred, unless this is prohibited by the rules in to being transferred, unless this is prohibited by the rules in
Section 4.4. Section 4.4.
8.3. Date 8.3. Date
The general-header field "Date" represents the date and time at which The general-header field "Date" represents the date and time at which
the message was originated, having the same semantics as orig-date in the message was originated, having the same semantics as orig-date in
Section 3.6.1 of [RFC5322]. The field value is an HTTP-date, as Section 3.6.1 of [RFC5322]. The field value is an HTTP-date, as
described in Section 3.3.1; it MUST be sent in rfc1123-date format. described in Section 3.2.1; it MUST be sent in rfc1123-date format.
Date = "Date" ":" OWS Date-v Date = "Date" ":" OWS Date-v
Date-v = HTTP-date Date-v = HTTP-date
An example is An example is
Date: Tue, 15 Nov 1994 08:12:31 GMT Date: Tue, 15 Nov 1994 08:12:31 GMT
Origin servers MUST include a Date header field in all responses, Origin servers MUST include a Date header field in all responses,
except in these cases: except in these cases:
skipping to change at page 38, line 9 skipping to change at page 41, line 20
with the resource by a system or user with a reliable clock. It MAY with the resource by a system or user with a reliable clock. It MAY
assign an Expires value that is known, at or before server assign an Expires value that is known, at or before server
configuration time, to be in the past (this allows "pre-expiration" configuration time, to be in the past (this allows "pre-expiration"
of responses without storing separate Expires values for each of responses without storing separate Expires values for each
resource). resource).
8.4. Host 8.4. Host
The request-header field "Host" specifies the Internet host and port The request-header field "Host" specifies the Internet host and port
number of the resource being requested, as obtained from the original number of the resource being requested, as obtained from the original
URI given by the user or referring resource (generally an HTTP URL, URI given by the user or referring resource (generally an http URI,
as described in Section 3.2.1). The Host field value MUST represent as described in Section 2.1.1). The Host field value MUST represent
the naming authority of the origin server or gateway given by the the naming authority of the origin server or gateway given by the
original URL. This allows the origin server or gateway to original URL. This allows the origin server or gateway to
differentiate between internally-ambiguous URLs, such as the root "/" differentiate between internally-ambiguous URLs, such as the root "/"
URL of a server for multiple host names on a single IP address. URL of a server for multiple host names on a single IP address.
Host = "Host" ":" OWS Host-v Host = "Host" ":" OWS Host-v
Host-v = uri-host [ ":" port ] ; Section 3.2.1 Host-v = uri-host [ ":" port ] ; Section 2.1.1
A "host" without any trailing port information implies the default A "host" without any trailing port information implies the default
port for the service requested (e.g., "80" for an HTTP URL). For port for the service requested (e.g., "80" for an HTTP URL). For
example, a request on the origin server for example, a request on the origin server for
<http://www.example.org/pub/WWW/> would properly include: <http://www.example.org/pub/WWW/> would properly include:
GET /pub/WWW/ HTTP/1.1 GET /pub/WWW/ HTTP/1.1
Host: www.example.org Host: www.example.org
A client MUST include a Host header field in all HTTP/1.1 request A client MUST include a Host header field in all HTTP/1.1 request
messages. If the requested URI does not include an Internet host messages. If the requested URI does not include an Internet host
name for the service being requested, then the Host header field MUST name for the service being requested, then the Host header field MUST
be given with an empty value. An HTTP/1.1 proxy MUST ensure that any be given with an empty value. An HTTP/1.1 proxy MUST ensure that any
request message it forwards does contain an appropriate Host header request message it forwards does contain an appropriate Host header
field that identifies the service being requested by the proxy. All field that identifies the service being requested by the proxy. All
Internet-based HTTP/1.1 servers MUST respond with a 400 (Bad Request) Internet-based HTTP/1.1 servers MUST respond with a 400 (Bad Request)
status code to any HTTP/1.1 request message which lacks a Host header status code to any HTTP/1.1 request message which lacks a Host header
field. field.
See Sections 5.2 and C.1.1 for other requirements relating to Host. See Sections 5.2 and B.1.1 for other requirements relating to Host.
8.5. TE 8.5. TE
The request-header field "TE" indicates what extension transfer- The request-header field "TE" indicates what extension transfer-
codings it is willing to accept in the response and whether or not it codings it is willing to accept in the response and whether or not it
is willing to accept trailer fields in a chunked transfer-coding. is willing to accept trailer fields in a chunked transfer-coding.
Its value may consist of the keyword "trailers" and/or a comma- Its value may consist of the keyword "trailers" and/or a comma-
separated list of extension transfer-coding names with optional separated list of extension transfer-coding names with optional
accept parameters (as described in Section 3.4). accept parameters (as described in Section 3.3).
TE = "TE" ":" OWS TE-v TE = "TE" ":" OWS TE-v
TE-v = #t-codings TE-v = #t-codings
t-codings = "trailers" / ( transfer-extension [ accept-params ] ) t-codings = "trailers" / ( transfer-extension [ te-params ] )
te-params = OWS ";" OWS "q=" qvalue *( te-ext )
te-ext = OWS ";" OWS token [ "=" ( token / quoted-string ) ]
The presence of the keyword "trailers" indicates that the client is The presence of the keyword "trailers" indicates that the client is
willing to accept trailer fields in a chunked transfer-coding, as willing to accept trailer fields in a chunked transfer-coding, as
defined in Section 3.4.1. This keyword is reserved for use with defined in Section 3.3.1. This keyword is reserved for use with
transfer-coding values even though it does not itself represent a transfer-coding values even though it does not itself represent a
transfer-coding. transfer-coding.
Examples of its use are: Examples of its use are:
TE: deflate TE: deflate
TE: TE:
TE: trailers, deflate;q=0.5 TE: trailers, deflate;q=0.5
The TE header field only applies to the immediate connection. The TE header field only applies to the immediate connection.
skipping to change at page 39, line 37 skipping to change at page 43, line 7
clients are willing to accept trailer fields in the forwarded clients are willing to accept trailer fields in the forwarded
response, or that it will attempt to buffer the response on response, or that it will attempt to buffer the response on
behalf of downstream recipients. behalf of downstream recipients.
Note: HTTP/1.1 does not define any means to limit the size of a Note: HTTP/1.1 does not define any means to limit the size of a
chunked response such that a client can be assured of buffering chunked response such that a client can be assured of buffering
the entire response. the entire response.
2. If the transfer-coding being tested is one of the transfer- 2. If the transfer-coding being tested is one of the transfer-
codings listed in the TE field, then it is acceptable unless it codings listed in the TE field, then it is acceptable unless it
is accompanied by a qvalue of 0. (As defined in Section 3.4 of is accompanied by a qvalue of 0. (As defined in Section 3.5, a
[Part3], a qvalue of 0 means "not acceptable.") qvalue of 0 means "not acceptable.")
3. If multiple transfer-codings are acceptable, then the acceptable 3. If multiple transfer-codings are acceptable, then the acceptable
transfer-coding with the highest non-zero qvalue is preferred. transfer-coding with the highest non-zero qvalue is preferred.
The "chunked" transfer-coding always has a qvalue of 1. The "chunked" transfer-coding always has a qvalue of 1.
If the TE field-value is empty or if no TE field is present, the only If the TE field-value is empty or if no TE field is present, the only
transfer-coding is "chunked". A message with no transfer-coding is transfer-coding is "chunked". A message with no transfer-coding is
always acceptable. always acceptable.
8.6. Trailer 8.6. Trailer
skipping to change at page 40, line 15 skipping to change at page 43, line 33
Trailer = "Trailer" ":" OWS Trailer-v Trailer = "Trailer" ":" OWS Trailer-v
Trailer-v = 1#field-name Trailer-v = 1#field-name
An HTTP/1.1 message SHOULD include a Trailer header field in a An HTTP/1.1 message SHOULD include a Trailer header field in a
message using chunked transfer-coding with a non-empty trailer. message using chunked transfer-coding with a non-empty trailer.
Doing so allows the recipient to know which header fields to expect Doing so allows the recipient to know which header fields to expect
in the trailer. in the trailer.
If no Trailer header field is present, the trailer SHOULD NOT include If no Trailer header field is present, the trailer SHOULD NOT include
any header fields. See Section 3.4.1 for restrictions on the use of any header fields. See Section 3.3.1 for restrictions on the use of
trailer fields in a "chunked" transfer-coding. trailer fields in a "chunked" transfer-coding.
Message header fields listed in the Trailer header field MUST NOT Message header fields listed in the Trailer header field MUST NOT
include the following header fields: include the following header fields:
o Transfer-Encoding o Transfer-Encoding
o Content-Length o Content-Length
o Trailer o Trailer
skipping to change at page 40, line 39 skipping to change at page 44, line 9
The general-header "Transfer-Encoding" field indicates what (if any) The general-header "Transfer-Encoding" field indicates what (if any)
type of transformation has been applied to the message body in order type of transformation has been applied to the message body in order
to safely transfer it between the sender and the recipient. This to safely transfer it between the sender and the recipient. This
differs from the content-coding in that the transfer-coding is a differs from the content-coding in that the transfer-coding is a
property of the message, not of the entity. property of the message, not of the entity.
Transfer-Encoding = "Transfer-Encoding" ":" OWS Transfer-Encoding = "Transfer-Encoding" ":" OWS
Transfer-Encoding-v Transfer-Encoding-v
Transfer-Encoding-v = 1#transfer-coding Transfer-Encoding-v = 1#transfer-coding
Transfer-codings are defined in Section 3.4. An example is: Transfer-codings are defined in Section 3.3. An example is:
Transfer-Encoding: chunked Transfer-Encoding: chunked
If multiple encodings have been applied to an entity, the transfer- If multiple encodings have been applied to an entity, the transfer-
codings MUST be listed in the order in which they were applied. codings MUST be listed in the order in which they were applied.
Additional information about the encoding parameters MAY be provided Additional information about the encoding parameters MAY be provided
by other entity-header fields not defined by this specification. by other entity-header fields not defined by this specification.
Many older HTTP/1.0 applications do not understand the Transfer- Many older HTTP/1.0 applications do not understand the Transfer-
Encoding header. Encoding header.
skipping to change at page 44, line 26 skipping to change at page 47, line 34
| Via | http | standard | Section 8.9 | | Via | http | standard | Section 8.9 |
+-------------------+----------+----------+-------------+ +-------------------+----------+----------+-------------+
The change controller is: "IETF (iesg@ietf.org) - Internet The change controller is: "IETF (iesg@ietf.org) - Internet
Engineering Task Force". Engineering Task Force".
9.2. URI Scheme Registration 9.2. URI Scheme Registration
The entry for the "http" URI Scheme in the registry located at The entry for the "http" URI Scheme in the registry located at
<http://www.iana.org/assignments/uri-schemes.html> should be updated <http://www.iana.org/assignments/uri-schemes.html> should be updated
to point to Section 3.2.1 of this document (see [RFC4395]). to point to Section 2.1.1 of this document (see [RFC4395]).
9.3. Internet Media Type Registrations 9.3. Internet Media Type Registrations
This document serves as the specification for the Internet media This document serves as the specification for the Internet media
types "message/http" and "application/http". The following is to be types "message/http" and "application/http". The following is to be
registered with IANA (see [RFC4288]). registered with IANA (see [RFC4288]).
9.3.1. Internet Media Type message/http 9.3.1. Internet Media Type message/http
The message/http type can be used to enclose a single HTTP request or The message/http type can be used to enclose a single HTTP request or
skipping to change at page 47, line 38 skipping to change at page 50, line 46
10.3. Attacks Based On File and Path Names 10.3. Attacks Based On File and Path Names
Implementations of HTTP origin servers SHOULD be careful to restrict Implementations of HTTP origin servers SHOULD be careful to restrict
the documents returned by HTTP requests to be only those that were the documents returned by HTTP requests to be only those that were
intended by the server administrators. If an HTTP server translates intended by the server administrators. If an HTTP server translates
HTTP URIs directly into file system calls, the server MUST take HTTP URIs directly into file system calls, the server MUST take
special care not to serve files that were not intended to be special care not to serve files that were not intended to be
delivered to HTTP clients. For example, UNIX, Microsoft Windows, and delivered to HTTP clients. For example, UNIX, Microsoft Windows, and
other operating systems use ".." as a path component to indicate a other operating systems use ".." as a path component to indicate a
directory level above the current one. On such a system, an HTTP directory level above the current one. On such a system, an HTTP
server MUST disallow any such construct in the Request-URI if it server MUST disallow any such construct in the request-target if it
would otherwise allow access to a resource outside those intended to would otherwise allow access to a resource outside those intended to
be accessible via the HTTP server. Similarly, files intended for be accessible via the HTTP server. Similarly, files intended for
reference only internally to the server (such as access control reference only internally to the server (such as access control
files, configuration files, and script code) MUST be protected from files, configuration files, and script code) MUST be protected from
inappropriate retrieval, since they might contain sensitive inappropriate retrieval, since they might contain sensitive
information. Experience has shown that minor bugs in such HTTP information. Experience has shown that minor bugs in such HTTP
server implementations have turned into security risks. server implementations have turned into security risks.
10.4. DNS Spoofing 10.4. DNS Spoofing
skipping to change at page 50, line 37 skipping to change at page 53, line 45
[ISO-8859-1] [ISO-8859-1]
International Organization for Standardization, International Organization for Standardization,
"Information technology -- 8-bit single-byte coded graphic "Information technology -- 8-bit single-byte coded graphic
character sets -- Part 1: Latin alphabet No. 1", ISO/ character sets -- Part 1: Latin alphabet No. 1", ISO/
IEC 8859-1:1998, 1998. IEC 8859-1:1998, 1998.
[Part2] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H., [Part2] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H.,
Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed., Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed.,
and J. Reschke, Ed., "HTTP/1.1, part 2: Message and J. Reschke, Ed., "HTTP/1.1, part 2: Message
Semantics", draft-ietf-httpbis-p2-semantics-05 (work in Semantics", draft-ietf-httpbis-p2-semantics-06 (work in
progress), November 2008. progress), March 2009.
[Part3] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H., [Part3] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H.,
Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed., Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed.,
and J. Reschke, Ed., "HTTP/1.1, part 3: Message Payload and J. Reschke, Ed., "HTTP/1.1, part 3: Message Payload
and Content Negotiation", draft-ietf-httpbis-p3-payload-05 and Content Negotiation", draft-ietf-httpbis-p3-payload-06
(work in progress), November 2008. (work in progress), March 2009.
[Part5] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H., [Part5] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H.,
Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed., Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed.,
and J. Reschke, Ed., "HTTP/1.1, part 5: Range Requests and and J. Reschke, Ed., "HTTP/1.1, part 5: Range Requests and
Partial Responses", draft-ietf-httpbis-p5-range-05 (work Partial Responses", draft-ietf-httpbis-p5-range-06 (work
in progress), November 2008. in progress), March 2009.
[Part6] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H., [Part6] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H.,
Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed., Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed.,
and J. Reschke, Ed., "HTTP/1.1, part 6: Caching", and J. Reschke, Ed., "HTTP/1.1, part 6: Caching",
draft-ietf-httpbis-p6-cache-05 (work in progress), draft-ietf-httpbis-p6-cache-06 (work in progress),
November 2008. March 2009.
[RFC2045] Freed, N. and N. Borenstein, "Multipurpose Internet Mail
Extensions (MIME) Part One: Format of Internet Message
Bodies", RFC 2045, November 1996.
[RFC2047] Moore, K., "MIME (Multipurpose Internet Mail Extensions)
Part Three: Message Header Extensions for Non-ASCII Text",
RFC 2047, November 1996.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
Resource Identifier (URI): Generic Syntax", RFC 3986, Resource Identifier (URI): Generic Syntax", RFC 3986,
STD 66, January 2005. STD 66, January 2005.
[RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax [RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax
Specifications: ABNF", STD 68, RFC 5234, January 2008. Specifications: ABNF", STD 68, RFC 5234, January 2008.
skipping to change at page 52, line 9 skipping to change at page 55, line 11
Computer Networks and ISDN Systems v. 28, pp. 25-35, Computer Networks and ISDN Systems v. 28, pp. 25-35,
December 1995, December 1995,
<http://portal.acm.org/citation.cfm?id=219094>. <http://portal.acm.org/citation.cfm?id=219094>.
[RFC1123] Braden, R., "Requirements for Internet Hosts - Application [RFC1123] Braden, R., "Requirements for Internet Hosts - Application
and Support", STD 3, RFC 1123, October 1989. and Support", STD 3, RFC 1123, October 1989.
[RFC1305] Mills, D., "Network Time Protocol (Version 3) [RFC1305] Mills, D., "Network Time Protocol (Version 3)
Specification, Implementation", RFC 1305, March 1992. Specification, Implementation", RFC 1305, March 1992.
[RFC1436] Anklesaria, F., McCahill, M., Lindner, P., Johnson, D.,
Torrey, D., and B. Alberti, "The Internet Gopher Protocol
(a distributed document search and retrieval protocol)",
RFC 1436, March 1993.
[RFC1900] Carpenter, B. and Y. Rekhter, "Renumbering Needs Work", [RFC1900] Carpenter, B. and Y. Rekhter, "Renumbering Needs Work",
RFC 1900, February 1996. RFC 1900, February 1996.
[RFC1945] Berners-Lee, T., Fielding, R., and H. Nielsen, "Hypertext [RFC1945] Berners-Lee, T., Fielding, R., and H. Nielsen, "Hypertext
Transfer Protocol -- HTTP/1.0", RFC 1945, May 1996. Transfer Protocol -- HTTP/1.0", RFC 1945, May 1996.
[RFC2045] Freed, N. and N. Borenstein, "Multipurpose Internet Mail
Extensions (MIME) Part One: Format of Internet Message
Bodies", RFC 2045, November 1996.
[RFC2047] Moore, K., "MIME (Multipurpose Internet Mail Extensions)
Part Three: Message Header Extensions for Non-ASCII Text",
RFC 2047, November 1996.
[RFC2068] Fielding, R., Gettys, J., Mogul, J., Nielsen, H., and T. [RFC2068] Fielding, R., Gettys, J., Mogul, J., Nielsen, H., and T.
Berners-Lee, "Hypertext Transfer Protocol -- HTTP/1.1", Berners-Lee, "Hypertext Transfer Protocol -- HTTP/1.1",
RFC 2068, January 1997. RFC 2068, January 1997.
[RFC2109] Kristol, D. and L. Montulli, "HTTP State Management [RFC2109] Kristol, D. and L. Montulli, "HTTP State Management
Mechanism", RFC 2109, February 1997. Mechanism", RFC 2109, February 1997.
[RFC2145] Mogul, J., Fielding, R., Gettys, J., and H. Nielsen, "Use [RFC2145] Mogul, J., Fielding, R., Gettys, J., and H. Nielsen, "Use
and Interpretation of HTTP Version Numbers", RFC 2145, and Interpretation of HTTP Version Numbers", RFC 2145,
May 1997. May 1997.
skipping to change at page 52, line 44 skipping to change at page 55, line 49
[RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000. [RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000.
[RFC2965] Kristol, D. and L. Montulli, "HTTP State Management [RFC2965] Kristol, D. and L. Montulli, "HTTP State Management
Mechanism", RFC 2965, October 2000. Mechanism", RFC 2965, October 2000.
[RFC3864] Klyne, G., Nottingham, M., and J. Mogul, "Registration [RFC3864] Klyne, G., Nottingham, M., and J. Mogul, "Registration
Procedures for Message Header Fields", BCP 90, RFC 3864, Procedures for Message Header Fields", BCP 90, RFC 3864,
September 2004. September 2004.
[RFC3977] Feather, C., "Network News Transfer Protocol (NNTP)",
RFC 3977, October 2006.
[RFC4288] Freed, N. and J. Klensin, "Media Type Specifications and [RFC4288] Freed, N. and J. Klensin, "Media Type Specifications and
Registration Procedures", BCP 13, RFC 4288, December 2005. Registration Procedures", BCP 13, RFC 4288, December 2005.
[RFC4395] Hansen, T., Hardie, T., and L. Masinter, "Guidelines and [RFC4395] Hansen, T., Hardie, T., and L. Masinter, "Guidelines and
Registration Procedures for New URI Schemes", BCP 115, Registration Procedures for New URI Schemes", BCP 115,
RFC 4395, February 2006. RFC 4395, February 2006.
[RFC5322] Resnick, P., "Internet Message Format", RFC 5322, [RFC5322] Resnick, P., "Internet Message Format", RFC 5322,
October 2008. October 2008.
[RFC822] Crocker, D., "Standard for the format of ARPA Internet
text messages", STD 11, RFC 822, August 1982.
[RFC959] Postel, J. and J. Reynolds, "File Transfer Protocol",
STD 9, RFC 959, October 1985.
[Spe] Spero, S., "Analysis of HTTP Performance Problems", [Spe] Spero, S., "Analysis of HTTP Performance Problems",
<http://sunsite.unc.edu/mdma-release/http-prob.html>. <http://sunsite.unc.edu/mdma-release/http-prob.html>.
[Tou1998] Touch, J., Heidemann, J., and K. Obraczka, "Analysis of [Tou1998] Touch, J., Heidemann, J., and K. Obraczka, "Analysis of
HTTP Performance", ISI Research Report ISI/RR-98-463, HTTP Performance", ISI Research Report ISI/RR-98-463,
Aug 1998, <http://www.isi.edu/touch/pubs/http-perf96/>. Aug 1998, <http://www.isi.edu/touch/pubs/http-perf96/>.
(original report dated Aug. 1996) (original report dated Aug. 1996)
[WAIS] Davis, F., Kahle, B., Morris, H., Salem, J., Shen, T.,
Wang, R., Sui, J., and M. Grinbaum, "WAIS Interface
Protocol Prototype Functional Specification (v1.5)",
Thinking Machines Corporation , April 1990.
Appendix A. Tolerant Applications Appendix A. Tolerant Applications
Although this document specifies the requirements for the generation Although this document specifies the requirements for the generation
of HTTP/1.1 messages, not all applications will be correct in their of HTTP/1.1 messages, not all applications will be correct in their
implementation. We therefore recommend that operational applications implementation. We therefore recommend that operational applications
be tolerant of deviations whenever those deviations can be be tolerant of deviations whenever those deviations can be
interpreted unambiguously. interpreted unambiguously.
Clients SHOULD be tolerant in parsing the Status-Line and servers Clients SHOULD be tolerant in parsing the Status-Line and servers
tolerant when parsing the Request-Line. In particular, they SHOULD tolerant when parsing the Request-Line. In particular, they SHOULD
accept any amount of SP or HTAB characters between fields, even accept any amount of WSP characters between fields, even though only
though only a single SP is required. a single SP is required.
The line terminator for message-header fields is the sequence CRLF. The line terminator for message-header fields is the sequence CRLF.
However, we recommend that applications, when parsing such headers, However, we recommend that applications, when parsing such headers,
recognize a single LF as a line terminator and ignore the leading CR. recognize a single LF as a line terminator and ignore the leading CR.
The character set of an entity-body SHOULD be labeled as the lowest The character set of an entity-body SHOULD be labeled as the lowest
common denominator of the character codes used within that body, with common denominator of the character codes used within that body, with
the exception that not labeling the entity is preferred over labeling the exception that not labeling the entity is preferred over labeling
the entity with the labels US-ASCII or ISO-8859-1. See [Part3]. the entity with the labels US-ASCII or ISO-8859-1. See [Part3].
skipping to change at page 54, line 25 skipping to change at page 57, line 14
proper value. proper value.
o All expiration-related calculations MUST be done in GMT. The o All expiration-related calculations MUST be done in GMT. The
local time zone MUST NOT influence the calculation or comparison local time zone MUST NOT influence the calculation or comparison
of an age or expiration time. of an age or expiration time.
o If an HTTP header incorrectly carries a date value with a time o If an HTTP header incorrectly carries a date value with a time
zone other than GMT, it MUST be converted into GMT using the most zone other than GMT, it MUST be converted into GMT using the most
conservative possible conversion. conservative possible conversion.
Appendix B. Conversion of Date Formats Appendix B. Compatibility with Previous Versions
HTTP/1.1 uses a restricted set of date formats (Section 3.3.1) to
simplify the process of date comparison. Proxies and gateways from
other protocols SHOULD ensure that any Date header field present in a
message conforms to one of the HTTP/1.1 formats and rewrite the date
if necessary.
Appendix C. Compatibility with Previous Versions
HTTP has been in use by the World-Wide Web global information HTTP has been in use by the World-Wide Web global information
initiative since 1990. The first version of HTTP, later referred to initiative since 1990. The first version of HTTP, later referred to
as HTTP/0.9, was a simple protocol for hypertext data transfer across as HTTP/0.9, was a simple protocol for hypertext data transfer across
the Internet with only a single method and no metadata. HTTP/1.0, as the Internet with only a single method and no metadata. HTTP/1.0, as
defined by [RFC1945], added a range of request methods and MIME-like defined by [RFC1945], added a range of request methods and MIME-like
messaging that could include metadata about the data transferred and messaging that could include metadata about the data transferred and
modifiers on the request/response semantics. However, HTTP/1.0 did modifiers on the request/response semantics. However, HTTP/1.0 did
not sufficiently take into consideration the effects of hierarchical not sufficiently take into consideration the effects of hierarchical
proxies, caching, the need for persistent connections, or name-based proxies, caching, the need for persistent connections, or name-based
skipping to change at page 55, line 37 skipping to change at page 58, line 19
o understand any valid response in the format of HTTP/0.9, 1.0, or o understand any valid response in the format of HTTP/0.9, 1.0, or
1.1. 1.1.
For most implementations of HTTP/1.0, each connection is established For most implementations of HTTP/1.0, each connection is established
by the client prior to the request and closed by the server after by the client prior to the request and closed by the server after
sending the response. Some implementations implement the Keep-Alive sending the response. Some implementations implement the Keep-Alive
version of persistent connections described in Section 19.7.1 of version of persistent connections described in Section 19.7.1 of
[RFC2068]. [RFC2068].
C.1. Changes from HTTP/1.0 B.1. Changes from HTTP/1.0
This section summarizes major differences between versions HTTP/1.0 This section summarizes major differences between versions HTTP/1.0
and HTTP/1.1. and HTTP/1.1.
C.1.1. Changes to Simplify Multi-homed Web Servers and Conserve IP B.1.1. Changes to Simplify Multi-homed Web Servers and Conserve IP
Addresses Addresses
The requirements that clients and servers support the Host request- The requirements that clients and servers support the Host request-
header, report an error if the Host request-header (Section 8.4) is header, report an error if the Host request-header (Section 8.4) is
missing from an HTTP/1.1 request, and accept absolute URIs missing from an HTTP/1.1 request, and accept absolute URIs
(Section 5.1.2) are among the most important changes defined by this (Section 5.1.2) are among the most important changes defined by this
specification. specification.
Older HTTP/1.0 clients assumed a one-to-one relationship of IP Older HTTP/1.0 clients assumed a one-to-one relationship of IP
addresses and servers; there was no other established mechanism for addresses and servers; there was no other established mechanism for
skipping to change at page 56, line 28 skipping to change at page 59, line 10
o Both clients and servers MUST support the Host request-header. o Both clients and servers MUST support the Host request-header.
o A client that sends an HTTP/1.1 request MUST send a Host header. o A client that sends an HTTP/1.1 request MUST send a Host header.
o Servers MUST report a 400 (Bad Request) error if an HTTP/1.1 o Servers MUST report a 400 (Bad Request) error if an HTTP/1.1
request does not include a Host request-header. request does not include a Host request-header.
o Servers MUST accept absolute URIs. o Servers MUST accept absolute URIs.
C.2. Compatibility with HTTP/1.0 Persistent Connections B.2. Compatibility with HTTP/1.0 Persistent Connections
Some clients and servers might wish to be compatible with some Some clients and servers might wish to be compatible with some
previous implementations of persistent connections in HTTP/1.0 previous implementations of persistent connections in HTTP/1.0
clients and servers. Persistent connections in HTTP/1.0 are clients and servers. Persistent connections in HTTP/1.0 are
explicitly negotiated as they are not the default behavior. HTTP/1.0 explicitly negotiated as they are not the default behavior. HTTP/1.0
experimental implementations of persistent connections are faulty, experimental implementations of persistent connections are faulty,
and the new facilities in HTTP/1.1 are designed to rectify these and the new facilities in HTTP/1.1 are designed to rectify these
problems. The problem was that some existing 1.0 clients may be problems. The problem was that some existing 1.0 clients may be
sending Keep-Alive to a proxy server that doesn't understand sending Keep-Alive to a proxy server that doesn't understand
Connection, which would then erroneously forward it to the next Connection, which would then erroneously forward it to the next
skipping to change at page 57, line 8 skipping to change at page 59, line 37
connections, so that prohibition is clearly unacceptable. Therefore, connections, so that prohibition is clearly unacceptable. Therefore,
we need some other mechanism for indicating a persistent connection we need some other mechanism for indicating a persistent connection
is desired, which is safe to use even when talking to an old proxy is desired, which is safe to use even when talking to an old proxy
that ignores Connection. Persistent connections are the default for that ignores Connection. Persistent connections are the default for
HTTP/1.1 messages; we introduce a new keyword (Connection: close) for HTTP/1.1 messages; we introduce a new keyword (Connection: close) for
declaring non-persistence. See Section 8.1. declaring non-persistence. See Section 8.1.
The original HTTP/1.0 form of persistent connections (the Connection: The original HTTP/1.0 form of persistent connections (the Connection:
Keep-Alive and Keep-Alive header) is documented in [RFC2068]. Keep-Alive and Keep-Alive header) is documented in [RFC2068].
C.3. Changes from RFC 2068 B.3. Changes from RFC 2068
This specification has been carefully audited to correct and This specification has been carefully audited to correct and
disambiguate key word usage; RFC 2068 had many problems in respect to disambiguate key word usage; RFC 2068 had many problems in respect to
the conventions laid out in [RFC2119]. the conventions laid out in [RFC2119].
Transfer-coding and message lengths all interact in ways that Transfer-coding and message lengths all interact in ways that
required fixing exactly when chunked encoding is used (to allow for required fixing exactly when chunked encoding is used (to allow for
transfer encoding that may not be self delimiting); it was important transfer encoding that may not be self delimiting); it was important
to straighten out exactly how message lengths are computed. to straighten out exactly how message lengths are computed.
(Sections 3.4, 4.4, 8.2, see also [Part3], [Part5] and [Part6]) (Sections 3.3, 4.4, 8.2, see also [Part3], [Part5] and [Part6])
The use and interpretation of HTTP version numbers has been clarified The use and interpretation of HTTP version numbers has been clarified
by [RFC2145]. Require proxies to upgrade requests to highest by [RFC2145]. Require proxies to upgrade requests to highest
protocol version they support to deal with problems discovered in protocol version they support to deal with problems discovered in
HTTP/1.0 implementations (Section 3.1) HTTP/1.0 implementations (Section 3.1)
Quality Values of zero should indicate that "I don't want something"
to allow clients to refuse a representation. (Section 3.5)
Transfer-coding had significant problems, particularly with Transfer-coding had significant problems, particularly with
interactions with chunked encoding. The solution is that transfer- interactions with chunked encoding. The solution is that transfer-
codings become as full fledged as content-codings. This involves codings become as full fledged as content-codings. This involves
adding an IANA registry for transfer-codings (separate from content adding an IANA registry for transfer-codings (separate from content
codings), a new header field (TE) and enabling trailer headers in the codings), a new header field (TE) and enabling trailer headers in the
future. Transfer encoding is a major performance benefit, so it was future. Transfer encoding is a major performance benefit, so it was
worth fixing [Nie1997]. TE also solves another, obscure, downward worth fixing [Nie1997]. TE also solves another, obscure, downward
interoperability problem that could have occurred due to interactions interoperability problem that could have occurred due to interactions
between authentication trailers, chunked encoding and HTTP/1.0 between authentication trailers, chunked encoding and HTTP/1.0
clients.(Section 3.4, 3.4.1, and 8.5) clients.(Section 3.3, 3.3.1, and 8.5)
C.4. Changes from RFC 2616 B.4. Changes from RFC 2616
Empty list elements in list productions have been deprecated.
(Section 1.2.1)
Rules about implicit linear white space between certain grammar Rules about implicit linear white space between certain grammar
productions have been removed; now it's only allowed when productions have been removed; now it's only allowed when
specifically pointed out in the ABNF. The CHAR rule does not allow specifically pointed out in the ABNF. The NUL character is no longer
the NUL character anymore (this affects the comment and quoted-string allowed in comment and quoted-string text. The quoted-pair rule no
rules). Furthermore, the quoted-pair rule does not allow escaping longer allows escaping NUL, CR or LF. Non-ASCII content in header
NUL, CR or LF anymore. (Section 2.2) fields and reason phrase has been obsoleted and made opaque (the TEXT
rule was removed) (Section 1.2.2)
Clarify that HTTP-Version is case sensitive. (Section 3.1) Clarify that HTTP-Version is case sensitive. (Section 3.1)
Remove reference to non-existant identity transfer-coding value Remove reference to non-existant identity transfer-coding value
tokens. (Sections 3.4 and 4.4) tokens. (Sections 3.3 and 4.4)
Clarification that the chunk length does not include the count of the Clarification that the chunk length does not include the count of the
octets in the chunk header and trailer. (Section 3.4.1) octets in the chunk header and trailer. (Section 3.3.1)
Require that invalid whitespace around field-names be rejected.
(Section 4.2)
Update use of abs_path production from RFC1808 to the path-absolute + Update use of abs_path production from RFC1808 to the path-absolute +
query components of RFC3986. (Section 5.1.2) query components of RFC3986. (Section 5.1.2)
Clarify exactly when close connection options must be sent. Clarify exactly when close connection options must be sent.
(Section 8.1) (Section 8.1)
Appendix D. Terminology Appendix C. Terminology
This specification uses a number of terms to refer to the roles This specification uses a number of terms to refer to the roles
played by participants in, and objects of, the HTTP communication. played by participants in, and objects of, the HTTP communication.
connection cache
A transport layer virtual circuit established between two programs
for the purpose of communication.
message
The basic unit of HTTP communication, consisting of a structured
sequence of octets matching the syntax defined in Section 4 and
transmitted via the connection.
request
An HTTP request message, as defined in Section 5.
response A program's local store of response messages and the subsystem
that controls its message storage, retrieval, and deletion. A
cache stores cacheable responses in order to reduce the response
time and network bandwidth consumption on future, equivalent
requests. Any client or server may include a cache, though a
cache cannot be used by a server that is acting as a tunnel.
An HTTP response message, as defined in Section 6. cacheable
resource A response is cacheable if a cache is allowed to store a copy of
the response message for use in answering subsequent requests.
The rules for determining the cacheability of HTTP responses are
defined in Section 1 of [Part6]. Even if a resource is cacheable,
there may be additional constraints on whether a cache can use the
cached copy for a particular request.
A network data object or service that can be identified by a URI, client
as defined in Section 3.2. Resources may be available in multiple
representations (e.g. multiple languages, data formats, size, and
resolutions) or vary in other ways.
entity A program that establishes connections for the purpose of sending
requests.
The information transferred as the payload of a request or connection
response. An entity consists of metainformation in the form of
entity-header fields and content in the form of an entity-body, as
described in Section 4 of [Part3].
representation A transport layer virtual circuit established between two programs
An entity included with a response that is subject to content for the purpose of communication.
negotiation, as described in Section 5 of [Part3]. There may
exist multiple representations associated with a particular
response status.
content negotiation content negotiation
The mechanism for selecting the appropriate representation when The mechanism for selecting the appropriate representation when
servicing a request, as described in Section 5 of [Part3]. The servicing a request, as described in Section 4 of [Part3]. The
representation of entities in any response can be negotiated representation of entities in any response can be negotiated
(including error responses). (including error responses).
variant entity
A resource may have one, or more than one, representation(s) The information transferred as the payload of a request or
associated with it at any given instant. Each of these response. An entity consists of metainformation in the form of
representations is termed a `variant'. Use of the term `variant' entity-header fields and content in the form of an entity-body, as
does not necessarily imply that the resource is subject to content described in Section 3 of [Part3].
negotiation.
client gateway
A program that establishes connections for the purpose of sending A server which acts as an intermediary for some other server.
requests. Unlike a proxy, a gateway receives requests as if it were the
origin server for the requested resource; the requesting client
may not be aware that it is communicating with a gateway.
user agent inbound/outbound
The client which initiates a request. These are often browsers, Inbound and outbound refer to the request and response paths for
editors, spiders (web-traversing robots), or other end user tools. messages: "inbound" means "traveling toward the origin server",
and "outbound" means "traveling toward the user agent"
server message
An application program that accepts connections in order to The basic unit of HTTP communication, consisting of a structured
service requests by sending back responses. Any given program may sequence of octets matching the syntax defined in Section 4 and
be capable of being both a client and a server; our use of these transmitted via the connection.
terms refers only to the role being performed by the program for a
particular connection, rather than to the program's capabilities
in general. Likewise, any server may act as an origin server,
proxy, gateway, or tunnel, switching behavior based on the nature
of each request.
origin server origin server
The server on which a given resource resides or is to be created. The server on which a given resource resides or is to be created.
proxy proxy
An intermediary program which acts as both a server and a client An intermediary program which acts as both a server and a client
for the purpose of making requests on behalf of other clients. for the purpose of making requests on behalf of other clients.
Requests are serviced internally or by passing them on, with Requests are serviced internally or by passing them on, with
possible translation, to other servers. A proxy MUST implement possible translation, to other servers. A proxy MUST implement
both the client and server requirements of this specification. A both the client and server requirements of this specification. A
"transparent proxy" is a proxy that does not modify the request or "transparent proxy" is a proxy that does not modify the request or
response beyond what is required for proxy authentication and response beyond what is required for proxy authentication and
identification. A "non-transparent proxy" is a proxy that identification. A "non-transparent proxy" is a proxy that
modifies the request or response in order to provide some added modifies the request or response in order to provide some added
service to the user agent, such as group annotation services, service to the user agent, such as group annotation services,
skipping to change at page 60, line 19 skipping to change at page 62, line 40
"transparent proxy" is a proxy that does not modify the request or "transparent proxy" is a proxy that does not modify the request or
response beyond what is required for proxy authentication and response beyond what is required for proxy authentication and
identification. A "non-transparent proxy" is a proxy that identification. A "non-transparent proxy" is a proxy that
modifies the request or response in order to provide some added modifies the request or response in order to provide some added
service to the user agent, such as group annotation services, service to the user agent, such as group annotation services,
media type transformation, protocol reduction, or anonymity media type transformation, protocol reduction, or anonymity
filtering. Except where either transparent or non-transparent filtering. Except where either transparent or non-transparent
behavior is explicitly stated, the HTTP proxy requirements apply behavior is explicitly stated, the HTTP proxy requirements apply
to both types of proxies. to both types of proxies.
gateway request
A server which acts as an intermediary for some other server. An HTTP request message, as defined in Section 5.
Unlike a proxy, a gateway receives requests as if it were the
origin server for the requested resource; the requesting client resource
may not be aware that it is communicating with a gateway.
A network data object or service that can be identified by a URI,
as defined in Section 2.1. Resources may be available in multiple
representations (e.g. multiple languages, data formats, size, and
resolutions) or vary in other ways.
response
An HTTP response message, as defined in Section 6.
representation
An entity included with a response that is subject to content
negotiation, as described in Section 4 of [Part3]. There may
exist multiple representations associated with a particular
response status.
server
An application program that accepts connections in order to
service requests by sending back responses. Any given program may
be capable of being both a client and a server; our use of these
terms refers only to the role being performed by the program for a
particular connection, rather than to the program's capabilities
in general. Likewise, any server may act as an origin server,
proxy, gateway, or tunnel, switching behavior based on the nature
of each request.
tunnel tunnel
An intermediary program which is acting as a blind relay between An intermediary program which is acting as a blind relay between
two connections. Once active, a tunnel is not considered a party two connections. Once active, a tunnel is not considered a party
to the HTTP communication, though the tunnel may have been to the HTTP communication, though the tunnel may have been
initiated by an HTTP request. The tunnel ceases to exist when initiated by an HTTP request. The tunnel ceases to exist when
both ends of the relayed connections are closed. both ends of the relayed connections are closed.
cache upstream/downstream
A program's local store of response messages and the subsystem Upstream and downstream describe the flow of a message: all
that controls its message storage, retrieval, and deletion. A messages flow from upstream to downstream.
cache stores cacheable responses in order to reduce the response
time and network bandwidth consumption on future, equivalent
requests. Any client or server may include a cache, though a
cache cannot be used by a server that is acting as a tunnel.
cacheable user agent
A response is cacheable if a cache is allowed to store a copy of The client which initiates a request. These are often browsers,
the response message for use in answering subsequent requests. editors, spiders (web-traversing robots), or other end user tools.
The rules for determining the cacheability of HTTP responses are
defined in Section 1 of [Part6]. Even if a resource is cacheable,
there may be additional constraints on whether a cache can use the
cached copy for a particular request.
upstream/downstream variant
Upstream and downstream describe the flow of a message: all A resource may have one, or more than one, representation(s)
messages flow from upstream to downstream. associated with it at any given instant. Each of these
representations is termed a `variant'. Use of the term `variant'
does not necessarily imply that the resource is subject to content
negotiation.
inbound/outbound Appendix D. Collected ABNF
Inbound and outbound refer to the request and response paths for BWS = OWS
messages: "inbound" means "traveling toward the origin server",
and "outbound" means "traveling toward the user agent" Cache-Control = <Cache-Control, defined in [Part6], Section 3.4>
Chunked-Body = *chunk last-chunk trailer-part CRLF
Connection = "Connection:" OWS Connection-v
Connection-v = *( "," OWS ) connection-token *( OWS "," [ OWS
connection-token ] )
Content-Length = "Content-Length:" OWS 1*Content-Length-v
Content-Length-v = 1*DIGIT
Date = "Date:" OWS Date-v
Date-v = HTTP-date
GMT = %x47.4D.54
HTTP-Prot-Name = %x48.54.54.50
HTTP-Version = HTTP-Prot-Name "/" 1*DIGIT "." 1*DIGIT
HTTP-date = rfc1123-date / obsolete-date
HTTP-message = Request / Response
Host = "Host:" OWS Host-v
Host-v = uri-host [ ":" port ]
Method = token
OWS = *( [ obs-fold ] WSP )
Pragma = <Pragma, defined in [Part6], Section 3.4>
RWS = 1*( [ obs-fold ] WSP )
Reason-Phrase = *( WSP / VCHAR / obs-text )
Request = Request-Line *( ( general-header / request-header /
entity-header ) CRLF ) CRLF [ message-body ]
Request-Line = Method SP request-target SP HTTP-Version CRLF
Response = Status-Line *( ( general-header / response-header /
entity-header ) CRLF ) CRLF [ message-body ]
Status-Code = 3DIGIT
Status-Line = HTTP-Version SP Status-Code SP Reason-Phrase CRLF
TE = "TE:" OWS TE-v
TE-v = [ ( "," / t-codings ) *( OWS "," [ OWS t-codings ] ) ]
Trailer = "Trailer:" OWS Trailer-v
Trailer-v = *( "," OWS ) field-name *( OWS "," [ OWS field-name ] )
Transfer-Encoding = "Transfer-Encoding:" OWS Transfer-Encoding-v
Transfer-Encoding-v = *( "," OWS ) transfer-coding *( OWS "," [ OWS
transfer-coding ] )
URI = <URI, defined in [RFC3986], Section 3>
URI-reference = <URI-reference, defined in [RFC3986], Section 4.1>
Upgrade = "Upgrade:" OWS Upgrade-v
Upgrade-v = *( "," OWS ) product *( OWS "," [ OWS product ] )
Via = "Via:" OWS Via-v
Via-v = *( "," OWS ) received-protocol RWS received-by [ RWS comment
] *( OWS "," [ OWS received-protocol RWS received-by [ RWS comment ]
] )
Warning = <Warning, defined in [Part6], Section 3.6>
absolute-URI = <absolute-URI, defined in [RFC3986], Section 4.3>
asctime-date = wkday SP date3 SP time SP 4DIGIT
attribute = token
authority = <authority, defined in [RFC3986], Section 3.2>
chunk = chunk-size *WSP [ chunk-ext ] CRLF chunk-data CRLF
chunk-data = 1*OCTET
chunk-ext = *( ";" *WSP chunk-ext-name [ "=" chunk-ext-val ] *WSP )
chunk-ext-name = token
chunk-ext-val = token / quoted-string
chunk-size = 1*HEXDIG
comment = "(" *( ctext / quoted-pair / comment ) ")"
connection-token = token
ctext = *( OWS / %x21-27 / %x2A-7E / obs-text )
date1 = 2DIGIT SP month SP 4DIGIT
date2 = 2DIGIT "-" month "-" 2DIGIT
date3 = month SP ( 2DIGIT / ( SP DIGIT ) )
entity-body = <entity-body, defined in [Part3], Section 3.2>
entity-header = <entity-header, defined in [Part3], Section 3.1>
field-content = *( WSP / VCHAR / obs-text )
field-name = token
field-value = *( field-content / OWS )
fragment = <fragment, defined in [RFC3986], Section 3.5>
general-header = Cache-Control / Connection / Date / Pragma / Trailer
/ Transfer-Encoding / Upgrade / Via / Warning
generic-message = start-line *( message-header CRLF ) CRLF [
message-body ]
http-URI = "http://" authority path-abempty [ "?" query ]
l-Fri = %x46.72.69.64.61.79
l-Mon = %x4D.6F.6E.64.61.79
l-Sat = %x53.61.74.75.72.64.61.79
l-Sun = %x53.75.6E.64.61.79
l-Thu = %x54.68.75.72.73.64.61.79
l-Tue = %x54.75.65.73.64.61.79
l-Wed = %x57.65.64.6E.65.73.64.61.79
last-chunk = 1*"0" *WSP [ chunk-ext ] CRLF
message-body = entity-body /
<entity-body encoded as per Transfer-Encoding>
message-header = field-name ":" OWS [ field-value ] OWS
month = s-Jan / s-Feb / s-Mar / s-Apr / s-May / s-Jun / s-Jul / s-Aug
/ s-Sep / s-Oct / s-Nov / s-Dec
obs-fold = CRLF
obs-text = %x80-FF
obsolete-date = rfc850-date / asctime-date
parameter = attribute BWS "=" BWS value
partial-URI = relative-part [ "?" query ]
path-abempty = <path-abempty, defined in [RFC3986], Section 3.3>
path-absolute = <path-absolute, defined in [RFC3986], Section 3.3>
port = <port, defined in [RFC3986], Section 3.2.3>
product = token [ "/" product-version ]
product-version = token
protocol-name = token
protocol-version = token
pseudonym = token
qdtext = *( OWS / "!" / %x23-5B / %x5D-7E / obs-text )
query = <query, defined in [RFC3986], Section 3.4>
quoted-pair = "\" quoted-text
quoted-string = DQUOTE *( qdtext / quoted-pair ) DQUOTE
quoted-text = %x01-09 / %x0B-0C / %x0E-FF
qvalue = ( "0" [ "." *3DIGIT ] ) / ( "1" [ "." *3"0" ] )
received-by = ( uri-host [ ":" port ] ) / pseudonym
received-protocol = [ protocol-name "/" ] protocol-version
relative-part = <relative-part, defined in [RFC3986], Section 4.2>
request-header = <request-header, defined in [Part2], Section 3>
request-target = "*" / absolute-URI / ( path-absolute [ "?" query ] )
/ authority
response-header = <response-header, defined in [Part2], Section 5>
rfc1123-date = wkday "," SP date1 SP time SP GMT
rfc850-date = weekday "," SP date2 SP time SP GMT
s-Apr = %x41.70.72
s-Aug = %x41.75.67
s-Dec = %x44.65.63
s-Feb = %x46.65.62
s-Fri = %x46.72.69
s-Jan = %x4A.61.6E
s-Jul = %x4A.75.6C
s-Jun = %x4A.75.6E
s-Mar = %x4D.61.72
s-May = %x4D.61.79
s-Mon = %x4D.6F.6E
s-Nov = %x4E.6F.76
s-Oct = %x4F.63.74
s-Sat = %x53.61.74
s-Sep = %x53.65.70
s-Sun = %x53.75.6E
s-Thu = %x54.68.75
s-Tue = %x54.75.65
s-Wed = %x57.65.64
start-line = Request-Line / Status-Line
t-codings = "trailers" / ( transfer-extension [ te-params ] )
tchar = "!" / "#" / "$" / "%" / "&" / "'" / "*" / "+" / "-" / "." /
"^" / "_" / "`" / "|" / "~" / DIGIT / ALPHA
te-ext = OWS ";" OWS token [ "=" ( token / quoted-string ) ]
te-params = OWS ";" OWS "q=" qvalue *te-ext
time = 2DIGIT ":" 2DIGIT ":" 2DIGIT
token = 1*tchar
trailer-part = *( entity-header CRLF )
transfer-coding = "chunked" / transfer-extension
transfer-extension = token *( OWS ";" OWS parameter )
uri-host = <host, defined in [RFC3986], Section 3.2.2>
value = token / quoted-string
weekday = l-Mon / l-Tue / l-Wed / l-Thu / l-Fri / l-Sat / l-Sun
wkday = s-Mon / s-Tue / s-Wed / s-Thu / s-Fri / s-Sat / s-Sun
ABNF diagnostics:
; Chunked-Body defined but not used
; Content-Length defined but not used
; HTTP-message defined but not used
; Host defined but not used
; TE defined but not used
; URI defined but not used
; URI-reference defined but not used
; fragment defined but not used
; generic-message defined but not used
; http-URI defined but not used
; partial-URI defined but not used
Appendix E. Change Log (to be removed by RFC Editor before publication) Appendix E. Change Log (to be removed by RFC Editor before publication)
E.1. Since RFC2616 E.1. Since RFC2616
Extracted relevant partitions from [RFC2616]. Extracted relevant partitions from [RFC2616].
E.2. Since draft-ietf-httpbis-p1-messaging-00 E.2. Since draft-ietf-httpbis-p1-messaging-00
Closed issues: Closed issues:
skipping to change at page 62, line 40 skipping to change at page 69, line 44
o <http://tools.ietf.org/wg/httpbis/trac/ticket/66>: "ISO-8859-1 o <http://tools.ietf.org/wg/httpbis/trac/ticket/66>: "ISO-8859-1
Reference" Reference"
o <http://tools.ietf.org/wg/httpbis/trac/ticket/86>: "Normative up- o <http://tools.ietf.org/wg/httpbis/trac/ticket/86>: "Normative up-
to-date references" to-date references"
Other changes: Other changes:
o Update media type registrations to use RFC4288 template. o Update media type registrations to use RFC4288 template.
o Use names of RFC4234 core rules DQUOTE and HTAB, fix broken ABNF o Use names of RFC4234 core rules DQUOTE and WSP, fix broken ABNF
for chunk-data (work in progress on for chunk-data (work in progress on
<http://tools.ietf.org/wg/httpbis/trac/ticket/36>) <http://tools.ietf.org/wg/httpbis/trac/ticket/36>)
E.3. Since draft-ietf-httpbis-p1-messaging-01 E.3. Since draft-ietf-httpbis-p1-messaging-01
Closed issues: Closed issues:
o <http://tools.ietf.org/wg/httpbis/trac/ticket/19>: "Bodies on GET o <http://tools.ietf.org/wg/httpbis/trac/ticket/19>: "Bodies on GET
(and other) requests" (and other) requests"
o <http://tools.ietf.org/wg/httpbis/trac/ticket/55>: "Updating to o <http://tools.ietf.org/wg/httpbis/trac/ticket/55>: "Updating to
RFC4288" RFC4288"
o <http://tools.ietf.org/wg/httpbis/trac/ticket/57>: "Status Code o <http://tools.ietf.org/wg/httpbis/trac/ticket/57>: "Status Code
and Reason Phrase" and Reason Phrase"
o <http://tools.ietf.org/wg/httpbis/trac/ticket/82>: "rel_path not o <http://tools.ietf.org/wg/httpbis/trac/ticket/82>: "rel_path not
used" used"
Ongoing work on ABNF conversion Ongoing work on ABNF conversion
skipping to change at page 63, line 27 skipping to change at page 70, line 35
"trailer" -> "trailer-part"). "trailer" -> "trailer-part").
o Avoid underscore character in rule names ("http_URL" -> "http- o Avoid underscore character in rule names ("http_URL" -> "http-
URL", "abs_path" -> "path-absolute"). URL", "abs_path" -> "path-absolute").
o Add rules for terms imported from URI spec ("absoluteURI", o Add rules for terms imported from URI spec ("absoluteURI",
"authority", "path-absolute", "port", "query", "relativeURI", "authority", "path-absolute", "port", "query", "relativeURI",
"host) -- these will have to be updated when switching over to "host) -- these will have to be updated when switching over to
RFC3986. RFC3986.
o Synchronize core rules with RFC5234 (this includes a change to o Synchronize core rules with RFC5234.
CHAR which now excludes NUL).
o Get rid of prose rules that span multiple lines. o Get rid of prose rules that span multiple lines.
o Get rid of unused rules LOALPHA and UPALPHA. o Get rid of unused rules LOALPHA and UPALPHA.
o Move "Product Tokens" section (back) into Part 1, as "token" is o Move "Product Tokens" section (back) into Part 1, as "token" is
used in the definition of the Upgrade header. used in the definition of the Upgrade header.
o Add explicit references to BNF syntax and rules imported from o Add explicit references to BNF syntax and rules imported from
other parts of the specification. other parts of the specification.
skipping to change at page 65, line 26 skipping to change at page 72, line 36
o Get rid of RFC822 dependency; use RFC5234 plus extensions instead. o Get rid of RFC822 dependency; use RFC5234 plus extensions instead.
o Only reference RFC 5234's core rules. o Only reference RFC 5234's core rules.
o Introduce new ABNF rules for "bad" whitespace ("BWS"), optional o Introduce new ABNF rules for "bad" whitespace ("BWS"), optional
whitespace ("OWS") and required whitespace ("RWS"). whitespace ("OWS") and required whitespace ("RWS").
o Rewrite ABNFs to spell out whitespace rules, factor out header o Rewrite ABNFs to spell out whitespace rules, factor out header
value format definitions. value format definitions.
E.7. Since draft-ietf-httpbis-p1-messaging-05
Closed issues:
o <http://tools.ietf.org/wg/httpbis/trac/ticket/30>: "Header LWS"
o <http://tools.ietf.org/wg/httpbis/trac/ticket/52>: "Sort 1.3
Terminology"
o <http://tools.ietf.org/wg/httpbis/trac/ticket/63>: "RFC2047
encoded words"
o <http://tools.ietf.org/wg/httpbis/trac/ticket/74>: "Character
Encodings in TEXT"
o <http://tools.ietf.org/wg/httpbis/trac/ticket/77>: "Line Folding"
o <http://tools.ietf.org/wg/httpbis/trac/ticket/83>: "OPTIONS * and
proxies"
o <http://tools.ietf.org/wg/httpbis/trac/ticket/94>: "Reason-Phrase
BNF"
o <http://tools.ietf.org/wg/httpbis/trac/ticket/111>: "Use of TEXT"
o <http://tools.ietf.org/wg/httpbis/trac/ticket/118>: "Join
"Differences Between HTTP Entities and RFC 2045 Entities"?"
o <http://tools.ietf.org/wg/httpbis/trac/ticket/134>: "RFC822
reference left in discussion of date formats"
Final work on ABNF conversion
(<http://tools.ietf.org/wg/httpbis/trac/ticket/36>):
o Rewrite definition of list rules, deprecate empty list elements.
o Add appendix containing collected and expanded ABNF.
Other changes:
o Rewrite introduction; add mostly new Architecture Section.
o Move definition of quality values from Part 3 into Part 1; make TE
request header grammar independent of accept-params (defined in
Part 3).
Index Index
A A
application/http Media Type 45 application/http Media Type 48
C C
cache 60 cache 61
cacheable 60 cacheable 61
client 59 client 61
connection 58 connection 61
Connection header 35 Connection header 38
content negotiation 59 content negotiation 61
Content-Length header 36 Content-Length header 39
D D
Date header 36 Date header 39
downstream 61 downstream 63
E E
entity 58 entity 61
G G
gateway 60 gateway 61
Grammar Grammar
absolute-URI 12 absolute-URI 10
asctime-date 14 ALPHA 7
attribute 16 asctime-date 16
authority 12 attribute 17
authority 10
BWS 9 BWS 9
chunk 17 chunk 19
chunk-data 17 chunk-data 19
chunk-ext 17 chunk-ext 19
chunk-ext-name 17 chunk-ext-name 19
chunk-ext-val 17 chunk-ext-val 19
chunk-size 17 chunk-size 19
Chunked-Body 17 Chunked-Body 19
comment 10 comment 23
Connection 35 Connection 38
connection-token 35 connection-token 38
Connection-v 35 Connection-v 38
Content-Length 36 Content-Length 39
Content-Length-v 36 Content-Length-v 39
ctext 10 CR 7
Date 36 CRLF 7
Date-v 36 ctext 23
date1 14 CTL 7
date2 14 Date 40
date3 14 Date-v 40
extension-code 27 date1 16
extension-method 24 date2 16
field-content 20 date3 16
field-name 20 DIGIT 7
field-value 20 DQUOTE 7
general-header 23 extension-code 31
generic-message 19 extension-method 27
Host 38 field-content 22
Host-v 38 field-name 22
HTTP-date 14 field-value 22
HTTP-message 19 general-header 26
HTTP-Prot-Name 11 generic-message 21
http-URI 13 HEXDIG 7
HTTP-Version 11 Host 41
last-chunk 17 Host-v 41
message-body 21 HTTP-date 16
message-header 20 HTTP-message 21
Method 24 HTTP-Prot-Name 14
month 14 http-URI 11
obsolete-date 14 HTTP-Version 14
last-chunk 19
LF 7
message-body 23
message-header 22
Method 27
month 16
obs-text 9
obsolete-date 16
OCTET 7
OWS 9 OWS 9
parameter 16 parameter 17
path-absolute 12 path-absolute 10
port 12 port 10
product 18 product 20
product-version 18 product-version 20
protocol-name 42 protocol-name 45
protocol-version 42 protocol-version 45
pseudonym 42 pseudonym 45
qdtext 10 qdtext 9
query 12 query 10
quoted-pair 10 quoted-pair 9
quoted-string 10 quoted-string 9
quoted-text 10 quoted-text 9
Reason-Phrase 27 qvalue 21
received-by 42 Reason-Phrase 31
received-protocol 42 received-by 45
relative-part 12 received-protocol 45
relativeURI 12 Request 26
Request 24 Request-Line 27
Request-Line 24 request-target 27
Request-URI 24 Response 30
Response 26 rfc850-date 16
rfc850-date 14 rfc1123-date 16
rfc1123-date 14
RWS 9 RWS 9
start-line 19 SP 7
Status-Code 27 start-line 21
Status-Line 27 Status-Code 31
t-codings 38 Status-Line 30
tchar 10 t-codings 42
TE 38 tchar 9
TE-v 38 TE 42
TEXT 9 te-ext 42
time 14 te-params 42
token 10 TE-v 42
Trailer 40 time 16
trailer-part 17 token 9
Trailer-v 40 Trailer 43
transfer-coding 16 trailer-part 19
Transfer-Encoding 40 Trailer-v 43
Transfer-Encoding-v 40 transfer-coding 17
transfer-extension 16 Transfer-Encoding 44
Upgrade 41 Transfer-Encoding-v 44
Upgrade-v 41 transfer-extension 17
uri-host 12 Upgrade 44
URI-reference 12 Upgrade-v 44
value 16 uri-host 10
Via 42 URI-reference 10
Via-v 42 value 17
weekday 14 VCHAR 7
wkday 14 Via 45
Via-v 45
weekday 16
wkday 16
WSP 7
H H
Headers Headers
Connection 35 Connection 38
Content-Length 36 Content-Length 39
Date 36 Date 39
Host 38 Host 41
TE 38 TE 42
Trailer 39 Trailer 43
Transfer-Encoding 40 Transfer-Encoding 43
Upgrade 41 Upgrade 44
Via 42 Via 45
Host header 38 Host header 41
http URI scheme 13 http URI scheme 11
https URI scheme 13 https URI scheme 11
I I
inbound 61 inbound 62
M M
Media Type Media Type
application/http 45 application/http 48
message/http 44 message/http 47
message 58 message 62
message/http Media Type 44 message/http Media Type 47
O O
origin server 59 origin server 62
outbound 61 outbound 62
P P
proxy 59 proxy 62
R R
representation 58 representation 63
request 58 request 62
resource 58 resource 62
response 58 response 62
S S
server 59 server 63
T T
TE header 38 TE header 42
Trailer header 39 Trailer header 43
Transfer-Encoding header 40 Transfer-Encoding header 43
tunnel 60 tunnel 63
U U
Upgrade header 41 Upgrade header 44
upstream 61 upstream 63
URI scheme URI scheme
http 13 http 11
https 13 https 11
user agent 59 user agent 63
V V
variant 59 variant 63
Via header 42 Via header 45
Authors' Addresses Authors' Addresses
Roy T. Fielding (editor) Roy T. Fielding (editor)
Day Software Day Software
23 Corporate Plaza DR, Suite 280 23 Corporate Plaza DR, Suite 280
Newport Beach, CA 92660 Newport Beach, CA 92660
USA USA
Phone: +1-949-706-5300 Phone: +1-949-706-5300
skipping to change at page 72, line 4 skipping to change at line 3641
Julian F. Reschke (editor) Julian F. Reschke (editor)
greenbytes GmbH greenbytes GmbH
Hafenweg 16 Hafenweg 16
Muenster, NW 48155 Muenster, NW 48155
Germany Germany
Phone: +49 251 2807760 Phone: +49 251 2807760
Fax: +49 251 2807761 Fax: +49 251 2807761
Email: julian.reschke@greenbytes.de Email: julian.reschke@greenbytes.de
URI: http://greenbytes.de/tech/webdav/ URI: http://greenbytes.de/tech/webdav/
Full Copyright Statement
Copyright (C) The IETF Trust (2008).
This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors
retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.
 End of changes. 171 change blocks. 
744 lines changed or deleted 1106 lines changed or added

This html diff was produced by rfcdiff 1.35. The latest version is available from http://tools.ietf.org/tools/rfcdiff/