| rfc2616-orig.txt | | draft-rfc2616bis-00.txt | |
|---|
| | | | |
| Network Working Group R. Fielding | | Network Working Group Y. Lafon | |
| Request for Comments: 2616 UC Irvine | | Internet-Draft W3C | |
| Obsoletes: 2068 J. Gettys | | Obsoletes: 2616 (if approved) J. Reschke | |
| Category: Standards Track Compaq/W3C | | Intended status: Standards Track greenbytes | |
| J. Mogul | | Expires: April 16, 2007 October 13, 2006 | |
| Compaq | | | |
| H. Frystyk | | | |
| W3C/MIT | | | |
| L. Masinter | | | |
| Xerox | | | |
| P. Leach | | | |
| Microsoft | | | |
| T. Berners-Lee | | | |
| W3C/MIT | | | |
| June 1999 | | | |
| | | | |
| Hypertext Transfer Protocol -- HTTP/1.1 | | Hypertext Transfer Protocol -- HTTP/1.1 | |
| | | draft-lafon-rfc2616bis-00 | |
| | | | |
| Status of this Memo | | Status of this Memo | |
| | | | |
| This document specifies an Internet standards track protocol for the | | By submitting this Internet-Draft, each author represents that any | |
| Internet community, and requests discussion and suggestions for | | applicable patent or other IPR claims of which he or she is aware | |
| improvements. Please refer to the current edition of the "Internet | | have been or will be disclosed, and any of which he or she becomes | |
| Official Protocol Standards" (STD 1) for the standardization state | | aware will be disclosed, in accordance with Section 6 of BCP 79. | |
| and status of this protocol. Distribution of this memo is unlimited. | | | |
| | | Internet-Drafts are working documents of the Internet Engineering | |
| | | Task Force (IETF), its areas, and its working groups. Note that | |
| | | other groups may also distribute working documents as Internet- | |
| | | Drafts. | |
| | | | |
| | | Internet-Drafts are draft documents valid for a maximum of six months | |
| | | and may be updated, replaced, or obsoleted by other documents at any | |
| | | time. It is inappropriate to use Internet-Drafts as reference | |
| | | material or to cite them other than as "work in progress." | |
| | | | |
| | | The list of current Internet-Drafts can be accessed at | |
| | | http://www.ietf.org/ietf/1id-abstracts.txt. | |
| | | | |
| | | The list of Internet-Draft Shadow Directories can be accessed at | |
| | | http://www.ietf.org/shadow.html. | |
| | | | |
| | | This Internet-Draft will expire on April 16, 2007. | |
| | | | |
| Copyright Notice | | Copyright Notice | |
| | | | |
| Copyright (C) The Internet Society (1999). All Rights Reserved. | | Copyright (C) The Internet Society (2006). | |
| | | | |
| Abstract | | Abstract | |
| | | | |
| The Hypertext Transfer Protocol (HTTP) is an application-level | | The Hypertext Transfer Protocol (HTTP) is an application-level | |
| protocol for distributed, collaborative, hypermedia information | | protocol for distributed, collaborative, hypermedia information | |
| systems. It is a generic, stateless, protocol which can be used for | | systems. It is a generic, stateless, protocol which can be used for | |
| many tasks beyond its use for hypertext, such as name servers and | | many tasks beyond its use for hypertext, such as name servers and | |
| distributed object management systems, through extension of its | | distributed object management systems, through extension of its | |
| request methods, error codes and headers [47]. A feature of HTTP is | | request methods, error codes and headers [47]. A feature of HTTP is | |
| the typing and negotiation of data representation, allowing systems | | the typing and negotiation of data representation, allowing systems | |
| to be built independently of the data being transferred. | | to be built independently of the data being transferred. | |
| | | | |
| HTTP has been in use by the World-Wide Web global information | | HTTP has been in use by the World-Wide Web global information | |
| initiative since 1990. This specification defines the protocol | | initiative since 1990. This specification defines the protocol | |
| referred to as "HTTP/1.1", and is an update to RFC 2068 [33]. | | referred to as "HTTP/1.1", and is an update to RFC2616. | |
| | | | |
| | | Editorial Note (To be removed by RFC Editor before publication) | |
| | | | |
| | | Distribution of this document is unlimited. Please send comments to | |
| | | the Hypertext Transfer Protocol (HTTP) mailing list at | |
| | | ietf-http-wg@w3.org [51], which may be joined by sending a message | |
| | | with subject "subscribe" to ietf-http-wg-request@w3.org [52]. | |
| | | Discussions of the HTTP working group are archived at | |
| | | <http://lists.w3.org/Archives/Public/ietf-http-wg/>. XML versions, | |
| | | latest edits and the issues list for this document are available from | |
| | | <http://www.w3.org/Protocols/HTTP/1.1/>. | |
| | | | |
| | | The purpose of this document is to revise RFC2616 ([50]), doing only | |
| | | minimal corrections. For now, it is not planned to advance the | |
| | | standards level of HTTP, thus - if published - the specification will | |
| | | still be a "Proposed Standard" (see [46]). | |
| | | | |
| | | The current plan is to incorporate known errata, and to update the | |
| | | specification text according to the current IETF publication | |
| | | guidelines. In particular: | |
| | | | |
| | | o Incorporate the corrections collected in the RFC2616 errata | |
| | | document (<http://skrb.org/ietf/http_errata.html>) and potentially | |
| | | newly discovered and agreed-upon errata. | |
| | | | |
| | | o Update references, and re-classify them into "Normative" and | |
| | | "Informative", based on the prior work done by Jim Gettys in | |
| | | <http://tools.ietf.org/html/draft-gettys-http-v11-spec-rev-00>. | |
| | | | |
| | | This document is based on a variant of the original RFC2616 | |
| | | specification formatted using Marshall T. Rose's "xml2rfc" tool (see | |
| | | <http://xml.resource.org>) and therefore deviates from the original | |
| | | text in word wrapping, page breaks, list formatting, reference | |
| | | formatting, whitespace usage and appendix numbering. Otherwise, it | |
| | | is supposed to contain an accurate copy of the original specification | |
| | | text. See <http://www.w3.org/Protocols/HTTP/1.1/ | |
| | | rfc2616bis-00-from-rfc2616.diff.html> for a comparison between both | |
| | | documents, as generated by "rfcdiff" | |
| | | (<http://tools.ietf.org/tools/rfcdiff/>). | |
| | | | |
| Table of Contents | | Table of Contents | |
| | | | |
| 1 Introduction ...................................................7 | | 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . 10 | |
| 1.1 Purpose......................................................7 | | 1.1 Purpose . . . . . . . . . . . . . . . . . . . . . . . . . 10 | |
| 1.2 Requirements .................................................8 | | 1.2 Requirements . . . . . . . . . . . . . . . . . . . . . . 10 | |
| 1.3 Terminology ..................................................8 | | 1.3 Terminology . . . . . . . . . . . . . . . . . . . . . . . 11 | |
| 1.4 Overall Operation ...........................................12 | | 1.4 Overall Operation . . . . . . . . . . . . . . . . . . . . 15 | |
| 2 Notational Conventions and Generic Grammar ....................14 | | 2 Notational Conventions and Generic Grammar . . . . . . . . . 18 | |
| 2.1 Augmented BNF ...............................................14 | | 2.1 Augmented BNF . . . . . . . . . . . . . . . . . . . . . . 18 | |
| 2.2 Basic Rules .................................................15 | | 2.2 Basic Rules . . . . . . . . . . . . . . . . . . . . . . . 20 | |
| 3 Protocol Parameters ...........................................17 | | 3 Protocol Parameters . . . . . . . . . . . . . . . . . . . . . 22 | |
| 3.1 HTTP Version ................................................17 | | 3.1 HTTP Version . . . . . . . . . . . . . . . . . . . . . . 22 | |
| 3.2 Uniform Resource Identifiers ................................18 | | 3.2 Uniform Resource Identifiers . . . . . . . . . . . . . . 23 | |
| 3.2.1 General Syntax ...........................................19 | | 3.2.1 General Syntax . . . . . . . . . . . . . . . . . . . 23 | |
| 3.2.2 http URL .................................................19 | | 3.2.2 http URL . . . . . . . . . . . . . . . . . . . . . . 23 | |
| 3.2.3 URI Comparison ...........................................20 | | 3.2.3 URI Comparison . . . . . . . . . . . . . . . . . . . 24 | |
| 3.3 Date/Time Formats ...........................................20 | | 3.3 Date/Time Formats . . . . . . . . . . . . . . . . . . . . 24 | |
| 3.3.1 Full Date ................................................20 | | 3.3.1 Full Date . . . . . . . . . . . . . . . . . . . . . . 24 | |
| 3.3.2 Delta Seconds ............................................21 | | 3.3.2 Delta Seconds . . . . . . . . . . . . . . . . . . . . 26 | |
| 3.4 Character Sets ..............................................21 | | 3.4 Character Sets . . . . . . . . . . . . . . . . . . . . . 26 | |
| 3.4.1 Missing Charset ..........................................22 | | 3.4.1 Missing Charset . . . . . . . . . . . . . . . . . . . 27 | |
| 3.5 Content Codings .............................................23 | | 3.5 Content Codings . . . . . . . . . . . . . . . . . . . . . 27 | |
| 3.6 Transfer Codings ............................................24 | | 3.6 Transfer Codings . . . . . . . . . . . . . . . . . . . . 28 | |
| 3.6.1 Chunked Transfer Coding ..................................25 | | 3.6.1 Chunked Transfer Coding . . . . . . . . . . . . . . . 29 | |
| 3.7 Media Types .................................................26 | | 3.7 Media Types . . . . . . . . . . . . . . . . . . . . . . . 31 | |
| 3.7.1 Canonicalization and Text Defaults .......................27 | | 3.7.1 Canonicalization and Text Defaults . . . . . . . . . 31 | |
| 3.7.2 Multipart Types ..........................................27 | | 3.7.2 Multipart Types . . . . . . . . . . . . . . . . . . . 32 | |
| 3.8 Product Tokens ..............................................28 | | 3.8 Product Tokens . . . . . . . . . . . . . . . . . . . . . 33 | |
| 3.9 Quality Values ..............................................29 | | 3.9 Quality Values . . . . . . . . . . . . . . . . . . . . . 33 | |
| 3.10 Language Tags ...............................................29 | | 3.10 Language Tags . . . . . . . . . . . . . . . . . . . . . . 34 | |
| 3.11 Entity Tags .................................................30 | | 3.11 Entity Tags . . . . . . . . . . . . . . . . . . . . . . . 34 | |
| 3.12 Range Units .................................................30 | | 3.12 Range Units . . . . . . . . . . . . . . . . . . . . . . . 35 | |
| 4 HTTP Message ..................................................31 | | 4 HTTP Message . . . . . . . . . . . . . . . . . . . . . . . . 36 | |
| 4.1 Message Types ...............................................31 | | 4.1 Message Types . . . . . . . . . . . . . . . . . . . . . . 36 | |
| 4.2 Message Headers .............................................31 | | 4.2 Message Headers . . . . . . . . . . . . . . . . . . . . . 36 | |
| 4.3 Message Body ................................................32 | | 4.3 Message Body . . . . . . . . . . . . . . . . . . . . . . 37 | |
| 4.4 Message Length ..............................................33 | | 4.4 Message Length . . . . . . . . . . . . . . . . . . . . . 38 | |
| 4.5 General Header Fields .......................................34 | | 4.5 General Header Fields . . . . . . . . . . . . . . . . . . 39 | |
| 5 Request .......................................................35 | | 5 Request . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 | |
| 5.1 Request-Line ................................................35 | | 5.1 Request-Line . . . . . . . . . . . . . . . . . . . . . . 41 | |
| 5.1.1 Method ...................................................36 | | 5.1.1 Method . . . . . . . . . . . . . . . . . . . . . . . 41 | |
| 5.1.2 Request-URI ..............................................36 | | 5.1.2 Request-URI . . . . . . . . . . . . . . . . . . . . . 42 | |
| 5.2 The Resource Identified by a Request ........................38 | | 5.2 The Resource Identified by a Request . . . . . . . . . . 43 | |
| 5.3 Request Header Fields .......................................38 | | 5.3 Request Header Fields . . . . . . . . . . . . . . . . . . 44 | |
| 6 Response ......................................................39 | | 6 Response . . . . . . . . . . . . . . . . . . . . . . . . . . 45 | |
| 6.1 Status-Line .................................................39 | | 6.1 Status-Line . . . . . . . . . . . . . . . . . . . . . . . 45 | |
| 6.1.1 Status Code and Reason Phrase ............................39 | | 6.1.1 Status Code and Reason Phrase . . . . . . . . . . . . 45 | |
| 6.2 Response Header Fields ......................................41 | | 6.2 Response Header Fields . . . . . . . . . . . . . . . . . 48 | |
| 7 Entity ........................................................42 | | 7 Entity . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 | |
| 7.1 Entity Header Fields ........................................42 | | 7.1 Entity Header Fields . . . . . . . . . . . . . . . . . . 49 | |
| 7.2 Entity Body .................................................43 | | 7.2 Entity Body . . . . . . . . . . . . . . . . . . . . . . . 49 | |
| 7.2.1 Type .....................................................43 | | 7.2.1 Type . . . . . . . . . . . . . . . . . . . . . . . . 50 | |
| 7.2.2 Entity Length ............................................43 | | 7.2.2 Entity Length . . . . . . . . . . . . . . . . . . . . 50 | |
| 8 Connections ...................................................44 | | 8 Connections . . . . . . . . . . . . . . . . . . . . . . . . . 51 | |
| 8.1 Persistent Connections ......................................44 | | 8.1 Persistent Connections . . . . . . . . . . . . . . . . . 51 | |
| 8.1.1 Purpose ..................................................44 | | 8.1.1 Purpose . . . . . . . . . . . . . . . . . . . . . . . 51 | |
| 8.1.2 Overall Operation ........................................45 | | 8.1.2 Overall Operation . . . . . . . . . . . . . . . . . . 51 | |
| 8.1.3 Proxy Servers ............................................46 | | 8.1.3 Proxy Servers . . . . . . . . . . . . . . . . . . . . 53 | |
| 8.1.4 Practical Considerations .................................46 | | 8.1.4 Practical Considerations . . . . . . . . . . . . . . 53 | |
| 8.2 Message Transmission Requirements ...........................47 | | 8.2 Message Transmission Requirements . . . . . . . . . . . . 54 | |
| 8.2.1 Persistent Connections and Flow Control ..................47 | | 8.2.1 Persistent Connections and Flow Control . . . . . . . 54 | |
| 8.2.2 Monitoring Connections for Error Status Messages .........48 | | 8.2.2 Monitoring Connections for Error Status Messages . . 54 | |
| 8.2.3 Use of the 100 (Continue) Status .........................48 | | 8.2.3 Use of the 100 (Continue) Status . . . . . . . . . . 55 | |
| 8.2.4 Client Behavior if Server Prematurely Closes Connection ..50 | | 8.2.4 Client Behavior if Server Prematurely Closes | |
| 9 Method Definitions ............................................51 | | Connection . . . . . . . . . . . . . . . . . . . . . 57 | |
| 9.1 Safe and Idempotent Methods .................................51 | | 9 Method Definitions . . . . . . . . . . . . . . . . . . . . . 58 | |
| 9.1.1 Safe Methods .............................................51 | | 9.1 Safe and Idempotent Methods . . . . . . . . . . . . . . . 58 | |
| 9.1.2 Idempotent Methods .......................................51 | | 9.1.1 Safe Methods . . . . . . . . . . . . . . . . . . . . 58 | |
| 9.2 OPTIONS .....................................................52 | | 9.1.2 Idempotent Methods . . . . . . . . . . . . . . . . . 58 | |
| 9.3 GET .........................................................53 | | 9.2 OPTIONS . . . . . . . . . . . . . . . . . . . . . . . . . 59 | |
| 9.4 HEAD ........................................................54 | | 9.3 GET . . . . . . . . . . . . . . . . . . . . . . . . . . . 60 | |
| 9.5 POST ........................................................54 | | 9.4 HEAD . . . . . . . . . . . . . . . . . . . . . . . . . . 60 | |
| 9.6 PUT .........................................................55 | | 9.5 POST . . . . . . . . . . . . . . . . . . . . . . . . . . 61 | |
| 9.7 DELETE ......................................................56 | | 9.6 PUT . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 | |
| 9.8 TRACE .......................................................56 | | 9.7 DELETE . . . . . . . . . . . . . . . . . . . . . . . . . 63 | |
| 9.9 CONNECT .....................................................57 | | 9.8 TRACE . . . . . . . . . . . . . . . . . . . . . . . . . . 63 | |
| 10 Status Code Definitions ......................................57 | | 9.9 CONNECT . . . . . . . . . . . . . . . . . . . . . . . . . 64 | |
| 10.1 Informational 1xx ...........................................57 | | 10 Status Code Definitions . . . . . . . . . . . . . . . . . . . 65 | |
| 10.1.1 100 Continue .............................................58 | | 10.1 Informational 1xx . . . . . . . . . . . . . . . . . . . . 65 | |
| 10.1.2 101 Switching Protocols ..................................58 | | 10.1.1 100 Continue . . . . . . . . . . . . . . . . . . . . 65 | |
| 10.2 Successful 2xx ..............................................58 | | 10.1.2 101 Switching Protocols . . . . . . . . . . . . . . . 65 | |
| 10.2.1 200 OK ...................................................58 | | 10.2 Successful 2xx . . . . . . . . . . . . . . . . . . . . . 66 | |
| 10.2.2 201 Created ..............................................59 | | 10.2.1 200 OK . . . . . . . . . . . . . . . . . . . . . . . 66 | |
| 10.2.3 202 Accepted .............................................59 | | 10.2.2 201 Created . . . . . . . . . . . . . . . . . . . . . 66 | |
| 10.2.4 203 Non-Authoritative Information ........................59 | | 10.2.3 202 Accepted . . . . . . . . . . . . . . . . . . . . 66 | |
| 10.2.5 204 No Content ...........................................60 | | 10.2.4 203 Non-Authoritative Information . . . . . . . . . . 67 | |
| 10.2.6 205 Reset Content ........................................60 | | 10.2.5 204 No Content . . . . . . . . . . . . . . . . . . . 67 | |
| 10.2.7 206 Partial Content ......................................60 | | 10.2.6 205 Reset Content . . . . . . . . . . . . . . . . . . 67 | |
| 10.3 Redirection 3xx .............................................61 | | 10.2.7 206 Partial Content . . . . . . . . . . . . . . . . . 68 | |
| 10.3.1 300 Multiple Choices .....................................61 | | 10.3 Redirection 3xx . . . . . . . . . . . . . . . . . . . . . 68 | |
| 10.3.2 301 Moved Permanently ....................................62 | | 10.3.1 300 Multiple Choices . . . . . . . . . . . . . . . . 69 | |
| 10.3.3 302 Found ................................................62 | | 10.3.2 301 Moved Permanently . . . . . . . . . . . . . . . . 69 | |
| 10.3.4 303 See Other ............................................63 | | 10.3.3 302 Found . . . . . . . . . . . . . . . . . . . . . . 70 | |
| 10.3.5 304 Not Modified .........................................63 | | 10.3.4 303 See Other . . . . . . . . . . . . . . . . . . . . 70 | |
| 10.3.6 305 Use Proxy ............................................64 | | 10.3.5 304 Not Modified . . . . . . . . . . . . . . . . . . 71 | |
| 10.3.7 306 (Unused) .............................................64 | | 10.3.6 305 Use Proxy . . . . . . . . . . . . . . . . . . . . 71 | |
| 10.3.8 307 Temporary Redirect ...................................65 | | 10.3.7 306 (Unused) . . . . . . . . . . . . . . . . . . . . 72 | |
| 10.4 Client Error 4xx ............................................65 | | 10.3.8 307 Temporary Redirect . . . . . . . . . . . . . . . 72 | |
| 10.4.1 400 Bad Request .........................................65 | | 10.4 Client Error 4xx . . . . . . . . . . . . . . . . . . . . 72 | |
| 10.4.2 401 Unauthorized ........................................66 | | 10.4.1 400 Bad Request . . . . . . . . . . . . . . . . . . . 73 | |
| 10.4.3 402 Payment Required ....................................66 | | 10.4.2 401 Unauthorized . . . . . . . . . . . . . . . . . . 73 | |
| 10.4.4 403 Forbidden ...........................................66 | | 10.4.3 402 Payment Required . . . . . . . . . . . . . . . . 73 | |
| 10.4.5 404 Not Found ...........................................66 | | 10.4.4 403 Forbidden . . . . . . . . . . . . . . . . . . . . 73 | |
| 10.4.6 405 Method Not Allowed ..................................66 | | 10.4.5 404 Not Found . . . . . . . . . . . . . . . . . . . . 73 | |
| 10.4.7 406 Not Acceptable ......................................67 | | 10.4.6 405 Method Not Allowed . . . . . . . . . . . . . . . 74 | |
| 10.4.8 407 Proxy Authentication Required .......................67 | | 10.4.7 406 Not Acceptable . . . . . . . . . . . . . . . . . 74 | |
| 10.4.9 408 Request Timeout .....................................67 | | 10.4.8 407 Proxy Authentication Required . . . . . . . . . . 74 | |
| 10.4.10 409 Conflict ............................................67 | | 10.4.9 408 Request Timeout . . . . . . . . . . . . . . . . . 75 | |
| 10.4.11 410 Gone ................................................68 | | 10.4.10 409 Conflict . . . . . . . . . . . . . . . . . . . . 75 | |
| 10.4.12 411 Length Required .....................................68 | | 10.4.11 410 Gone . . . . . . . . . . . . . . . . . . . . . . 75 | |
| 10.4.13 412 Precondition Failed .................................68 | | 10.4.12 411 Length Required . . . . . . . . . . . . . . . . . 76 | |
| 10.4.14 413 Request Entity Too Large ............................69 | | 10.4.13 412 Precondition Failed . . . . . . . . . . . . . . . 76 | |
| 10.4.15 414 Request-URI Too Long ................................69 | | 10.4.14 413 Request Entity Too Large . . . . . . . . . . . . 76 | |
| 10.4.16 415 Unsupported Media Type ..............................69 | | 10.4.15 414 Request-URI Too Long . . . . . . . . . . . . . . 76 | |
| 10.4.17 416 Requested Range Not Satisfiable .....................69 | | 10.4.16 415 Unsupported Media Type . . . . . . . . . . . . . 76 | |
| 10.4.18 417 Expectation Failed ..................................70 | | 10.4.17 416 Requested Range Not Satisfiable . . . . . . . . . 76 | |
| 10.5 Server Error 5xx ............................................70 | | 10.4.18 417 Expectation Failed . . . . . . . . . . . . . . . 77 | |
| 10.5.1 500 Internal Server Error ................................70 | | 10.5 Server Error 5xx . . . . . . . . . . . . . . . . . . . . 77 | |
| 10.5.2 501 Not Implemented ......................................70 | | 10.5.1 500 Internal Server Error . . . . . . . . . . . . . . 77 | |
| 10.5.3 502 Bad Gateway ..........................................70 | | 10.5.2 501 Not Implemented . . . . . . . . . . . . . . . . . 77 | |
| 10.5.4 503 Service Unavailable ..................................70 | | 10.5.3 502 Bad Gateway . . . . . . . . . . . . . . . . . . . 77 | |
| 10.5.5 504 Gateway Timeout ......................................71 | | 10.5.4 503 Service Unavailable . . . . . . . . . . . . . . . 78 | |
| 10.5.6 505 HTTP Version Not Supported ...........................71 | | 10.5.5 504 Gateway Timeout . . . . . . . . . . . . . . . . . 78 | |
| 11 Access Authentication ........................................71 | | 10.5.6 505 HTTP Version Not Supported . . . . . . . . . . . 78 | |
| 12 Content Negotiation ..........................................71 | | 11 Access Authentication . . . . . . . . . . . . . . . . . . . . 79 | |
| 12.1 Server-driven Negotiation ...................................72 | | 12 Content Negotiation . . . . . . . . . . . . . . . . . . . . . 80 | |
| 12.2 Agent-driven Negotiation ....................................73 | | 12.1 Server-driven Negotiation . . . . . . . . . . . . . . . . 80 | |
| 12.3 Transparent Negotiation .....................................74 | | 12.2 Agent-driven Negotiation . . . . . . . . . . . . . . . . 81 | |
| 13 Caching in HTTP ..............................................74 | | 12.3 Transparent Negotiation . . . . . . . . . . . . . . . . . 82 | |
| 13.1.1 Cache Correctness ........................................75 | | 13 Caching in HTTP . . . . . . . . . . . . . . . . . . . . . . . 83 | |
| 13.1.2 Warnings .................................................76 | | 13.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84 | |
| 13.1.3 Cache-control Mechanisms .................................77 | | 13.1.1 Cache Correctness . . . . . . . . . . . . . . . . . . 84 | |
| 13.1.4 Explicit User Agent Warnings .............................78 | | 13.1.2 Warnings . . . . . . . . . . . . . . . . . . . . . . 85 | |
| 13.1.5 Exceptions to the Rules and Warnings .....................78 | | 13.1.3 Cache-control Mechanisms . . . . . . . . . . . . . . 86 | |
| 13.1.6 Client-controlled Behavior ...............................79 | | 13.1.4 Explicit User Agent Warnings . . . . . . . . . . . . 86 | |
| 13.2 Expiration Model ............................................79 | | 13.1.5 Exceptions to the Rules and Warnings . . . . . . . . 87 | |
| 13.2.1 Server-Specified Expiration ..............................79 | | 13.1.6 Client-controlled Behavior . . . . . . . . . . . . . 87 | |
| 13.2.2 Heuristic Expiration .....................................80 | | 13.2 Expiration Model . . . . . . . . . . . . . . . . . . . . 88 | |
| 13.2.3 Age Calculations .........................................80 | | 13.2.1 Server-Specified Expiration . . . . . . . . . . . . . 88 | |
| 13.2.4 Expiration Calculations ..................................83 | | 13.2.2 Heuristic Expiration . . . . . . . . . . . . . . . . 88 | |
| 13.2.5 Disambiguating Expiration Values .........................84 | | 13.2.3 Age Calculations . . . . . . . . . . . . . . . . . . 89 | |
| 13.2.6 Disambiguating Multiple Responses ........................84 | | 13.2.4 Expiration Calculations . . . . . . . . . . . . . . . 91 | |
| 13.3 Validation Model ............................................85 | | 13.2.5 Disambiguating Expiration Values . . . . . . . . . . 92 | |
| 13.3.1 Last-Modified Dates ......................................86 | | 13.2.6 Disambiguating Multiple Responses . . . . . . . . . . 93 | |
| 13.3.2 Entity Tag Cache Validators ..............................86 | | 13.3 Validation Model . . . . . . . . . . . . . . . . . . . . 93 | |
| 13.3.3 Weak and Strong Validators ...............................86 | | 13.3.1 Last-Modified Dates . . . . . . . . . . . . . . . . . 94 | |
| 13.3.4 Rules for When to Use Entity Tags and Last-Modified Dates.89 | | 13.3.2 Entity Tag Cache Validators . . . . . . . . . . . . . 94 | |
| 13.3.5 Non-validating Conditionals ..............................90 | | 13.3.3 Weak and Strong Validators . . . . . . . . . . . . . 95 | |
| 13.4 Response Cacheability .......................................91 | | 13.3.4 Rules for When to Use Entity Tags and | |
| 13.5 Constructing Responses From Caches ..........................92 | | Last-Modified Dates . . . . . . . . . . . . . . . . . 97 | |
| 13.5.1 End-to-end and Hop-by-hop Headers ........................92 | | 13.3.5 Non-validating Conditionals . . . . . . . . . . . . . 99 | |
| 13.5.2 Non-modifiable Headers ...................................92 | | 13.4 Response Cacheability . . . . . . . . . . . . . . . . . . 99 | |
| 13.5.3 Combining Headers ........................................94 | | 13.5 Constructing Responses From Caches . . . . . . . . . . . 100 | |
| 13.5.4 Combining Byte Ranges ....................................95 | | 13.5.1 End-to-end and Hop-by-hop Headers . . . . . . . . . . 100 | |
| 13.6 Caching Negotiated Responses ................................95 | | 13.5.2 Non-modifiable Headers . . . . . . . . . . . . . . . 101 | |
| 13.7 Shared and Non-Shared Caches ................................96 | | 13.5.3 Combining Headers . . . . . . . . . . . . . . . . . . 102 | |
| 13.8 Errors or Incomplete Response Cache Behavior ................97 | | 13.5.4 Combining Byte Ranges . . . . . . . . . . . . . . . . 103 | |
| 13.9 Side Effects of GET and HEAD ................................97 | | 13.6 Caching Negotiated Responses . . . . . . . . . . . . . . 104 | |
| 13.10 Invalidation After Updates or Deletions ...................97 | | 13.7 Shared and Non-Shared Caches . . . . . . . . . . . . . . 105 | |
| 13.11 Write-Through Mandatory ...................................98 | | 13.8 Errors or Incomplete Response Cache Behavior . . . . . . 105 | |
| 13.12 Cache Replacement .........................................99 | | 13.9 Side Effects of GET and HEAD . . . . . . . . . . . . . . 106 | |
| 13.13 History Lists .............................................99 | | 13.10 Invalidation After Updates or Deletions . . . . . . . . . 106 | |
| 14 Header Field Definitions ....................................100 | | 13.11 Write-Through Mandatory . . . . . . . . . . . . . . . . . 107 | |
| 14.1 Accept .....................................................100 | | 13.12 Cache Replacement . . . . . . . . . . . . . . . . . . . . 107 | |
| 14.2 Accept-Charset .............................................102 | | 13.13 History Lists . . . . . . . . . . . . . . . . . . . . . . 108 | |
| 14.3 Accept-Encoding ............................................102 | | 14 Header Field Definitions . . . . . . . . . . . . . . . . . . 109 | |
| 14.4 Accept-Language ............................................104 | | 14.1 Accept . . . . . . . . . . . . . . . . . . . . . . . . . 109 | |
| 14.5 Accept-Ranges ..............................................105 | | 14.2 Accept-Charset . . . . . . . . . . . . . . . . . . . . . 111 | |
| 14.6 Age ........................................................106 | | 14.3 Accept-Encoding . . . . . . . . . . . . . . . . . . . . . 111 | |
| 14.7 Allow ......................................................106 | | 14.4 Accept-Language . . . . . . . . . . . . . . . . . . . . . 113 | |
| 14.8 Authorization ..............................................107 | | 14.5 Accept-Ranges . . . . . . . . . . . . . . . . . . . . . . 114 | |
| 14.9 Cache-Control ..............................................108 | | 14.6 Age . . . . . . . . . . . . . . . . . . . . . . . . . . . 114 | |
| 14.9.1 What is Cacheable .......................................109 | | 14.7 Allow . . . . . . . . . . . . . . . . . . . . . . . . . . 115 | |
| 14.9.2 What May be Stored by Caches ............................110 | | 14.8 Authorization . . . . . . . . . . . . . . . . . . . . . . 116 | |
| 14.9.3 Modifications of the Basic Expiration Mechanism .........111 | | 14.9 Cache-Control . . . . . . . . . . . . . . . . . . . . . . 116 | |
| 14.9.4 Cache Revalidation and Reload Controls ..................113 | | 14.9.1 What is Cacheable . . . . . . . . . . . . . . . . . . 118 | |
| 14.9.5 No-Transform Directive ..................................115 | | 14.9.2 What May be Stored by Caches . . . . . . . . . . . . 119 | |
| 14.9.6 Cache Control Extensions ................................116 | | 14.9.3 Modifications of the Basic Expiration Mechanism . . . 120 | |
| 14.10 Connection ...............................................117 | | 14.9.4 Cache Revalidation and Reload Controls . . . . . . . 122 | |
| 14.11 Content-Encoding .........................................118 | | 14.9.5 No-Transform Directive . . . . . . . . . . . . . . . 125 | |
| 14.12 Content-Language .........................................118 | | 14.9.6 Cache Control Extensions . . . . . . . . . . . . . . 125 | |
| 14.13 Content-Length ...........................................119 | | 14.10 Connection . . . . . . . . . . . . . . . . . . . . . . . 126 | |
| 14.14 Content-Location .........................................120 | | 14.11 Content-Encoding . . . . . . . . . . . . . . . . . . . . 127 | |
| 14.15 Content-MD5 ..............................................121 | | 14.12 Content-Language . . . . . . . . . . . . . . . . . . . . 128 | |
| 14.16 Content-Range ............................................122 | | 14.13 Content-Length . . . . . . . . . . . . . . . . . . . . . 128 | |
| 14.17 Content-Type .............................................124 | | 14.14 Content-Location . . . . . . . . . . . . . . . . . . . . 129 | |
| 14.18 Date .....................................................124 | | 14.15 Content-MD5 . . . . . . . . . . . . . . . . . . . . . . . 130 | |
| 14.18.1 Clockless Origin Server Operation ......................125 | | 14.16 Content-Range . . . . . . . . . . . . . . . . . . . . . . 131 | |
| 14.19 ETag .....................................................126 | | 14.17 Content-Type . . . . . . . . . . . . . . . . . . . . . . 133 | |
| 14.20 Expect ...................................................126 | | 14.18 Date . . . . . . . . . . . . . . . . . . . . . . . . . . 133 | |
| 14.21 Expires ..................................................127 | | 14.18.1 Clockless Origin Server Operation . . . . . . . . . . 134 | |
| 14.22 From .....................................................128 | | 14.19 ETag . . . . . . . . . . . . . . . . . . . . . . . . . . 135 | |
| 14.23 Host .....................................................128 | | 14.20 Expect . . . . . . . . . . . . . . . . . . . . . . . . . 135 | |
| 14.24 If-Match .................................................129 | | 14.21 Expires . . . . . . . . . . . . . . . . . . . . . . . . . 136 | |
| 14.25 If-Modified-Since ........................................130 | | 14.22 From . . . . . . . . . . . . . . . . . . . . . . . . . . 137 | |
| 14.26 If-None-Match ............................................132 | | 14.23 Host . . . . . . . . . . . . . . . . . . . . . . . . . . 137 | |
| 14.27 If-Range .................................................133 | | 14.24 If-Match . . . . . . . . . . . . . . . . . . . . . . . . 138 | |
| 14.28 If-Unmodified-Since ......................................134 | | 14.25 If-Modified-Since . . . . . . . . . . . . . . . . . . . . 139 | |
| 14.29 Last-Modified ............................................134 | | 14.26 If-None-Match . . . . . . . . . . . . . . . . . . . . . . 141 | |
| 14.30 Location .................................................135 | | 14.27 If-Range . . . . . . . . . . . . . . . . . . . . . . . . 142 | |
| 14.31 Max-Forwards .............................................136 | | 14.28 If-Unmodified-Since . . . . . . . . . . . . . . . . . . . 143 | |
| 14.32 Pragma ...................................................136 | | 14.29 Last-Modified . . . . . . . . . . . . . . . . . . . . . . 143 | |
| 14.33 Proxy-Authenticate .......................................137 | | 14.30 Location . . . . . . . . . . . . . . . . . . . . . . . . 144 | |
| 14.34 Proxy-Authorization ......................................137 | | 14.31 Max-Forwards . . . . . . . . . . . . . . . . . . . . . . 144 | |
| 14.35 Range ....................................................138 | | 14.32 Pragma . . . . . . . . . . . . . . . . . . . . . . . . . 145 | |
| 14.35.1 Byte Ranges ...........................................138 | | 14.33 Proxy-Authenticate . . . . . . . . . . . . . . . . . . . 146 | |
| 14.35.2 Range Retrieval Requests ..............................139 | | 14.34 Proxy-Authorization . . . . . . . . . . . . . . . . . . . 146 | |
| 14.36 Referer ..................................................140 | | 14.35 Range . . . . . . . . . . . . . . . . . . . . . . . . . . 147 | |
| 14.37 Retry-After ..............................................141 | | 14.35.1 Byte Ranges . . . . . . . . . . . . . . . . . . . . . 147 | |
| 14.38 Server ...................................................141 | | 14.35.2 Range Retrieval Requests . . . . . . . . . . . . . . 148 | |
| 14.39 TE .......................................................142 | | 14.36 Referer . . . . . . . . . . . . . . . . . . . . . . . . . 149 | |
| 14.40 Trailer ..................................................143 | | 14.37 Retry-After . . . . . . . . . . . . . . . . . . . . . . . 150 | |
| 14.41 Transfer-Encoding..........................................143 | | 14.38 Server . . . . . . . . . . . . . . . . . . . . . . . . . 150 | |
| 14.42 Upgrade ..................................................144 | | 14.39 TE . . . . . . . . . . . . . . . . . . . . . . . . . . . 151 | |
| 14.43 User-Agent ...............................................145 | | 14.40 Trailer . . . . . . . . . . . . . . . . . . . . . . . . . 152 | |
| 14.44 Vary .....................................................145 | | 14.41 Transfer-Encoding . . . . . . . . . . . . . . . . . . . . 152 | |
| 14.45 Via ......................................................146 | | 14.42 Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . 153 | |
| 14.46 Warning ..................................................148 | | 14.43 User-Agent . . . . . . . . . . . . . . . . . . . . . . . 154 | |
| 14.47 WWW-Authenticate .........................................150 | | 14.44 Vary . . . . . . . . . . . . . . . . . . . . . . . . . . 154 | |
| 15 Security Considerations .......................................150 | | 14.45 Via . . . . . . . . . . . . . . . . . . . . . . . . . . . 155 | |
| 15.1 Personal Information....................................151 | | 14.46 Warning . . . . . . . . . . . . . . . . . . . . . . . . . 157 | |
| 15.1.1 Abuse of Server Log Information .........................151 | | 14.47 WWW-Authenticate . . . . . . . . . . . . . . . . . . . . 159 | |
| 15.1.2 Transfer of Sensitive Information .......................151 | | 15 Security Considerations . . . . . . . . . . . . . . . . . . . 160 | |
| 15.1.3 Encoding Sensitive Information in URI's .................152 | | 15.1 Personal Information . . . . . . . . . . . . . . . . . . 160 | |
| 15.1.4 Privacy Issues Connected to Accept Headers ..............152 | | 15.1.1 Abuse of Server Log Information . . . . . . . . . . . 160 | |
| 15.2 Attacks Based On File and Path Names .......................153 | | 15.1.2 Transfer of Sensitive Information . . . . . . . . . . 160 | |
| 15.3 DNS Spoofing ...............................................154 | | 15.1.3 Encoding Sensitive Information in URI's . . . . . . . 161 | |
| 15.4 Location Headers and Spoofing ..............................154 | | 15.1.4 Privacy Issues Connected to Accept Headers . . . . . 162 | |
| 15.5 Content-Disposition Issues .................................154 | | 15.2 Attacks Based On File and Path Names . . . . . . . . . . 162 | |
| 15.6 Authentication Credentials and Idle Clients ................155 | | 15.3 DNS Spoofing . . . . . . . . . . . . . . . . . . . . . . 163 | |
| 15.7 Proxies and Caching ........................................155 | | 15.4 Location Headers and Spoofing . . . . . . . . . . . . . . 163 | |
| 15.7.1 Denial of Service Attacks on Proxies....................156 | | 15.5 Content-Disposition Issues . . . . . . . . . . . . . . . 164 | |
| 16 Acknowledgments .............................................156 | | 15.6 Authentication Credentials and Idle Clients . . . . . . . 164 | |
| 17 References ..................................................158 | | 15.7 Proxies and Caching . . . . . . . . . . . . . . . . . . . 164 | |
| 18 Authors' Addresses ..........................................162 | | 15.7.1 Denial of Service Attacks on Proxies . . . . . . . . 165 | |
| 19 Appendices ..................................................164 | | 16 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 166 | |
| 19.1 Internet Media Type message/http and application/http ......164 | | 16.1 (RFC2616) . . . . . . . . . . . . . . . . . . . . . . . . 166 | |
| 19.2 Internet Media Type multipart/byteranges ...................165 | | 16.2 (This Document) . . . . . . . . . . . . . . . . . . . . . 168 | |
| 19.3 Tolerant Applications ......................................166 | | 17. References . . . . . . . . . . . . . . . . . . . . . . . . . 169 | |
| 19.4 Differences Between HTTP Entities and RFC 2045 Entities ....167 | | 17.1 References . . . . . . . . . . . . . . . . . . . . . . . 169 | |
| 19.4.1 MIME-Version ............................................167 | | 17.2 Normative References . . . . . . . . . . . . . . . . . . 172 | |
| 19.4.2 Conversion to Canonical Form ............................167 | | Appendix A Internet Media Type message/http and | |
| 19.4.3 Conversion of Date Formats ..............................168 | | application/http . . . . . . . . . . . . . . . . . . 174 | |
| 19.4.4 Introduction of Content-Encoding ........................168 | | Appendix B Internet Media Type multipart/byteranges . . . . . . 176 | |
| 19.4.5 No Content-Transfer-Encoding ............................168 | | Appendix C Tolerant Applications . . . . . . . . . . . . . . . . 178 | |
| 19.4.6 Introduction of Transfer-Encoding .......................169 | | Appendix D Differences Between HTTP Entities and RFC 2045 | |
| 19.4.7 MHTML and Line Length Limitations .......................169 | | Entities . . . . . . . . . . . . . . . . . . . . . . 179 | |
| 19.5 Additional Features ........................................169 | | D.1 MIME-Version . . . . . . . . . . . . . . . . . . . . . . 179 | |
| 19.5.1 Content-Disposition .....................................170 | | D.2 Conversion to Canonical Form . . . . . . . . . . . . . . 179 | |
| 19.6 Compatibility with Previous Versions .......................170 | | D.3 Conversion of Date Formats . . . . . . . . . . . . . . . 180 | |
| 19.6.1 Changes from HTTP/1.0 ...................................171 | | D.4 Introduction of Content-Encoding . . . . . . . . . . . . 180 | |
| 19.6.2 Compatibility with HTTP/1.0 Persistent Connections ......172 | | D.5 No Content-Transfer-Encoding . . . . . . . . . . . . . . 180 | |
| 19.6.3 Changes from RFC 2068 ...................................172 | | D.6 Introduction of Transfer-Encoding . . . . . . . . . . . . 181 | |
| 20 Index .......................................................175 | | D.7 MHTML and Line Length Limitations . . . . . . . . . . . . 181 | |
| 21 Full Copyright Statement ....................................176 | | Appendix E Additional Features . . . . . . . . . . . . . . . . . 182 | |
| | | E.1 Content-Disposition . . . . . . . . . . . . . . . . . . . 182 | |
| | | Appendix F Compatibility with Previous Versions . . . . . . . . 183 | |
| | | F.1 Changes from HTTP/1.0 . . . . . . . . . . . . . . . . . . 183 | |
| | | F.1.1 Changes to Simplify Multi-homed Web Servers and | |
| | | Conserve IP Addresses . . . . . . . . . . . . . . . . 183 | |
| | | F.2 Compatibility with HTTP/1.0 Persistent Connections . . . 184 | |
| | | F.3 Changes from RFC 2068 . . . . . . . . . . . . . . . . . . 185 | |
| | | Appendix G Change Log (to be removed by RFC Editor before | |
| | | publication) . . . . . . . . . . . . . . . . . . . . 188 | |
| | | G.1 Since RFC2616 . . . . . . . . . . . . . . . . . . . . . . 188 | |
| | | Appendix H Open issues (to be removed by RFC Editor prior to | |
| | | publication) . . . . . . . . . . . . . . . . . . . . 189 | |
| | | H.1 rfc2616bis . . . . . . . . . . . . . . . . . . . . . . . 189 | |
| | | H.2 edit . . . . . . . . . . . . . . . . . . . . . . . . . . 189 | |
| | | Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190 | |
| | | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 201 | |
| | | Intellectual Property and Copyright Statements . . . . . . . . . 202 | |
| | | | |
| 1 Introduction | | 1 Introduction | |
| | | | |
| 1.1 Purpose | | 1.1 Purpose | |
| | | | |
| The Hypertext Transfer Protocol (HTTP) is an application-level | | The Hypertext Transfer Protocol (HTTP) is an application-level | |
| protocol for distributed, collaborative, hypermedia information | | protocol for distributed, collaborative, hypermedia information | |
| systems. HTTP has been in use by the World-Wide Web global | | systems. HTTP has been in use by the World-Wide Web global | |
| information initiative since 1990. The first version of HTTP, | | information initiative since 1990. The first version of HTTP, | |
| referred to as HTTP/0.9, was a simple protocol for raw data transfer | | referred to as HTTP/0.9, was a simple protocol for raw data transfer | |
| | | | |
| skipping to change at page 8, line 22 | | skipping to change at page 11, line 4 | |
|---|
| access to resources available from diverse applications. | | access to resources available from diverse applications. | |
| | | | |
| 1.2 Requirements | | 1.2 Requirements | |
| | | | |
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | | "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | |
| document are to be interpreted as described in RFC 2119 [34]. | | document are to be interpreted as described in RFC 2119 [34]. | |
| | | | |
| An implementation is not compliant if it fails to satisfy one or more | | An implementation is not compliant if it fails to satisfy one or more | |
| of the MUST or REQUIRED level requirements for the protocols it | | of the MUST or REQUIRED level requirements for the protocols it | |
| implements. An implementation that satisfies all the MUST or REQUIRED | | implements. An implementation that satisfies all the MUST or | |
| level and all the SHOULD level requirements for its protocols is said | | REQUIRED level and all the SHOULD level requirements for its | |
| to be "unconditionally compliant"; one that satisfies all the MUST | | protocols is said to be "unconditionally compliant"; one that | |
| level requirements but not all the SHOULD level requirements for its | | satisfies all the MUST level requirements but not all the SHOULD | |
| protocols is said to be "conditionally compliant." | | level requirements for its protocols is said to be "conditionally | |
| | | compliant." | |
| | | | |
| 1.3 Terminology | | 1.3 Terminology | |
| | | | |
| This specification uses a number of terms to refer to the roles | | This specification uses a number of terms to refer to the roles | |
| played by participants in, and objects of, the HTTP communication. | | played by participants in, and objects of, the HTTP communication. | |
| | | | |
| connection | | connection | |
| | | | |
| A transport layer virtual circuit established between two programs | | A transport layer virtual circuit established between two program |