/[suikacvs]/webroot/www/2004/id/draft-ietf-http-v10-spec-00.txt
Suika

Contents of /webroot/www/2004/id/draft-ietf-http-v10-spec-00.txt

Parent Directory Parent Directory | Revision Log Revision Log

Revision 1.1 - (show annotations) (download)
Tue Jun 15 08:04:04 2004 UTC (19 years, 11 months ago) by wakaba
Branch: MAIN
CVS Tags: HEAD
File MIME type: text/plain 
New
1 HTTP Working Group T. Berners-Lee
2 INTERNET-DRAFT R. T. Fielding
3 <draft-ietf-http-v10-spec-00.txt> H. Frystyk Nielsen
4 Expires September 8, 1995 March 8, 1995
5
6
7 Hypertext Transfer Protocol -- HTTP/1.0
8
9
10 Status of this Memo
11
12 This document is an Internet-Draft. Internet-Drafts are working
13 documents of the Internet Engineering Task Force (IETF), its areas,
14 and its working groups. Note that other groups may also distribute
15 working documents as Internet-Drafts.
16
17 Internet-Drafts are draft documents valid for a maximum of six
18 months and may be updated, replaced, or obsoleted by other
19 documents at any time. It is inappropriate to use Internet-Drafts
20 as reference material or to cite them other than as "work in
21 progress".
22
23 To learn the current status of any Internet-Draft, please check the
24 "1id-abstracts.txt" listing contained in the Internet-Drafts Shadow
25 Directories on ftp.is.co.za (Africa), nic.nordu.net (Europe),
26 munnari.oz.au (Pacific Rim), ds.internic.net (US East Coast), or
27 ftp.isi.edu (US West Coast).
28
29 Distribution of this document is unlimited. Please send comments to
30 the HTTP working group at <http-wg@cuckoo.hpl.hp.com>. Discussions
31 of the working group are archived at
32 <URL:http://www.ics.uci.edu/pub/ietf/http/>. General discussions
33 about HTTP and the applications which use HTTP should take place on
34 the <www-talk@info.cern.ch> mailing list.
35
36 Abstract
37
38 The Hypertext Transfer Protocol (HTTP) is an application-level
39 protocol with the lightness and speed necessary for distributed,
40 collaborative, hypermedia information systems. It is a generic,
41 stateless, object-oriented protocol which can be used for many
42 tasks, such as name servers and distributed object management
43 systems, through extension of its request methods (commands). A
44 feature of HTTP is the typing and negotiation of data
45 representation, allowing systems to be built independently of the
46 data being transferred.
47
48 HTTP has been in use by the World-Wide Web global information
49 initiative since 1990. This specification reflects preferred usage
50 of the protocol referred to as "HTTP/1.0", and is compatible with
51 the most commonly used HTTP server and client programs implemented
52 prior to November 1994.
53
54 Table of Contents
55
56 1. Introduction
57 1.1 Purpose
58 1.2 Overall Operation
59 1.3 Terminology
60 2. Notational Conventions and Generic Grammar
61 2.1 Augmented BNF
62 2.2 Basic Rules
63 3. Protocol Parameters
64 3.1 HTTP Version
65 3.2 Universal Resource Identifiers
66 3.3 Date/Time Formats
67 3.3.1 Full Date
68 3.3.2 Delta Seconds
69 4. HTTP Message
70 4.1 Message Types
71 4.2 Message Headers
72 4.3 General Message Header Fields
73 4.3.1 Date
74 4.3.2 Forwarded
75 4.3.3 Message-ID
76 4.3.4 MIME-Version
77 5. Request
78 5.1 Request-Line
79 5.2 Method
80 5.2.1 GET
81 5.2.2 HEAD
82 5.2.3 POST
83 5.2.4 PUT
84 5.2.5 DELETE
85 5.2.6 LINK
86 5.2.7 UNLINK
87 5.3 Request-URI
88 5.4 Request Header Fields
89 5.4.1 Accept
90 5.4.2 Accept-Charset
91 5.4.3 Accept-Encoding
92 5.4.4 Accept-Language
93 5.4.5 Authorization
94 5.4.6 From
95 5.4.7 If-Modified-Since
96 5.4.8 Pragma
97 5.4.9 Referer
98 5.4.10 User-Agent
99 6. Response
100 6.1 Status-Line
101 6.2 Status Codes and Reason Phrases
102 6.2.1 Successful 2xx
103 6.2.2 Redirection 3xx
104 6.2.3 Client Error 4xx
105 6.2.4 Server Errors 5xx
106 6.3 Response Header Fields
107 6.3.1 Public
108 6.3.2 Retry-After
109 6.3.3 Server
110 6.3.4 WWW-Authenticate
111 7. Entity
112 7.1 Entity Header Fields
113 7.1.1 Allow
114 7.1.2 Content-Encoding
115 7.1.3 Content-Language
116 7.1.4 Content-Length
117 7.1.5 Content-Transfer-Encoding
118 7.1.6 Content-Type
119 7.1.7 Derived-From
120 7.1.8 Expires
121 7.1.9 Last-Modified
122 7.1.10 Link
123 7.1.11 Location
124 7.1.12 Title
125 7.1.13 URI
126 7.1.14 Version
127 7.2 Entity Body
128 7.2.1 Type
129 7.2.2 Length
130 8. Content Parameters
131 8.1 Media Types
132 8.1.1 Canonicalization and Text Defaults
133 8.1.2 Multipart Types
134 8.2 Language Tags
135 8.3 Character Sets
136 8.4 Encoding Mechanisms
137 8.5 Transfer Encodings
138 9. Content Negotiation
139 10. Access Authentication
140 10.1 Basic Authentication Scheme
141 11. Security Considerations
142 11.1 Authentication of Clients
143 11.2 Idempotent Methods
144 11.3 Abuse of Server Log Information
145 12. Acknowledgments
146 13. References
147 14. Authors' Addresses
148 Appendix A. Internet Media Type message/http
149 Appendix B. Minimum Compliance
150 B.1 Servers
151 Appendix C. Tolerant Applications
152 C.1 Request-Line, Status-Line, and Header Fields
153 Appendix D. Relationship to MIME
154 D.1 Conversion to Canonical Form
155 D.1.1 Representation of Line Breaks
156 D.1.2 Default Character Set
157 D.2 Default Content-Transfer-Encoding
158 D.3 Introduction of Content-Encoding
159 Appendix E. Example of Version Control
160
161
162 1. Introduction
163
164 1.1 Purpose
165
166 The Hypertext Transfer Protocol (HTTP) is an application-level
167 protocol with the lightness and speed necessary for distributed,
168 collaborative, hypermedia information systems. HTTP has been in use
169 by the World-Wide Web global information initiative since 1990.
170 This specification reflects preferred usage of the protocol
171 referred to as "HTTP/1.0". This specification does not necessarily
172 reflect the "current practice" of any single HTTP server or client
173 implementation. It does, however, seek to remain compatible with
174 existing implementations wherever possible, and should be
175 considered the reference for future implementations of HTTP/1.0.
176
177 Practical information systems require more functionality than
178 simple retrieval, including search, front-end update, and
179 annotation. HTTP/1.0 allows an open-ended set of methods to be used
180 to indicate the purpose of a request. It builds on the discipline
181 of reference provided by the Universal Resource Identifier
182 (URI) [3], as a location (URL) [5] or name (URN), for indicating
183 the resource on which a method is to be applied. Messages are
184 passed in a format similar to that used by Internet Mail [8] and
185 the Multipurpose Internet Mail Extensions (MIME) [6].
186
187 HTTP/1.0 is also used for communication between user agents and
188 various gateways, allowing hypermedia access to existing Internet
189 protocols like SMTP [14], NNTP [12], FTP [16], Gopher [2], and
190 WAIS [9]. HTTP/1.0 is designed to allow such gateways, via proxy
191 servers, without any loss of the data conveyed by those earlier
192 protocols.
193
194 1.2 Overall Operation
195
196 The HTTP protocol is based on a request/response paradigm. A
197 requesting program (termed a client) establishes a connection with
198 a receiving program (termed a server) and sends a request to the
199 server in the form of a request method, URI, and protocol version,
200 followed by a MIME-like message containing request modifiers,
201 client information, and possible body content. The server responds
202 with a status line (including its protocol version and a success or
203 error code), followed by a MIME-like message containing server
204 information, entity metainformation, and possible body content. It
205 should be noted that a given program may be capable of being both a
206 client and a server; our use of those terms refers only to the role
207 being performed by the program during a particular connection,
208 rather than to the program's purpose in general.
209
210 On the Internet, the communication generally takes place over a
211 TCP/IP connection. The default port is TCP 80 [17], but other ports
212 can be used. This does not preclude the HTTP/1.0 protocol from
213 being implemented on top of any other protocol on the Internet, or
214 on other networks. The mapping of the HTTP/1.0 request and response
215 structures onto the transport data units of the protocol in
216 question is outside the scope of this specification.
217
218 For most implementations, the connection is established by the
219 client prior to each request and closed by the server after sending
220 the response. However, this is not a feature of the protocol and is
221 not required by this specification. Both clients and servers must
222 be capable of handling cases where either party closes the
223 connection prematurely, due to user action, automated time-out, or
224 program failure. In any case, the closing of the connection by
225 either or both parties always terminates the current request,
226 regardless of its status.
227
228 1.3 Terminology
229
230 This specification uses a number of terms to refer to the roles
231 played by participants in, and objects of, the HTTP communication.
232
233 connection
234 A virtual circuit established between two parties for the
235 purpose of communication.
236
237 message
238 A structured sequence of octets transmitted via the connection
239 as the basic component of communication.
240
241 request
242 An HTTP request message (as defined in Section 5).
243
244 response
245 An HTTP response message (as defined in Section 6).
246
247 resource
248 A network data object or service which can be identified by a
249 URI.
250
251 entity
252 A particular representation or rendition of a resource that may
253 be enclosed within a request or response message. An entity
254 consists of metainformation (in the form of entity headers) and
255 content (in the form of an entity body).
256
257 client
258 A program that establishes connections for the purpose of
259 sending requests.
260
261 user agent
262 The client program which is closest to the user and which
263 initiates requests at their behest.
264
265 server
266 A program that accepts connections in order to service requests
267 by sending back responses.
268
269 origin server
270 The server on which a given resource resides or is to be created.
271
272 proxy
273 An intermediary program which acts as both a server and a client
274 for the purpose of forwarding requests. Proxies are often used
275 to act as a portal through a network firewall. A proxy server
276 accepts requests from other clients and services them either
277 internally or by passing them (with possible translation) on to
278 other servers. A caching proxy is a proxy server with a local
279 cache of server responses -- some requested resources can be
280 serviced from the cache rather than from the origin server. Some
281 proxy servers also act as origin servers.
282
283 gateway
284 A proxy which services HTTP requests by translation into
285 protocols other than HTTP. The reply sent from the remote server
286 to the gateway is likewise translated into HTTP before being
287 forwarded to the user agent.
288
289 2. Notational Conventions and Generic Grammar
290
291 2.1 Augmented BNF
292
293 All of the mechanisms specified in this document are described in
294 both prose and an augmented Backus-Naur Form (BNF) similar to that
295 used by RFC 822 [8]. Implementors will need to be familiar with the
296 notation in order to understand this specification. The augmented
297 BNF includes the following constructs:
298
299 name = definition
300
301 The name of a rule is simply the name itself (without any
302 enclosing "<" and ">") and is separated from its definition by
303 the equal character "=". Whitespace is only significant in that
304 indentation of continuation lines is used to indicate a rule
305 definition that spans more than one line. Certain basic rules
306 are in uppercase, such as SP, LWS, HTAB, CRLF, DIGIT, ALPHA,
307 etc. Angle brackets are used within definitions whenever their
308 presence will facilitate discerning the use of rule names.
309
310 "literal"
311
312 Quotation marks surround literal text. Unless stated otherwise,
313 the text is case-insensitive.
314
315 rule1 | rule2
316
317 Elements separated by a bar ("I") are alternatives,
318 e.g. "yes | no" will accept yes or no.
319
320 (rule1 rule2)
321
322 Elements enclosed in parentheses are treated as a single
323 element. Thus,"(elem (foo | bar) elem)" allows the token
324 sequences "elem foo elem" and "elem bar elem".
325
326 *rule
327
328 The character "*" preceding an element indicates repetition. The
329 full form is "<n>*<m>element" indicating at least <n> and at
330 most <m> occurrences of element. Default values are 0 and
331 infinity so that "*(element)" allows any number, including zero;
332 "1*element" requires at least one; and "1*2element" allows one
333 or two.
334
335 [rule]
336
337 Square brackets enclose optional elements; "[foo bar]" is
338 equivalent to "*1(foo bar)".
339
340 N rule
341
342 Specific repetition: "<n>(element)" is equivalent to
343 "<n>*<n>(element)"; that is, exactly <n> occurrences of
344 (element). Thus 2DIGIT is a 2-digit number, and 3ALPHA is a
345 string of three alphabetic characters.
346
347 #rule
348
349 A construct "#" is defined, similar to "*", for defining lists
350 of elements. The full form is "<n>#<m>element" indicating at
351 least <n> and at most <m> elements, each separated by one or
352 more commas (",") and optional linear whitespace (LWS). This
353 makes the usual form of lists very easy; a rule such as
354 "( *LWS element *( *LWS "," *LWS element ))" can be shown as
355 "1#element". Wherever this construct is used, null elements are
356 allowed, but do not contribute to the count of elements present.
357 That is, "(element), , (element)" is permitted, but counts as
358 only two elements. Therefore, where at least one element is
359 required, at least one non-null element must be present. Default
360 values are 0 and infinity so that "#(element)" allows any
361 number, including zero; "1#element" requires at least one; and
362 "1#2element" allows one or two.
363
364 ; comment
365
366 A semi-colon, set off some distance to the right of rule text,
367 starts a comment that continues to the end of line. This is a
368 simple way of including useful notes in parallel with the
369 specifications.
370
371 implied *LWS
372
373 The grammar described by this specification is word-based.
374 Except where noted otherwise, zero or more linear whitespace
375 (LWS) can be included between any two words (token or
376 quoted-string) without changing the interpretation of a field.
377 However, applications should attempt to follow "common form"
378 when generating HTTP constructs, since there exist some
379 implementations that fail to accept anything beyond the common
380 forms.
381
382 2.2 Basic Rules
383
384 The following rules are used throughout this specification to
385 describe basic parsing constructs. The US-ASCII character set is
386 defined by [18].
387
388 OCTET = <any 8-bit character>
389 CHAR = <any US-ASCII character (octets 0 - 127)>
390 UPALPHA = <any US-ASCII uppercase letter "A".."Z">
391 LOALPHA = <any US-ASCII lowercase letter "a".."z">
392 ALPHA = UPALPHA | LOALPHA
393 DIGIT = <any US-ASCII digit "0".."9">
394 CTL = <any US-ASCII control character
395 (octets 0 - 31) and DEL (127)>
396 CR = <US-ASCII CR, carriage return (13)>
397 LF = <US-ASCII LF, linefeed (10)>
398 SP = <US-ASCII SP, space (32)>
399 HTAB = <US-ASCII HT, horizontal-tab (9)>
400 <"> = <US-ASCII double-quote mark>
401
402 HTTP/1.0 defines the octet sequence CR LF as the end-of-line marker
403 for all protocol elements except the Entity-Body (see Appendix C
404 for tolerant applications). The end-of-line marker for an
405 Entity-Body is defined by its associated media type, as described
406 in Section 8.1.
407
408 CRLF = CR LF
409
410 HTTP/1.0 headers can be folded onto multiple lines if the
411 continuation lines begin with linear whitespace characters. All
412 linear whitespace (including folding) has the same semantics as SP.
413
414 LWS = [CRLF] 1*( SP | HTAB )
415
416 Many HTTP/1.0 header field values consist of words separated by LWS
417 or special characters. These special characters must be in a quoted
418 string to be used within a parameter value.
419
420 word = token | quoted-string
421
422 token = 1*<any CHAR except CTLs or tspecials>
423
424 tspecials = "(" | ")" | "<" | ">" | "@"
425 | "," | ";" | ":" | "\" | <">
426 | "/" | "[" | "]" | "?" | "="
427 | SP | HTAB
428
429 A string of text is parsed as a single word if it is quoted using
430 double-quote marks or angle brackets.
431
432 quoted-string = ( <"> *(qdtext) <"> )
433 | ( "<" *(qatext) ">" )
434
435 qdtext = <any CHAR except <"> and CTLs,
436 but including LWS>
437
438 qatext = <any CHAR except "<", ">", and CTLs,
439 but including LWS>
440
441 The text rule is only used for descriptive field contents. Words of
442 *text may contain characters from character sets other than
443 US-ASCII only when encoded according to the rules of RFC 1522 [13].
444
445 text = <any OCTET except CTLs,
446 but including LWS>
447
448 3. Protocol Parameters
449
450 3.1 HTTP Version
451
452 HTTP uses a "<major>.<minor>" numbering scheme to indicate versions
453 of the protocol. The protocol versioning policy is intended to
454 allow the sender to indicate the format of a message and its
455 capacity for understanding further HTTP communication, rather than
456 the features obtained via that communication. No change is made to
457 the version number for the addition of message components which do
458 not affect communication behavior or which only add to extensible
459 field values. The <minor> number is incremented when the changes
460 made to the protocol add features which do not change the general
461 message parsing algorithm, but which may add to the message
462 semantics and imply additional capabilities of the sender. The
463 <major> number is incremented when the format of a message within
464 the protocol is changed.
465
466 The version of an HTTP message is indicated by an HTTP-Version
467 field in the first line of the message. If the protocol version is
468 not specified, the recipient must assume that the message is in the
469 simple HTTP/0.9 format.
470
471 HTTP-Version = "HTTP" "/" 1*DIGIT "." 1*DIGIT
472
473 Note that the major and minor numbers should be treated as separate
474 integers and that each may be incremented higher than a single
475 digit. Thus, HTTP/2.4 is a lower version than HTTP/2.13, which in
476 turn is lower than HTTP/12.3. Leading zeroes should be ignored by
477 recipients and never generated by senders.
478
479 This document defines both the 0.9 and 1.0 versions of the HTTP
480 protocol. Applications sending Full-Request or Full-Response
481 messages, as defined by this specification, must include an
482 HTTP-Version of "HTTP/1.0".
483
484 HTTP servers are required to be able to recognize the format of the
485 Request-Line for all lower-version requests, understand requests
486 with a format within one major number of their native version (i.e.
487 <major1> and <major>), and respond appropriately with a message
488 within the same <major> protocol number (even if the response is
489 simply an error message). HTTP clients are required to be able to
490 recognize the format of the Status-Line for all lower-version
491 responses and understand responses with a format within one major
492 number of their request version. The following hypothetical example
493 illustrates the required behavior.
494
495 o A valid HTTP/3.5 request is received and the server's native
496 protocol version is
497
498 o Less than 3.0: it should attempt to understand the request
499 and respond (possibly with an error) in its native format;
500
501 o Major number of 3: It should understand the request and
502 respond in its native format;
503
504 o Major number of 4: It should understand the request and
505 respond with a version 3 message;
506
507 o Major number higher than 4: It should attempt to understand
508 the request and respond (possibly with an error) with a
509 version 3 message;
510
511 o User agent receives a response to an HTTP/3.5 request, and the
512 response version is
513
514 o Less than 2.0: It should attempt to understand the response
515 and unobtrusively warn the user of the version mismatch;
516
517 o 2.0--3.4: It should understand the response and be aware
518 that its request may not have been fully understood by the
519 server;
520
521 o 3.5 or higher 3: It should understand the response and can
522 assume that the server understood all aspects of the request
523 if the response does not indicate an error;
524
525 o 4.0 or higher: It should attempt to understand the response
526 and unobtrusively warn the user of the version mismatch.
527
528 Proxies must be careful in forwarding requests that are received in
529 a format different than that of the proxy's native version. Since
530 the protocol version indicates the protocol capability of the
531 sender, a proxy must never send a message with a version indicator
532 which is greater than its native version; if a higher version
533 request is received, the proxy must either downgrade the request
534 version or respond with an error. Requests with a version lower
535 than that of the proxy's native format may be upgraded by the proxy
536 before being forwarded; the proxy's response to that request must
537 follow the normal server requirements.
538
539 3.2 Universal Resource Identifiers
540
541 This section is To-Be-Specified. It will contain a brief
542 description of URIs as defined by RFC 1630, including mention of
543 the allowed characters and the hex encoding, and provide a full
544 definition of the http URL scheme.
545
546 URI = <As defined in RFC 1630>
547
548 All URI protocol elements must be encoded using the escaping scheme
549 described in RFC 1630 [3].
550
551 3.3 Date/Time Formats
552
553 3.3.1 Full Date
554
555 HTTP/1.0 applications have historically allowed three different
556 formats for the representation of date/time stamps:
557
558 Sun, 06 Nov 1994 08:49:37 GMT ; RFC 822, updated by RFC 1123
559 Sunday, 06-Nov-94 08:49:37 GMT ; RFC 850, obsoleted by RFC 1036
560 Sun Nov 6 08:49:37 1994 ; ANSI C's asctime() format
561
562 The first format is preferred as an Internet standard and
563 represents a fixed-length subset of that defined by RFC 1123 [7]
564 (an update to RFC 822 [8]). The second format is in common use, but
565 is based on the obsolete RFC 850 [11] date format and lacks a four-
566 digit year. HTTP/1.0 clients and servers must accept all three
567 formats, though they should never generate the third (asctime)
568 format. Future clients and servers must only generate the RFC 1123
569 format for representing date/time stamps in HTTP/1.0 requests and
570 responses.
571
572 All HTTP/1.0 date/time stamps must be represented in Universal Time
573 (UT), also known as Greenwich Mean Time (GMT), without exception.
574 This is indicated in the first two formats by the inclusion of
575 "GMT" as the three-letter abbreviation for time zone, and should be
576 assumed when reading the asctime format.
577
578 HTTP-date = rfc1123-date | rfc850-date | asctime-date
579
580 rfc1123-date = wkday "," SP date1 SP time SP "GMT"
581 rfc850-date = weekday "," SP date2 SP time SP "GMT"
582 asctime-date = wkday SP date3 SP time SP 4DIGIT
583
584 date1 = 2DIGIT SP month SP 4DIGIT
585 ; day month year (e.g. 02 Jun 1982)
586 date2 = 2DIGIT "-" month "-" 2DIGIT
587 ; day-month-year (e.g. 02-Jun-82)
588 date3 = month SP ( 2DIGIT | ( SP 1DIGIT ))
589 ; month day (e.g. Jun 2)
590
591 time = 2DIGIT ":" 2DIGIT ":" 2DIGIT
592 ; 00:00:00 - 23:59:59
593
594 wkday = "Mon" | "Tue" | "Wed"
595 | "Thu" | "Fri" | "Sat" | "Sun"
596
597 weekday = "Monday" | "Tuesday" | "Wednesday"
598 | "Thursday" | "Friday" | "Saturday" | "Sunday"
599
600 month = "Jan" | "Feb" | "Mar" | "Apr"
601 | "May" | "Jun" | "Jul" | "Aug"
602 | "Sep" | "Oct" | "Nov" | "Dec"
603
604 Comments and/or extra LWS are not permitted inside an HTTP-date
605 value generated by a conformant application. However, recipients of
606 date values should be robust in accepting date values that may have
607 been generated by non-HTTP applications (as is sometimes the case
608 when retrieving or posting messages via gateways to SMTP or NNTP).
609
610 Note: HTTP/1.0 requirements for the date/time stamp format
611 apply only to their usage within the protocol stream.
612 Clients and servers are not required to use these formats
613 for user presentation, request logging, etc.
614
615 3.3.2 Delta Seconds
616
617 Some HTTP header fields allow a time value to be specified as an
618 integer number of seconds (represented in decimal) after the time
619 that the message was received. This format should only be used to
620 represent short time periods or periods that cannot start until
621 receipt of the message.
622
623 delta-seconds = 1*DIGIT
624
625 4. HTTP Message
626
627 4.1 Message Types
628
629 HTTP messages consist of requests from client to server and
630 responses from server to client.
631
632 HTTP-message = Simple-Request ; HTTP/0.9 messages
633 | Simple-Response
634 | Full-Request ; HTTP/1.0 messages
635 | Full-Response
636
637 Full-Request and Full-Response use the generic message format of
638 RFC 822 [8] for transferring entities. Both messages may include
639 optional header fields (a.k.a. "headers") and an entity body. The
640 entity body is separated from the headers by a null line (i.e., a
641 line with nothing preceding the CRLF).
642
643 Full-Request = Request-Line ; Section 5.1
644 *( General-Header ; Section 4.3
645 | Request-Header ; Section 5.4
646 | Entity-Header ) ; Section 7.1
647 CRLF
648 [ Entity-Body ] ; Section 7.2
649
650 Full-Response = Status-Line ; Section 6.1
651 *( General-Header ; Section 4.3
652 | Response-Header ; Section 6.3
653 | Entity-Header ) ; Section 7.1
654 CRLF
655 [ Entity-Body ] ; Section 7.2
656
657 Simple-Request and Simple-Response do not allow the use of any
658 header information and are limited to a single request method (GET).
659
660 Simple-Request = "GET" SP Request-URI CRLF
661
662 Simple-Response = [ Entity-Body ]
663
664 Use of the Simple-Request format is discouraged because it prevents
665 the client from using content negotiation and the server from
666 identifying the media type of the returned entity.
667
668 4.2 Message Headers
669
670 HTTP header fields, which include General-Header (Section 4.3),
671 Request-Header (Section 5.4), Response-Header (Section 6.3), and
672 Entity-Header (Section 7.1) fields, follow the same generic format
673 as that given in Section 3.1 of RFC 822 [8]. Each header field
674 consists of a name followed by a colon (":") and the field value.
675 The field value may be preceded by any amount of LWS, though a
676 single SP is preferred. Header fields can be extended over multiple
677 lines by preceding each extra line with at least one LWS.
678
679 HTTP-header = field-name ":" [ field-value ] CRLF
680
681 field-name = 1*<any CHAR, excluding CTLs, SP, and ":">
682 field-value = *( field-content | comment | LWS )
683
684 field-content = <the OCTETs making up the field-value
685 and consisting of either *text or combinations
686 of token, tspecials, and quoted-string>
687
688 The order in which header fields are received is not significant.
689 However, it is considered "good practice" to send General-Header
690 fields first, followed by Request-Header or Response-Header fields
691 prior to the Entity-Header fields. Comments can be included in HTTP
692 header fields by surrounding the comment text with parentheses.
693
694 comment = "(" *( ctext | comment ) ")"
695 ctext = <any text excluding "(" and ")">
696
697 Note: Use of comments within HTTP headers is generally
698 discouraged, since they are rarely seen by human eyes and
699 hence only increase network traffic. However, they may be
700 useful for messages posted or retrieved via NNTP and SMTP
701 gateways.
702
703 4.3 General Message Header Fields
704
705 There are a few header fields which have general applicability for
706 both request and response messages, but which do not apply to the
707 communicating parties or the entity being transferred. Although
708 none of the General-Header fields are required, they are all
709 strongly recommended where their use is appropriate, and should be
710 understood by all future HTTP/1.0 clients and servers. These
711 headers apply only to the message being transmitted.
712
713 General-Header = Date
714 | Forwarded
715 | Message-ID
716 | MIME-Version
717 | extension-header
718
719 Although additional general header fields may be implemented via
720 the extension mechanism, applications which do not recognize those
721 fields should treat them as Entity-Header fields.
722
723 4.3.1 Date
724
725 The Date header represents the date and time at which the message
726 was originated, having the same semantics as orig-date in RFC
727 822. The field value is an HTTP-date, as described in Section 3.3.
728
729 Date = "Date" ":" HTTP-date
730
731 An example is
732
733 Date: Tue, 15 Nov 1994 08:12:31 GMT
734
735 If a message is received via direct connection with the user agent
736 (in the case of requests) or the origin server (in the case of
737 responses), then the default date can be assumed to be the current
738 date at the receiving end. However, since the date--as it is
739 believed by the origin--is important for evaluating cached
740 responses, origin servers should always include a Date header.
741 Clients should only send a Date header field in messages that
742 include an entity body, as in the case of the PUT and POST
743 requests, and even then it is optional. A received message which
744 does not have a Date header field should be assigned one by the
745 receiver if and only if the message will be cached by that receiver
746 or gatewayed via a protocol which requires a Date.
747
748 Only one Date header field is allowed per message. In theory, the
749 date should represent the moment just before the status/request-
750 line is generated (i.e. the time at which the originator made the
751 determination of what the request/response should be). In practice,
752 the date can be generated at any time during the message
753 origination without affecting its semantic value.
754
755 Note: An earlier version of this document incorrectly
756 specified that this field should contain the creation date
757 of the enclosed Entity-Body. This has been changed to
758 reflect actual (and proper) usage.
759
760 4.3.2 Forwarded
761
762 The Forwarded header is to be used by proxies to indicate the
763 intermediate steps between the user agent and the server (on
764 requests) and between the origin server and the client (on
765 responses). It is analogous to the "Received" field of RFC 822 and
766 is intended to be used for tracing transport problems and avoiding
767 request loops.
768
769 Forwarded = "Forwarded" ":" "by" URI [ "(" product ")" ]
770 [ "for" FQDN ]
771
772 FQDN = <Fully-Qualified Domain Name>
773
774 For example, a message could be sent from a client on
775 ptsun00.cern.ch to a server at www.ics.uci.edu port 80, via an
776 intermediate HTTP proxy at info.cern.ch port 8000. The request
777 received by the server at www.ics.uci.edu would then have the
778 following Forwarded header field:
779
780 Forwarded: by http://info.cern.ch:8000/ for ptsun00.cern.ch
781
782 Multiple Forwarded header fields are allowed and should represent
783 each proxy that has forwarded the message. It is strongly
784 recommended that proxies used as a portal through a network
785 firewall do not, by default, send out information about the
786 internal hosts within the firewall region. This information should
787 only be propagated if explicitly enabled. If not enabled, the for
788 token and FQDN should not be included in the field value.
789
790 4.3.3 Message-ID
791
792 The Message-ID field in HTTP is identical to that used by Internet
793 Mail and USENET messages, as defined in [11]. That is, it gives the
794 message a single, unique identifier which can be used for
795 identifying the message (not its contents) for "much longer" than
796 the expected lifetime of that message.
797
798 Message-ID = "Message-ID" ":" "<" addr-spec ">"
799 addr-spec = <as defined in RFC 822 [8]>
800
801 Although it is not required, the addr-spec format typically used
802 within a Message-ID consists of a string that is unique at the
803 originator's machine, followed by the required "@" character and
804 the fully-qualified domain name of that machine. An example is
805
806 Message-ID: <9411151630.4256@info.cern.ch>
807
808 which is composed using the time, date and process-ID on the host
809 info.cern.ch. However, this is only one of many possible methods
810 for generating a unique Message-ID and recipients of a message
811 should consider the entire value opaque.
812
813 The Message-ID field is normally not generated by HTTP applications
814 and is never required. It should only be generated by a gateway
815 application when the message is being posted to some other protocol
816 that desires a Message-ID. HTTP responses should only include a
817 Message-ID header field when the entity being transferred already
818 has one assigned to it (as in the case of resources that were
819 originally posted via Internet Mail or USENET).
820
821 4.3.4 MIME-Version
822
823 HTTP is not a MIME-conformant protocol. However, HTTP/1.0 messages
824 may include a single MIME-Version header field to indicate what
825 version of the MIME protocol was used to construct the message. Use
826 of the MIME-Version header field should indicate that the message
827 is in full compliance with the MIME protocol (as defined in [6]).
828 Unfortunately, current versions of HTTP/1.0 clients and servers use
829 this field indiscriminately, and thus receivers must not take it
830 for granted that the message is indeed in full compliance with
831 MIME. Gateways are responsible for ensuring this compliance (where
832 possible) when exporting HTTP messages to strict MIME environments.
833 Future HTTP/1.0 applications must only use MIME-Version when the
834 message is intended to be MIME-conformant.
835
836 MIME-Version = "MIME-Version" ":" 1*DIGIT "." 1*DIGIT
837
838 MIME version "1.0" is the default for use in HTTP/1.0. However,
839 HTTP/1.0 message parsing and semantics are defined by this document
840 and not the MIME specification.
841
842 5. Request
843
844 A request message from a client to a server includes, within the
845 first line of that message, the method to be applied to the
846 resource requested, the identifier of the resource, and the
847 protocol version in use. For backwards compatibility with the more
848 limited HTTP/0.9 protocol, there are two valid formats for an HTTP
849 request:
850
851 Request = Simple-Request | Full-Request
852
853 Simple-Request = "GET" SP Request-URI CRLF
854
855 Full-Request = Request-Line ; Section 5.1
856 *( General-Header ; Section 4.3
857 | Request-Header ; Section 5.4
858 | Entity-Header ) ; Section 7.1
859 CRLF
860 [ Entity-Body ] ; Section 7.2
861
862 If an HTTP/1.0 server receives a Simple-Request, it must respond
863 with an HTTP/0.9 Simple-Response. An HTTP/1.0 client capable of
864 receiving a Full-Response should never generate a Simple-Request.
865
866 5.1 Request-Line
867
868 The Request-Line begins with a method token, followed by the
869 Request-URI and the protocol version, and ending with CRLF. The
870 elements are separated by SP characters. No CR or LF are allowed
871 except in the final CRLF sequence.
872
873 Request-Line = Method SP Request-URI SP HTTP-Version CRLF
874
875 Note that the difference between a Simple-Request and the Request-
876 Line of a Full-Request is the presence of the HTTP-Version field.
877
878 5.2 Method
879
880 The Method token indicates the method to be performed on the
881 resource identified by the Request-URI. The method is case-
882 sensitive and extensible.
883
884 Method = "GET" | "HEAD" | "PUT" | "POST"
885 | "DELETE" | "LINK" | "UNLINK"
886 | extension-method
887
888 extension-method = token
889
890 The list of methods acceptable by a specific resource can be
891 specified in an "Allow" Entity-Header (Section 7.1.1). However, the
892 client is always notified through the return code of the response
893 whether a method is currently allowed on a specific resource, as
894 this can change dynamically. Servers should return the status code
895 "405 Method Not Allowed" if the method is known by the server but
896 not allowed for the requested resource, and "501 Not Implemented"
897 if the method is unknown or not implemented by the server.
898
899 The set of common methods for HTTP/1.0 is described below. Although
900 this set can be easily expanded, additional methods cannot be
901 assumed to share the same semantics for separately extended clients
902 and servers. In order to maintain compatibility, the semantic
903 definition for extension methods should be registered with the
904 IANA [17].
905
906 5.2.1 GET
907
908 The GET method means retrieve whatever information (in the form of
909 an entity) is identified by the Request-URI. If the Request-URI
910 refers to a data-producing process, it is the produced data which
911 shall be returned as the entity in the response and not the source
912 text of the process (unless that text happens to be the output of
913 the process).
914
915 The semantics of the GET method changes to a "conditional GET" if
916 the request message includes an If-Modified-Since header field. A
917 conditional GET method requests that the identified resource be
918 transferred only if it has been modified since the date given by
919 the If-Modified-Since header. The algorithm for determining this
920 includes the following cases:
921
922 a) If the request would normally result in anything other than
923 a "200 OK" status, or if the passed If-Modified-Since date
924 is invalid, the response is exactly the same as for a
925 normal GET.
926
927 b) If the resource has been modified since the If-Modified-
928 Since date, the response is exactly the same as for a
929 normal GET.
930
931 c) If the resource has not been modified since the If-Modified-
932 Since date, the server shall return a "304 Not Modified"
933 response.
934
935 The conditional GET method is intended to reduce network usage by
936 allowing cached entities to be refreshed without requiring multiple
937 requests or transferring unnecessary data.
938
939 5.2.2 HEAD
940
941 The HEAD method is identical to GET except that the server must not
942 return any Entity-Body in the response. The metainformation
943 contained in the HTTP headers in response to a HEAD request should
944 be identical to the information sent in response to a GET request.
945 This method can be used for obtaining metainformation about the
946 resource identified by the Request-URI without transferring the
947 Entity-Body itself. This method is often used for testing hypertext
948 links for validity, accessibility, and recent modification.
949
950 There is no "conditional HEAD" requests analogous to the
951 conditional GET. If an If-Modified-Since header field is included
952 with a HEAD request, it should be ignored.
953
954 5.2.3 POST
955
956 The POST method is used to request that the destination server
957 accept the entity enclosed in the request as a new subordinate of
958 the resource identified by the Request-URI in the Request-Line.
959 POST is designed to allow a uniform method to cover the following
960 functions:
961
962 o Annotation of existing resources;
963
964 o Posting a message to a bulletin board, newsgroup, mailing list,
965 or similar group of articles;
966
967 o Providing a block of data (usually a form) to a data-handling
968 process;
969
970 o Extending a database through an append operation.
971
972 The actual function performed by the POST method is determined by
973 the server and is usually dependent on the Request-URI. The posted
974 entity is considered to be subordinate to that URI in the same way
975 that a file is subordinate to a directory containing it, a news
976 article is subordinate to a newsgroup to which it is posted, or a
977 record is subordinate to a database.
978
979 The client can suggest a URI for identifying the new resource by
980 including a URI-header field in the request. However, the server
981 should treat that URI as advisory only and may store the entity
982 under a different URI or without any URI.
983
984 The client may apply relationships between the new resource and
985 other existing resources by including Link header fields, as
986 described in Section 7.1.10. The server may use the Link
987 information to perform other operations as a result of the new
988 resource being added. For example, lists and indexes might be
989 updated. However, no mandatory operation is imposed on the origin
990 server. The origin server may also generate its own or additional
991 links to other resources.
992
993 A successful POST does not require that the entity be created as a
994 resource on the origin server or made accessible for future
995 reference. That is, the action performed by the POST method might
996 not result in a resource that can be identified by a URI. In this
997 case, either "200 OK" or "204 No Content" is the appropriate
998 response status, depending on whether or not the response includes
999 an entity that describes the result.
1000
1001 If a resource has been created on the origin server, the response
1002 should be "201 Created" and contain the allocated URI, all
1003 applicable Link header fields, and an entity (preferably of type
1004 "text/html") which describes the status of the request and refers
1005 to the new resource.
1006
1007 5.2.4 PUT
1008
1009 The PUT method requests that the enclosed entity be stored under
1010 the supplied Request-URI. If the Request-URI refers to an already
1011 existing resource, the enclosed entity should be considered a
1012 modified version of the one residing on the origin server. If the
1013 Request-URI does not point to an existing resource, and that URI is
1014 capable of being defined as a new resource by the requesting user
1015 agent, the origin server can create the resource with that URI. If
1016 a new resource is created, the origin server must inform the user
1017 agent via the "201 Created" response. If an existing resource is
1018 modified, the "200 OK" response should be sent to indicate
1019 successful completion of the request. If the resource could not be
1020 created or modified with the Request-URI, an appropriate error
1021 response should be given that reflects the nature of the problem.
1022
1023 The fundamental difference between the POST and PUT requests is
1024 reflected in the different meaning of the Request-URI. The URI in a
1025 POST request identifies the resource that will handle the enclosed
1026 entity as an appendage. That resource may be a data-accepting
1027 process, a gateway to some other protocol, or a separate entity
1028 that accepts annotations. In contrast, the URI in a PUT request
1029 identifies the entity enclosed with the request. The requestor of a
1030 PUT knows what URI is intended and the receiver must not attempt to
1031 apply the request to some other resource. If the receiver desires
1032 that the request be applied to a different URI, it must send a
1033 "301 Moved Permanently" response; the requestor may then make its
1034 own decision regarding whether or not to redirect the request.
1035
1036 The client can create or modify relationships between the enclosed
1037 entity and other existing resources by including Link header
1038 fields, as described in Section 7.1.10. As with POST, the server
1039 may use the Link information to perform other operations as a
1040 result of the request. However, no mandatory operation is imposed
1041 on the origin server. The origin server may generate its own or
1042 additional links to other resources.
1043
1044 The actual method for determining how the resource is placed, and
1045 what happens to its predecessor, is defined entirely by the origin
1046 server. If version control is implemented by the origin server, the
1047 Version and Derived-From header fields should be used to help
1048 identify and control revisions to a resource.
1049
1050 5.2.5 DELETE
1051
1052 The DELETE method requests that the origin server delete the
1053 resource identified by the Request-URI. This method may be
1054 overridden by human intervention (or other means) on the origin
1055 server. The client cannot be guaranteed that the operation has been
1056 carried out, even if the status code returned from the origin
1057 server indicates that the action has been completed successfully.
1058 However, the server should not indicate success unless, at the time
1059 the response is given, it intends to delete the resource or move it
1060 to an inaccessible location.
1061
1062 A successful response should be "200 OK" (if the response includes
1063 an entity describing the status), "202 Accepted" (if the action has
1064 not yet been enacted), or "204 No Content" (if the response is OK
1065 but does not include an entity).
1066
1067 5.2.6 LINK
1068
1069 The LINK method establishes one or more Link relationships between
1070 the existing resource identified by the Request-URI and other
1071 existing resources. The difference between LINK and other methods
1072 allowing links to be established between resources is that the LINK
1073 method does not allow any Entity-Body to be sent in the request and
1074 does not result in the creation of new resources.
1075
1076 5.2.7 UNLINK
1077
1078 The UNLINK method removes one or more Link relationships from the
1079 existing resource identified by the Request-URI. These
1080 relationships may have been established using the LINK method or by
1081 any other method supporting the Link header. The removal of a link
1082 to a resource does not imply that the resource ceases to exist or
1083 becomes inaccessible for future references.
1084
1085 5.3 Request-URI
1086
1087 The Request-URI is a Universal Resource Identifier (Section 3.2)
1088 and identifies the resource upon which to apply the request.
1089
1090 Request-URI = URI
1091
1092 Unless the server is being used as a proxy, a partial URI shall be
1093 given with the assumptions of the scheme (http) and hostname:port
1094 (the server's address) being obvious. That is, if the full URI
1095 looks like
1096
1097 http://info.cern.ch/hypertext/WWW/TheProject.html
1098
1099 then the corresponding partial URI in the Simple-Request or
1100 Full-Request is
1101
1102 /hypertext/WWW/TheProject.html
1103
1104 If the client is sending the request through a proxy, the absolute
1105 form of the URI (including scheme and server address) must be used.
1106 A proxy must be able to recognize all of its server names,
1107 including any aliases, local variations, and the numeric IP address.
1108
1109 5.4 Request Header Fields
1110
1111 The request header fields allow the client to pass additional
1112 information about the request (and about the client itself) to the
1113 server. All header fields are optional and conform to the generic
1114 HTTP-header syntax.
1115
1116 Request-Header = Accept
1117 | Accept-Charset
1118 | Accept-Encoding
1119 | Accept-Language
1120 | Authorization
1121 | From
1122 | If-Modified-Since
1123 | Pragma
1124 | Referer
1125 | User-Agent
1126 | extension-header
1127
1128 Although additional request header fields may be implemented via
1129 the extension mechanism, applications which do not recognize those
1130 fields should treat them as Entity-Header fields.
1131
1132 5.4.1 Accept
1133
1134 The Accept header field can be used to indicate a list of media
1135 ranges which are acceptable as a response to the request. The
1136 asterisk "*" character is used to group media types into ranges,
1137 with "*/*" indicating all media types and "type/*" indicating all
1138 subtypes of that type. The set of ranges given by the client should
1139 represent what types are acceptable given the context of the
1140 request. The Accept field should only be used when the request is
1141 specifically limited to a set of desired types (as in the case of a
1142 request for an in-line image), to indicate qualitative preferences
1143 for specific media types, or to indicate acceptance of unusual
1144 media types.
1145
1146 The field may be folded onto several lines and more than one
1147 occurrence of the field is allowed (with the semantics being the
1148 same as if all the entries had been in one field value).
1149
1150 Accept = "Accept" ":" 1#(
1151 media-range
1152 [ ";" "q" "=" ( "0" | "1" | float ) ]
1153 [ ";" "mxb" "=" 1*DIGIT ] )
1154
1155 media-range = ( "*/*"
1156 | ( type "/" "*" )
1157 | ( type "/" subtype )
1158 ) *( ";" parameter )
1159
1160 float = < ANSI-C floating point text representation,
1161 where (0.0 < float < 1.0) >
1162
1163 The parameter q is used to indicate the quality factor, which
1164 represents the user's preference for that range of media types, and
1165 the parameter mxb gives the maximum acceptable size of the Entity-
1166 Body (in decimal number of octets) for that range of media types.
1167 Section 9 describes the content negotiation algorithm which makes
1168 use of these values. If at least one Accept header is present, a
1169 quality factor of 0 is equivalent to not sending an Accept header
1170 field containing that media-type or set of media-types. The default
1171 values are: q=1 and mxb=undefined (i.e. infinity).
1172
1173 The example
1174
1175 Accept: audio/*; q=0.2, audio/basic
1176
1177 should verbally be interpreted as "if you have audio/basic, send
1178 it; otherwise send me any audio type."
1179
1180 If no Accept header is present, then it is assumed that the client
1181 accepts all media types with quality factor 1. This is equivalent
1182 to the client sending the following accept header field:
1183
1184 Accept: */*; q=1
1185
1186 or
1187
1188 Accept: */*
1189
1190 A more elaborate example is
1191
1192 Accept: text/plain; q=0.5, text/html,
1193 text/x-dvi; q=0.8; mxb=100000, text/x-c
1194
1195 Verbally, this would be interpreted as "text/html and text/x-c are
1196 the preferred media types, but if they do not exist then send the
1197 Entity-Body in text/x-dvi if the entity is less than 100000 bytes,
1198 otherwise send text/plain".
1199
1200 Note: In earlier versions of this document, the mxs
1201 parameter defined the maximum acceptable delay in seconds
1202 before the response would arrive. This has been removed as
1203 the server has no means of obtaining a useful reference
1204 value. However, this does not prevent the client from
1205 internally measuring the response time and optimizing the
1206 Accept header field accordingly.
1207
1208 It must be emphasized that this field should only be used when it
1209 is necessary to restrict the response media types to a subset of
1210 those possible, to indicate the acceptance of unusual media types,
1211 or when the user has been permitted to specify qualitative values
1212 for ranges of media types. If no quality factors have been set by
1213 the user, and the context of the request is such that the user
1214 agent is capable of saving the entity to a file if the received
1215 media type is unknown, then the only appropriate value for Accept
1216 is "*/*" and the list of unusual types. Whether or not a particular
1217 media type is deemed "unusual" should be a configurable aspect of
1218 the user agent.
1219
1220 5.4.2 Accept-Charset
1221
1222 The Accept-Charset header field can be used to indicate a list of
1223 preferred character sets other than the default US-ASCII and
1224 ISO-8859-1. This field allows clients capable of understanding more
1225 comprehensive or special-purpose character sets to signal that
1226 capability to a server which is capable of representing documents
1227 in those character sets.
1228
1229 Accept-Charset = "Accept-Charset" ":" 1#charset
1230
1231 Character set values are described in Section 8.3. An example is
1232
1233 Accept-Charset: iso-8859-5, unicode-1-1
1234
1235 The value of this field should not include "US-ASCII" or
1236 "ISO-8859-1", since those values are always assumed by default. If
1237 a resource is only available in a character set other than the
1238 defaults, and that character set is not listed in the Accept-
1239 Charset field, it is only acceptable for the server to send the
1240 entity if the character set can be identified by an appropriate
1241 charset parameter on the media type or within the format of the
1242 media type itself.
1243
1244 Note: User agents are not required to be able to render the
1245 characters associated with the ISO-8859-1 character set.
1246 However, they must be able to interpret their meaning to
1247 whatever extent is required to properly handle messages in
1248 that character set..
1249
1250 5.4.3 Accept-Encoding
1251
1252 The Accept-Encoding header field is similar to Accept, but lists
1253 the encoding-mechanisms and transfer-encoding values which are
1254 acceptable in the response.
1255
1256 Accept-Encoding = "Accept-Encoding" ":"
1257 1#( encoding-mechanism | transfer-encoding )
1258
1259 An example of its use is
1260
1261 Accept-Encoding: compress, base64, gzip, quoted-printable
1262
1263 The field value should never include the identity transfer-encoding
1264 values ("7bit", "8bit", and "binary") since they actually represent
1265 "no encoding." If no Accept-Encoding field is present in a request,
1266 it must be assumed that the client does not accept any encoding-
1267 mechanism and only the identity transfer-encodings.
1268
1269 5.4.4 Accept-Language
1270
1271 The Accept-Language header field is similar to Accept, but lists
1272 the set of natural languages that are preferred as a response to
1273 the request.
1274
1275 Accept-Language = "Accept-Language" ":" 1#language-tag
1276
1277 The language-tag is described in Section 8.2. Languages are listed
1278 in the order of their preference to the user. For example,
1279
1280 Accept-Language: dk, en-gb
1281
1282 would mean: "Send me a Danish version if you have it; else a
1283 British English version."
1284
1285 If the server cannot fulfill the request with one or more of the
1286 languages given, or if the languages only represent a subset of a
1287 multi-linguistic Entity-Body, it is acceptable to serve the request
1288 in an unspecified language.
1289
1290 Note: As intelligibility is highly dependent on the
1291 individual user, it is recommended that client applications
1292 make the choice of linguistic preference available to the
1293 user.
1294
1295 5.4.5 Authorization
1296
1297 A user agent that wishes to authenticate itself with a server
1298 (usually, but not necessarily, after receiving a "401 Unauthorized"
1299 response), may do so by including an Authorization header field
1300 with the request. The Authorization field value consists of
1301 credentials containing the authentication information of the user
1302 agent for the realm of the resource being requested.
1303
1304 Authorization = "Authorization" ":" credentials
1305
1306 HTTP access authentication is described in Section 10. If a request
1307 is authenticated and a realm specified, the same credentials should
1308 be valid for all other requests within this realm.
1309
1310 5.4.6 From
1311
1312 The From header field, if given, should contain an Internet e-mail
1313 address for the human user who controls the requesting user agent.
1314 The address should be machine-usable, as defined by addr-spec in
1315 RFC 822:
1316
1317 From = "From" ":" addr-spec
1318
1319 An example is:
1320
1321 From: webmaster@w3.org
1322
1323 This header field may be used for logging purposes and as a means
1324 for identifying the source of invalid or unwanted requests. It
1325 should not be used as an insecure form of access protection. The
1326 interpretation of this field is that the request is being performed
1327 on behalf of the person given, who accepts responsibility for the
1328 method performed. In particular, robot agents should include this
1329 header so that the person responsible for running the robot can be
1330 contacted if problems occur on the receiving end.
1331
1332 The Internet e-mail address in this field does not have to
1333 correspond to the Internet host which issued the request. (For
1334 example, when a request is passed through a proxy, then the
1335 original issuer's address should be used). The address should, if
1336 possible, be a valid Internet e-mail address, whether or not it is
1337 in fact an Internet e-mail address or the Internet e-mail
1338 representation of an address on some other mail system.
1339
1340 Note: The client should not send the From header field
1341 without the user's approval, as it may conflict with the
1342 user's privacy interests or their site's security policy. It
1343 is strongly recommended that the user be able to disable,
1344 enable, and modify the value of this field at any time prior
1345 to a request.
1346
1347 5.4.7 If-Modified-Since
1348
1349 The If-Modified-Since header field is used with the GET method to
1350 make it conditional: if the requested resource has not been
1351 modified since the time specified in this field, a copy of the
1352 resource will not be returned from the server; instead, a "304 Not
1353 Modified" response will be returned without any Entity-Body.
1354
1355 If-Modified-Since = "If-Modified-Since" ":" HTTP-date
1356
1357 An example of the field is:
1358
1359 If-Modified-Since: Sat, 29 Oct 1994 19:43:31 GMT
1360
1361 The purpose of this feature is to allow efficient updates of local
1362 cache information with a minimum amount of transaction overhead.
1363 The same functionality can be obtained, though with much greater
1364 overhead, by issuing a HEAD request and following it with a GET
1365 request if the server indicates that the entity has been modified.
1366
1367 5.4.8 Pragma
1368
1369 The Pragma header field is used to specify directives that must be
1370 applied to all servers along the request chain (where relevant).
1371 The directives typically specify behavior that prevents
1372 intermediate proxies from changing the nature of the request.
1373 Although multiple pragma directives can be listed as part of the
1374 request, HTTP/1.0 only defines semantics for the
1375 "no-cache" directive.
1376
1377 Pragma = "Pragma" ":" 1#pragma-directive
1378
1379 pragma-directive = "no-cache" | extension-pragma
1380 extension-pragma = token
1381
1382 When the "no-cache" directive is present, a caching proxy must
1383 forward the request toward the origin server even if it has a
1384 cached copy of what is being requested. This allows a client to
1385 insist upon receiving an authoritative response to its request. It
1386 also allows a client to refresh a cached copy which has become
1387 corrupted or is known to be stale.
1388
1389 Pragmas must be passed through by a proxy even when they have
1390 significance to that proxy. This is necessary in cases when the
1391 request has to go through many proxies, and the pragma may affect
1392 all of them. It is not possible to specify a pragma for a specific
1393 proxy; however, any pragma-directive not relevant to a gateway or
1394 proxy should be ignored.
1395
1396 5.4.9 Referer
1397
1398 The Referer field allows the client to specify, for the server's
1399 benefit, the address (URI) of the document (or element within the
1400 document) from which the Request-URI was obtained. This allows a
1401 server to generate lists of back-links to documents, for interest,
1402 logging, optimized caching, etc. It also allows obsolete or
1403 mistyped links to be traced for maintenance. The format of the
1404 field is:
1405
1406 Referer = "Referer" ":" URI
1407
1408 Example:
1409
1410 Referer: http://info.cern.ch/hypertext/DataSources/Overview.html
1411
1412 If a partial URI is given, it should be interpreted relative to the
1413 Request-URI.
1414
1415 Note: Because the source of a link may be considered private
1416 information or may reveal an otherwise secure information
1417 source, it is strongly recommended that the user be able to
1418 select whether or not the Referer field is sent. For
1419 example, a browser client could have a toggle switch for
1420 browsing openly/anonymously, which would respectively
1421 enable/disable the sending of Referer and From information.
1422
1423 5.4.10 User-Agent
1424
1425 The User-Agent field contains information about the user agent
1426 originating the request. This is for statistical purposes, the
1427 tracing of protocol violations, and automated recognition of user
1428 agents for the sake of tailoring responses to avoid particular user
1429 agent limitations. Although it is not required, user agents should
1430 always include this field with requests. The field can contain
1431 multiple tokens specifying the product name, with an optional slash
1432 and version designator, and other products which form a significant
1433 part of the user agent. By convention, the products are listed in
1434 order of their significance for identifying the application.
1435
1436 User-Agent = "User-Agent" ":" 1*( product )
1437
1438 product = token ["/" product-version]
1439 product-version = token
1440
1441 Example:
1442
1443 User-Agent: CERN-LineMode/2.15 libwww/2.17b3
1444
1445 Product tokens should be short and to the point -- use of this field
1446 for advertizing or other non-essential information is explicitly
1447 deprecated and will be considered as non-conformance to the
1448 protocol. Although any token character may appear in a
1449 product-version, this token should only be used for a version
1450 identifier (i.e., successive versions of the same product should
1451 only differ in the product-version portion of the product value).
1452 The User-Agent field may include additional information within
1453 comments that are not part of the value of the field.
1454
1455 Note: Some current proxy applications append their product
1456 information to the list in the User-Agent field. This is no
1457 longer recommended, since it makes machine interpretation of
1458 these fields ambiguous. Instead, proxies should use the
1459 Forwarded header described in Section 4.3.2.
1460
1461 6. Response
1462
1463 After receiving and interpreting a request message, a server
1464 responds in the form of an HTTP response message.
1465
1466 Response = Simple-Response | Full-Response
1467
1468 Simple-Response= [ Entity-Body ]
1469
1470 Full-Response = Status-Line ; Section 6.1
1471 *( General-Header ; Section 4.3
1472 | Response-Header ; Section 6.3
1473 | Entity-Header ) ; Section 7.1
1474 CRLF
1475 [ Entity-Body ] ; Section 7.2
1476
1477 A Simple-Response should only be sent in response to an HTTP/0.9
1478 Simple-Request or if the server only supports the more limited
1479 HTTP/0.9 protocol. If a client sends an HTTP/1.0 Full-Request and
1480 receives a response that does not begin with a Status-Line, it
1481 should assume that the response is a Simple-Response and parse it
1482 accordingly. Note that the Simple-Response consists only of the
1483 entity body and is terminated by the server closing the connection.
1484
1485 6.1 Status-Line
1486
1487 The first line of a Full-Response message is the Status-Line,
1488 consisting of the protocol version followed by a numeric status
1489 code and its associated textual phrase, with each element separated
1490 by SP characters. No CR or LF is allowed except in the final CRLF
1491 sequence.
1492
1493 Status-Line = HTTP-Version SP Status-Code SP Reason-Phrase CRLF
1494
1495 Since a status line always begins with the protocol version's
1496
1497 "HTTP/" 1*DIGIT "." 1*DIGIT
1498
1499 (e.g. "HTTP/1.0"), the presence of that expression is considered
1500 sufficient to differentiate a Full-Response from a Simple-Response.
1501 Although the Simple-Response format may allow such an expression to
1502 occur at the beginning of an entity body (and thus cause a
1503 misinterpretation of the message if it was given in response to a
1504 Full-Request), the likelihood of such an occurrence is negligible.
1505
1506 6.2 Status Codes and Reason Phrases
1507
1508 The Status-Code element is a 3-digit integer result code of the
1509 attempt to understand and satisfy the request. The Reason-Phrase is
1510 intended to give a short textual description of the Status-Code.
1511 The Status-Code is intended for use by automata and the Reason-
1512 Phrase is intended for the human user. The client is not required
1513 to examine or display the Reason-Phrase.
1514
1515 The first digit of the Status-Code defines the class of response.
1516 The last two digits do not have any categorization role. There are
1517 5 values for the first digit:
1518
1519 o 1xx: Informational - Not used, but reserved for future use
1520
1521 o 2xx: Success - The action was successfully received,
1522 understood, and accepted.
1523
1524 o 3xx: Redirection - Further action must be taken in order to
1525 complete the request
1526
1527 o 4xx: Client Error - The request contains bad syntax or cannot
1528 be fulfilled
1529
1530 o 5xx: Server Error - The server failed to fulfill an apparently
1531 valid request
1532
1533 The individual values of the numeric status codes defined for
1534 HTTP/1.0, and an example set of corresponding Reason-Phrase's, are
1535 presented below. The reason phrases listed here are only
1536 recommended -- they may be replaced by local equivalents without
1537 affecting the protocol.
1538
1539 Status-Code = "200" ; OK
1540 | "201" ; Created
1541 | "202" ; Accepted
1542 | "203" ; Provisional Information
1543 | "204" ; No Content
1544 | "300" ; Multiple Choices
1545 | "301" ; Moved Permanently
1546 | "302" ; Moved Temporarily
1547 | "303" ; Method
1548 | "304" ; Not Modified
1549 | "400" ; Bad Request
1550 | "401" ; Unauthorized
1551 | "402" ; Payment Required
1552 | "403" ; Forbidden
1553 | "404" ; Not Found
1554 | "405" ; Method Not Allowed
1555 | "406" ; None Acceptable
1556 | "407" ; Proxy Authentication Required
1557 | "408" ; Request Timeout
1558 | "409" ; Conflict
1559 | "410" ; Gone
1560 | "500" ; Internal Server Error
1561 | "501" ; Not Implemented
1562 | "502" ; Bad Gateway
1563 | "503" ; Service Unavailable
1564 | "504" ; Gateway Timeout
1565 | extension-code
1566
1567 extension-code = 3DIGIT
1568
1569 Reason-Phrase = token *( SP token )
1570
1571 HTTP status codes are extensible and should be registered with the
1572 IANA. HTTP applications are not required to understand the meaning
1573 of all registered status codes, though such understanding is
1574 obviously desirable. However, applications are required to
1575 understand the class of any status code (as indicated by the first
1576 digit) and to treat the response as being equivalent to the x00
1577 status code of that class. For example, if an unknown status code
1578 of 421 is received by the client, it can safely assume that there
1579 was something wrong with its request and treat the response as if
1580 it had received a 400 status code. In such cases, user agents are
1581 encouraged to present the entity returned with the response to the
1582 user, since that entity is likely to include human-readable
1583 information which will explain the unusual status.
1584
1585 Each Status-Code is described below, including a description of
1586 which method(s) it can follow and any metainformation required in
1587 the response.
1588
1589 6.2.1 Successful 2xx
1590
1591 This class of status codes indicates that the client's request was
1592 successfully received, understood, and accepted.
1593
1594 200 OK
1595
1596 o Following: any method
1597 o Required headers: none
1598
1599 The request has been fulfilled and an entity corresponding to the
1600 requested resource is being sent in the response. If the HEAD
1601 method was used, the response should only contain the Entity-Header
1602 information and no Entity-Body.
1603
1604 201 Created
1605
1606 o Following: any method that may request a new resource
1607 be created
1608 o Required headers: URI-header
1609
1610 The request has been fulfilled and resulted in a new resource being
1611 created. The newly created resource can be referenced by the URI(s)
1612 returned in the URI-header field of the response. The origin server
1613 is encouraged, but not obliged, to actually create the resource
1614 before using this Status-Code. If the action cannot be carried out
1615 immediately, or within a clearly defined timeframe, the server
1616 should respond with "202 Accepted" instead.
1617
1618 Of the methods defined by this specification, only PUT and POST can
1619 create a resource.
1620
1621 202 Accepted
1622
1623 o Following: any method
1624 o Required headers: none
1625
1626 The request has been accepted for processing, but the processing
1627 has not been completed. The request may or may not eventually be
1628 acted upon, as it may be disallowed when processing actually takes
1629 place. There is no facility for re-sending a status code from an
1630 asynchronous operation such as this.
1631
1632 The "202 Accepted" response is intentionally non-committal. Its
1633 purpose is to allow a server to accept a request for some other
1634 process (perhaps a batch-oriented process that is only run once per
1635 day) without requiring that the user agent's connection to the
1636 server persist until the process is completed. The entity returned
1637 with this response should include an indication of the request's
1638 current status and either a pointer to a status monitor or some
1639 estimate of when the user can expect the request to be enacted.
1640
1641 203 Provisional Information
1642
1643 o Following: GET, HEAD
1644 o Required headers: none
1645
1646 The returned metainformation in the Entity-Header is not the
1647 definitive set as available from the origin server, but is gathered
1648 from a local or a third-party copy. The set presented may be a
1649 subset or superset of the original version. For example, including
1650 local annotation information about the resource may result in a
1651 superset of the metainformation known by the origin server.
1652
1653 204 No Content
1654
1655 o Following: any method
1656 o Required headers: none
1657
1658 The server has fulfilled the request but there is no new
1659 information to send back. If the client is a user agent, it should
1660 not change its document view. This response is primarily intended
1661 to allow input for scripts or other actions to take place without
1662 causing a change to the user agent's current document view.
1663
1664 6.2.2 Redirection 3xx
1665
1666 This class of status code indicates that further action needs to be
1667 taken by the client in order to fulfill the request. The action
1668 required can sometimes be carried out by the client without
1669 interaction with the user, but it is strongly recommended that this
1670 only takes place if the method used in the request is idempotent
1671 (GET or HEAD).
1672
1673 300 Multiple Choices
1674
1675 o Following: any method
1676 o Required headers: none
1677
1678 The requested resource is available at one or more locations and a
1679 preferred location could not be determined via content negotiation.
1680 Unless it was a HEAD request, the response must include an entity
1681 containing a formatted list of resource characteristics and
1682 locations from which the user agent can choose the one most
1683 appropriate. The entity format is specified by the media type given
1684 in the Content-Type header field. Depending upon the format and the
1685 capabilities of the user agent, selection of the most appropriate
1686 choice may be performed automatically.
1687
1688 301 Moved Permanently
1689
1690 o Following: any method
1691 o Required headers: URI-header, Location
1692
1693 The requested resource has been assigned a new permanent URI and
1694 any future references to this resource must be done using the
1695 returned URI. Clients with link editing capabilities are encouraged
1696 to automatically relink references to the Request-URI to the new
1697 reference returned by the server, where possible.
1698
1699 It is possible for the server to send this status code in response
1700 to a request using the PUT, POST, or DELETE methods. However, as
1701 this might change the conditions under which the request was
1702 issued, the user agent must not automatically redirect the request
1703 unless it can be confirmed by the user.
1704
1705 302 Moved Temporarily
1706
1707 o Following: any method
1708 o Required headers: URI-header, Location
1709
1710 The requested resource resides temporarily under a different URI.
1711 Since the redirection may be altered on occasion, the client should
1712 on future requests from the user continue to use the original
1713 Request-URI and not the URI returned in the URI-header field and
1714 Location fields.
1715
1716 It is possible for the server to send this status code in response
1717 to a request using the PUT, POST, or DELETE methods. However, as
1718 this might change the conditions under which the request was
1719 issued, the user agent must not automatically redirect the request
1720 unless it can be confirmed by the user.
1721
1722 303 Method
1723
1724 This code is obsolete.
1725
1726 304 Not Modified
1727
1728 o Following: conditional GET
1729 o Required headers: none
1730
1731 If the client has performed a conditional GET request and access is
1732 allowed, but the document has not been modified since the date and
1733 time specified in the If-Modified-Since field, the server shall
1734 respond with this status code and not send an Entity-Body to the
1735 client. Header fields contained in the response should only include
1736 information which is relevant to cache managers and which may have
1737 changed independently of the entity's Last-Modified date. Examples
1738 of relevant header fields include: Date, Server, and Expires.
1739
1740 6.2.3 Client Error 4xx
1741
1742 The 4xx class of status codes is intended for cases in which the
1743 client seems to have erred. If the client has not completed the
1744 request when a 4xx code is received, it should immediately cease
1745 sending data to the server. Except when responding to a HEAD
1746 request, the server is encouraged to include an entity containing
1747 an explanation of the error situation, and whether it is a
1748 temporary or permanent condition. These status codes are applicable
1749 to any request method.
1750
1751 400 Bad Request
1752
1753 The request had bad syntax or was inherently impossible to be
1754 satisfied. The client is discouraged from repeating the request
1755 without modifications.
1756
1757 401 Unauthorized
1758
1759 o Required headers: WWW-Authenticate
1760
1761 The request requires user authentication. The response must include
1762 a WWW-Authenticate header field (Section 6.3.4) containing a
1763 challenge applicable to the requested resource. The client may
1764 repeat the request with a suitable Authorization header field.
1765 HTTP access authentication is explained in Section 10.
1766
1767 402 Payment Required
1768
1769 This code is not currently supported, but is reserved for future
1770 use.
1771
1772 403 Forbidden
1773
1774 The request is forbidden because of some reason that remains
1775 unknown to the client. Authorization will not help and the request
1776 should not be repeated. This status code can be used if the server
1777 does not want to make public why the request cannot be fulfilled.
1778
1779 404 Not Found
1780
1781 The server has not found anything matching the Request-URI. No
1782 indication is given of whether the condition is temporary or
1783 permanent. If the server does not wish to make this information
1784 available to the client, the status code "403 Forbidden" can be
1785 used instead. The "410 Gone" status code should be used if the
1786 server knows (through some internally configurable method) that an
1787 old resource is permanently unavailable and has no forwarding
1788 address.
1789
1790 405 Method Not Allowed
1791
1792 o Required headers: Allow
1793
1794 The method specified in the Request-Line is not allowed for the
1795 resource identified by the Request-URI. The response must include
1796 an Allow header containing a list of valid method's for the
1797 requested resource.
1798
1799 406 None Acceptable
1800
1801 o Required headers: Content-*, where applicable to the Request-URI
1802
1803 The server has found a resource matching the Request-URI, but not
1804 one that satisfies the conditions identified by the Accept and
1805 Accept-Encoding request headers. The response must include (when
1806 applicable) the Content-Type, Content-Encoding, and Content-
1807 Language of the resource, and is encouraged to include the
1808 resource's complete metainformation. No Entity-Body can be included
1809 in the response.
1810
1811 407 Proxy Authentication Required
1812
1813 This code is reserved for future use. It is similar to
1814 "401 Unauthorized", but indicates that the client must first
1815 authenticate itself with the proxy. HTTP/1.0 does not provide a
1816 means for proxy authentication -- this feature will be available in
1817 future versions.
1818
1819 408 Request Timeout
1820
1821 The client did not produce a request within the time that the
1822 server was prepared to wait. The client may repeat the request
1823 without modifications at any later time.
1824
1825 409 Conflict
1826
1827 The request could not be completed due to a conflict with the
1828 current state of the resource. This code is only allowed in
1829 situations where it is expected that the user may be able to
1830 resolve the conflict and resubmit the request. The response body
1831 should include enough information for the user to recognize the
1832 source of the conflict. Ideally, the response entity would include
1833 enough information for the user (or user-agent) to fix the problem;
1834 however, that may not be possible and is not required.
1835
1836 Conflicts are most likely to occur in response to a PUT request. If
1837 versioning is being used and the entity being PUT includes changes
1838 to a resource which conflict with those made by an earlier (third-
1839 party) request, the server may use the "409 Conflict" response to
1840 indicate that it can't complete the PUT. In this case, the response
1841 entity may contain a list of the differences between the two
1842 versions.
1843
1844 410 Gone
1845
1846 The requested resource is no longer available at the server and no
1847 forwarding address is known. This condition should be considered
1848 permanent. Clients with link editing capabilities are encouraged to
1849 delete references to the Request-URI (after user approval). If the
1850 server does not know (or has no facility to determine) whether or
1851 not the condition is permanent, the status code "404 Not Found" can
1852 be used instead.
1853
1854 The "410 Gone" response is primarily intended to assist the task of
1855 web maintenance by notifying the recipient that the resource is
1856 intentionally unavailable and that the server owners desire that
1857 remote links to that resource be removed. Such an event is common
1858 for limited-time, promotional services and for resources belonging
1859 to individuals no longer working at the server's site. It is not
1860 necessary to mark all permanently unavailable resources as "gone"
1861 or to keep the mark for any length of time -- that is left to the
1862 discretion of the server owner.
1863
1864 6.2.4 Server Errors 5xx
1865
1866 Response status codes beginning with the digit "5" indicate cases
1867 in which the server is aware that it has erred or is incapable of
1868 performing the request. If the client has not completed the request
1869 when a 5xx code is received, it should immediately cease sending
1870 data to the server. Except when responding to a HEAD request, the
1871 server is encouraged to include an entity containing an explanation
1872 of the error situation, and whether it is a temporary or permanent
1873 condition. These response codes are applicable to any request
1874 method and there are no required header fields.
1875
1876 500 Internal Server Error
1877
1878 The server encountered an unexpected condition which prevented it
1879 from fulfilling the request.
1880
1881 501 Not Implemented
1882
1883 The server does not support the functionality required to fulfill
1884 the request. This is the appropriate response when the server does
1885 not recognize the request method and is not capable of supporting
1886 it for any resource.
1887
1888 502 Bad Gateway
1889
1890 The server received an invalid response from the gateway or
1891 upstream server it accessed in attempting to complete the request.
1892
1893 503 Service Unavailable
1894
1895 The server is currently unable to handle the request due to a
1896 temporary overloading or maintenance of the server. The implication
1897 is that this is a temporary condition which will be alleviated
1898 after some delay. If known, the length of the delay may be
1899 indicated in a Retry-After header. If no Retry-After is given, the
1900 client should handle the response as it would a "500 Internal
1901 Server Error".
1902
1903 Note: The presence of the 503 status code does not imply
1904 that a server must use it when becoming overloaded. Some
1905 servers may wish to simply refuse the connection.
1906
1907 504 Gateway Timeout
1908
1909 The server did not receive a timely response from the gateway or
1910 upstream server it accessed in attempting to complete the request.
1911
1912 6.3 Response Header Fields
1913
1914 The response header fields allow the server to pass additional
1915 information about the response which cannot be placed in the Status-
1916 Line. These header fields are not intended to give information
1917 about an Entity-Body returned in the response, but about the server
1918 itself.
1919
1920 Response-Header= Public
1921 | Retry-After
1922 | Server
1923 | WWW-Authenticate
1924 | extension-header
1925
1926 Although additional response header fields may be implemented via
1927 the extension mechanism, applications which do not recognize those
1928 fields should treat them as Entity-Header fields.
1929
1930 6.3.1 Public
1931
1932 The Public header field lists the set of non-standard methods
1933 supported by the server. The purpose of this field is strictly to
1934 inform the recipient of the capabilities of the server regarding
1935 unusual methods. The methods listed may or may not be applicable to
1936 the Request-URI; the Allow header field (Section 7.1.1) should be
1937 used to indicate methods allowed for a particular URI. This does
1938 not prevent a client from trying other methods. The field value
1939 should not include the methods predefined for HTTP/1.0 in Section
1940 5.2.
1941
1942 Public = "Public" ":" 1#method
1943
1944 Example of use:
1945
1946 Public: OPTIONS, MGET, MHEAD
1947
1948 This header field applies only to the current connection. If the
1949 response passes through a proxy, the proxy must either remove the
1950 Public header field or replace it with one applicable to its own
1951 capabilities.
1952
1953 6.3.2 Retry-After
1954
1955 The Retry-After header field can be used with "503 Service
1956 Unavailable" to indicate how long the service is expected to be
1957 unavailable to the requesting client. The value of this field can
1958 be either an full HTTP-date or an integer number of seconds (in
1959 decimal) after the time of the response.
1960
1961 Retry-After = "Retry-After" ":" ( HTTP-date | delta-seconds )
1962
1963 Two examples of its use are
1964
1965 Retry-After: Wed, 14 Dec 1994 18:22:54 GMT
1966
1967 Retry-After: 120
1968
1969 In the latter example, the delay is 2 minutes.
1970
1971 6.3.3 Server
1972
1973 The Server header field contains information about the software
1974 being used by the origin server program handling the request. The
1975 field is analogous to the User-Agent field and has the following
1976 format:
1977
1978 Server = "Server" ":" 1*( product )
1979
1980 Example:
1981
1982 Server: CERN/3.0 libwww/2.17
1983
1984 If the response is being forwarded through a proxy, the proxy
1985 application must not add its data to the product list. Instead, it
1986 should include a Forwarded field, as described in Section 4.3.2.
1987
1988 6.3.4 WWW-Authenticate
1989
1990 The WWW-Authenticate header field must be included as part of a
1991 "401 Unauthorized" response. The field value consists of a
1992 challenge that indicates the authentication scheme and parameters
1993 applicable to the Request-URI.
1994
1995 WWW-Authenticate = "WWW-Authenticate" ":" challenge
1996
1997 The HTTP access authentication process is described in Section 10.
1998
1999 7. Entity
2000
2001 Full-Request and Full-Response messages may transfer an entity
2002 within some requests and responses. An entity consists of Entity-
2003 Header fields and (usually) an Entity-Body. In this section, both
2004 sender and recipient refer to either the client or the server,
2005 depending on who sends and who receives the entity.
2006
2007 7.1 Entity Header Fields
2008
2009 This section specifies the format and semantics of the Entity-
2010 Header fields. Entity-Header fields define optional metainformation
2011 about the Entity-Body or, if no body is present, about the resource
2012 identified by the request.
2013
2014 Entity-Header = Allow
2015 | Content-Encoding
2016 | Content-Language
2017 | Content-Length
2018 | Content-Transfer-Encoding
2019 | Content-Type
2020 | Derived-From
2021 | Expires
2022 | Last-Modified
2023 | Link
2024 | Location
2025 | Title
2026 | URI-header
2027 | Version
2028 | extension-header
2029
2030 extension-header = HTTP-header
2031
2032 Each entity header field is explained in the subsections below.
2033 Other header fields are allowed but cannot be assumed to be
2034 recognizable by the recipient. Unknown header fields should be
2035 ignored by the recipient and forwarded by proxies.
2036
2037 Note: It has been proposed that any HTML metainformation
2038 element (allowed within the <HEAD> element of a document) be
2039 a valid candidate for an HTTP entity header. This document
2040 defines two header fields, Link and Title, which are both
2041 examples of this. Base will be used in future versions of
2042 HTTP.
2043
2044 7.1.1 Allow
2045
2046 The Allow header field lists the set of methods supported by the
2047 resource identified by the Request-URI. The purpose of this field
2048 is strictly to inform the recipient of valid methods associated
2049 with the resource; it must be present in a response with status
2050 code "405 Method Not Allowed".
2051
2052 Allow = "Allow" ":" 1#method
2053
2054 Example of use:
2055
2056 Allow: GET, HEAD, PUT
2057
2058 This does not prevent a client from trying other methods. However,
2059 it is recommended that the indications given by this field be
2060 followed. This field has no default value; if left undefined, the
2061 set of allowed methods is defined by the origin server at the time
2062 of each request.
2063
2064 If a response passes through a proxy which does not understand one
2065 or more of the methods indicated in the Allow header, the proxy
2066 must not modify the Allow header; the user agent may have other
2067 means of communicating with the origin server.
2068
2069 7.1.2 Content-Encoding
2070
2071 The Content-Encoding header field is used as a modifier to the
2072 media-type. When present, its value indicates what additional
2073 encoding mechanism has been applied to the resource, and thus what
2074 decoding mechanism must be applied in order to obtain the media-
2075 type referenced by the Content-Type header field. The Content-
2076 Encoding is primarily used to allow a document to be compressed
2077 without losing the identity of its underlying media type.
2078
2079 Content-Encoding = "Content-Encoding" ":" encoding-mechanism
2080
2081 Encoding mechanisms are defined in Section 8.4. An example of its
2082 use is
2083
2084 Content-Encoding: gzip
2085
2086 The Content-Encoding is a characteristic of the resource identified
2087 by the Request-URI. Typically, the resource is stored with this
2088 encoding and is only decoded before rendering or analogous usage.
2089
2090 7.1.3 Content-Language
2091
2092 The Content-Language field describes the natural language(s) of the
2093 intended audience for the enclosed entity. Note that this may not
2094 be equivalent to all the languages used within the entity.
2095
2096 Content-Language = "Content-Language" ":" 1#language-tag
2097
2098 Language tags are defined in Section 8.2. The primary purpose of
2099 Content-Language is to allow a selective consumer to identify and
2100 differentiate resources according to the consumer's own preferred
2101 language. Thus, if the body content is intended only for a Danish
2102 audience, the appropriate field is
2103
2104 Content-Language: dk
2105
2106 If no Content-Language is specified, the default is that the
2107 content is intended for all language audiences. This may mean that
2108 the sender does not consider it to be specific to any natural
2109 language, or that the sender does not know for which language it is
2110 intended.
2111
2112 Multiple languages may be listed for content that is intended for
2113 multiple audiences. For example, a rendition of the "Treaty of
2114 Waitangi," presented simultaneously in the original Maori and
2115 English versions, would call for
2116
2117 Content-Language: mi, en
2118
2119 However, just because multiple languages are present within an
2120 entity does not mean that it is intended for multiple linguistic
2121 audiences. An example would be a beginner's language primer, such
2122 as "A First Lesson in Latin," which is clearly intended to be used
2123 by an English audience. In this case, the Content-Language should
2124 only include "en".
2125
2126 Content-Language may be applied to any media type -- it should not
2127 be considered limited to textual documents.
2128
2129 7.1.4 Content-Length
2130
2131 The Content-Length header field indicates the size of the Entity-
2132 Body (in decimal number of octets) sent to the recipient or, in the
2133 case of the HEAD method, the size of the Entity-Body that would
2134 have been sent had the request been a GET.
2135
2136 Content-Length = "Content-Length" ":" 1*DIGIT
2137
2138 An example is
2139
2140 Content-Length: 3495
2141
2142 Although it is not required, applications are strongly encouraged
2143 to use this field to indicate the size of the Entity-Body to be
2144 transferred, regardless of the media type of the entity.
2145
2146 Any Content-Length greater than or equal to zero is a valid value.
2147 Section 7.2.2 describes how to determine the length of an Entity-
2148 Body if a Content-Length is not given.
2149
2150 Note: The meaning of this field is significantly different
2151 from the corresponding definition in MIME, where it is an
2152 optional field used within the "message/external-body"
2153 content-type. In HTTP, it should be used whenever the
2154 entity's length can be determined prior to being transferred.
2155
2156 7.1.5 Content-Transfer-Encoding
2157
2158 The Content-Transfer-Encoding (CTE) header indicates what (if any)
2159 type of transformation has been applied to the entity in order to
2160 safely transfer it between the sender and the recipient. This
2161 differs from the Content-Encoding in that the CTE is a property of
2162 the message, not of the original resource.
2163
2164 Content-Transfer-Encoding
2165 = "Content-Transfer-Encoding" ":" transfer-encoding
2166
2167 Transfer encodings are defined in Section 8.5. Because all HTTP
2168 transactions take place on an 8-bit clean connection, the default
2169 Content-Transfer-Encoding for all messages is binary. However, HTTP
2170 may be used to transfer MIME messages which already have a defined
2171 CTE. An example is:
2172
2173 Content-Transfer-Encoding: quoted-printable
2174
2175 Many older HTTP/1.0 applications do not understand the Content-
2176 Transfer-Encoding header. However, since it may appear in any MIME
2177 message (i.e. entities retrieved via a gateway to a MIME-conformant
2178 protocol), future HTTP/1.0 applications are required to understand
2179 it upon receipt. Gateways are the only HTTP applications that would
2180 generate a CTE.
2181
2182 7.1.6 Content-Type
2183
2184 The Content-Type header field indicates the media type of the
2185 Entity-Body sent to the recipient or, in the case of the HEAD
2186 method, the media type that would have been sent had the request
2187 been a GET.
2188
2189 Content-Type = "Content-Type" ":" media-type
2190
2191 Media types are defined in Section 8.1. An example of the field is
2192
2193 Content-Type: text/html; charset=ISO-8859-4
2194
2195 The Content-Type header field has no default value. Further
2196 discussion of methods for identifying the media type of an entity
2197 is provided in Section 7.2.1.
2198
2199 7.1.7 Derived-From
2200
2201 The Derived-From header field can be used to indicate the version
2202 tag of the resource from which the enclosed entity was derived
2203 before modifications were made by the sender. This field is used to
2204 help manage the process of merging successive changes to a
2205 resource, particularly when such changes are being made in parallel
2206 and from multiple sources.
2207
2208 Derived-From = "Derived-From" ":" version-tag
2209
2210 An example use of the field is:
2211
2212 Derived-From: 2.1.1
2213
2214 A longer example of version control is included in Appendix C. The
2215 Derived-From field is required for PUT requests if the entity being
2216 put was previously retrieved from the same URI and a Version header
2217 was included with the entity when it was last retrieved.
2218
2219 7.1.8 Expires
2220
2221 The Expires field gives the date/time after which the entity should
2222 be considered stale. This allows information providers to suggest
2223 the volatility of the resource. Caching clients (including proxies)
2224 must not cache this copy of the resource beyond the date given,
2225 unless its status has been updated by a later check of the origin
2226 server. The presence of an Expires field does not imply that the
2227 original resource will change or cease to exist at, before, or
2228 after that time. However, information providers that know (or even
2229 suspect) that a resource will change by a certain date are strongly
2230 encouraged to include an Expires header with that date. The format
2231 is an absolute date and time as defined by HTTP-date in Section 3.3.
2232
2233 Expires = "Expires" ":" HTTP-date
2234
2235 An example of its use is
2236
2237 Expires: Thu, 01 Dec 1994 16:00:00 GMT
2238
2239 The Expires field has no default value. If the date given is equal
2240 to or earlier than the value of the Date header, the recipient must
2241 not cache the enclosed entity. If a resource is dynamic by nature,
2242 as is the case with many data-producing processes, copies of that
2243 resource should be given an appropriate Expires value which
2244 reflects that dynamism.
2245
2246 The Expires field cannot be used to force a user agent to refresh
2247 its display or reload a resource; its semantics apply only to
2248 caching mechanisms, and such mechanisms need only check a
2249 resource's expiration status when a new request for that resource
2250 is initiated.
2251
2252 Note: Applications are encouraged to be tolerant of bad or
2253 misinformed implementations of the Expires header. In
2254 particular, recipients may wish to recognize a delta-seconds
2255 value (any decimal integer) as representing the number of
2256 seconds after receipt of the message that its contents
2257 should be considered expired. Likewise, a value of zero (0)
2258 or an invalid date format may be considered equivalent to an
2259 "expires immediately." Although these values are not
2260 legitimate for HTTP/1.0, a robust implementation is always
2261 desirable.
2262
2263 7.1.9 Last-Modified
2264
2265 The Last-Modified header field indicates the date and time at which
2266 the sender believes the resource was last modified. The exact
2267 semantics of this field are defined in terms of how the receiver
2268 should interpret it: if the receiver has a copy of this resource
2269 which is older than the date given by the Last-Modified field, that
2270 copy should be considered stale.
2271
2272 Last-Modified = "Last-Modified" ":" HTTP-date
2273
2274 An example of its use is
2275
2276 Last-Modified: Tue, 15 Nov 1994 12:45:26 GMT
2277
2278 The exact meaning of this header field depends on the
2279 implementation of the sender and the nature of the original
2280 resource. For files, it may be just the file system last-mod date.
2281 For entities with dynamically included parts, it may be the most
2282 recent of the set of last-mod dates of its component parts. For
2283 database gateways, it may be the last-update timestamp of the
2284 record. For virtual objects, it may be the last time the internal
2285 state changed. In any case, the recipient should only know (and
2286 care) about the result -- whatever gets stuck in the Last-Modified
2287 field -- and not worry about how that result was obtained.
2288
2289 7.1.10 Link
2290
2291 The Link header provides a means for describing a relationship
2292 between the entity and some other resource. An entity may include
2293 multiple Link values. Links at the metainformation level typically
2294 indicate relationships like hierarchical structure and navigation
2295 paths. The Link field is semantically equivalent to the <LINK>
2296 element in HTML [4].
2297
2298 Link = "Link" ":" 1#("<" URI ">"
2299 [ ";" "rel" "=" relation ]
2300 [ ";" "rev" "=" relation ]
2301 [ ";" "title" "=" quoted-string ] )
2302
2303 relation = sgml-name
2304
2305 sgml-name = ALPHA *( ALPHA | DIGIT | "." | "-" )
2306
2307 Relation values are not case-sensitive and may be extended within
2308 the constraints of the sgmlname syntax. There are no predefined
2309 link relationship values for HTTP/1.0. The title parameter may be
2310 used to label the destination of a link such that it can be used as
2311 identification within a human-readable menu. Examples of usage
2312 include:
2313
2314 Link: <http://www.cern.ch/TheBook/chapter2>; rel="Previous"
2315
2316 Link: <mailto:timbl@w3.org>; rev="Made"; title="Tim Berners-Lee"
2317
2318 The first example indicates that the entity is previous to chapter2
2319 in a logical navigation path. The second indicates that the
2320 publisher of the resource is identified by the given e-mail address.
2321
2322 7.1.11 Location
2323
2324 The Location header field is an earlier form of the URI-header and
2325 is considered obsolete. However, HTTP/1.0 applications should
2326 continue to support the Location header in order to properly
2327 interface with older applications. The purpose of Location is
2328 identical to that of the URI-header, except that no variants can be
2329 specified and only one absolute location URL is allowed.
2330
2331 Location = "Location" ":" URI
2332
2333 An example is
2334
2335 Location: http://info.cern.ch/hypertext/WWW/NewLocation.html
2336
2337 7.1.12 Title
2338
2339 The Title header field indicates the title of the entity
2340
2341 Title = "Title" ":" *text
2342
2343 An example of the field is
2344
2345 Title: Hypertext Transfer Protocol -- HTTP/1.0
2346
2347 This field is to be considered isomorphic with the <TITLE> element
2348 in HTML [4].
2349
2350 7.1.13 URI
2351
2352 The URI-header field may contain one or more Universal Resource
2353 Identifiers (URIs) by which the resource origin of the entity can
2354 be identified. There is no guarantee that the resource can be
2355 accessed using the URI(s) specified. This field is required for the
2356 201, 301, and 302 response messages, and may be included in any
2357 message that contains resource metainformation.
2358
2359 URI-header = "URI" ":" 1#( "<" URI ">" [ ";" vary ] )
2360
2361 vary = "vary" "=" <"> 1#vary-dimension <">
2362 vary-dimension = "type" | "language" | "version" | "encoding"
2363 | "charset" | "user-agent" | extension-vary
2364
2365 extension-vary = token
2366
2367 Any URI specified in this field can be either absolute or relative
2368 to the URI given in the Request-Line. The URI-header improves upon
2369 the Location header field described in Section 7.1.11. For
2370 backwards compatibility with older clients, servers are encouraged
2371 to include both header fields in 301 and 302 responses.
2372
2373 The URI-header may also be used by a client performing a POST
2374 request to suggest a URI for the new entity. Whether or not the
2375 suggested URI is used is entirely up to the server to decide. In
2376 any case, the server's response must include the actual URI(s) of
2377 the new resource if one is successfully created (status 201).
2378
2379 If a URI refers to a set of variants, then the dimensions of that
2380 variance must be given with a vary parameter. One example is:
2381
2382 URI: <http://info.cern.ch/hypertext/WWW/TheProject.multi>;
2383 vary="type,language"
2384
2385 which indicates that the URI covers a group of entities that vary
2386 in media type and natural language. A request for that URI will
2387 result in a response that depends upon the client's request headers
2388 for Accept and Accept-Language. Similar dimensions exist for the
2389 Accept-Encoding, Accept-Charset, Version, and User-Agent header
2390 fields, as demonstrated in the following example.
2391
2392 URI: <TheProject.ps>;vary="encoding,version",
2393 <TheProject.html>;vary="user-agent,charset,version"
2394
2395 The vary parameter has an important effect on cache management,
2396 particularly for caching proxies which service a diverse set of
2397 user agents. Since the response to one user agent may differ from
2398 the response to a second user agent if the two agents have
2399 differing request profiles, a caching proxy must keep track of the
2400 content metainformation for resources with varying dimensions.
2401 Thus, the vary parameter tells the caching proxy what entity
2402 headers must be part of the key for caching that URI. When the
2403 caching proxy gets a request for that URI, it must forward the
2404 request toward the origin server if the request profile includes a
2405 variant dimension that has not already been cached.
2406
2407 7.1.14 Version
2408
2409 The Version field defines the version tag associated with a
2410 rendition of an evolving entity. Together with the Derived-From
2411 field described in Section 7.1.7, it allows a group of people to
2412 work simultaneously on the creation of a work as an iterative
2413 process. The field should be used to allow evolution of a
2414 particular work along a single path. It should not be used to
2415 indicate derived works or renditions in different representations.
2416
2417 Version = "Version" ":" version-tag
2418
2419 version-tag = token | quoted-string
2420
2421 Examples of the Version field include:
2422
2423 Version: 2.1.2
2424 Version: "Fred 19950116-12:26:48"
2425 Version: 2.5a4-omega7
2426
2427 The version tag should be considered opaque to all parties but the
2428 origin server. A user agent can request a particular version of an
2429 entity by including its tag in a Version header as part of the
2430 request. Similarly, a user agent may suggest a value for the
2431 version of an entity transferred via a PUT or POST request.
2432 However, only the origin server can reliably assign or increment
2433 the version tag of an entity.
2434
2435 7.2 Entity Body
2436
2437 The entity-body (if any) sent with an HTTP/1.0 request or response
2438 is in a format and encoding defined by the Entity-Header fields.
2439
2440 Entity-Body = *OCTET
2441
2442 An entity-body is included with a request message only when the
2443 request method calls for one. This specification defines two
2444 request methods, "POST" and "PUT", that allow an entity-body. In
2445 general, the presence of an entity-body in a request is signaled by
2446 the inclusion of a Content-Length and/or Content-Transfer-Encoding
2447 header field in the request message headers.
2448
2449 Note: Most current implementations of the POST and PUT
2450 methods require a valid Content-Length header field. This
2451 can cause problems for some systems that do not know the
2452 size of the entity-body before transmission. Experimental
2453 implementations (and future versions of HTTP) may use a
2454 packetized Content-Transfer-Encoding to obviate the need for
2455 a Content-Length.
2456
2457 For response messages, whether or not an entity-body is included
2458 with a message is dependent on both the request method and the
2459 response code. All responses to the HEAD request method must not
2460 include a body, even though the presence of Content header fields
2461 may lead one to believe they should. Similarly, the responses "204
2462 No Content", "304 Not Modified", and "406 None Acceptable" must not
2463 include a body.
2464
2465 7.2.1 Type
2466
2467 When an Entity-Body is included with a message, the data type of
2468 that body is determined via the header fields Content-Type,
2469 Content-Encoding, and Content-Transfer-Encoding. These define a
2470 three-layer, ordered encoding model:
2471
2472 entity-body <-
2473 Content-Transfer-Encoding( Content-Encoding( Content-Type ) )
2474
2475 The default for both encodings is none (i.e., the identity
2476 function). A Content-Type specifies the media type of the
2477 underlying data. A Content-Encoding may be used to indicate an
2478 additional encoding mechanism applied to the type (usually for the
2479 purpose of data compression) that is a property of the resource
2480 requested. A Content-Transfer-Encoding may be applied by a
2481 transport agent to ensure safe and/or proper transfer of the
2482 message. Note that the Content-Transfer-Encoding is a property of
2483 the message, not of the resource.
2484
2485 The Content-Type header field has no default value. If and only if
2486 the media type is not given by a Content-Type header (as is always
2487 the case for Simple-Response messages), the receiver may attempt to
2488 guess the media type via inspection of its content and/or the name
2489 extension(s) of the URL used to access the resource. If the media
2490 type remains unknown, the receiver should treat it as type
2491 "application/octet-stream".
2492
2493 7.2.2 Length
2494
2495 When an Entity-Body is included with a message, the length of that
2496 body may be determined in one of several ways. If a Content-Length
2497 header field is present, its value in bytes (number of octets)
2498 represents the length of the Entity-Body. Otherwise, the body
2499 length is determined by the Content-Type (for types with an
2500 explicit end-of-body delimiter), the Content-Transfer-Encoding (for
2501 packetized encodings), or the closing of the connection by the
2502 server. Note that the latter cannot be used to indicate the end of
2503 a request body, since it leaves no possibility for the server to
2504 send back a response.
2505
2506 Note: Some older servers supply an invalid Content-Length
2507 when sending a document that contains server-side includes
2508 dynamically inserted into the data stream. It must be
2509 emphasized that this will not be tolerated by future
2510 versions of HTTP. Unless the client knows that it is
2511 receiving a response from a compliant server, it should not
2512 depend on the Content-Length value being correct.
2513
2514 8. Content Parameters
2515
2516 8.1 Media Types
2517
2518 HTTP uses Internet Media Types [15], formerly referred to as MIME
2519 Content-Types [6], in order to provide open and extensible data
2520 typing and type negotiation. For mail applications, where there is
2521 no type negotiation between sender and receiver, it is reasonable
2522 to put strict limits on the set of allowed media types. With HTTP,
2523 however, user agents can identify acceptable media types as part of
2524 the connection, and thus are allowed more freedom in the use of non-
2525 registered types. The following grammar for media types is a
2526 superset of that for MIME because it does not restrict itself to
2527 the official IANA and x-token types.
2528
2529 media-type = type "/" subtype *( ";" parameter )
2530 type = token
2531 subtype = token
2532
2533 Parameters may follow the type/subtype in the form of
2534 attribute/value pairs.
2535
2536 parameter = attribute "=" value
2537 attribute = token
2538 value = token | quoted-string
2539
2540 The type, subtype, and parameter attribute names are not case-
2541 sensitive. Parameter values may or may not be case-sensitive,
2542 depending on the semantics of the parameter name. No LWS is allowed
2543 between the type and subtype, nor between an attribute and its
2544 value.
2545
2546 If a given media-type value has been registered by the IANA, any
2547 use of that value must be indicative of the registered data format.
2548 Although HTTP allows the use of non-registered media types, such
2549 usage must not conflict with the IANA registry. Data providers are
2550 strongly encouraged to register their media types with IANA via the
2551 procedures outlined in RFC 1590 [15].
2552
2553 All media-type's registered by IANA must be preferred over
2554 extension tokens. However, HTTP does not limit conforming
2555 applications to the use of officially registered media types, nor
2556 does it encourage the use of an "x-" prefix for unofficial types
2557 outside of explicitly short experimental use between consenting
2558 applications.
2559
2560 8.1.1 Canonicalization and Text Defaults
2561
2562 Media types are registered in a canonical form. In general, entity
2563 bodies transferred via HTTP must be represented in the appropriate
2564 canonical form prior to transmission. If the body has been encoded
2565 via a Content-Encoding and/or Content-Transfer-Encoding, the data
2566 must be in canonical form prior to that encoding. However, HTTP
2567 modifies the canonical form requirements for media of primary type
2568 "text" and for "application" types consisting of text-like records.
2569
2570 HTTP redefines the canonical form of text media to allow multiple
2571 octet sequences to indicate a text line break. In addition to the
2572 preferred form of CRLF, HTTP applications must accept a bare CR or
2573 LF alone as representing a single line break in text media.
2574 Furthermore, if the text media is represented in a character set
2575 which does not use octets 13 and 10 for CR and LF respectively (as
2576 is the case for some multi-byte character sets), HTTP allows the
2577 use of whatever octet sequence(s) is defined by that character set
2578 to represent the equivalent of CRLF, bare CR, and bare LF. It is
2579 assumed that any recipient capable of using such a character set
2580 will know the appropriate octet sequence for representing line
2581 breaks within that character set.
2582
2583 Note: This interpretation of line breaks applies only to the
2584 contents of an Entity-Body and only after any Content-
2585 Transfer-Encoding and/or Content-Encoding has been removed.
2586 All other HTTP constructs use CRLF exclusively to indicate a
2587 line break. Encoding mechanisms define their own line break
2588 requirements.
2589
2590 A recipient of an HTTP text entity should translate the received
2591 entity line breaks to the local line break conventions before
2592 saving the entity external to the application and its cache;
2593 whether this translation takes place immediately upon receipt of
2594 the entity, or only when prompted by the user, is entirely up to
2595 the individual application.
2596
2597 HTTP also redefines the default character set for text media in an
2598 entity body. If a textual media type defines a charset parameter
2599 with a registered default value of "US-ASCII", HTTP changes the
2600 default to be "ISO-8859-1". Since the character set ISO-8859-1 [19]
2601 is a superset of USASCII [18], this has no effect upon the
2602 interpretation of entity bodies which only contain octets within
2603 the US-ASCII set (0 - 127). The presence of a charset parameter
2604 value in a Content-Type header field overrides the default.
2605
2606 HTTP does not require that the character set of an entity body be
2607 labelled as the lowest common denominator of the character codes
2608 used within a document.
2609
2610 8.1.2 Multipart Types
2611
2612 MIME provides for a number of "multipart" types -- encapsulations of
2613 several entities within a single message's Entity-Body. The
2614 multipart types registered by IANA [17] do not have any special
2615 meaning for HTTP/1.0, though user agents may need to understand
2616 each type in order to correctly interpret the purpose of each body-
2617 part. Ideally, an HTTP user agent should follow the same or similar
2618 behavior as a MIME user agent does upon receipt of a multipart type.
2619
2620 As in MIME [6], all multipart types share a common syntax and must
2621 include a boundary parameter as part of the media type value. The
2622 message body is itself a protocol element and must therefore use
2623 only CRLF to represent line breaks between body-parts. Unlike in
2624 MIME, multipart body-parts may contain HTTP header fields which are
2625 significant to the meaning of that part.
2626
2627 A URI-header field (Section 7.1.13) should be included in the body-
2628 part for each enclosed entity that can be identified by a URI.
2629
2630 8.2 Language Tags
2631
2632 A language tag identifies a natural language spoken, written, or
2633 otherwise conveyed by human beings for communication of information
2634 to other human beings. Computer languages are explicitly excluded.
2635 The HTTP/1.0 protocol uses language tags within the Accept-Language
2636 and Content-Language header fields.
2637
2638 The syntax and registry of HTTP language tags is the same as that
2639 defined by RFC 1766 [1]. In summary, a language tag is composed of
2640 1 or more parts: A primary language tag and a (possibly empty)
2641 series of subtags:
2642
2643 language-tag = primary-tag *( "-" subtag )
2644
2645 primary-tag = 1*8ALPHA
2646 subtag = 1*8ALPHA
2647
2648 Whitespace is not allowed within the tag and all tags are to be
2649 treated as case insensitive. The namespace of language tags is
2650 administered by the IANA. Example tags include:
2651
2652 en, en-US, en-cockney, i-cherokee, x-pig-latin
2653
2654 where any two-letter primary-tag is an ISO 639 language
2655 abbreviation and any two-letter initial subtag is an ISO 3166
2656 country code.
2657
2658 Note: Earlier versions of this document specified an
2659 incomplete language tag, where values were limited to ISO
2660 639 language abbreviations with an optional ISO 3166 country
2661 code appended after an underscore ("_") or slash ("/")
2662 character. This format was abandoned in favor of the
2663 recently proposed standard for Internet protocols.
2664
2665 8.3 Character Sets
2666
2667 HTTP uses the same definition of the term "character set" as that
2668 described for MIME:
2669
2670 The term "character set" is used in this document to
2671 refer to a method used with one or more tables to convert
2672 a sequence of octets into a sequence of characters. Note
2673 that unconditional conversion in the other direction is
2674 not required, in that not all characters may be available
2675 in a given character set and a character set may provide
2676 more than one sequence of octets to represent a
2677 particular character. This definition is intended to
2678 allow various kinds of character encodings, from simple
2679 single-table mappings such as US-ASCII to complex table
2680 switching methods such as those that use ISO 2022's
2681 techniques. However, the definition associated with a
2682 MIME character set name must fully specify the mapping to
2683 be performed from octets to characters. In particular,
2684 use of external profiling information to determine the
2685 exact mapping is not permitted.
2686
2687 Character sets are identified by case-insensitive tokens. The
2688 complete set of allowed charset values are defined by the IANA
2689 Character Set registry [17]. However, because that registry does
2690 not define a single, consistent token for each character set, we
2691 define here the preferred names for those character sets most
2692 likely to be used with HTTP entities. This set of charset values
2693 includes those registered by RFC 1521 [6] -- the US-ASCII [18] and
2694 ISO8859 [19] character sets -- and other character set names
2695 specifically recommended for use within MIME charset parameters.
2696
2697 charset = "US-ASCII"
2698 | "ISO-8859-1" | "ISO-8859-2" | "ISO-8859-3"
2699 | "ISO-8859-4" | "ISO-8859-5" | "ISO-8859-6"
2700 | "ISO-8859-7" | "ISO-8859-8" | "ISO-8859-9"
2701 | "ISO-2022-JP" | "ISO-2022-JP-2" | "ISO-2022-KR"
2702 | "UNICODE-1-1" | "UNICODE-1-1-UTF-7" | "UNICODE-1-1-UTF-8"
2703 | token
2704
2705 Although HTTP allows an arbitrary token to be used as a character
2706 set value, any token that has a predefined value within the IANA
2707 Character Set registry [17] must represent the character set
2708 defined by that registry. Applications are encouraged, but not
2709 required, to limit their use of character sets to those defined by
2710 the IANA registry.
2711
2712 8.4 Encoding Mechanisms
2713
2714 Encoding mechanism values are used to indicate an encoding
2715 transformation that has been or can be applied to a resource.
2716 Encoding mechanisms are primarily used to allow a document to be
2717 compressed or encrypted without losing the identity of its
2718 underlying media type. Typically, the resource is stored with this
2719 encoding and is only decoded before rendering or analogous usage.
2720
2721 encoding-mechanism = "gzip" | "compress" | token
2722
2723 Note: For historical reasons, HTTP/1.0 applications should
2724 consider "x-gzip" and "x-compress" to be equivalent to
2725 "gzip" and "compress", respectively.
2726
2727 All encoding-mechanism values are case-insensitive. HTTP/1.0 uses
2728 encoding-mechanism values in the Accept-Encoding (Section 5.4.3)
2729 and Content-Encoding (Section 7.1.2) header fields. Although the
2730 value describes the encoding-mechanism, what is more important is
2731 that it indicates what decoding mechanism will be required to
2732 remove the encoding. Note that a single program may be capable of
2733 decoding multiple encoding-mechanism formats. Two values are
2734 defined by this specification:
2735
2736 gzip An encoding format produced by the file compression program
2737 "gzip" (GNU zip) developed by Jean-loup Gailly. This format
2738 is typically a Lempel-Ziv coding (LZ77) with a 32 bit CRC.
2739 Gzip is available from the GNU project at
2740 <URL:ftp://prep.ai.mit.edu/pub/gnu/>.
2741
2742 compress The encoding format produced by the file compression
2743 program "compress". This format is an adaptive Lempel-Ziv-
2744 Welch coding (LZW).
2745
2746 8.5 Transfer Encodings
2747
2748 Transfer encoding values are used to indicate an encoding
2749 transformation that has been, can be, or may need to be applied to
2750 an Entity-Body in order to ensure safe transport through the
2751 network. Transfer encodings are only used with entities destined
2752 for or retrieved from MIME-conformant systems, and thus will rarely
2753 occur in an HTTP/1.0 message. This differs from an encoding-
2754 mechanism in that the transfer encoding is a property of the
2755 message, not of the original resource.
2756
2757 transfer-encoding = "binary" | "8bit" | "7bit"
2758 | "quoted-printable" | "base64"
2759 | token
2760
2761 All transfer-encoding values are case-insensitive. HTTP/1.0 uses
2762 transfer-encoding values in the Accept-Encoding (Section 5.4.3) and
2763 Content-Transfer-Encoding (Section 7.1.5) header fields.
2764
2765 The values "7bit", "8bit", and "binary" are used to indicate that
2766 no transfer encoding has been performed. Instead, they describe the
2767 sort of encoding that might be needed for transmission through an
2768 unsafe transport system. Binary indicates that the body may contain
2769 any set of octets. 8bit adds the restrictions that CR and LF
2770 characters only occur as part of CRLF line separators, all lines
2771 are short (less than 1000 octets), and no NULs (octet 0) are
2772 present. 7bit adds a further restriction that all octets are 7-bit
2773 US-ASCII characters.
2774
2775 The "quoted-printable" and "base64" values indicate that the
2776 associated encoding (as defined in MIME [6]) has been applied to
2777 the body. These encodings consist entirely of 7-bit US-ASCII
2778 characters.
2779
2780 9. Content Negotiation
2781
2782 Content negotiation is an optional feature of the HTTP protocol. It
2783 is designed to allow for preemptive selection of a preferred
2784 content representation, within a single request-response round-trip,
2785 and without intervention from the user. However, this may not
2786 always be desirable for the user and is sometimes unnecessary for
2787 the content provider. Implementors are encouraged to provide
2788 mechanisms whereby the amount of preemptive content negotiation,
2789 and the parameters of that negotiation, are configurable by the
2790 user and server maintainer.
2791
2792 The first step in the negotiation algorithm is for the server to
2793 determine whether or not there are any content variants for the
2794 requested resource. Content variants may be in the form of multiple
2795 preexisting entities or a set of dynamic conversion filters. If
2796 there are no variant forms of the resource, the "negotiation" is
2797 limited to whether or not that single media type is acceptable
2798 under the constraints given by the Accept request header field
2799 (if any).
2800
2801 If variants are available, those variants that are completely
2802 unacceptable should be removed from consideration first.
2803 Unacceptable variants include those with a Content-Encoding not
2804 listed in an Accept-Encoding field, those with a character subset
2805 (other than the default ISO-8859-1) not listed in an Accept-Charset
2806 field, and those with a media type not within any of the media
2807 ranges of an explicitly constrained Accept field (or listed with a
2808 zero quality parameter).
2809
2810 If no acceptable variants remain at this point, the server should
2811 respond with a "406 None Acceptable" response message. If more than
2812 one variant remains, and at least one has a Content-Language within
2813 those listed by an Accept-Language field, any variants which do not
2814 match the language constraint are removed from further
2815 consideration.
2816
2817 If multiple choices still remain, the selection is further winnowed
2818 by calculating and comparing the relative quality of the available
2819 media types. The calculated weights are normalized to a real number
2820 in the range 0 through 1, where 0 is the minimum and 1 the maximum
2821 value. The following parameters are included in the calculation:
2822
2823 q The quality factor chosen by the user agent (and
2824 configurable by the user) that represents the desirability
2825 of that media type. In this case, desirability is usually a
2826 measure of the clients ability to faithfully represent the
2827 contents of that media type to the user. The value is in
2828 the range [0,1], where the default value is 1.
2829
2830 qs The quality factor, as chosen by the server (via some
2831 unspecified mechanism), to represent the relative quality
2832 of a particular variant representation of the source. For
2833 example, a picture originally in JPEG form would have a
2834 lower qs when translated to the XBM format, and much lower
2835 qs when translated to an ASCII-art representation. Note,
2836 however, that this is a function of the source -- an
2837 original piece of ASCII-art may degrade in quality if it is
2838 captured in JPEG form. The qs value has the same range and
2839 default as q.
2840
2841 mxb The maximum number of bytes in the Entity-Body accepted by
2842 the client. The default value is mxb=undefined
2843 (i.e. infinity).
2844
2845 bs The actual number of bytes in the Entity-Body for a
2846 particular source representation. This should equal the
2847 value sent as Content-Length. The default value is 0.
2848
2849 The discrete mapping function is defined as:
2850
2851 { if mxb=undefined, then (qs * q) }
2852 Q(q,qs,mxb,bs) = { if mxb >= bs, then (qs * q) }
2853 { if mxb < bs, then 0 }
2854
2855 The variants with a maximal value for the Q function represent the
2856 preferred representation(s) of the entity. If multiple
2857 representations exist for a single media type (as would be the case
2858 if they only varied by Content-Encoding), then the smallest
2859 representation (lowest bs) is preferred.
2860
2861 Finally, there may still be multiple choices available to the user.
2862 If so, the server may either choose one (possibly at random) from
2863 those available and respond with "200 OK", or it may respond with
2864 "300 Multiple Choices" and include an entity describing the
2865 choices. In the latter case, the entity should either be of type
2866 "text/html' (such that the user can choose from among the choices
2867 by following an exact link) or of some type that would allow the
2868 user agent to perform the selection automatically (no such type is
2869 available at the time of this writing).
2870
2871 The "300 Multiple Choices" response can be given even if the server
2872 does not perform any winnowing of the representation choices via
2873 the content negotiation algorithm described above. Furthermore, it
2874 may include choices that were not considered as part of the
2875 negotiation algorithm and resources that may be located at other
2876 servers.
2877
2878 10. Access Authentication
2879
2880 HTTP provides a simple challenge-response authorization mechanism
2881 which may be used by a server to challenge a client request and by
2882 a client to provide authentication information. The mechanism uses
2883 an extensible token to identify the authentication scheme, followed
2884 by a comma-separated list of attribute-value pairs which carry the
2885 parameters necessary for achieving authentication via that scheme.
2886
2887 auth-scheme = "Basic" | token
2888
2889 auth-param = token "=" quoted-string
2890
2891 The "401 Unauthorized" response message is used by an origin server
2892 to challenge the authorization of a user agent. This response must
2893 include a WWW-Authenticate header field containing the challenge
2894 applicable to the requested resource.
2895
2896 challenge = auth-scheme 1*LWS realm [ "," 1#auth-param ]
2897
2898 realm = "Realm" "=" quoted-string
2899
2900 The realm attribute is required for all access authentication
2901 schemes which issue a challenge. The realm value, in combination
2902 with the root URL of the server being accessed, defines the
2903 authorization space. These realms allow the protected resources on
2904 a server to be partitioned into a set of authorization spaces, each
2905 with its own authentication scheme and/or database. The realm value
2906 is a string, generally assigned by the origin server, which may
2907 have additional semantics specific to the authentication scheme.
2908
2909 A user agent that wishes to authenticate itself with a server
2910 (usually, but not necessarily, after receiving a 401 response), may
2911 do so by including an Authorization header field with the request.
2912 The Authorization field value consists of credentials containing
2913 the authentication information of the user agent for the realm of
2914 the resource being requested.
2915
2916 credentials = auth-scheme [ 1*LWS encoded-cookie ] #auth-param
2917
2918 encoded-cookie = 1*<any CHAR except CTLs or tspecials,
2919 but including "=" and "/">
2920
2921 The domain over which credentials can be automatically applied by a
2922 user agent is determined by the authorization space. If a request
2923 is authenticated, the credentials can be reused for all other
2924 requests within that authorization space for a period of time
2925 determined by the authentication scheme, parameters, and/or user
2926 preference.
2927
2928 The HTTP protocol does not restrict applications to this simple
2929 challenge-response mechanism for access authentication. Additional
2930 mechanisms may be used at the transport level, via message
2931 encapsulation, and/or with additional header fields specifying
2932 authentication information. However, these additional mechanisms
2933 are not defined by this specification.
2934
2935 Proxies must be completely transparent regarding user agent access
2936 authentication. That is, they must forward the WWW-Authenticate and
2937 Authorization headers untouched. HTTP/1.0 does not provide a means
2938 for a client to be authenticated with a proxy -- this feature will
2939 be available in future versions of HTTP.
2940
2941 Note: The names Proxy-Authenticate and Proxy-Authorization
2942 have been suggested as headers, analogous to WWW-Authenticate
2943 and Authorization, but applying only to the immediate
2944 connection with a proxy.
2945
2946 10.1 Basic Authentication Scheme
2947
2948 The basic authentication scheme is based on the model that the
2949 client must authenticate itself with a user-ID and a password for
2950 each realm. The realm value should be considered an opaque string
2951 which can only be compared for equality with other realms. The
2952 server will service the request only if it can validate the user-ID
2953 and password for the domain of the Request-URI.
2954
2955 basic-challenge = "Basic" SP realm
2956
2957 The client sends the user-ID and password (separated by a single
2958 colon ":" character) within a base64 [6] encoded-cookie in the
2959 credentials.
2960
2961 basic-credentials = "Basic" SP basic-cookie
2962 basic-cookie = <base64 encoding of userid-password>
2963 userid-password = [ token ] ":" *text
2964
2965 There are no optional authentication parameters for the basic
2966 scheme. For example, if the user agent wishes to send the user-ID
2967 "Aladdin" and password "open sesame", it would use the following
2968 header field:
2969
2970 Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
2971
2972 The basic authentication scheme is a non-secure method of filtering
2973 unauthorized access to resources on an HTTP server. It is based on
2974 the assumption that the connection between the client and the
2975 server can be regarded as a trusted carrier. As this is not
2976 generally true on an open network, the basic authentication scheme
2977 should be used accordingly. In spite of this, clients are strongly
2978 encouraged to implement the scheme in order to communicate with
2979 servers that use it.
2980
2981 11. Security Considerations
2982
2983 This section is meant to inform application developers, information
2984 providers, and users of the security limitations in HTTP/1.0 as
2985 described by this document. The discussion does not include
2986 definitive solutions to the problems revealed, though it does make
2987 some suggestions for reducing security risks.
2988
2989 11.1 Authentication of Clients
2990
2991 As mentioned in Section 10.1, the Basic authentication scheme is
2992 not considered to be a secure method of user authentication, nor
2993 does it prevent the Entity-Body from being transmitted in clear
2994 text across the physical network used as the carrier. HTTP/1.0 does
2995 not prevent additional authentication schemes and encryption
2996 mechanisms to be employed to increase security.
2997
2998 11.2 Idempotent Methods
2999
3000 The writers of client software should be aware that the software
3001 represents the user in their interactions over the net, and should
3002 be careful to allow the user to be aware of any actions they may
3003 take which may have an unexpected significance to themselves or
3004 others.
3005
3006 In particular, the convention has been established that the GET and
3007 HEAD methods should never have the significance of taking an
3008 action. The link "click here to subscribe"--causing the reading of a
3009 special "magic" document--is open to abuse by others making a link
3010 "click here to see a pretty picture." These methods should be
3011 considered "safe" and should not have side effects. This allows the
3012 client software to represent other methods (such as POST, PUT and
3013 DELETE) in a special way, so that the user is aware of the fact
3014 that an action is being requested.
3015
3016 11.3 Abuse of Server Log Information
3017
3018 A server is in the position to save personal data about a user's
3019 requests which may identify their reading patterns or subjects of
3020 interest. This information is clearly confidential in nature and
3021 its handling may be constrained by law in certain countries. People
3022 using the HTTP protocol to provide data are responsible for
3023 ensuring that such material is not distributed without the
3024 permission of any individuals that are identifiable by the
3025 published results.
3026
3027 Two header fields are worth special mention in this context:
3028 Referer and From. The Referer field allows reading patterns to be
3029 studied and reverse links drawn. Although it can be very useful,
3030 its power can be abused if user details are not separated from the
3031 information contained in the Referer. Even when the personal
3032 information has been removed, the Referer field may have indicated
3033 a secure document's URI, whose revelation itself would be a breach
3034 of security.
3035
3036 The information sent in the From field might conflict with the
3037 user's privacy interests or their site's security policy, and hence
3038 it should not be transmitted without the user being able to
3039 disable, enable, and modify the contents of the field. The user
3040 must be able to set the active contents of this field within a user
3041 preference or application defaults configuration.
3042
3043 We suggest, though do not require, that a convenient toggle
3044 interface be provided for the user to enable or disable the sending
3045 of From and Referer information.
3046
3047 12. Acknowledgments
3048
3049 This specification makes heavy use of the augmented BNF and generic
3050 constructs defined by David H. Crocker for RFC 822 [8]. Similarly,
3051 it reuses many of the definitions provided by Nathaniel Borenstein
3052 and Ned Freed for MIME [6]. We hope that their inclusion in this
3053 specification will help reduce past confusion over the relationship
3054 between HTTP/1.0 and Internet mail.
3055
3056 The HTTP protocol has evolved considerably over the past three
3057 years. It has benefited from a large and active developer community--
3058 the many people who have participated on the www-talk mailing list--
3059 and it is that community which has been most responsible for the
3060 success of HTTP and of the World-Wide Web in general.
3061 Marc Andreessen, Robert Cailliau, Daniel W. Connolly, Bob Denny,
3062 Phillip M. Hallam-Baker, Haringkon W. Lie, Ari Luotonen, Rob McCool,
3063 Dave Raggett, Tony Sanders, and Marc VanHeyningen deserve special
3064 recognition for their efforts in defining aspects of the protocol
3065 for early versions of this specification.
3066
3067 This document has benefited greatly from the comments of all those
3068 participating in the HTTPWG. In addition to those already
3069 mentioned, the following individuals have contributed to this
3070 specification:
3071
3072 Gary Adams Harald Tveit Alvestrand
3073 Keith Ball Brian Behlendorf
3074 Paul Burchard Maurizio Codogno
3075 Mike Cowlishaw Michael A. Dolan
3076 John Franks Alex Hopmann
3077 Bob Jernigan Martijn Koster
3078 Dave Kristol Daniel LaLiberte
3079 Albert Lunde John C. Mallery
3080 Larry Masinter Mitra
3081 Gavin Nicol Marc Salomon
3082 Chuck Shotton Eric W. Sink
3083 Simon E. Spero
3084
3085 13. References
3086
3087 [1] H. T. Alvestrand. "Tags for the identification of languages."
3088 RFC 1766, UNINETT, March 1995.
3089
3090 [2] F. Anklesaria, M. McCahill, P. Lindner, D. Johnson, D. Torrey,
3091 and B. Alberti. "The Internet Gopher Protocol: A distributed
3092 document search and retrieval protocol." RFC 1436, University
3093 of Minnesota, March 1993.
3094
3095 [3] T. Berners-Lee. "Universal Resource Identifiers in WWW: A
3096 Unifying Syntax for the Expression of Names and Addresses of
3097 Objects on the Network as used in the World-Wide Web."
3098 RFC 1630, CERN, June 1994.
3099
3100 [4] T. Berners-Lee and D. Connolly. "HyperText Markup Language
3101 Specification - 2.0." Work in Progress (draft-ietf-html-spec-
3102 01.txt), CERN, HaL Computer Systems, February 1995.
3103
3104 [5] T. Berners-Lee, L. Masinter, and M. McCahill. "Uniform Resource
3105 Locators (URL)." RFC 1738, CERN, Xerox PARC, University of
3106 Minnesota, October 1994.
3107
3108 [6] N. Borenstein and N. Freed. "MIME (Multipurpose Internet Mail
3109 Extensions) Part One: Mechanisms for Specifying and Describing
3110 the Format of Internet Message Bodies." RFC 1521, Bellcore,
3111 Innosoft, September 1993.
3112
3113 [7] R. Braden. "Requirements for Internet hosts - application and
3114 support." STD 3, RFC 1123, IETF, October 1989.
3115
3116 [8] D. H. Crocker. "Standard for the Format of ARPA Internet Text
3117 Messages." STD 11, RFC 822, UDEL, August 1982.
3118
3119 [9] F. Davis, B. Kahle, H. Morris, J. Salem, T. Shen, R. Wang,
3120 J. Sui, and M. Grinbaum. "WAIS Interface Protocol Prototype
3121 Functional Specification." (v1.5), Thinking Machines
3122 Corporation, April 1990.
3123
3124 [10] R. T. Fielding. "Relative Uniform Resource Locators." Work in
3125 Progress (draft-ietf-uri-relative-url-05.txt), UC Irvine,
3126 January 1995.
3127
3128 [11] M. Horton and R. Adams. "Standard for interchange of USENET
3129 messages." RFC 1036 (Obsoletes RFC 850), AT&T Bell
3130 Laboratories, Center for Seismic Studies, December 1987.
3131
3132 [12] B. Kantor and P. Lapsley. "Network News Transfer Protocol: A
3133 Proposed Standard for the Stream-Based Transmission of News."
3134 RFC 977, UC San Diego, UC Berkeley, February 1986.
3135
3136 [13] K. Moore. "MIME (Multipurpose Internet Mail Extensions) Part
3137 Two: Message Header Extensions for Non-ASCII Text." RFC 1522,
3138 University of Tennessee, September 1993.
3139
3140 [14] J. Postel. "Simple Mail Transfer Protocol." STD 10, RFC 821,
3141 USC/ISI, August 1982.
3142
3143 [15] J. Postel. "Media Type Registration Procedure." RFC 1590,
3144 USC/ISI, March 1994.
3145
3146 [16] J. Postel and J. K. Reynolds. "File Transfer Protocol (FTP)."
3147 STD 9, RFC 959, USC/ISI, October 1985.
3148
3149 [17] J. Reynolds and J. Postel. "Assigned Numbers." STD 2, RFC 1700,
3150 USC/ISI, October 1994.
3151
3152 [18] US-ASCII. Coded Character Set - 7-Bit American Standard Code for
3153 Information Interchange. Standard ANSI X3.4-1986, ANSI, 1986.
3154
3155 [19] ISO-8859. International Standard -- Information Processing --
3156 8-bit Single-Byte Coded Graphic Character Sets -- Part 1: Latin
3157 Alphabet No. 1, ISO 8859-1:1987. Part 2: Latin alphabet No. 2,
3158 ISO 8859-2, 1987. Part 3: Latin alphabet No. 3, ISO 8859-3,
3159 1988. Part 4: Latin alphabet No. 4, ISO 8859-4, 1988. Part 5:
3160 Latin/Cyrillic alphabet, ISO 8859-5, 1988. Part 6: Latin/Arabic
3161 alphabet, ISO 8859-6, 1987. Part 7: Latin/Greek alphabet, ISO
3162 8859-7, 1987. Part 8: Latin/Hebrew alphabet, ISO 8859-8, 1988.
3163 Part 9: Latin alphabet No. 5, ISO 8859-9, 1990.
3164
3165 14. Authors' Addresses
3166
3167 Tim Berners-Lee
3168 Director, W3 Consortium
3169 MIT Laboratory for Computer Science
3170 545 Technology Square
3171 Cambridge, MA 02139, U.S.A.
3172 Tel: +1 (617) 253 9670
3173 Fax: +1 (617) 258 8682
3174 Email: timbl@w3.org
3175
3176 Roy T. Fielding
3177 Department of Information and Computer Science
3178 University of California
3179 Irvine, CA 92717-3425, U.S.A.
3180 Tel: +1 (714) 824-4049
3181 Fax: +1 (714) 824-4056
3182 Email: fielding@ics.uci.edu
3183
3184 Henrik Frystyk Nielsen
3185 World-Wide Web Project
3186 CERN,
3187 1211 Geneva 23, Switzerland
3188 Tel: +41 (22) 767 8265
3189 Fax: +41 (22) 767 8730
3190 Email: frystyk@w3.org
3191
3192 Appendices
3193
3194 These appendices are provided for informational reasons only -- they
3195 do not form a part of the HTTP/1.0 specification.
3196
3197 A. Internet Media Type message/http
3198
3199 In addition to defining the HTTP/1.0 protocol, this document serves
3200 as the specification for the Internet media type "message/http".
3201 The following is to be registered with IANA [15].
3202
3203 Media Type name: message
3204
3205 Media subtype name: http
3206
3207 Required parameters: none
3208
3209 Optional parameters: version, type
3210
3211 version: The HTTP-Version number of the enclosed message
3212 (e.g. "1.0"). If not present, the version can be
3213 determined from the first line of the body.
3214
3215 type: The message type -- "request" or "response". If
3216 not present, the type can be determined from the
3217 first line of the body.
3218
3219 Encoding considerations: only "7bit", "8bit", or "binary" are
3220 permitted
3221
3222 Security considerations: none
3223
3224 B. Minimum Compliance
3225
3226 Early reviews of this specification have indicated the need for a
3227 statement of the minimum requirements for an implementation to be
3228 considered in compliance with HTTP/1.0. This section will be
3229 written soon.
3230
3231 Note: The primary difficulty in determining a standard for
3232 minimum compliance rests in the fact that HTTP is a flexible
3233 protocol which can be used for many purposes. The
3234 requirements for special purpose applications often differ
3235 from those of general purpose applications.
3236
3237 B.1 Servers
3238
3239 Servers have a special responsibility for being honest when
3240 generating their responses to requesting clients. The Status-Code
3241 sent in the Status-Line must correspond to the actual action taken
3242 by the server. This is especially the case when the method used in
3243 the request is one of PUT, POST, DELETE, LINK, and UNLINK. If a
3244 Status-Code of 200 is returned, the client must be able to assume
3245 that the action has been carried out. If the server is not able to
3246 fulfill the requested action immediately, the correct status code
3247 to use is "202 Accepted".
3248
3249 The methods GET and HEAD must be supported by all general-purpose
3250 servers. Servers which provide Last-Modified dates for resources
3251 must also support the conditional GET method.
3252
3253 C. Tolerant Applications
3254
3255 While it may be appropriate for testing applications to verify full
3256 conformance to this specification, it is recommended that
3257 operational applications be tolerant of deviations. This appendix
3258 mentions the most important topics where tolerance is recommended.
3259
3260 C.1 Request-Line, Status-Line, and Header Fields
3261
3262 Clients should be tolerant in parsing the Status-Line and servers
3263 tolerant when parsing the Request-Line. In particular, they should
3264 accept any amount of SP and HTAB characters between fields, even
3265 though only a single SP is specified.
3266
3267 The line terminator for HTTP-header fields should be the sequence
3268 CRLF. However, we recommend that applications, when parsing such
3269 headers, recognize a single LF as a line terminator and ignore the
3270 leading CR.
3271
3272 We recommend that servers allocate URIs free of "variant"
3273 characters (characters whose representation differs in some of the
3274 national variant character sets), punctuation characters, and
3275 spaces. This makes URIs easier to handle by humans when the need
3276 arises (such as for debugging or transmission through non hypertext
3277 systems).
3278
3279 D. Relationship to MIME
3280
3281 HTTP/1.0 reuses many of the constructs defined for Internet Mail
3282 (RFC 822 [8]) and the Multipurpose Internet Mail Extensions
3283 (MIME [6]) to allow entities to be transmitted in an open variety
3284 of representations and with extensible mechanisms. However, HTTP is
3285 not a MIME-conforming application. HTTP's performance requirements
3286 differ substantially from those of Internet mail. Since it is not
3287 limited by the restrictions of existing mail protocols and
3288 gateways, HTTP does not obey some of the constraints imposed by
3289 RFC 822 and MIME for mail transport.
3290
3291 This appendix describes specific areas where HTTP differs from
3292 MIME. Gateways to MIME-compliant protocols must be aware of these
3293 differences and provide the appropriate conversions where
3294 necessary. No conversion should be necessary for a MIME-conforming
3295 entity to be transferred using HTTP.
3296
3297 D.1 Conversion to Canonical Form
3298
3299 MIME requires that an entity be converted to canonical form prior
3300 to being transferred, as described in Appendix G of RFC 1521 [6].
3301 Although HTTP does require media types to be transferred in
3302 canonical form, it changes the definition of "canonical form" for
3303 text-based media types as described in Section 8.1.1.
3304
3305 D.1.1 Representation of Line Breaks
3306
3307 MIME requires that the canonical form of any text type represent
3308 line breaks as CRLF and forbids the use of CR or LF outside of line
3309 break sequences. Since HTTP allows CRLF, bare CR, and bare LF (or
3310 the octet sequence(s) to which they would be translated for the
3311 given character set) to indicate a line break within text content,
3312 recipients of an HTTP message cannot rely upon receiving MIME-
3313 canonical line breaks in text.
3314
3315 Where it is possible, a gateway from HTTP to a MIME-conformant
3316 protocol should translate all line breaks within text/* media types
3317 to the MIME canonical form of CRLF. However, this may be
3318 complicated by the presence of a Content-Encoding and by the fact
3319 that HTTP allows the use of some character sets which do not use
3320 octets 13 and 10 to represent CR and LF (as is the case for some
3321 multi-byte character sets).
3322
3323 D.1.2 Default Character Set
3324
3325 MIME requires that all subtypes of the top-level Content-Type
3326 "text" have a default character set of US-ASCII [18]. In contrast,
3327 HTTP defines the default character set for "text" to be
3328 ISO88591 [19] (a superset of US-ASCII). Therefore, if a text/*
3329 media type given in the Content-Type header field does not already
3330 include an explicit charset parameter, the parameter
3331
3332 ;charset="iso-8859-1"
3333
3334 should be added by the gateway if the entity contains any octets
3335 greater than 127.
3336
3337 D.2 Default Content-Transfer-Encoding
3338
3339 The default Content-Transfer-Encoding (CTE) for all MIME messages
3340 is "7bit". In contrast, HTTP defines the default CTE to be
3341 "binary". Therefore, if an entity does not include an explicit CTE
3342 header field, the gateway should apply either the "quoted-printable"
3343 or "base64" transfer encodings and add the appropriate
3344 Content-Transfer-Encoding field. At a minimum, the explicit CTE
3345 field of
3346
3347 Content-Transfer-Encoding: binary
3348
3349 should be added by the gateway if it is unwilling to apply a mail-
3350 safe encoding.
3351
3352 D.3 Introduction of Content-Encoding
3353
3354 MIME does not include any concept equivalent to HTTP's Content-
3355 Encoding header field. Since this acts as a modifier on the media
3356 type, gateways to MIME-conformant protocols should either change
3357 the value of the Content-Type header field or decode the Entity-
3358 Body before forwarding the message.
3359
3360 Note: Some experimental applications of Content-Type for
3361 Internet mail have used a media-type parameter of
3362 ";conversions=<encoding-mechanisms>" to perform an
3363 equivalent function as Content-Encoding. However, this
3364 parameter is not part of the MIME specification at the time
3365 of this writing.
3366
3367 E. Example of Version Control
3368
3369 This appendix gives an example on how the Entity-Header fields
3370 Version and Derived-From can be used to apply version control to
3371 the creation and parallel development of a work. In order to
3372 simplify the example, only two user agents (A and B) are considered
3373 together with an origin server S.
3374
3375 o A sends a POST request to S, including the header
3376 "Version: 1.0" and an entity
3377
3378 o S replies "201 Created" to A, including the header
3379 "Version: 1.0" and a URI-header which should be used for
3380 future references
3381
3382 o A starts editing the entity
3383
3384 o B sends a GET request to S
3385
3386 o S replies "200 OK" to B, including the entity with a header
3387 "Version: 1.0"
3388
3389 o B starts editing the entity
3390
3391 o B sends a PUT request to S, including the entity and a header
3392 "Derived-From: 1.0"
3393
3394 o S replies "204 No Content" to B, including a header
3395 "Version: 1.1" but no entity
3396
3397 o A sends a PUT request to S, including the entity and a header
3398 "Derived-From: 1.0"
3399
3400 o S replies "409 Conflict" to A, including "Version: 1.1" and the
3401 list of problems with merging A's changes to 1.0 with those
3402 already applied for B and version 1.1
3403
3404 o A merges B's changes with its own, possibly with help from the
3405 user of A
3406
3407 o A sends a PUT request to S including the entity and the header
3408 "Derived-From: 1.1"
3409
3410 o S replies "204 No Content" to A, including the header
3411 "Version: 1.2" but no entity
3412
3413 The example can be expanded to any number of involved user agents,
3414 though the likelihood of conflicts and the difficulty of resolving
3415 them may increase.
3416
admin@suikawiki.org
 ViewVC Help
Powered by ViewVC 1.1.24