1 |
HTTP Working Group R. Fielding, UC Irvine |
2 |
INTERNET-DRAFT H. Frystyk, MIT/LCS |
3 |
<draft-ietf-http-v11-spec-01.txt> T. Berners-Lee, MIT/LCS |
4 |
Expires in six months January 19, 1996 |
5 |
|
6 |
|
7 |
Hypertext Transfer Protocol -- HTTP/1.1 |
8 |
|
9 |
|
10 |
Status of this Memo |
11 |
|
12 |
This document is an Internet-Draft. Internet-Drafts are working |
13 |
documents of the Internet Engineering Task Force (IETF), its areas, |
14 |
and its working groups. Note that other groups may also distribute |
15 |
working documents as Internet-Drafts. |
16 |
|
17 |
Internet-Drafts are draft documents valid for a maximum of six |
18 |
months and may be updated, replaced, or obsoleted by other |
19 |
documents at any time. It is inappropriate to use Internet-Drafts |
20 |
as reference material or to cite them other than as "work in |
21 |
progress". |
22 |
|
23 |
To learn the current status of any Internet-Draft, please check the |
24 |
"1id-abstracts.txt" listing contained in the Internet-Drafts Shadow |
25 |
Directories on ftp.is.co.za (Africa), nic.nordu.net (Europe), |
26 |
munnari.oz.au (Pacific Rim), ds.internic.net (US East Coast), or |
27 |
ftp.isi.edu (US West Coast). |
28 |
|
29 |
Distribution of this document is unlimited. Please send comments to |
30 |
the HTTP working group at <http-wg@cuckoo.hpl.hp.com>. Discussions |
31 |
of the working group are archived at |
32 |
<URL:http://www.ics.uci.edu/pub/ietf/http/>. General discussions |
33 |
about HTTP and the applications which use HTTP should take place on |
34 |
the <www-talk@w3.org> mailing list. |
35 |
|
36 |
================================================================ |
37 |
NOTE: This specification is for discussion purposes only. It is not |
38 |
claimed to represent the consensus of the HTTP working group, and |
39 |
contains a number of proposals that either have not been discussed or |
40 |
are controversial. The working group is discussing significant |
41 |
changes in many areas, including logic bags, support for caching, |
42 |
range retrieval, content negotiation, MIME compatibility, |
43 |
authentication, timing of the PUT operation. |
44 |
================================================================ |
45 |
|
46 |
Abstract |
47 |
|
48 |
The Hypertext Transfer Protocol (HTTP) is an application-level |
49 |
protocol for distributed, collaborative, hypermedia information |
50 |
systems. It is a generic, stateless, object-oriented protocol which |
51 |
can be used for many tasks, such as name servers and distributed |
52 |
object management systems, through extension of its request methods |
53 |
(commands). A feature of HTTP is the typing and negotiation of data |
54 |
representation, allowing systems to be built independently of the |
55 |
data being transferred. |
56 |
|
57 |
HTTP has been in use by the World-Wide Web global information |
58 |
initiative since 1990. This specification defines the protocol |
59 |
referred to as "HTTP/1.1". |
60 |
|
61 |
Table of Contents |
62 |
|
63 |
1. Introduction |
64 |
1.1 Purpose |
65 |
1.2 Requirements |
66 |
1.3 Terminology |
67 |
1.4 Overall Operation |
68 |
|
69 |
2. Notational Conventions and Generic Grammar |
70 |
2.1 Augmented BNF |
71 |
2.2 Basic Rules |
72 |
|
73 |
3. Protocol Parameters |
74 |
3.1 HTTP Version |
75 |
3.2 Uniform Resource Identifiers |
76 |
3.2.1 General Syntax |
77 |
3.2.2 http URL |
78 |
3.3 Date/Time Formats |
79 |
3.3.1 Full Date |
80 |
3.3.2 Delta Seconds |
81 |
3.4 Character Sets |
82 |
3.5 Content Codings |
83 |
3.6 Transfer Codings |
84 |
3.7 Media Types |
85 |
3.7.1 Canonicalization and Text Defaults |
86 |
3.7.2 Multipart Types |
87 |
3.8 Product Tokens |
88 |
3.9 Quality Values |
89 |
3.10 Language Tags |
90 |
3.11 Logic Bags |
91 |
|
92 |
4. HTTP Message |
93 |
4.1 Message Types |
94 |
4.2 Message Headers |
95 |
4.3 General Header Fields |
96 |
|
97 |
5. Request |
98 |
5.1 Request-Line |
99 |
5.1.1 Method |
100 |
5.1.2 Request-URI |
101 |
5.2 Request Header Fields |
102 |
|
103 |
6. Response |
104 |
6.1 Status-Line |
105 |
6.1.1 Status Code and Reason Phrase |
106 |
6.2 Response Header Fields |
107 |
|
108 |
7. Entity |
109 |
7.1 Entity Header Fields |
110 |
7.2 Entity Body |
111 |
7.2.1 Type |
112 |
7.2.2 Length |
113 |
|
114 |
8. Method Definitions |
115 |
8.1 OPTIONS |
116 |
8.2 GET |
117 |
8.3 HEAD |
118 |
8.4 POST |
119 |
8.5 PUT |
120 |
8.6 PATCH |
121 |
8.7 COPY |
122 |
8.8 MOVE |
123 |
8.9 DELETE |
124 |
8.10 LINK |
125 |
8.11 UNLINK |
126 |
8.12 TRACE |
127 |
8.13 WRAPPED |
128 |
|
129 |
9. Status Code Definitions |
130 |
9.1 Informational 1xx |
131 |
9.2 Successful 2xx |
132 |
9.3 Redirection 3xx |
133 |
9.4 Client Error 4xx |
134 |
9.5 Server Error 5xx |
135 |
|
136 |
10. Header Field Definitions |
137 |
10.1 Accept |
138 |
10.2 Accept-Charset |
139 |
10.3 Accept-Encoding |
140 |
10.4 Accept-Language |
141 |
10.5 Allow |
142 |
10.6 Authorization |
143 |
10.7 Base |
144 |
10.8 Cache-Control |
145 |
10.9 Connection |
146 |
10.9.1 Persistent Connections |
147 |
10.10 Content-Encoding |
148 |
10.11 Content-Language |
149 |
10.12 Content-Length |
150 |
10.13 Content-MD5 |
151 |
10.14 Content-Range |
152 |
10.15 Content-Type |
153 |
10.16 Content-Version |
154 |
10.17 Date |
155 |
10.18 Derived-From |
156 |
10.19 Expires |
157 |
10.20 Forwarded |
158 |
10.21 From |
159 |
10.22 Host |
160 |
10.23 If-Modified-Since |
161 |
10.24 Keep-Alive |
162 |
10.25 Last-Modified |
163 |
10.26 Link |
164 |
10.27 Location |
165 |
10.28 MIME-Version |
166 |
10.29 Pragma |
167 |
10.30 Proxy-Authenticate |
168 |
10.31 Proxy-Authorization |
169 |
10.32 Public |
170 |
10.33 Range |
171 |
10.34 Referer |
172 |
10.35 Refresh |
173 |
10.36 Retry-After |
174 |
10.37 Server |
175 |
10.38 Title |
176 |
10.39 Transfer Encoding |
177 |
10.40 Unless |
178 |
10.41 Upgrade |
179 |
10.42 URI |
180 |
10.43 User-Agent |
181 |
10.44 WWW-Authenticate |
182 |
|
183 |
11. Access Authentication |
184 |
11.1 Basic Authentication Scheme |
185 |
11.2 Digest Authentication Scheme |
186 |
|
187 |
12. Content Negotiation |
188 |
12.1 Preemptive Negotiation |
189 |
|
190 |
13. Caching |
191 |
|
192 |
14. Security Considerations |
193 |
14.1 Authentication of Clients |
194 |
14.2 Safe Methods |
195 |
14.3 Abuse of Server Log Information |
196 |
14.4 Transfer of Sensitive Information |
197 |
|
198 |
15. Acknowledgments |
199 |
|
200 |
16. References |
201 |
|
202 |
17. Authors' Addresses |
203 |
|
204 |
Appendix A. Internet Media Type message/http |
205 |
Appendix B. Tolerant Applications |
206 |
Appendix C. Relationship to MIME |
207 |
C.1 Conversion to Canonical Form |
208 |
C.1.1 Representation of Line Breaks |
209 |
C.1.2 Default Character Set |
210 |
C.2 Conversion of Date Formats |
211 |
C.3 Introduction of Content-Encoding |
212 |
C.4 No Content-Transfer-Encoding |
213 |
C.5 Introduction of Transfer-Encoding |
214 |
Appendix D. Changes from HTTP/1.0 |
215 |
|
216 |
|
217 |
|
218 |
1. Introduction |
219 |
|
220 |
1.1 Purpose |
221 |
|
222 |
The Hypertext Transfer Protocol (HTTP) is an application-level |
223 |
protocol for distributed, collaborative, hypermedia information |
224 |
systems. HTTP has been in use by the World-Wide Web global |
225 |
information initiative since 1990. The first version of HTTP, |
226 |
referred to as HTTP/0.9, was a simple protocol for raw data |
227 |
transfer across the Internet. HTTP/1.0, as defined by RFC xxxx [6], |
228 |
improved the protocol by allowing messages to be in the format of |
229 |
MIME-like entities, containing metainformation about the data |
230 |
transferred and modifiers on the request/response semantics. |
231 |
However, HTTP/1.0 does not sufficiently take into consideration the |
232 |
effect of hierarchical proxies and caching, the desire for |
233 |
persistent connections and virtual hosts, and a number of other |
234 |
details that slipped through the cracks of existing |
235 |
implementations. In addition, the proliferation of incompletely- |
236 |
implemented applications calling themselves "HTTP/1.0" has |
237 |
necessitated a protocol version change in order for two |
238 |
communicating applications to determine each other's true |
239 |
capabilities. |
240 |
|
241 |
This specification defines the protocol referred to as "HTTP/1.1". |
242 |
This protocol is backwards-compatible with HTTP/1.0, but includes |
243 |
more stringent requirements in order to ensure reliable |
244 |
implementation of its features. |
245 |
|
246 |
Practical information systems require more functionality than |
247 |
simple retrieval, including search, front-end update, and |
248 |
annotation. HTTP allows an open-ended set of methods to be used to |
249 |
indicate the purpose of a request. It builds on the discipline of |
250 |
reference provided by the Uniform Resource Identifier (URI) [3], as |
251 |
a location (URL) [4] or name (URN) [20], for indicating the |
252 |
resource on which a method is to be applied. Messages are passed in |
253 |
a format similar to that used by Internet Mail [9] and the |
254 |
Multipurpose Internet Mail Extensions (MIME) [7]. |
255 |
|
256 |
HTTP is also used as a generic protocol for communication between |
257 |
user agents and proxies/gateways to other Internet protocols, such |
258 |
as SMTP [16], NNTP [13], FTP [18], Gopher [2], and WAIS [10], |
259 |
allowing basic hypermedia access to resources available from |
260 |
diverse applications and simplifying the implementation of user |
261 |
agents. |
262 |
|
263 |
1.2 Requirements |
264 |
|
265 |
This specification uses the same words as RFC 1123 [8] for defining |
266 |
the significance of each particular requirement. These words are: |
267 |
|
268 |
must |
269 |
|
270 |
This word or the adjective "required" means that the item is an |
271 |
absolute requirement of the specification. |
272 |
|
273 |
should |
274 |
|
275 |
This word or the adjective "recommended" means that there may |
276 |
exist valid reasons in particular circumstances to ignore this |
277 |
item, but the full implications should be understood and the |
278 |
case carefully weighed before choosing a different course. |
279 |
|
280 |
may |
281 |
|
282 |
This word or the adjective "optional" means that this item is |
283 |
truly optional. One vendor may choose to include the item |
284 |
because a particular marketplace requires it or because it |
285 |
enhances the product, for example; another vendor may omit the |
286 |
same item. |
287 |
|
288 |
An implementation is not compliant if it fails to satisfy one or |
289 |
more of the must requirements for the protocols it implements. An |
290 |
implementation that satisfies all the must and all the should |
291 |
requirements for its protocols is said to be "unconditionally |
292 |
compliant"; one that satisfies all the must requirements but not |
293 |
all the should requirements for its protocols is said to be |
294 |
"conditionally compliant". |
295 |
|
296 |
1.3 Terminology |
297 |
|
298 |
This specification uses a number of terms to refer to the roles |
299 |
played by participants in, and objects of, the HTTP communication. |
300 |
|
301 |
connection |
302 |
|
303 |
A transport layer virtual circuit established between two |
304 |
application programs for the purpose of communication. |
305 |
|
306 |
message |
307 |
|
308 |
The basic unit of HTTP communication, consisting of a structured |
309 |
sequence of octets matching the syntax defined in Section 4 and |
310 |
transmitted via the connection. |
311 |
|
312 |
request |
313 |
|
314 |
An HTTP request message (as defined in Section 5). |
315 |
|
316 |
response |
317 |
|
318 |
An HTTP response message (as defined in Section 6). |
319 |
|
320 |
resource |
321 |
|
322 |
A network data object or service which can be identified by a |
323 |
URI (Section 3.2). |
324 |
|
325 |
entity |
326 |
|
327 |
A particular representation or rendition of a data resource, or |
328 |
reply from a service resource, that may be enclosed within a |
329 |
request or response message. An entity consists of |
330 |
metainformation in the form of entity headers and content in the |
331 |
form of an entity body. |
332 |
|
333 |
client |
334 |
|
335 |
An application program that establishes connections for the |
336 |
purpose of sending requests. |
337 |
|
338 |
user agent |
339 |
|
340 |
The client which initiates a request. These are often browsers, |
341 |
editors, spiders (web-traversing robots), or other end user |
342 |
tools. |
343 |
|
344 |
server |
345 |
|
346 |
An application program that accepts connections in order to |
347 |
service requests by sending back responses. |
348 |
|
349 |
origin server |
350 |
|
351 |
The server on which a given resource resides or is to be created. |
352 |
|
353 |
proxy |
354 |
|
355 |
An intermediary program which acts as both a server and a client |
356 |
for the purpose of making requests on behalf of other clients. |
357 |
Requests are serviced internally or by passing them, with |
358 |
possible translation, on to other servers. A proxy must |
359 |
interpret and, if necessary, rewrite a request message before |
360 |
forwarding it. Proxies are often used as client-side portals |
361 |
through network firewalls and as helper applications for |
362 |
handling requests via protocols not implemented by the user |
363 |
agent. |
364 |
|
365 |
gateway |
366 |
|
367 |
A server which acts as an intermediary for some other server. |
368 |
Unlike a proxy, a gateway receives requests as if it were the |
369 |
origin server for the requested resource; the requesting client |
370 |
may not be aware that it is communicating with a gateway. |
371 |
Gateways are often used as server-side portals through network |
372 |
firewalls and as protocol translators for access to resources |
373 |
stored on non-HTTP systems. |
374 |
|
375 |
tunnel |
376 |
|
377 |
A tunnel is an intermediary program which is acting as a blind |
378 |
relay between two connections. Once active, a tunnel is not |
379 |
considered a party to the HTTP communication, though the tunnel |
380 |
may have been initiated by an HTTP request. The tunnel ceases to |
381 |
exist when both ends of the relayed connections are closed. |
382 |
Tunnels are used when a portal is necessary and the intermediary |
383 |
cannot, or should not, interpret the relayed communication. |
384 |
|
385 |
cache |
386 |
|
387 |
A program's local store of response messages and the subsystem |
388 |
that controls its message storage, retrieval, and deletion. A |
389 |
cache stores cachable responses in order to reduce the response |
390 |
time and network bandwidth consumption on future, equivalent |
391 |
requests. Any client or server may include a cache, though a |
392 |
cache cannot be used by a server while it is acting as a tunnel. |
393 |
|
394 |
Any given program may be capable of being both a client and a |
395 |
server; our use of these terms refers only to the role being |
396 |
performed by the program for a particular connection, rather than |
397 |
to the program's capabilities in general. Likewise, any server may |
398 |
act as an origin server, proxy, gateway, or tunnel, switching |
399 |
behavior based on the nature of each request. |
400 |
|
401 |
1.4 Overall Operation |
402 |
|
403 |
The HTTP protocol is based on a request/response paradigm. A client |
404 |
establishes a connection with a server and sends a request to the |
405 |
server in the form of a request method, URI, and protocol version, |
406 |
followed by a MIME-like message containing request modifiers, |
407 |
client information, and possible body content. The server responds |
408 |
with a status line, including the message's protocol version and a |
409 |
success or error code, followed by a MIME-like message containing |
410 |
server information, entity metainformation, and possible body |
411 |
content. |
412 |
|
413 |
Most HTTP communication is initiated by a user agent and consists |
414 |
of a request to be applied to a resource on some origin server. In |
415 |
the simplest case, this may be accomplished via a single connection |
416 |
(v) between the user agent (UA) and the origin server (O). |
417 |
|
418 |
request chain ------------------------> |
419 |
UA -------------------v------------------- O |
420 |
<----------------------- response chain |
421 |
|
422 |
A more complicated situation occurs when one or more intermediaries |
423 |
are present in the request/response chain. There are three common |
424 |
forms of intermediary: proxy, gateway, and tunnel. A proxy is a |
425 |
forwarding agent, receiving requests for a URI in its absolute |
426 |
form, rewriting all or parts of the message, and forwarding the |
427 |
reformatted request toward the server identified by the URI. A |
428 |
gateway is a receiving agent, acting as a layer above some other |
429 |
server(s) and, if necessary, translating the requests to the |
430 |
underlying server's protocol. A tunnel acts as a relay point |
431 |
between two connections without changing the messages; tunnels are |
432 |
used when the communication needs to pass through an intermediary |
433 |
(such as a firewall) even when the intermediary cannot understand |
434 |
the contents of the messages. |
435 |
|
436 |
request chain --------------------------------------> |
437 |
UA -----v----- A -----v----- B -----v----- C -----v----- O |
438 |
<------------------------------------- response chain |
439 |
|
440 |
The figure above shows three intermediaries (A, B, and C) between |
441 |
the user agent and origin server. A request or response message |
442 |
that travels the whole chain must pass through four separate |
443 |
connections. This distinction is important because some HTTP |
444 |
communication options may apply only to the connection with the |
445 |
nearest, non-tunnel neighbor, only to the end-points of the chain, |
446 |
or to all connections along the chain. Although the diagram is |
447 |
linear, each participant may be engaged in multiple, simultaneous |
448 |
communications. For example, B may be receiving requests from many |
449 |
clients other than A, and/or forwarding requests to servers other |
450 |
than C, at the same time that it is handling A's request. |
451 |
|
452 |
Any party to the communication which is not acting as a tunnel may |
453 |
employ an internal cache for handling requests. The effect of a |
454 |
cache is that the request/response chain is shortened if one of the |
455 |
participants along the chain has a cached response applicable to |
456 |
that request. The following illustrates the resulting chain if B |
457 |
has a cached copy of an earlier response from O (via C) for a |
458 |
request which has not been cached by UA or A. |
459 |
|
460 |
request chain ----------> |
461 |
UA -----v----- A -----v----- B - - - - - - C - - - - - - O |
462 |
<--------- response chain |
463 |
|
464 |
Not all responses are cachable, and some requests may contain |
465 |
modifiers which place special requirements on cache behavior. HTTP |
466 |
requirements for cache behavior and cachable responses are defined |
467 |
in Section 13. |
468 |
|
469 |
On the Internet, HTTP communication generally takes place over |
470 |
TCP/IP connections. The default port is TCP 80 [19], but other |
471 |
ports can be used. This does not preclude HTTP from being |
472 |
implemented on top of any other protocol on the Internet, or on |
473 |
other networks. HTTP only presumes a reliable transport; any |
474 |
protocol that provides such guarantees can be used, and the mapping |
475 |
of the HTTP/1.1 request and response structures onto the transport |
476 |
data units of the protocol in question is outside the scope of this |
477 |
specification. |
478 |
|
479 |
For most implementations, each connection is established by the |
480 |
client prior to the request and closed by the server after sending |
481 |
the response. However, this is not a feature of the protocol and is |
482 |
not required by this specification. Both clients and servers must |
483 |
be capable of handling cases where either party closes the |
484 |
connection prematurely, due to user action, automated time-out, or |
485 |
program failure. In any case, the closing of the connection by |
486 |
either or both parties always terminates the current request, |
487 |
regardless of its status. |
488 |
|
489 |
2. Notational Conventions and Generic Grammar |
490 |
|
491 |
2.1 Augmented BNF |
492 |
|
493 |
All of the mechanisms specified in this document are described in |
494 |
both prose and an augmented Backus-Naur Form (BNF) similar to that |
495 |
used by RFC 822 [9]. Implementors will need to be familiar with the |
496 |
notation in order to understand this specification. The augmented |
497 |
BNF includes the following constructs: |
498 |
|
499 |
name = definition |
500 |
|
501 |
The name of a rule is simply the name itself (without any |
502 |
enclosing "<" and ">") and is separated from its definition by |
503 |
the equal character "=". Whitespace is only significant in that |
504 |
indentation of continuation lines is used to indicate a rule |
505 |
definition that spans more than one line. Certain basic rules |
506 |
are in uppercase, such as SP, LWS, HT, CRLF, DIGIT, ALPHA, etc. |
507 |
Angle brackets are used within definitions whenever their |
508 |
presence will facilitate discerning the use of rule names. |
509 |
|
510 |
"literal" |
511 |
|
512 |
Quotation marks surround literal text. Unless stated otherwise, |
513 |
the text is case-insensitive. |
514 |
|
515 |
rule1 | rule2 |
516 |
|
517 |
Elements separated by a bar ("I") are alternatives, e.g., |
518 |
"yes | no" will accept yes or no. |
519 |
|
520 |
(rule1 rule2) |
521 |
|
522 |
Elements enclosed in parentheses are treated as a single |
523 |
element. Thus, "(elem (foo | bar) elem)" allows the token |
524 |
sequences "elem foo elem" and "elem bar elem". |
525 |
|
526 |
*rule |
527 |
|
528 |
The character "*" preceding an element indicates repetition. The |
529 |
full form is "<n>*<m>element" indicating at least <n> and at |
530 |
most <m> occurrences of element. Default values are 0 and |
531 |
infinity so that "*(element)" allows any number, including zero; |
532 |
"1*element" requires at least one; and "1*2element" allows one |
533 |
or two. |
534 |
|
535 |
[rule] |
536 |
|
537 |
Square brackets enclose optional elements; "[foo bar]" is |
538 |
equivalent to "*1(foo bar)". |
539 |
|
540 |
N rule |
541 |
|
542 |
Specific repetition: "<n>(element)" is equivalent to |
543 |
"<n>*<n>(element)"; that is, exactly <n> occurrences of |
544 |
(element). Thus 2DIGIT is a 2-digit number, and 3ALPHA is a |
545 |
string of three alphabetic characters. |
546 |
|
547 |
#rule |
548 |
|
549 |
A construct "#" is defined, similar to "*", for defining lists |
550 |
of elements. The full form is "<n>#<m>element" indicating at |
551 |
least <n> and at most <m> elements, each separated by one or |
552 |
more commas (",") and optional linear whitespace (LWS). This |
553 |
makes the usual form of lists very easy; a rule such as |
554 |
"( *LWS element *( *LWS "," *LWS element ))" can be shown as |
555 |
"1#element". Wherever this construct is used, null elements are |
556 |
allowed, but do not contribute to the count of elements present. |
557 |
That is, "(element), , (element)" is permitted, but counts as |
558 |
only two elements. Therefore, where at least one element is |
559 |
required, at least one non-null element must be present. Default |
560 |
values are 0 and infinity so that "#(element)" allows any |
561 |
number, including zero; "1#element" requires at least one; and |
562 |
"1#2element" allows one or two. |
563 |
|
564 |
; comment |
565 |
|
566 |
A semi-colon, set off some distance to the right of rule text, |
567 |
starts a comment that continues to the end of line. This is a |
568 |
simple way of including useful notes in parallel with the |
569 |
specifications. |
570 |
|
571 |
implied *LWS |
572 |
|
573 |
The grammar described by this specification is word-based. |
574 |
Except where noted otherwise, linear whitespace (LWS) can be |
575 |
included between any two adjacent words (token or |
576 |
quoted-string), and between adjacent tokens and delimiters |
577 |
(tspecials), without changing the interpretation of a field. At |
578 |
least one delimiter (tspecials) must exist between any two |
579 |
tokens, since they would otherwise be interpreted as a single |
580 |
token. However, applications should attempt to follow "common |
581 |
form" when generating HTTP constructs, since there exist some |
582 |
implementations that fail to accept anything beyond the common |
583 |
forms. |
584 |
|
585 |
2.2 Basic Rules |
586 |
|
587 |
The following rules are used throughout this specification to |
588 |
describe basic parsing constructs. The US-ASCII coded character set |
589 |
is defined by [21]. |
590 |
|
591 |
OCTET = <any 8-bit sequence of data> |
592 |
CHAR = <any US-ASCII character (octets 0 - 127)> |
593 |
UPALPHA = <any US-ASCII uppercase letter "A".."Z"> |
594 |
LOALPHA = <any US-ASCII lowercase letter "a".."z"> |
595 |
ALPHA = UPALPHA | LOALPHA |
596 |
DIGIT = <any US-ASCII digit "0".."9"> |
597 |
CTL = <any US-ASCII control character |
598 |
(octets 0 - 31) and DEL (127)> |
599 |
CR = <US-ASCII CR, carriage return (13)> |
600 |
LF = <US-ASCII LF, linefeed (10)> |
601 |
SP = <US-ASCII SP, space (32)> |
602 |
HT = <US-ASCII HT, horizontal-tab (9)> |
603 |
<"> = <US-ASCII double-quote mark (34)> |
604 |
|
605 |
HTTP/1.1 defines the octet sequence CR LF as the end-of-line marker |
606 |
for all protocol elements except the Entity-Body (see Appendix B |
607 |
for tolerant applications). The end-of-line marker within an |
608 |
Entity-Body is defined by its associated media type, as described |
609 |
in Section 3.7. |
610 |
|
611 |
CRLF = CR LF |
612 |
|
613 |
HTTP/1.1 headers can be folded onto multiple lines if the |
614 |
continuation line begins with a space or horizontal tab. All linear |
615 |
whitespace, including folding, has the same semantics as SP. |
616 |
|
617 |
LWS = [CRLF] 1*( SP | HT ) |
618 |
|
619 |
The TEXT rule is only used for descriptive field contents and |
620 |
values that are not intended to be interpreted by the message |
621 |
parser. Words of *TEXT may contain octets from character sets other |
622 |
than US-ASCII only when encoded according to the rules of |
623 |
RFC 1522 [14]. |
624 |
|
625 |
TEXT = <any OCTET except CTLs, |
626 |
but including LWS> |
627 |
|
628 |
Recipients of header field TEXT containing octets outside the |
629 |
US-ASCII character set range may assume that they represent |
630 |
ISO-8859-1 characters if there is no other encoding indicated by an |
631 |
RFC 1522 mechanism. |
632 |
|
633 |
Hexadecimal numeric characters are used in several protocol |
634 |
elements. |
635 |
|
636 |
HEX = "A" | "B" | "C" | "D" | "E" | "F" |
637 |
| "a" | "b" | "c" | "d" | "e" | "f" | DIGIT |
638 |
|
639 |
Many HTTP/1.1 header field values consist of words separated by LWS |
640 |
or special characters. These special characters must be in a quoted |
641 |
string to be used within a parameter value. |
642 |
|
643 |
word = token | quoted-string |
644 |
|
645 |
token = 1*<any CHAR except CTLs or tspecials> |
646 |
|
647 |
tspecials = "(" | ")" | "<" | ">" | "@" |
648 |
| "," | ";" | ":" | "\" | <"> |
649 |
| "/" | "[" | "]" | "?" | "=" |
650 |
| "{" | "}" | SP | HT |
651 |
|
652 |
Comments can be included in some HTTP header fields by surrounding |
653 |
the comment text with parentheses. Comments are only allowed in |
654 |
fields containing "comment" as part of their field value |
655 |
definition. In all other fields, parentheses are considered part of |
656 |
the field value. |
657 |
|
658 |
comment = "(" *( ctext | comment ) ")" |
659 |
ctext = <any TEXT excluding "(" and ")"> |
660 |
|
661 |
A string of text is parsed as a single word if it is quoted using |
662 |
double-quote marks. |
663 |
|
664 |
quoted-string = ( <"> *(qdtext) <"> ) |
665 |
|
666 |
qdtext = <any CHAR except <"> and CTLs, |
667 |
but including LWS> |
668 |
|
669 |
The backslash character ("\") may be used as a single-character |
670 |
quoting mechanism only within quoted-string and comment constructs. |
671 |
|
672 |
quoted-pair = "\" CHAR |
673 |
|
674 |
Braces are used to delimit an attribute-value bag, which may |
675 |
consist of a set, list, or recursively defined tokens and quoted |
676 |
strings. The bag semantics are defined by its context and the bag |
677 |
name, which may be a Uniform Resource Identifier (Section 3.2) in |
678 |
some fields. |
679 |
|
680 |
bag = "{" bagname 1*LWS *bagitem "}" |
681 |
bagname = token | URI |
682 |
bagitem = bag | token | quoted-string |
683 |
|
684 |
3. Protocol Parameters |
685 |
|
686 |
3.1 HTTP Version |
687 |
|
688 |
HTTP uses a "<major>.<minor>" numbering scheme to indicate versions |
689 |
of the protocol. The protocol versioning policy is intended to |
690 |
allow the sender to indicate the format of a message and its |
691 |
capacity for understanding further HTTP communication, rather than |
692 |
the features obtained via that communication. No change is made to |
693 |
the version number for the addition of message components which do |
694 |
not affect communication behavior or which only add to extensible |
695 |
field values. The <minor> number is incremented when the changes |
696 |
made to the protocol add features which do not change the general |
697 |
message parsing algorithm, but which may add to the message |
698 |
semantics and imply additional capabilities of the sender. The |
699 |
<major> number is incremented when the format of a message within |
700 |
the protocol is changed. |
701 |
|
702 |
The version of an HTTP message is indicated by an HTTP-Version |
703 |
field in the first line of the message. If the protocol version is |
704 |
not specified, the recipient must assume that the message is in the |
705 |
simple HTTP/0.9 format [6]. |
706 |
|
707 |
HTTP-Version = "HTTP" "/" 1*DIGIT "." 1*DIGIT |
708 |
|
709 |
Note that the major and minor numbers should be treated as separate |
710 |
integers and that each may be incremented higher than a single |
711 |
digit. Thus, HTTP/2.4 is a lower version than HTTP/2.13, which in |
712 |
turn is lower than HTTP/12.3. Leading zeros should be ignored by |
713 |
recipients and never generated by senders. |
714 |
|
715 |
Applications sending Full-Request or Full-Response messages, as |
716 |
defined by this specification, must include an HTTP-Version of |
717 |
"HTTP/1.1". Use of this version number indicates that the sending |
718 |
application is at least conditionally compliant with this |
719 |
specification. |
720 |
|
721 |
HTTP/1.1 servers must: |
722 |
|
723 |
o recognize the format of the Request-Line for HTTP/0.9, 1.0, and |
724 |
1.1 requests; |
725 |
|
726 |
o understand any valid request in the format of HTTP/0.9, 1.0, or |
727 |
1.1; |
728 |
|
729 |
o respond appropriately with a message in the same major version |
730 |
used by the client. |
731 |
|
732 |
HTTP/1.1 clients must: |
733 |
|
734 |
o recognize the format of the Status-Line for HTTP/1.0 and 1.1 |
735 |
responses; |
736 |
|
737 |
o understand any valid response in the format of HTTP/0.9, 1.0, |
738 |
or 1.1. |
739 |
|
740 |
Proxy and gateway applications must be careful in forwarding |
741 |
requests that are received in a format different than that of the |
742 |
application's native HTTP version. Since the protocol version |
743 |
indicates the protocol capability of the sender, a proxy/gateway |
744 |
must never send a message with a version indicator which is greater |
745 |
than its native version; if a higher version request is received, |
746 |
the proxy/gateway must either downgrade the request version, |
747 |
respond with an error, or switch to tunnel behavior. Requests with |
748 |
a version lower than that of the application's native format may be |
749 |
upgraded before being forwarded; the proxy/gateway's response to |
750 |
that request must follow the server requirements listed above. |
751 |
|
752 |
3.2 Uniform Resource Identifiers |
753 |
|
754 |
URIs have been known by many names: WWW addresses, Universal |
755 |
Document Identifiers, Universal Resource Identifiers [3], and |
756 |
finally the combination of Uniform Resource Locators (URL) [4] and |
757 |
Names (URN) [20]. As far as HTTP is concerned, Uniform Resource |
758 |
Identifiers are simply formatted strings which identify--via name, |
759 |
location, or any other characteristic--a network resource. |
760 |
|
761 |
3.2.1 General Syntax |
762 |
|
763 |
URIs in HTTP can be represented in absolute form or relative to |
764 |
some known base URI [11], depending upon the context of their use. |
765 |
The two forms are differentiated by the fact that absolute URIs |
766 |
always begin with a scheme name followed by a colon. |
767 |
|
768 |
URI = ( absoluteURI | relativeURI ) [ "#" fragment ] |
769 |
|
770 |
absoluteURI = scheme ":" *( uchar | reserved ) |
771 |
|
772 |
relativeURI = net_path | abs_path | rel_path |
773 |
|
774 |
net_path = "//" net_loc [ abs_path ] |
775 |
abs_path = "/" rel_path |
776 |
rel_path = [ path ] [ ";" params ] [ "?" query ] |
777 |
|
778 |
path = fsegment *( "/" segment ) |
779 |
fsegment = 1*pchar |
780 |
segment = *pchar |
781 |
|
782 |
params = param *( ";" param ) |
783 |
param = *( pchar | "/" ) |
784 |
|
785 |
scheme = 1*( ALPHA | DIGIT | "+" | "-" | "." ) |
786 |
net_loc = *( pchar | ";" | "?" ) |
787 |
query = *( uchar | reserved ) |
788 |
fragment = *( uchar | reserved ) |
789 |
|
790 |
pchar = uchar | ":" | "@" | "&" | "=" |
791 |
uchar = unreserved | escape |
792 |
unreserved = ALPHA | DIGIT | safe | extra | national |
793 |
|
794 |
escape = "%" HEX HEX |
795 |
reserved = ";" | "/" | "?" | ":" | "@" | "&" | "=" |
796 |
extra = "!" | "*" | "'" | "(" | ")" | "," |
797 |
safe = "$" | "-" | "_" | "." | "+" |
798 |
unsafe = CTL | SP | <"> | "#" | "%" | "<" | ">" |
799 |
national = <any OCTET excluding ALPHA, DIGIT, |
800 |
reserved, extra, safe, and unsafe> |
801 |
|
802 |
For definitive information on URL syntax and semantics, see RFC |
803 |
1738 [4] and RFC 1808 [11]. The BNF above includes national |
804 |
characters not allowed in valid URLs as specified by RFC 1738, |
805 |
since HTTP servers are not restricted in the set of unreserved |
806 |
characters allowed to represent the rel_path part of addresses, and |
807 |
HTTP proxies may receive requests for URIs not defined by RFC 1738. |
808 |
|
809 |
3.2.2 http URL |
810 |
|
811 |
The "http" scheme is used to locate network resources via the HTTP |
812 |
protocol. This section defines the scheme-specific syntax and |
813 |
semantics for http URLs. |
814 |
|
815 |
http_URL = "http:" "//" host [ ":" port ] [ abs_path ] |
816 |
|
817 |
host = <A legal Internet host domain name |
818 |
or IP address (in dotted-decimal form), |
819 |
as defined by Section 2.1 of RFC 1123> |
820 |
|
821 |
port = *DIGIT |
822 |
|
823 |
If the port is empty or not given, port 80 is assumed. The |
824 |
semantics are that the identified resource is located at the server |
825 |
listening for TCP connections on that port of that host, and the |
826 |
Request-URI for the resource is abs_path. If the abs_path is not |
827 |
present in the URL, it must be given as "/" when used as a |
828 |
Request-URI for a resource (Section 5.1.2). |
829 |
|
830 |
Note: Although the HTTP protocol is independent of the |
831 |
transport layer protocol, the http URL only identifies |
832 |
resources by their TCP location, and thus non-TCP resources |
833 |
must be identified by some other URI scheme. |
834 |
|
835 |
The canonical form for "http" URLs is obtained by converting any |
836 |
UPALPHA characters in host to their LOALPHA equivalent (hostnames |
837 |
are case-insensitive), eliding the [ ":" port ] if the port is 80, |
838 |
and replacing an empty abs_path with "/". |
839 |
|
840 |
3.3 Date/Time Formats |
841 |
|
842 |
3.3.1 Full Date |
843 |
|
844 |
HTTP applications have historically allowed three different formats |
845 |
for the representation of date/time stamps: |
846 |
|
847 |
Sun, 06 Nov 1994 08:49:37 GMT ; RFC 822, updated by RFC 1123 |
848 |
Sunday, 06-Nov-94 08:49:37 GMT ; RFC 850, obsoleted by RFC 1036 |
849 |
Sun Nov 6 08:49:37 1994 ; ANSI C's asctime() format |
850 |
|
851 |
The first format is preferred as an Internet standard and |
852 |
represents a fixed-length subset of that defined by RFC 1123 [8] |
853 |
(an update to RFC 822 [9]). The second format is in common use, but |
854 |
is based on the obsolete RFC 850 [12] date format and lacks a |
855 |
four-digit year. HTTP/1.1 clients and servers that parse the date |
856 |
value must accept all three formats, though they must only generate |
857 |
the RFC 1123 format for representing date/time stamps in HTTP |
858 |
message fields. |
859 |
|
860 |
Note: Recipients of date values are encouraged to be robust |
861 |
in accepting date values that may have been generated by |
862 |
non-HTTP applications, as is sometimes the case when |
863 |
retrieving or posting messages via proxies/gateways to SMTP |
864 |
or NNTP. |
865 |
|
866 |
All HTTP date/time stamps must be represented in Universal Time |
867 |
(UT), also known as Greenwich Mean Time (GMT), without exception. |
868 |
This is indicated in the first two formats by the inclusion of |
869 |
"GMT" as the three-letter abbreviation for time zone, and should be |
870 |
assumed when reading the asctime format. |
871 |
|
872 |
HTTP-date = rfc1123-date | rfc850-date | asctime-date |
873 |
|
874 |
rfc1123-date = wkday "," SP date1 SP time SP "GMT" |
875 |
rfc850-date = weekday "," SP date2 SP time SP "GMT" |
876 |
asctime-date = wkday SP date3 SP time SP 4DIGIT |
877 |
|
878 |
date1 = 2DIGIT SP month SP 4DIGIT |
879 |
; day month year (e.g., 02 Jun 1982) |
880 |
date2 = 2DIGIT "-" month "-" 2DIGIT |
881 |
; day-month-year (e.g., 02-Jun-82) |
882 |
date3 = month SP ( 2DIGIT | ( SP 1DIGIT )) |
883 |
; month day (e.g., Jun 2) |
884 |
|
885 |
time = 2DIGIT ":" 2DIGIT ":" 2DIGIT |
886 |
; 00:00:00 - 23:59:59 |
887 |
|
888 |
wkday = "Mon" | "Tue" | "Wed" |
889 |
| "Thu" | "Fri" | "Sat" | "Sun" |
890 |
|
891 |
weekday = "Monday" | "Tuesday" | "Wednesday" |
892 |
| "Thursday" | "Friday" | "Saturday" | "Sunday" |
893 |
|
894 |
month = "Jan" | "Feb" | "Mar" | "Apr" |
895 |
| "May" | "Jun" | "Jul" | "Aug" |
896 |
| "Sep" | "Oct" | "Nov" | "Dec" |
897 |
|
898 |
Note: HTTP requirements for the date/time stamp format apply |
899 |
only to their usage within the protocol stream. Clients and |
900 |
servers are not required to use these formats for user |
901 |
presentation, request logging, etc. |
902 |
|
903 |
3.3.2 Delta Seconds |
904 |
|
905 |
Some HTTP header fields allow a time value to be specified as an |
906 |
integer number of seconds, represented in decimal, after the time |
907 |
that the message was received. This format should only be used to |
908 |
represent short time periods or periods that cannot start until |
909 |
receipt of the message. |
910 |
|
911 |
delta-seconds = 1*DIGIT |
912 |
|
913 |
3.4 Character Sets |
914 |
|
915 |
HTTP uses the same definition of the term "character set" as that |
916 |
described for MIME: |
917 |
|
918 |
The term "character set" is used in this document to |
919 |
refer to a method used with one or more tables to convert |
920 |
a sequence of octets into a sequence of characters. Note |
921 |
that unconditional conversion in the other direction is |
922 |
not required, in that not all characters may be available |
923 |
in a given character set and a character set may provide |
924 |
more than one sequence of octets to represent a |
925 |
particular character. This definition is intended to |
926 |
allow various kinds of character encodings, from simple |
927 |
single-table mappings such as US-ASCII to complex table |
928 |
switching methods such as those that use ISO 2022's |
929 |
techniques. However, the definition associated with a |
930 |
MIME character set name must fully specify the mapping to |
931 |
be performed from octets to characters. In particular, |
932 |
use of external profiling information to determine the |
933 |
exact mapping is not permitted. |
934 |
|
935 |
HTTP character sets are identified by case-insensitive tokens. The |
936 |
complete set of tokens are defined by the IANA Character Set |
937 |
registry [19]. However, because that registry does not define a |
938 |
single, consistent token for each character set, we define here the |
939 |
preferred names for those character sets most likely to be used |
940 |
with HTTP entities. These character sets include those registered |
941 |
by RFC 1521 [7] -- the US-ASCII [21] and ISO-8859 [22] character |
942 |
sets -- and other names specifically recommended for use within MIME |
943 |
charset parameters. |
944 |
|
945 |
charset = "US-ASCII" |
946 |
| "ISO-8859-1" | "ISO-8859-2" | "ISO-8859-3" |
947 |
| "ISO-8859-4" | "ISO-8859-5" | "ISO-8859-6" |
948 |
| "ISO-8859-7" | "ISO-8859-8" | "ISO-8859-9" |
949 |
| "ISO-2022-JP" | "ISO-2022-JP-2" | "ISO-2022-KR" |
950 |
| "UNICODE-1-1" | "UNICODE-1-1-UTF-7" | "UNICODE-1-1-UTF-8" |
951 |
| token |
952 |
|
953 |
Although HTTP allows an arbitrary token to be used as a charset |
954 |
value, any token that has a predefined value within the IANA |
955 |
Character Set registry [19] must represent the character set |
956 |
defined by that registry. Applications should limit their use of |
957 |
character sets to those defined by the IANA registry. |
958 |
|
959 |
Note: This use of the term "character set" is more commonly |
960 |
referred to as a "character encoding." However, since HTTP |
961 |
and MIME share the same registry, it is important that the |
962 |
terminology also be shared. |
963 |
|
964 |
3.5 Content Codings |
965 |
|
966 |
Content coding values are used to indicate an encoding |
967 |
transformation that has been or can be applied to a resource. |
968 |
Content codings are primarily used to allow a document to be |
969 |
compressed or encrypted without losing the identity of its |
970 |
underlying media type. Typically, the resource is stored in this |
971 |
encoding and only decoded before rendering or analogous usage. |
972 |
|
973 |
content-coding = "gzip" | "compress" | token |
974 |
|
975 |
Note: For historical reasons, HTTP applications should |
976 |
consider "x-gzip" and "x-compress" to be equivalent to "gzip" |
977 |
and "compress", respectively. |
978 |
|
979 |
All content-coding values are case-insensitive. HTTP/1.1 uses |
980 |
content-coding values in the Accept-Encoding (Section 10.3) and |
981 |
Content-Encoding (Section 10.10) header fields. Although the value |
982 |
describes the content-coding, what is more important is that it |
983 |
indicates what decoding mechanism will be required to remove the |
984 |
encoding. Note that a single program may be capable of decoding |
985 |
multiple content-coding formats. Two values are defined by this |
986 |
specification: |
987 |
|
988 |
gzip |
989 |
An encoding format produced by the file compression program |
990 |
"gzip" (GNU zip) developed by Jean-loup Gailly. This format is |
991 |
typically a Lempel-Ziv coding (LZ77) with a 32 bit CRC. Gzip is |
992 |
available from the GNU project at |
993 |
<URL:ftp://prep.ai.mit.edu/pub/gnu/>. |
994 |
|
995 |
compress |
996 |
The encoding format produced by the file compression program |
997 |
"compress". This format is an adaptive Lempel-Ziv-Welch coding |
998 |
(LZW). |
999 |
|
1000 |
Note: Use of program names for the identification of |
1001 |
encoding formats is not desirable and should be discouraged |
1002 |
for future encodings. Their use here is representative of |
1003 |
historical practice, not good design. |
1004 |
|
1005 |
3.6 Transfer Codings |
1006 |
|
1007 |
Transfer coding values are used to indicate an encoding |
1008 |
transformation that has been, can be, or may need to be applied to |
1009 |
an Entity-Body in order to ensure safe transport through the |
1010 |
network. This differs from a content coding in that the transfer |
1011 |
coding is a property of the message, not of the original resource. |
1012 |
|
1013 |
transfer-coding = "chunked" | token |
1014 |
|
1015 |
All transfer-coding values are case-insensitive. HTTP/1.1 uses |
1016 |
transfer coding values in the Transfer-Encoding header field |
1017 |
(Section 10.39). |
1018 |
|
1019 |
Transfer codings are analogous to the Content-Transfer-Encoding |
1020 |
values of MIME [7], which were designed to enable safe transport of |
1021 |
binary data over a 7-bit transport service. However, "safe |
1022 |
transport" has a different focus for an 8bit-clean transfer |
1023 |
protocol. In HTTP, the only unsafe characteristic of message bodies |
1024 |
is the difficulty in determining the exact body length |
1025 |
(Section 7.2.2), or the desire to encrypt data over a shared |
1026 |
transport. |
1027 |
|
1028 |
All HTTP/1.1 applications must be able to receive and decode the |
1029 |
"chunked" transfer coding. The chunked encoding modifies the body |
1030 |
of a message in order to transfer it as a series of chunks, each |
1031 |
with its own size indicator, followed by an optional footer |
1032 |
containing entity-header fields. This allows dynamically-produced |
1033 |
content to be transferred along with the information necessary for |
1034 |
the recipient to verify that it has received the full message. |
1035 |
|
1036 |
Chunked-Body = *chunk |
1037 |
"0" CRLF |
1038 |
footer |
1039 |
CRLF |
1040 |
|
1041 |
chunk = chunk-size CRLF |
1042 |
chunk-data CRLF |
1043 |
|
1044 |
chunk-size = hex-no-zero *HEX |
1045 |
chunk-data = chunk-size(OCTET) |
1046 |
|
1047 |
footer = *<Entity-Header, excluding Content-Length |
1048 |
and Transfer-Encoding> |
1049 |
|
1050 |
hex-no-zero = <HEX excluding "0"> |
1051 |
|
1052 |
Note that the chunks are ended by a zero-sized chunk, followed by |
1053 |
the footer and terminated by an empty line. An example process for |
1054 |
decoding a Chunked-Body is presented in Appendix C.5. |
1055 |
|
1056 |
3.7 Media Types |
1057 |
|
1058 |
HTTP uses Internet Media Types [17] in the Content-Type |
1059 |
(Section 10.15) and Accept (Section 10.1) header fields in order to |
1060 |
provide open and extensible data typing and type negotiation. For |
1061 |
mail applications, where there is no type negotiation between |
1062 |
sender and recipient, it is reasonable to put strict limits on the |
1063 |
set of allowed media types. With HTTP, where the sender and |
1064 |
recipient can communicate directly, applications are allowed more |
1065 |
freedom in the use of non-registered types. The following grammar |
1066 |
for media types is a superset of that for MIME because it does not |
1067 |
restrict itself to the official IANA and x-token types. |
1068 |
|
1069 |
media-type = type "/" subtype *( ";" parameter ) |
1070 |
type = token |
1071 |
subtype = token |
1072 |
|
1073 |
Parameters may follow the type/subtype in the form of |
1074 |
attribute/value pairs. |
1075 |
|
1076 |
parameter = attribute "=" value |
1077 |
attribute = token |
1078 |
value = token | quoted-string |
1079 |
|
1080 |
The type, subtype, and parameter attribute names are |
1081 |
case-insensitive. Parameter values may or may not be |
1082 |
case-sensitive, depending on the semantics of the parameter name. |
1083 |
LWS should not be generated between the type and subtype, nor |
1084 |
between an attribute and its value. |
1085 |
|
1086 |
If a given media-type value has been registered by the IANA, any |
1087 |
use of that value must be indicative of the registered data format. |
1088 |
Although HTTP allows the use of non-registered media types, such |
1089 |
usage must not conflict with the IANA registry. Data providers are |
1090 |
strongly encouraged to register their media types with IANA via the |
1091 |
procedures outlined in RFC 1590 [17]. |
1092 |
|
1093 |
All media-type's registered by IANA must be preferred over |
1094 |
extension tokens. However, HTTP does not limit applications to the |
1095 |
use of officially registered media types, nor does it encourage the |
1096 |
use of an "x-" prefix for unofficial types outside of explicitly |
1097 |
short experimental use between consenting applications. |
1098 |
|
1099 |
3.7.1 Canonicalization and Text Defaults |
1100 |
|
1101 |
Media types are registered in a canonical form. In general, entity |
1102 |
bodies transferred via HTTP must be represented in the appropriate |
1103 |
canonical form prior to transmission. If the body has been encoded |
1104 |
via a Content-Encoding and/or Transfer-Encoding, the data must be |
1105 |
in canonical form prior to that encoding. However, HTTP modifies |
1106 |
the canonical form requirements for media of primary type "text" |
1107 |
and for "application" types consisting of text-like records. |
1108 |
|
1109 |
HTTP redefines the canonical form of text media to allow multiple |
1110 |
octet sequences to indicate a text line break. In addition to the |
1111 |
preferred form of CRLF, HTTP applications must accept a bare CR or |
1112 |
LF alone as representing a single line break in text media. |
1113 |
Furthermore, if the text media is represented in a character set |
1114 |
which does not use octets 13 and 10 for CR and LF respectively, as |
1115 |
is the case for some multi-byte character sets, HTTP allows the use |
1116 |
of whatever octet sequence(s) is defined by that character set to |
1117 |
represent the equivalent of CRLF, bare CR, and bare LF. It is |
1118 |
assumed that any recipient capable of using such a character set |
1119 |
will know the appropriate octet sequence for representing line |
1120 |
breaks within that character set. |
1121 |
|
1122 |
Note: This interpretation of line breaks applies only to the |
1123 |
contents of an Entity-Body and only after any |
1124 |
Transfer-Encoding and/or Content-Encoding has been removed. |
1125 |
All other HTTP constructs use CRLF exclusively to indicate a |
1126 |
line break. Content and transfer codings define their own |
1127 |
line break requirements. |
1128 |
|
1129 |
A recipient of an HTTP text entity should translate the received |
1130 |
entity line breaks to the local line break conventions before |
1131 |
saving the entity external to the application and its cache; |
1132 |
whether this translation takes place immediately upon receipt of |
1133 |
the entity, or only when prompted by the user, is entirely up to |
1134 |
the individual application. |
1135 |
|
1136 |
HTTP also redefines the default character set for text media in an |
1137 |
entity body. If a textual media type defines a charset parameter |
1138 |
with a registered default value of "US-ASCII", HTTP changes the |
1139 |
default to be "ISO-8859-1". Since the ISO-8859-1 [22] character set |
1140 |
is a superset of US-ASCII [21], this does not affect the |
1141 |
interpretation of entity bodies which only contain octets within |
1142 |
the US-ASCII character set (0 - 127). The presence of a charset |
1143 |
parameter value in a Content-Type header field overrides the |
1144 |
default. |
1145 |
|
1146 |
It is recommended that the character set of an entity body be |
1147 |
labelled as the lowest common denominator of the character codes |
1148 |
used within a document, with the exception that no label is |
1149 |
preferred over the labels US-ASCII or ISO-8859-1. |
1150 |
|
1151 |
3.7.2 Multipart Types |
1152 |
|
1153 |
MIME provides for a number of "multipart" types -- encapsulations of |
1154 |
one or more entities within a single message's Entity-Body. All |
1155 |
multipart types share a common syntax, as defined in Section 7.2.1 |
1156 |
of RFC 1521 [7], and must include a boundary parameter as part of |
1157 |
the media type value. The message body is itself a protocol element |
1158 |
and must therefore use only CRLF to represent line breaks between |
1159 |
body-parts. Unlike in MIME, the epilogue of any multipart message |
1160 |
must be empty; HTTP applications must not transmit the epilogue |
1161 |
even if the original resource contains an epilogue. |
1162 |
|
1163 |
In HTTP, multipart body-parts may contain header fields which are |
1164 |
significant to the meaning of that part. A URI entity-header field |
1165 |
(Section 10.42) should be included in the body-part for each |
1166 |
enclosed entity that can be identified by a URI. |
1167 |
|
1168 |
In general, an HTTP user agent should follow the same or similar |
1169 |
behavior as a MIME user agent would upon receipt of a multipart |
1170 |
type. The following subtypes have been defined: |
1171 |
|
1172 |
multipart/mixed |
1173 |
|
1174 |
The mixed subtype is used when there are no additional semantics |
1175 |
implied beyond the fact that one or more entities are |
1176 |
encaspsulated. HTTP servers should not use this type to send |
1177 |
groups of entities if it is possible for those entities to be |
1178 |
individually retrieved and cached. |
1179 |
|
1180 |
multipart/alternative |
1181 |
|
1182 |
The alternative subtype implies that each of the parts is an |
1183 |
alternative format for the same information; the user agent |
1184 |
should present only the part most preferred by the user. HTTP |
1185 |
servers should use some form of content negotiation (Section 12) |
1186 |
instead of this type. |
1187 |
|
1188 |
multipart/digest |
1189 |
|
1190 |
The digest subtype implies that each of the parts is a message |
1191 |
(normally of type "message/rfc822") and thus the whole entity is |
1192 |
a collected sequence of message traffic. This type does not have |
1193 |
any special significance for HTTP. |
1194 |
|
1195 |
multipart/form-data |
1196 |
|
1197 |
The form-data subtype is defined by RFC 1867 [15] for use in |
1198 |
submitting the data that comes about from filling-in a form. |
1199 |
|
1200 |
multipart/parallel |
1201 |
|
1202 |
The parallel subtype implies that the parts should be presented |
1203 |
simultaneously by the user agent. This media type would be |
1204 |
appropriate for situations where simultaneous presentation is an |
1205 |
important aspect of the information, such as for audio-annotated |
1206 |
slides. |
1207 |
|
1208 |
Note: This document does not define what is meant by |
1209 |
"simultaneous presentation". That is, HTTP does not provide |
1210 |
any means of synchronization between the parts in messages |
1211 |
of type "multipart/parallel". |
1212 |
|
1213 |
Other multipart subtypes may be registered by IANA [19] according |
1214 |
to the procedures defined in RFC 1590 [17]. If an application |
1215 |
receives an unrecognized multipart subtype, the application must |
1216 |
treat it as being equivalent to "multipart/mixed". |
1217 |
|
1218 |
3.8 Product Tokens |
1219 |
|
1220 |
Product tokens are used to allow communicating applications to |
1221 |
identify themselves via a simple product token, with an optional |
1222 |
slash and version designator. Most fields using product tokens also |
1223 |
allow subproducts which form a significant part of the application |
1224 |
to be listed, separated by whitespace. By convention, the products |
1225 |
are listed in order of their significance for identifying the |
1226 |
application. |
1227 |
|
1228 |
product = token ["/" product-version] |
1229 |
product-version = token |
1230 |
|
1231 |
Examples: |
1232 |
|
1233 |
User-Agent: CERN-LineMode/2.15 libwww/2.17b3 |
1234 |
|
1235 |
Server: Apache/0.8.4 |
1236 |
|
1237 |
Product tokens should be short and to the point -- use of them for |
1238 |
advertizing or other non-essential information is explicitly |
1239 |
forbidden. Although any token character may appear in a |
1240 |
product-version, this token should only be used for a version |
1241 |
identifier (i.e., successive versions of the same product should |
1242 |
only differ in the product-version portion of the product value). |
1243 |
|
1244 |
3.9 Quality Values |
1245 |
|
1246 |
HTTP content negotiation (Section 12) uses short "floating point" |
1247 |
numbers to indicate the relative importance ("weight") of various |
1248 |
negotiable parameters. The weights are normalized to a real number |
1249 |
in the range 0 through 1, where 0 is the minimum and 1 the maximum |
1250 |
value. In order to discourage misuse of this feature, HTTP/1.1 |
1251 |
applications must not generate more than three digits after the |
1252 |
decimal point. User configuration of these values should also be |
1253 |
limited in this fashion. |
1254 |
|
1255 |
qvalue = ( "0" [ "." 0*3DIGIT ] ) |
1256 |
| ( "." 0*3DIGIT ) |
1257 |
| ( "1" [ "." 0*3("0") ] ) |
1258 |
|
1259 |
"Quality values" is a slight misnomer, since these values actually |
1260 |
measure relative degradation in perceived quality. Thus, a value of |
1261 |
"0.8" represents a 20% degradation from the optimum rather than a |
1262 |
statement of 80% quality. |
1263 |
|
1264 |
3.10 Language Tags |
1265 |
|
1266 |
A language tag identifies a natural language spoken, written, or |
1267 |
otherwise conveyed by human beings for communication of information |
1268 |
to other human beings. Computer languages are explicitly excluded. |
1269 |
HTTP uses language tags within the Accept-Language, |
1270 |
Content-Language, and URI-header fields. |
1271 |
|
1272 |
The syntax and registry of HTTP language tags is the same as that |
1273 |
defined by RFC 1766 [1]. In summary, a language tag is composed of |
1274 |
1 or more parts: A primary language tag and a possibly empty series |
1275 |
of subtags: |
1276 |
|
1277 |
language-tag = primary-tag *( "-" subtag ) |
1278 |
|
1279 |
primary-tag = 1*8ALPHA |
1280 |
subtag = 1*8ALPHA |
1281 |
|
1282 |
Whitespace is not allowed within the tag and all tags are |
1283 |
case-insensitive. The namespace of language tags is administered by |
1284 |
the IANA. Example tags include: |
1285 |
|
1286 |
en, en-US, en-cockney, i-cherokee, x-pig-latin |
1287 |
|
1288 |
where any two-letter primary-tag is an ISO 639 language |
1289 |
abbreviation and any two-letter initial subtag is an ISO 3166 |
1290 |
country code. |
1291 |
|
1292 |
In the context of the Accept-Language header (Section 10.4), a |
1293 |
language tag is not to be interpreted as a single token, as per RFC |
1294 |
1766, but as a hierarchy. A server should consider that it has a |
1295 |
match when a language tag received in an Accept-Language header |
1296 |
matches the initial portion of the language tag of a document. An |
1297 |
exact match should be preferred. This interpretation allows a |
1298 |
browser to send, for example: |
1299 |
|
1300 |
Accept-Language: en-US, en; ql=0.95 |
1301 |
|
1302 |
when the intent is to access, in order of preference, documents in |
1303 |
US-English ("en-US"), 'plain' or 'international' English ("en"), |
1304 |
and any other variant of English (initial "en-"). |
1305 |
|
1306 |
Note: Using the language tag as a hierarchy does not imply |
1307 |
that all languages with a common prefix will be understood |
1308 |
by those fluent in one or more of those languages; it simply |
1309 |
allows the user to request this commonality when it is true |
1310 |
for that user. |
1311 |
|
1312 |
3.11 Logic Bags |
1313 |
|
1314 |
A logic bag is a binary logic expression tree represented in prefix |
1315 |
notation using the generic bag syntax. Logic bags are used by HTTP |
1316 |
in the Unless (Section 10.40) header field as expressions to be |
1317 |
tested against the requested resource's header field |
1318 |
metainformation. |
1319 |
|
1320 |
logic-bag = "{" expression "}" |
1321 |
|
1322 |
expression = ( log-op 1*logic-bag ) |
1323 |
| ( rel-op 1*field-tuple ) |
1324 |
| ( "def" 1*field-name ) |
1325 |
|
1326 |
log-op = "and" | "or" | "xor" | "not" |
1327 |
rel-op = "eq" | "ne" | "lt" | "le" | "ge" | "gt" | "in" |
1328 |
|
1329 |
field-tuple = "{" field-name ( bag | token | quoted-string ) "}" |
1330 |
|
1331 |
The recursive structure of a logic bag allows a complex expression |
1332 |
tree to be formed by joining together subexpressions with logical |
1333 |
operators. Expressions with relational operators are used to |
1334 |
compare the requested resource's corresponding metainformation |
1335 |
(header field values) to those inside the expression field-tuples. |
1336 |
For example, |
1337 |
|
1338 |
{or {ne {Content-MD5 "Q2hlY2sgSW50ZWdyaXR5IQ=="}} |
1339 |
{ne {Content-Length 10036}} |
1340 |
{ne {Content-Version "12.4.8"}} |
1341 |
{gt {Last-Modified "Mon, 04 Dec 1995 01:23:45 GMT"}}} |
1342 |
|
1343 |
The expression is evaluated recursively by depth-first traversal |
1344 |
and bottom-up evaluation of the subexpressions until a true or |
1345 |
false value can be determined. Multiple operands to an operator |
1346 |
imply a conjunctive ("and") expression; e.g., |
1347 |
|
1348 |
{eq {A "a"} {B "b"} {C "c"}} |
1349 |
|
1350 |
is equivalent to |
1351 |
|
1352 |
{and {eq {A "a"}} {eq {B "b"}} {eq {C "c"}}} |
1353 |
|
1354 |
Each expression is evaluated as defined by the operator: |
1355 |
|
1356 |
and True if all of the operands evaluate true. |
1357 |
|
1358 |
or True if any of the operands evaluate true. |
1359 |
|
1360 |
xor True if one and only one operand evaluates true. |
1361 |
|
1362 |
not True if all of the operands evaluate false. |
1363 |
|
1364 |
eq True if all field-tuple values exactly match the resource's |
1365 |
corresponding field values. |
1366 |
|
1367 |
ne True if all field-tuple values do not match the resource's |
1368 |
corresponding field values. |
1369 |
|
1370 |
lt True if, for each field-tuple, the resource's corresponding |
1371 |
field value is less than the one given in the expression. |
1372 |
|
1373 |
le True if, for each field-tuple, the resource's corresponding |
1374 |
field value is less than or equal to the one given in the |
1375 |
expression. |
1376 |
|
1377 |
ge True if, for each field-tuple, the resource's corresponding |
1378 |
field value is greater than or equal to the one given in the |
1379 |
expression. |
1380 |
|
1381 |
gt True if, for each field-tuple, the resource's corresponding |
1382 |
field value is greater than the one given in the expression. |
1383 |
|
1384 |
in True if, for each field-tuple, the resource's corresponding |
1385 |
field value contains the component value given in the |
1386 |
expression. |
1387 |
|
1388 |
def True if, for each field-name operand, the resource defines a |
1389 |
value for that field. |
1390 |
|
1391 |
A field-tuple consists of a field-name (assumed to be an HTTP |
1392 |
header field name, though not constrained to those defined by this |
1393 |
specification) and the field-value component which is to be |
1394 |
compared against the resource's field value. The actual method of |
1395 |
comparison (e.g., byte equivalence, substring matching, numeric |
1396 |
order, substructure containment, etc.) is defined by the logical |
1397 |
definition of the operator and the type of field-value allowed for |
1398 |
that field-name. Server implementors must use an appropriate |
1399 |
comparison function for each type of field-value given in this |
1400 |
specification. The default functions for unrecognized fields are |
1401 |
numeric comparison (for values consisting of 1*DIGIT) and lexical |
1402 |
comparison (for all others). |
1403 |
|
1404 |
Except for "ne", any comparison to a field not defined by the |
1405 |
resource evaluates to false. |
1406 |
|
1407 |
4. HTTP Message |
1408 |
|
1409 |
4.1 Message Types |
1410 |
|
1411 |
HTTP messages consist of requests from client to server and |
1412 |
responses from server to client. |
1413 |
|
1414 |
HTTP-message = Simple-Request ; HTTP/0.9 messages |
1415 |
| Simple-Response |
1416 |
| Full-Request ; HTTP/1.1 messages |
1417 |
| Full-Response |
1418 |
|
1419 |
Full-Request and Full-Response use the generic message format of |
1420 |
RFC 822 [9] for transferring entities. Both messages may include |
1421 |
optional header fields (also known as "headers") and an entity |
1422 |
body. The entity body is separated from the headers by a null line |
1423 |
(i.e., a line with nothing preceding the CRLF). |
1424 |
|
1425 |
Full-Request = Request-Line ; Section 5.1 |
1426 |
*( General-Header ; Section 4.3 |
1427 |
| Request-Header ; Section 5.2 |
1428 |
| Entity-Header ) ; Section 7.1 |
1429 |
CRLF |
1430 |
[ Entity-Body ] ; Section 7.2 |
1431 |
|
1432 |
Full-Response = Status-Line ; Section 6.1 |
1433 |
*( General-Header ; Section 4.3 |
1434 |
| Response-Header ; Section 6.2 |
1435 |
| Entity-Header ) ; Section 7.1 |
1436 |
CRLF |
1437 |
[ Entity-Body ] ; Section 7.2 |
1438 |
|
1439 |
Simple-Request and Simple-Response do not allow the use of any |
1440 |
header information and are limited to a single request method (GET). |
1441 |
|
1442 |
Simple-Request = "GET" SP Request-URI CRLF |
1443 |
|
1444 |
Simple-Response = [ Entity-Body ] |
1445 |
|
1446 |
Use of the Simple-Request format is discouraged because it prevents |
1447 |
the client from using content negotiation and the server from |
1448 |
identifying the media type of the returned entity. |
1449 |
|
1450 |
4.2 Message Headers |
1451 |
|
1452 |
HTTP header fields, which include General-Header (Section 4.3), |
1453 |
Request-Header (Section 5.2), Response-Header (Section 6.2), and |
1454 |
Entity-Header (Section 7.1) fields, follow the same generic format |
1455 |
as that given in Section 3.1 of RFC 822 [9]. Each header field |
1456 |
consists of a name followed by a colon (":") and the field value. |
1457 |
Field names are case-insensitive. The field value may be preceded |
1458 |
by any amount of LWS, though a single SP is preferred. Header |
1459 |
fields can be extended over multiple lines by preceding each extra |
1460 |
line with at least one SP or HT. |
1461 |
|
1462 |
HTTP-header = field-name ":" [ field-value ] CRLF |
1463 |
|
1464 |
field-name = token |
1465 |
field-value = *( field-content | LWS ) |
1466 |
|
1467 |
field-content = <the OCTETs making up the field-value |
1468 |
and consisting of either *TEXT or combinations |
1469 |
of token, tspecials, and quoted-string> |
1470 |
|
1471 |
The order in which header fields are received is not significant. |
1472 |
However, it is "good practice" to send General-Header fields first, |
1473 |
followed by Request-Header or Response-Header fields prior to the |
1474 |
Entity-Header fields. |
1475 |
|
1476 |
Multiple HTTP-header fields with the same field-name may be present |
1477 |
in a message if and only if the entire field-value for that header |
1478 |
field is defined as a comma-separated list [i.e., #(values)]. It |
1479 |
must be possible to combine the multiple header fields into one |
1480 |
"field-name: field-value" pair, without changing the semantics of |
1481 |
the message, by appending each subsequent field-value to the first, |
1482 |
each separated by a comma. |
1483 |
|
1484 |
4.3 General Header Fields |
1485 |
|
1486 |
There are a few header fields which have general applicability for |
1487 |
both request and response messages, but which do not apply to the |
1488 |
entity being transferred. These headers apply only to the message |
1489 |
being transmitted. |
1490 |
|
1491 |
General-Header = Cache-Control ; Section 10.8 |
1492 |
| Connection ; Section 10.9 |
1493 |
| Date ; Section 10.17 |
1494 |
| Forwarded ; Section 10.20 |
1495 |
| Keep-Alive ; Section 10.24 |
1496 |
| MIME-Version ; Section 10.28 |
1497 |
| Pragma ; Section 10.29 |
1498 |
| Upgrade ; Section 10.41 |
1499 |
|
1500 |
General header field names can be extended reliably only in |
1501 |
combination with a change in the protocol version. However, new or |
1502 |
experimental header fields may be given the semantics of general |
1503 |
header fields if all parties in the communication recognize them to |
1504 |
be general header fields. Unrecognized header fields are treated as |
1505 |
Entity-Header fields. |
1506 |
|
1507 |
5. Request |
1508 |
|
1509 |
A request message from a client to a server includes, within the |
1510 |
first line of that message, the method to be applied to the |
1511 |
resource, the identifier of the resource, and the protocol version |
1512 |
in use. For backwards compatibility with the more limited HTTP/0.9 |
1513 |
protocol, there are two valid formats for an HTTP request: |
1514 |
|
1515 |
Request = Simple-Request | Full-Request |
1516 |
|
1517 |
Simple-Request = "GET" SP Request-URI CRLF |
1518 |
|
1519 |
Full-Request = Request-Line ; Section 5.1 |
1520 |
*( General-Header ; Section 4.3 |
1521 |
| Request-Header ; Section 5.2 |
1522 |
| Entity-Header ) ; Section 7.1 |
1523 |
CRLF |
1524 |
[ Entity-Body ] ; Section 7.2 |
1525 |
|
1526 |
If an HTTP/1.1 server receives a Simple-Request, it must respond |
1527 |
with an HTTP/0.9 Simple-Response. An HTTP/1.1 client must never |
1528 |
generate a Simple-Request. |
1529 |
|
1530 |
5.1 Request-Line |
1531 |
|
1532 |
The Request-Line begins with a method token, followed by the |
1533 |
Request-URI and the protocol version, and ending with CRLF. The |
1534 |
elements are separated by SP characters. No CR or LF are allowed |
1535 |
except in the final CRLF sequence. |
1536 |
|
1537 |
Request-Line = Method SP Request-URI SP HTTP-Version CRLF |
1538 |
|
1539 |
Note that the difference between a Simple-Request and the |
1540 |
Request-Line of a Full-Request is the presence of the HTTP-Version |
1541 |
field and the availability of methods other than GET. |
1542 |
|
1543 |
5.1.1 Method |
1544 |
|
1545 |
The Method token indicates the method to be performed on the |
1546 |
resource identified by the Request-URI. The method is |
1547 |
case-sensitive. |
1548 |
|
1549 |
Method = "OPTIONS" ; Section 8.1 |
1550 |
| "GET" ; Section 8.2 |
1551 |
| "HEAD" ; Section 8.3 |
1552 |
| "POST" ; Section 8.4 |
1553 |
| "PUT" ; Section 8.5 |
1554 |
| "PATCH" ; Section 8.6 |
1555 |
| "COPY" ; Section 8.7 |
1556 |
| "MOVE" ; Section 8.8 |
1557 |
| "DELETE" ; Section 8.9 |
1558 |
| "LINK" ; Section 8.10 |
1559 |
| "UNLINK" ; Section 8.11 |
1560 |
| "TRACE" ; Section 8.12 |
1561 |
| "WRAPPED" ; Section 8.13 |
1562 |
| extension-method |
1563 |
|
1564 |
extension-method = token |
1565 |
|
1566 |
The list of methods acceptable by a specific resource can be |
1567 |
specified in an Allow header field (Section 10.5). However, the |
1568 |
client is always notified through the return code of the response |
1569 |
whether a method is currently allowed on a specific resource, as |
1570 |
this can change dynamically. Servers should return the status code |
1571 |
405 (method not allowed) if the method is known by the server but |
1572 |
not allowed for the requested resource, and 501 (not implemented) |
1573 |
if the method is unrecognized or not implemented by the server. The |
1574 |
list of methods known by a server can be listed in a Public |
1575 |
response header field (Section 10.32). |
1576 |
|
1577 |
The methods GET and HEAD must be supported by all general-purpose |
1578 |
servers. Servers which provide Last-Modified dates for resources |
1579 |
must also support the conditional GET method. All other methods are |
1580 |
optional; however, if the above methods are implemented, they must |
1581 |
be implemented with the same semantics as those specified in |
1582 |
Section 8. |
1583 |
|
1584 |
5.1.2 Request-URI |
1585 |
|
1586 |
The Request-URI is a Uniform Resource Identifier (Section 3.2) and |
1587 |
identifies the resource upon which to apply the request. |
1588 |
|
1589 |
Request-URI = "*" | absoluteURI | abs_path |
1590 |
|
1591 |
The three options for Request-URI are dependent on the nature of |
1592 |
the request. The asterisk "*" means that the request does not apply |
1593 |
to a particular resource, but to the server itself, and is only |
1594 |
allowed when the Method used does not necessarily apply to a |
1595 |
resource. One example would be |
1596 |
|
1597 |
OPTIONS * HTTP/1.1 |
1598 |
|
1599 |
The absoluteURI form is only allowed when the request is being made |
1600 |
to a proxy. The proxy is requested to forward the request and |
1601 |
return the response. If the request is GET or HEAD and a prior |
1602 |
response is cached, the proxy may use the cached message if it |
1603 |
passes any restrictions in the Cache-Control and Expires header |
1604 |
fields. Note that the proxy may forward the request on to another |
1605 |
proxy or directly to the server specified by the absoluteURI. In |
1606 |
order to avoid request loops, a proxy must be able to recognize all |
1607 |
of its server names, including any aliases, local variations, and |
1608 |
the numeric IP address. An example Request-Line would be: |
1609 |
|
1610 |
GET http://www.w3.org/pub/WWW/TheProject.html HTTP/1.1 |
1611 |
|
1612 |
The most common form of Request-URI is that used to identify a |
1613 |
resource on an origin server or gateway. In this case, only the |
1614 |
absolute path of the URI is transmitted (see Section 3.2.1, |
1615 |
abs_path). For example, a client wishing to retrieve the resource |
1616 |
above directly from the origin server would create a TCP connection |
1617 |
to port 80 of the host "www.w3.org" and send the line: |
1618 |
|
1619 |
GET /pub/WWW/TheProject.html HTTP/1.1 |
1620 |
|
1621 |
followed by the remainder of the Full-Request. Note that the |
1622 |
absolute path cannot be empty; if none is present in the original |
1623 |
URI, it must be given as "/" (the server root). |
1624 |
|
1625 |
If a proxy receives a request without any path in the Request-URI |
1626 |
and the method used is capable of supporting the asterisk form of |
1627 |
request, then the last proxy on the request chain must forward the |
1628 |
request with "*" as the final Request-URI. For example, the request |
1629 |
|
1630 |
OPTIONS http://www.ics.uci.edu:8001 HTTP/1.1 |
1631 |
|
1632 |
would be forwarded by the proxy as |
1633 |
|
1634 |
OPTIONS * HTTP/1.1 |
1635 |
|
1636 |
after connecting to port 8001 of host "www.ics.uci.edu". |
1637 |
|
1638 |
The Request-URI is transmitted as an encoded string, where some |
1639 |
characters may be escaped using the "% hex hex" encoding defined by |
1640 |
RFC 1738 [4]. The origin server must decode the Request-URI in |
1641 |
order to properly interpret the request. |
1642 |
|
1643 |
5.2 Request Header Fields |
1644 |
|
1645 |
The request header fields allow the client to pass additional |
1646 |
information about the request, and about the client itself, to the |
1647 |
server. These fields act as request modifiers, with semantics |
1648 |
equivalent to the parameters on a programming language method |
1649 |
(procedure) invocation. |
1650 |
|
1651 |
Request-Header = Accept ; Section 10.1 |
1652 |
| Accept-Charset ; Section 10.2 |
1653 |
| Accept-Encoding ; Section 10.3 |
1654 |
| Accept-Language ; Section 10.4 |
1655 |
| Authorization ; Section 10.6 |
1656 |
| From ; Section 10.21 |
1657 |
| Host ; Section 10.22 |
1658 |
| If-Modified-Since ; Section 10.23 |
1659 |
| Proxy-Authorization ; Section 10.31 |
1660 |
| Range ; Section 10.33 |
1661 |
| Referer ; Section 10.34 |
1662 |
| Unless ; Section 10.40 |
1663 |
| User-Agent ; Section 10.43 |
1664 |
|
1665 |
Request-Header field names can be extended reliably only in |
1666 |
combination with a change in the protocol version. However, new or |
1667 |
experimental header fields may be given the semantics of request |
1668 |
header fields if all parties in the communication recognize them to |
1669 |
be request header fields. Unrecognized header fields are treated as |
1670 |
Entity-Header fields. |
1671 |
|
1672 |
6. Response |
1673 |
|
1674 |
After receiving and interpreting a request message, a server |
1675 |
responds in the form of an HTTP response message. |
1676 |
|
1677 |
Response = Simple-Response | Full-Response |
1678 |
|
1679 |
Simple-Response = [ Entity-Body ] |
1680 |
|
1681 |
Full-Response = Status-Line ; Section 6.1 |
1682 |
*( General-Header ; Section 4.3 |
1683 |
| Response-Header ; Section 6.2 |
1684 |
| Entity-Header ) ; Section 7.1 |
1685 |
CRLF |
1686 |
[ Entity-Body ] ; Section 7.2 |
1687 |
|
1688 |
A Simple-Response should only be sent in response to an HTTP/0.9 |
1689 |
Simple-Request or if the server only supports the more limited |
1690 |
HTTP/0.9 protocol. If a client sends an HTTP/1.1 Full-Request and |
1691 |
receives a response that does not begin with a Status-Line, it |
1692 |
should assume that the response is a Simple-Response and parse it |
1693 |
accordingly. Note that the Simple-Response consists only of the |
1694 |
entity body and is terminated by the server closing the connection. |
1695 |
|
1696 |
6.1 Status-Line |
1697 |
|
1698 |
The first line of a Full-Response message is the Status-Line, |
1699 |
consisting of the protocol version followed by a numeric status |
1700 |
code and its associated textual phrase, with each element separated |
1701 |
by SP characters. No CR or LF is allowed except in the final CRLF |
1702 |
sequence. |
1703 |
|
1704 |
Status-Line = HTTP-Version SP Status-Code SP Reason-Phrase CRLF |
1705 |
|
1706 |
Since a status line always begins with the protocol version and |
1707 |
status code |
1708 |
|
1709 |
"HTTP/" 1*DIGIT "." 1*DIGIT SP 3DIGIT SP |
1710 |
|
1711 |
(e.g., "HTTP/1.1 200 "), the presence of that expression is |
1712 |
sufficient to differentiate a Full-Response from a Simple-Response. |
1713 |
Although the Simple-Response format may allow such an expression to |
1714 |
occur at the beginning of an entity body, and thus cause a |
1715 |
misinterpretation of the message if it was given in response to a |
1716 |
Full-Request, most HTTP/0.9 servers are limited to responses of |
1717 |
type "text/html" and therefore would never generate such a response. |
1718 |
|
1719 |
6.1.1 Status Code and Reason Phrase |
1720 |
|
1721 |
The Status-Code element is a 3-digit integer result code of the |
1722 |
attempt to understand and satisfy the request. The Reason-Phrase is |
1723 |
intended to give a short textual description of the Status-Code. |
1724 |
The Status-Code is intended for use by automata and the |
1725 |
Reason-Phrase is intended for the human user. The client is not |
1726 |
required to examine or display the Reason-Phrase. |
1727 |
|
1728 |
The first digit of the Status-Code defines the class of response. |
1729 |
The last two digits do not have any categorization role. There are |
1730 |
5 values for the first digit: |
1731 |
|
1732 |
o 1xx: Informational - Request received, continuing process |
1733 |
|
1734 |
o 2xx: Success - The action was successfully received, |
1735 |
understood, and accepted |
1736 |
|
1737 |
o 3xx: Redirection - Further action must be taken in order to |
1738 |
complete the request |
1739 |
|
1740 |
o 4xx: Client Error - The request contains bad syntax or cannot |
1741 |
be fulfilled |
1742 |
|
1743 |
o 5xx: Server Error - The server failed to fulfill an apparently |
1744 |
valid request |
1745 |
|
1746 |
The individual values of the numeric status codes defined for |
1747 |
HTTP/1.1, and an example set of corresponding Reason-Phrase's, are |
1748 |
presented below. The reason phrases listed here are only |
1749 |
recommended -- they may be replaced by local equivalents without |
1750 |
affecting the protocol. These codes are fully defined in Section 9. |
1751 |
|
1752 |
Status-Code = "100" ; Continue |
1753 |
| "101" ; Switching Protocols |
1754 |
| "200" ; OK |
1755 |
| "201" ; Created |
1756 |
| "202" ; Accepted |
1757 |
| "203" ; Non-Authoritative Information |
1758 |
| "204" ; No Content |
1759 |
| "205" ; Reset Content |
1760 |
| "206" ; Partial Content |
1761 |
| "300" ; Multiple Choices |
1762 |
| "301" ; Moved Permanently |
1763 |
| "302" ; Moved Temporarily |
1764 |
| "303" ; See Other |
1765 |
| "304" ; Not Modified |
1766 |
| "305" ; Use Proxy |
1767 |
| "400" ; Bad Request |
1768 |
| "401" ; Unauthorized |
1769 |
| "402" ; Payment Required |
1770 |
| "403" ; Forbidden |
1771 |
| "404" ; Not Found |
1772 |
| "405" ; Method Not Allowed |
1773 |
| "406" ; None Acceptable |
1774 |
| "407" ; Proxy Authentication Required |
1775 |
| "408" ; Request Timeout |
1776 |
| "409" ; Conflict |
1777 |
| "410" ; Gone |
1778 |
| "411" ; Length Required |
1779 |
| "412" ; Unless True |
1780 |
| "500" ; Internal Server Error |
1781 |
| "501" ; Not Implemented |
1782 |
| "502" ; Bad Gateway |
1783 |
| "503" ; Service Unavailable |
1784 |
| "504" ; Gateway Timeout |
1785 |
| extension-code |
1786 |
|
1787 |
extension-code = 3DIGIT |
1788 |
|
1789 |
Reason-Phrase = *<TEXT, excluding CR, LF> |
1790 |
|
1791 |
HTTP status codes are extensible. HTTP applications are not |
1792 |
required to understand the meaning of all registered status codes, |
1793 |
though such understanding is obviously desirable. However, |
1794 |
applications must understand the class of any status code, as |
1795 |
indicated by the first digit, and treat any unrecognized response |
1796 |
as being equivalent to the x00 status code of that class, with the |
1797 |
exception that an unrecognized response must not be cached. For |
1798 |
example, if an unrecognized status code of 431 is received by the |
1799 |
client, it can safely assume that there was something wrong with |
1800 |
its request and treat the response as if it had received a 400 |
1801 |
status code. In such cases, user agents should present to the user |
1802 |
the entity returned with the response, since that entity is likely |
1803 |
to include human-readable information which will explain the |
1804 |
unusual status. |
1805 |
|
1806 |
6.2 Response Header Fields |
1807 |
|
1808 |
The response header fields allow the server to pass additional |
1809 |
information about the response which cannot be placed in the |
1810 |
Status-Line. These header fields are not intended to give |
1811 |
information about an Entity-Body returned in the response, but |
1812 |
about access to the resource or the server itself. |
1813 |
|
1814 |
Response-Header= Location ; Section 10.27 |
1815 |
| Proxy-Authenticate ; Section 10.30 |
1816 |
| Public ; Section 10.32 |
1817 |
| Retry-After ; Section 10.36 |
1818 |
| Server ; Section 10.37 |
1819 |
| WWW-Authenticate ; Section 10.44 |
1820 |
|
1821 |
Response-Header field names can be extended reliably only in |
1822 |
combination with a change in the protocol version. However, new or |
1823 |
experimental header fields may be given the semantics of response |
1824 |
header fields if all parties in the communication recognize them to |
1825 |
be response header fields. Unrecognized header fields are treated |
1826 |
as Entity-Header fields. |
1827 |
|
1828 |
7. Entity |
1829 |
|
1830 |
Full-Request and Full-Response messages may transfer an entity |
1831 |
within some requests and responses. An entity consists of |
1832 |
Entity-Header fields and (usually) an Entity-Body. In this section, |
1833 |
both sender and recipient refer to either the client or the server, |
1834 |
depending on who sends and who receives the entity. |
1835 |
|
1836 |
7.1 Entity Header Fields |
1837 |
|
1838 |
Entity-Header fields define optional metainformation about the |
1839 |
Entity-Body or, if no body is present, about the resource |
1840 |
identified by the request. |
1841 |
|
1842 |
Entity-Header = Allow ; Section 10.5 |
1843 |
| Content-Encoding ; Section 10.10 |
1844 |
| Content-Language ; Section 10.11 |
1845 |
| Content-Length ; Section 10.12 |
1846 |
| Content-MD5 ; Section 10.13 |
1847 |
| Content-Range ; Section 10.14 |
1848 |
| Content-Type ; Section 10.15 |
1849 |
| Content-Version ; Section 10.16 |
1850 |
| Derived-From ; Section 10.18 |
1851 |
| Expires ; Section 10.19 |
1852 |
| Last-Modified ; Section 10.25 |
1853 |
| Link ; Section 10.26 |
1854 |
| Title ; Section 10.38 |
1855 |
| Transfer-Encoding ; Section 10.39 |
1856 |
| URI-header ; Section 10.42 |
1857 |
| extension-header |
1858 |
|
1859 |
extension-header=HTTP-header |
1860 |
|
1861 |
The extension-header mechanism allows additional Entity-Header |
1862 |
fields to be defined without changing the protocol, but these |
1863 |
fields cannot be assumed to be recognizable by the recipient. |
1864 |
Unrecognized header fields should be ignored by the recipient and |
1865 |
forwarded by proxies. |
1866 |
|
1867 |
7.2 Entity Body |
1868 |
|
1869 |
The entity body (if any) sent with an HTTP request or response is |
1870 |
in a format and encoding defined by the Entity-Header fields. |
1871 |
|
1872 |
Entity-Body = *OCTET |
1873 |
|
1874 |
An entity body is included with a request message only when the |
1875 |
request method calls for one. The presence of an entity body in a |
1876 |
request is signaled by the inclusion of a Content-Length and/or |
1877 |
Content-Type header field in the request message headers. |
1878 |
|
1879 |
For response messages, whether or not an entity body is included |
1880 |
with a message is dependent on both the request method and the |
1881 |
response code. All responses to the HEAD request method must not |
1882 |
include a body, even though the presence of entity header fields |
1883 |
may lead one to believe they do. All 1xx (informational), 204 (no |
1884 |
content), and 304 (not modified) responses must not include a body. |
1885 |
All other responses must include an entity body or a Content-Length |
1886 |
header field defined with a value of zero (0). |
1887 |
|
1888 |
7.2.1 Type |
1889 |
|
1890 |
When an entity body is included with a message, the data type of |
1891 |
that body is determined via the header fields Content-Type, |
1892 |
Content-Encoding, and Transfer-Encoding. These define a |
1893 |
three-layer, ordered encoding model: |
1894 |
|
1895 |
entity-body := |
1896 |
Transfer-Encoding( Content-Encoding( Content-Type( data ) ) ) |
1897 |
|
1898 |
The default for both encodings is none (i.e., the identity |
1899 |
function). Content-Type specifies the media type of the underlying |
1900 |
data. Content-Encoding may be used to indicate any additional |
1901 |
content codings applied to the type, usually for the purpose of |
1902 |
data compression, that are a property of the resource requested. |
1903 |
Transfer-Encoding may be used to indicate any additional transfer |
1904 |
codings applied by an application to ensure safe and proper |
1905 |
transfer of the message. Note that Transfer-Encoding is a property |
1906 |
of the message, not of the resource. |
1907 |
|
1908 |
Any HTTP/1.1 message containing an entity body should include a |
1909 |
Content-Type header field defining the media type of that body. If |
1910 |
and only if the media type is not given by a Content-Type header, |
1911 |
as is the case for Simple-Response messages, the recipient may |
1912 |
attempt to guess the media type via inspection of its content |
1913 |
and/or the name extension(s) of the URL used to identify the |
1914 |
resource. If the media type remains unknown, the recipient should |
1915 |
treat it as type "application/octet-stream". |
1916 |
|
1917 |
7.2.2 Length |
1918 |
|
1919 |
When an entity body is included with a message, the length of that |
1920 |
body may be determined in one of several ways. If a Content-Length |
1921 |
header field is present, its value in bytes represents the length |
1922 |
of the entity body. Otherwise, the body length is determined by the |
1923 |
Transfer-Encoding (if the "chunked" transfer coding has been |
1924 |
applied), by the Content-Type (for multipart types with an explicit |
1925 |
end-of-body delimiter), or by the server closing the connection. |
1926 |
|
1927 |
Note: Any response message which must not include an entity |
1928 |
body (such as the 1xx, 204, and 304 responses and any |
1929 |
response to a HEAD request) is always terminated by the |
1930 |
first empty line after the header fields, regardless of the |
1931 |
entity header fields present in the message. |
1932 |
|
1933 |
Closing the connection cannot be used to indicate the end of a |
1934 |
request body, since it leaves no possibility for the server to send |
1935 |
back a response. For compatibility with HTTP/1.0 applications, |
1936 |
HTTP/1.1 requests containing an entity body must include a valid |
1937 |
Content-Length header field unless the server is known to be |
1938 |
HTTP/1.1 compliant. HTTP/1.1 servers must accept the "chunked" |
1939 |
transfer coding (Section 3.6) and multipart media types |
1940 |
(Section 3.7.2), thus allowing either mechanism to be used for a |
1941 |
request when Content-Length is unknown. |
1942 |
|
1943 |
If a request contains an entity body and Content-Length is not |
1944 |
specified, the server should respond with 400 (bad request) if it |
1945 |
cannot determine the length of the request message's content, or |
1946 |
with 411 (length required) if it wishes to insist on receiving a |
1947 |
valid Content-Length. |
1948 |
|
1949 |
Messages must not include both a Content-Length header field and |
1950 |
the "chunked" transfer coding. If both are received, the |
1951 |
Content-Length must be ignored. |
1952 |
|
1953 |
When a Content-Length is given in a message where an entity body is |
1954 |
allowed, its field value must exactly match the number of OCTETs in |
1955 |
the entity body. HTTP/1.1 user agents must notify the user when an |
1956 |
invalid length is received and detected. |
1957 |
|
1958 |
8. Method Definitions |
1959 |
|
1960 |
The set of common methods for HTTP/1.1 is defined below. Although |
1961 |
this set can be expanded, additional methods cannot be assumed to |
1962 |
share the same semantics for separately extended clients and |
1963 |
servers. |
1964 |
|
1965 |
The semantics of all methods may be affected by the presence of an |
1966 |
Unless request header field, as described in Section 10.40. |
1967 |
|
1968 |
8.1 OPTIONS |
1969 |
|
1970 |
The OPTIONS method represents a request for information about the |
1971 |
communication options available on the request/response chain |
1972 |
identified by the Request-URI. This method allows the client to |
1973 |
determine the options and/or requirements associated with a |
1974 |
resource, or the capabilities of a server, without implying a |
1975 |
resource action or initiating a resource retrieval. |
1976 |
|
1977 |
Unless the server's response is an error, the response must not |
1978 |
include entity information other than what can be considered as |
1979 |
communication options (e.g., Allow is appropriate, but Content-Type |
1980 |
is not) and must include a Content-Length with a value of zero (0). |
1981 |
Responses to this method are not cachable. |
1982 |
|
1983 |
If the Request-URI is an asterisk ("*"), the OPTIONS request is |
1984 |
intended to apply to the server as a whole. A 200 response should |
1985 |
include any header fields which indicate optional features |
1986 |
implemented by the server (e.g., Public), including any extensions |
1987 |
not defined by this specification, in addition to any applicable |
1988 |
general or response header fields. As described in Section 5.1.2, |
1989 |
an "OPTIONS *" request can be applied through a proxy by specifying |
1990 |
the destination server in the Request-URI without any path |
1991 |
information. |
1992 |
|
1993 |
If the Request-URI is not an asterisk, the OPTIONS request applies |
1994 |
only to the options that are available when communicating with that |
1995 |
resource. A 200 response should include any header fields which |
1996 |
indicate optional features implemented by the server and applicable |
1997 |
to that resource (e.g., Allow), including any extensions not |
1998 |
defined by this specification, in addition to any applicable |
1999 |
general or response header fields. If the OPTIONS request passes |
2000 |
through a proxy, the proxy must edit the response to exclude those |
2001 |
options known to be unavailable through that proxy. |
2002 |
|
2003 |
8.2 GET |
2004 |
|
2005 |
The GET method means retrieve whatever information (in the form of |
2006 |
an entity) is identified by the Request-URI. If the Request-URI |
2007 |
refers to a data-producing process, it is the produced data which |
2008 |
shall be returned as the entity in the response and not the source |
2009 |
text of the process, unless that text happens to be the output of |
2010 |
the process. |
2011 |
|
2012 |
The semantics of the GET method change to a "conditional GET" if |
2013 |
the request message includes an If-Modified-Since header field. A |
2014 |
conditional GET method requests that the identified resource be |
2015 |
transferred only if it has been modified since the date given by |
2016 |
the If-Modified-Since header, as described in Section 10.23. The |
2017 |
conditional GET method is intended to reduce unnecessary network |
2018 |
usage by allowing cached entities to be refreshed without requiring |
2019 |
multiple requests or transferring data already held by the client. |
2020 |
|
2021 |
The semantics of the GET method change to a "partial GET" if the |
2022 |
request message includes a Range header field. A partial GET |
2023 |
requests that only part of the identified resource be transferred, |
2024 |
as described in Section 10.33. The partial GET method is intended |
2025 |
to reduce unnecessary network usage by allowing partially-retrieved |
2026 |
entities to be completed without transferring data already held by |
2027 |
the client. |
2028 |
|
2029 |
The response to a GET request may be cachable if and only if it |
2030 |
meets the requirements for HTTP caching described in Section 13. |
2031 |
|
2032 |
8.3 HEAD |
2033 |
|
2034 |
The HEAD method is identical to GET except that the server must not |
2035 |
return any Entity-Body in the response. The metainformation |
2036 |
contained in the HTTP headers in response to a HEAD request should |
2037 |
be identical to the information sent in response to a GET request. |
2038 |
This method can be used for obtaining metainformation about the |
2039 |
resource identified by the Request-URI without transferring the |
2040 |
Entity-Body itself. This method is often used for testing hypertext |
2041 |
links for validity, accessibility, and recent modification. |
2042 |
|
2043 |
The response to a HEAD request may be cachable in the sense that |
2044 |
the information contained in the response may be used to update a |
2045 |
previously cached entity from that resource. If the new field |
2046 |
values indicate that the cached entity differs from the current |
2047 |
resource (as would be indicated by a change in Content-Length, |
2048 |
Content-MD5, or Content-Version), then the cache must discard the |
2049 |
cached entity. |
2050 |
|
2051 |
There is no "conditional HEAD" or "partial HEAD" request analogous |
2052 |
to those associated with the GET method. If an If-Modified-Since |
2053 |
and/or Range header field is included with a HEAD request, they |
2054 |
should be ignored. |
2055 |
|
2056 |
8.4 POST |
2057 |
|
2058 |
The POST method is used to request that the destination server |
2059 |
accept the entity enclosed in the request as a new subordinate of |
2060 |
the resource identified by the Request-URI in the Request-Line. |
2061 |
POST is designed to allow a uniform method to cover the following |
2062 |
functions: |
2063 |
|
2064 |
o Annotation of existing resources; |
2065 |
|
2066 |
o Posting a message to a bulletin board, newsgroup, mailing list, |
2067 |
or similar group of articles; |
2068 |
|
2069 |
o Providing a block of data, such as the result of submitting a |
2070 |
form [5], to a data-handling process; |
2071 |
|
2072 |
o Extending a database through an append operation. |
2073 |
|
2074 |
The actual function performed by the POST method is determined by |
2075 |
the server and is usually dependent on the Request-URI. The posted |
2076 |
entity is subordinate to that URI in the same way that a file is |
2077 |
subordinate to a directory containing it, a news article is |
2078 |
subordinate to a newsgroup to which it is posted, or a record is |
2079 |
subordinate to a database. |
2080 |
|
2081 |
HTTP/1.1 allows for a two-phase process to occur in accepting and |
2082 |
processing a POST request. If the media type of the posted entity |
2083 |
is not "application/x-www-form-urlencoded" [5], an HTTP/1.1 client |
2084 |
must pause between sending the message header fields (including the |
2085 |
empty line signifying the end of the headers) and sending the |
2086 |
message body; the duration of the pause is five (5) seconds or |
2087 |
until a response is received from the server, whichever is shorter. |
2088 |
If no response is received during the pause period, or if the |
2089 |
initial response is 100 (continue), the client may continue sending |
2090 |
the POST request. If the response indicates an error, the client |
2091 |
must discontinue the request and close the connection with the |
2092 |
server after reading the response. |
2093 |
|
2094 |
Upon receipt of a POST request, the server must examine the header |
2095 |
fields and determine whether or not the client should continue its |
2096 |
request. If any of the header fields indicate the request is |
2097 |
insufficient or unacceptable to the server (i.e., will result in a |
2098 |
4xx or 5xx response), or if the server can determine the response |
2099 |
without reading the entity body (e.g., a 301 or 302 response due to |
2100 |
an old Request-URI), the server must send that response immediately |
2101 |
upon its determination. If, on the other hand, the request appears |
2102 |
(at least initially) to be acceptable and the client has indicated |
2103 |
HTTP/1.1 compliance, the server must transmit an interim 100 |
2104 |
response message after receiving the empty line terminating the |
2105 |
request headers and continue processing the request. After |
2106 |
processing has finished, a final response message must be sent to |
2107 |
indicate the actual result of the request. A 100 response should |
2108 |
not be sent in response to an HTTP/1.0 request except under |
2109 |
experimental conditions, since an HTTP/1.0 client may mistake the |
2110 |
100 response for the final response. |
2111 |
|
2112 |
For compatibility with HTTP/1.0 applications, all POST requests |
2113 |
must include a valid Content-Length header field unless the server |
2114 |
is known to be HTTP/1.1 compliant. When sending a POST request to |
2115 |
an HTTP/1.1 server, a client must use at least one of: a valid |
2116 |
Content-Length, a multipart Content-Type, or the "chunked" |
2117 |
Transfer-Encoding. The server should respond with a 400 (bad |
2118 |
request) message if it cannot determine the length of the request |
2119 |
message's content, or with 411 (length required) if it wishes to |
2120 |
insist on receiving a valid Content-Length. |
2121 |
|
2122 |
The client can suggest one or more URIs for the new resource by |
2123 |
including a URI header field in the request. However, the server |
2124 |
should treat those URIs as advisory and may store the entity under |
2125 |
a different URI, additional URIs, or without any URI. |
2126 |
|
2127 |
The client may apply relationships between the new resource and |
2128 |
other existing resources by including Link header fields, as |
2129 |
described in Section 10.26. The server may use the Link information |
2130 |
to perform other operations as a result of the new resource being |
2131 |
added. For example, lists and indexes might be updated. However, no |
2132 |
mandatory operation is imposed on the origin server. The origin |
2133 |
server may also generate its own or additional links to other |
2134 |
resources. |
2135 |
|
2136 |
A successful POST does not require that the entity be created as a |
2137 |
resource on the origin server or made accessible for future |
2138 |
reference. That is, the action performed by the POST method might |
2139 |
not result in a resource that can be identified by a URI. In this |
2140 |
case, either 200 (ok) or 204 (no content) is the appropriate |
2141 |
response status, depending on whether or not the response includes |
2142 |
an entity that describes the result. |
2143 |
|
2144 |
If a resource has been created on the origin server, the response |
2145 |
should be 201 (created) and contain an entity (preferably of type |
2146 |
"text/html") which describes the status of the request and refers |
2147 |
to the new resource. |
2148 |
|
2149 |
Responses to this method are not cachable. However, the 303 (see |
2150 |
other) response can be used to direct the user agent to retrieve a |
2151 |
cachable resource. |
2152 |
|
2153 |
8.5 PUT |
2154 |
|
2155 |
The PUT method requests that the enclosed entity be stored under |
2156 |
the supplied Request-URI. If the Request-URI refers to an already |
2157 |
existing resource, the enclosed entity should be considered as a |
2158 |
modified version of the one residing on the origin server. If the |
2159 |
Request-URI does not point to an existing resource, and that URI is |
2160 |
capable of being defined as a new resource by the requesting user |
2161 |
agent, the origin server can create the resource with that URI. If |
2162 |
a new resource is created, the origin server must inform the user |
2163 |
agent via the 201 (created) response. If an existing resource is |
2164 |
modified, either the 200 (ok) or 204 (no content) response codes |
2165 |
should be sent to indicate successful completion of the request. If |
2166 |
the resource could not be created or modified with the Request-URI, |
2167 |
an appropriate error response should be given that reflects the |
2168 |
nature of the problem. |
2169 |
|
2170 |
If the request passes through a cache and the Request-URI |
2171 |
identifies a currently cached entity, that entity must be removed |
2172 |
from the cache. Responses to this method are not cachable. |
2173 |
|
2174 |
The fundamental difference between the POST and PUT requests is |
2175 |
reflected in the different meaning of the Request-URI. The URI in a |
2176 |
POST request identifies the resource that will handle the enclosed |
2177 |
entity as an appendage. That resource may be a data-accepting |
2178 |
process, a gateway to some other protocol, or a separate entity |
2179 |
that accepts annotations. In contrast, the URI in a PUT request |
2180 |
identifies the entity enclosed with the request -- the user agent |
2181 |
knows what URI is intended and the server must not attempt to apply |
2182 |
the request to some other resource. If the server desires that the |
2183 |
request be applied to a different URI, it must send a 301 (moved |
2184 |
permanently) response; the user agent may then make its own |
2185 |
decision regarding whether or not to redirect the request. |
2186 |
|
2187 |
A single resource may be identified by many different URIs. For |
2188 |
example, an article may have a URI for identifying "the current |
2189 |
version" which is separate from the URI identifying each particular |
2190 |
version. In this case, a PUT request on a general URI may result in |
2191 |
several other URIs being defined by the origin server. The user |
2192 |
agent should be informed of these URIs via one or more URI header |
2193 |
fields in the response. |
2194 |
|
2195 |
HTTP/1.1 allows for a two-phase process to occur in accepting and |
2196 |
processing a PUT request. An HTTP/1.1 client must pause between |
2197 |
sending the message header fields (including the empty line |
2198 |
signifying the end of the headers) and sending the message body; |
2199 |
the duration of the pause is five (5) seconds or until a response |
2200 |
is received from the server, whichever is shorter. If no response |
2201 |
is received during the pause period, or if the initial response is |
2202 |
100 (continue), the client may continue sending the PUT request. If |
2203 |
the response indicates an error, the client must discontinue the |
2204 |
request and close the connection with the server after reading the |
2205 |
response. |
2206 |
|
2207 |
Upon receipt of a PUT request, the server must examine the header |
2208 |
fields and determine whether or not the client should continue its |
2209 |
request. If any of the header fields indicate the request is |
2210 |
insufficient or unacceptable to the server (i.e., will result in a |
2211 |
4xx or 5xx response), or if the server can determine the response |
2212 |
without reading the entity body (e.g., a 301 or 302 response due to |
2213 |
an old Request-URI), the server must send that response immediately |
2214 |
upon its determination. If, on the other hand, the request appears |
2215 |
(at least initially) to be acceptable and the client has indicated |
2216 |
HTTP/1.1 compliance, the server must transmit an interim 100 |
2217 |
response message after receiving the empty line terminating the |
2218 |
request headers and continue processing the request. After |
2219 |
processing has finished, a final response message must be sent to |
2220 |
indicate the actual result of the request. A 100 response should |
2221 |
not be sent in response to an HTTP/1.0 request except under |
2222 |
experimental conditions, since an HTTP/1.0 client may mistake the |
2223 |
100 response for the final response. |
2224 |
|
2225 |
For compatibility with HTTP/1.0 applications, all PUT requests must |
2226 |
include a valid Content-Length header field unless the server is |
2227 |
known to be HTTP/1.1 compliant. When sending a PUT request to an |
2228 |
HTTP/1.1 server, a client must use at least one of: a valid |
2229 |
Content-Length, a multipart Content-Type, or the "chunked" |
2230 |
Transfer-Encoding. The server should respond with a 400 (bad |
2231 |
request) message if it cannot determine the length of the request |
2232 |
message's content, or with 411 (length required) if it wishes to |
2233 |
insist on receiving a valid Content-Length. |
2234 |
|
2235 |
The client can create or modify relationships between the enclosed |
2236 |
entity and other existing resources by including Link header |
2237 |
fields, as described in Section 10.26. As with POST, the server may |
2238 |
use the Link information to perform other operations as a result of |
2239 |
the request. However, no mandatory operation is imposed on the |
2240 |
origin server. The origin server may generate its own or additional |
2241 |
links to other resources. |
2242 |
|
2243 |
The actual method for determining how the resource is placed, and |
2244 |
what happens to its predecessor, is defined entirely by the origin |
2245 |
server. If version control is implemented by the origin server, |
2246 |
then Link relationships should be defined by the server to help |
2247 |
identify and control revisions to a resource. If the entity being |
2248 |
PUT was derived from an existing resource which included a |
2249 |
Content-Version header field, the new entity must include a |
2250 |
Derived-From header field corresponding to the value of the |
2251 |
original Content-Version header field. Multiple Derived-From values |
2252 |
may be included if the entity was derived from multiple resources |
2253 |
with Content-Version information. Applications are encouraged to |
2254 |
use these fields for constructing versioning relationships and |
2255 |
resolving version conflicts. |
2256 |
|
2257 |
8.6 PATCH |
2258 |
|
2259 |
The PATCH method is similar to PUT except that the entity contains |
2260 |
a list of differences between the original version of the resource |
2261 |
identified by the Request-URI and the desired content of the |
2262 |
resource after the PATCH action has been applied. The list of |
2263 |
differences is in a format defined by the media type of the entity |
2264 |
(e.g., "application/diff") and must include sufficient information |
2265 |
to allow the server to recreate the changes necessary to convert |
2266 |
the original version of the resource to the desired version. |
2267 |
|
2268 |
If the request passes through a cache and the Request-URI |
2269 |
identifies a currently cached entity, that entity must be removed |
2270 |
from the cache. Responses to this method are not cachable. |
2271 |
|
2272 |
HTTP/1.1 allows for a two-phase process to occur in accepting and |
2273 |
processing a PATCH request. An HTTP/1.1 client must pause between |
2274 |
sending the message header fields (including the empty line |
2275 |
signifying the end of the headers) and sending the message body; |
2276 |
the duration of the pause is five (5) seconds or until a response |
2277 |
is received from the server, whichever is shorter. If no response |
2278 |
is received during the pause period, or if the initial response is |
2279 |
100 (continue), the client may continue sending the PATCH request. |
2280 |
If the response indicates an error, the client must discontinue the |
2281 |
request and close the connection with the server after reading the |
2282 |
response. |
2283 |
|
2284 |
Upon receipt of a PATCH request, the server must examine the header |
2285 |
fields and determine whether or not the client should continue its |
2286 |
request. If any of the header fields indicate the request is |
2287 |
insufficient or unacceptable to the server (i.e., will result in a |
2288 |
4xx or 5xx response), or if the server can determine the response |
2289 |
without reading the entity body (e.g., a 301 or 302 response due to |
2290 |
an old Request-URI), the server must send that response immediately |
2291 |
upon its determination. If, on the other hand, the request appears |
2292 |
(at least initially) to be acceptable and the client has indicated |
2293 |
HTTP/1.1 compliance, the server must transmit an interim 100 |
2294 |
response message after receiving the empty line terminating the |
2295 |
request headers and continue processing the request. After |
2296 |
processing has finished, a final response message must be sent to |
2297 |
indicate the actual result of the request. A 100 response should |
2298 |
not be sent in response to an HTTP/1.0 request except under |
2299 |
experimental conditions, since an HTTP/1.0 client may mistake the |
2300 |
100 response for the final response. |
2301 |
|
2302 |
For compatibility with HTTP/1.0 applications, all PATCH requests |
2303 |
must include a valid Content-Length header field unless the server |
2304 |
is known to be HTTP/1.1 compliant. When sending a PATCH request to |
2305 |
an HTTP/1.1 server, a client must use at least one of: a valid |
2306 |
Content-Length, a multipart Content-Type, or the "chunked" |
2307 |
Transfer-Encoding. The server should respond with a 400 (bad |
2308 |
request) message if it cannot determine the length of the request |
2309 |
message's content, or with 411 (length required) if it wishes to |
2310 |
insist on receiving a valid Content-Length. |
2311 |
|
2312 |
The client can create or modify relationships between the new |
2313 |
resource and other existing resources by including Link header |
2314 |
fields, as described in Section 10.26. As with POST, the server may |
2315 |
use the Link information to perform other operations as a result of |
2316 |
the request. However, no mandatory operation is imposed on the |
2317 |
origin server. The origin server may generate its own or additional |
2318 |
links to other resources. |
2319 |
|
2320 |
The actual method for determining how the patched resource is |
2321 |
placed, and what happens to its predecessor, is defined entirely by |
2322 |
the origin server. If version control is implemented by the origin |
2323 |
server, then Link relationships should be defined by the server to |
2324 |
help identify and control revisions to a resource. If the original |
2325 |
version of the resource being patched included a Content-Version |
2326 |
header field, the request entity must include a Derived-From header |
2327 |
field corresponding to the value of the original Content-Version |
2328 |
header field. Applications are encouraged to use these fields for |
2329 |
constructing versioning relationships and resolving version |
2330 |
conflicts. |
2331 |
|
2332 |
8.7 COPY |
2333 |
|
2334 |
The COPY method requests that the resource identified by the |
2335 |
Request-URI be copied to the location(s) given in the URI header |
2336 |
field of the request. Responses to this method are not cachable. |
2337 |
|
2338 |
8.8 MOVE |
2339 |
|
2340 |
The MOVE method requests that the resource identified by the |
2341 |
Request-URI be moved to the location(s) given in the URI header |
2342 |
field of the request. This method is equivalent to a COPY |
2343 |
immediately followed by a DELETE, but enables both to occur within |
2344 |
a single transaction. |
2345 |
|
2346 |
If the request passes through a cache and the Request-URI |
2347 |
identifies a currently cached entity, that entity must be removed |
2348 |
from the cache. Responses to this method are not cachable. |
2349 |
|
2350 |
8.9 DELETE |
2351 |
|
2352 |
The DELETE method requests that the origin server delete the |
2353 |
resource identified by the Request-URI. This method may be |
2354 |
overridden by human intervention (or other means) on the origin |
2355 |
server. The client cannot be guaranteed that the operation has been |
2356 |
carried out, even if the status code returned from the origin |
2357 |
server indicates that the action has been completed successfully. |
2358 |
However, the server should not indicate success unless, at the time |
2359 |
the response is given, it intends to delete the resource or move it |
2360 |
to an inaccessible location. |
2361 |
|
2362 |
A successful response should be 200 (ok) if the response includes |
2363 |
an entity describing the status, 202 (accepted) if the action has |
2364 |
not yet been enacted, or 204 (no content) if the response is OK but |
2365 |
does not include an entity. |
2366 |
|
2367 |
If the request passes through a cache and the Request-URI |
2368 |
identifies a currently cached entity, that entity must be removed |
2369 |
from the cache. Responses to this method are not cachable. |
2370 |
|
2371 |
8.10 LINK |
2372 |
|
2373 |
The LINK method establishes one or more Link relationships between |
2374 |
the existing resource identified by the Request-URI and other |
2375 |
existing resources. The difference between LINK and other methods |
2376 |
allowing links to be established between resources is that the LINK |
2377 |
method does not allow any Entity-Body to be sent in the request and |
2378 |
does not directly result in the creation of new resources. |
2379 |
|
2380 |
If the request passes through a cache and the Request-URI |
2381 |
identifies a currently cached entity, that entity must be removed |
2382 |
from the cache. Responses to this method are not cachable. |
2383 |
|
2384 |
8.11 UNLINK |
2385 |
|
2386 |
The UNLINK method removes one or more Link relationships from the |
2387 |
existing resource identified by the Request-URI. These |
2388 |
relationships may have been established using the LINK method or by |
2389 |
any other method supporting the Link header. The removal of a link |
2390 |
to a resource does not imply that the resource ceases to exist or |
2391 |
becomes inaccessible for future references. |
2392 |
|
2393 |
If the request passes through a cache and the Request-URI |
2394 |
identifies a currently cached entity, that entity must be removed |
2395 |
from the cache. Responses to this method are not cachable. |
2396 |
|
2397 |
8.12 TRACE |
2398 |
|
2399 |
The TRACE method requests that the server identified by the |
2400 |
Request-URI reflect whatever is received back to the client as the |
2401 |
entity body of the response. In this way, the client can see what |
2402 |
is being received at the other end of the request chain, and may |
2403 |
use this data for testing or diagnostic information. |
2404 |
|
2405 |
If successful, the response should contain the entire, unedited |
2406 |
request message in the entity body, with a Content-Type of |
2407 |
"message/http", "application/http", or "text/plain". Responses to |
2408 |
this method are not cachable. |
2409 |
|
2410 |
8.13 WRAPPED |
2411 |
|
2412 |
The WRAPPED method allows a client to send one or more encapsulated |
2413 |
requests to the server identified by the Request-URI. This method |
2414 |
is intended to allow the request(s) to be wrapped together, |
2415 |
possibly encrypted in order to improve the security and/or privacy |
2416 |
of the request, and delivered for unwrapping by the destination |
2417 |
server. Upon receipt of the WRAPPED request, the destination server |
2418 |
must unwrap the message and feed it to the appropriate protocol |
2419 |
handler as if it were an incoming request stream. |
2420 |
|
2421 |
Responses to this method are not cachable. Applications should not |
2422 |
use this method for making requests that would normally be public |
2423 |
and cachable. |
2424 |
|
2425 |
The request entity must include at least one encapsulated message, |
2426 |
with the media type identifying the protocol of that message. For |
2427 |
example, if the wrapped request is another HTTP request message, |
2428 |
then the media type must be either "message/http" (for a single |
2429 |
message) or "application/http" (for a request stream containing one |
2430 |
or more requests), with any codings identied by the |
2431 |
Content-Encoding and Transfer-Encoding header fields. |
2432 |
|
2433 |
HTTP/1.1 allows for a two-phase process to occur in accepting and |
2434 |
processing a WRAPPED request. An HTTP/1.1 client must pause between |
2435 |
sending the message header fields (including the empty line |
2436 |
signifying the end of the headers) and sending the message body; |
2437 |
the duration of the pause is five (5) seconds or until a response |
2438 |
is received from the server, whichever is shorter. If no response |
2439 |
is received during the pause period, or if the initial response is |
2440 |
100 (continue), the client may continue sending the WRAPPED |
2441 |
request. If the response indicates an error, the client must |
2442 |
discontinue the request and close the connection with the server |
2443 |
after reading the response. |
2444 |
|
2445 |
Upon receipt of a WRAPPED request, the server must examine the |
2446 |
header fields and determine whether or not the client should |
2447 |
continue its request. If any of the header fields indicate the |
2448 |
request is insufficient or unacceptable to the server (i.e., will |
2449 |
result in a 4xx or 5xx response), or if the server can determine |
2450 |
the response without reading the entity body (e.g., a 301 or 302 |
2451 |
response due to an old Request-URI), the server must send that |
2452 |
response immediately upon its determination. If, on the other hand, |
2453 |
the request appears (at least initially) to be acceptable and the |
2454 |
client has indicated HTTP/1.1 compliance, the server must transmit |
2455 |
an interim 100 response message after receiving the empty line |
2456 |
terminating the request headers and continue processing the |
2457 |
request. After processing has finished, a final response message |
2458 |
must be sent to indicate the actual result of the request. A 100 |
2459 |
response should not be sent in response to an HTTP/1.0 request |
2460 |
except under experimental conditions, since an HTTP/1.0 client may |
2461 |
mistake the 100 response for the final response. |
2462 |
|
2463 |
For compatibility with HTTP/1.0 applications, all WRAPPED requests |
2464 |
must include a valid Content-Length header field unless the server |
2465 |
is known to be HTTP/1.1 compliant. When sending a WRAPPED request |
2466 |
to an HTTP/1.1 server, a client must use at least one of: a valid |
2467 |
Content-Length, a multipart Content-Type, or the "chunked" |
2468 |
Transfer-Encoding. The server should respond with a 400 (bad |
2469 |
request) message if it cannot determine the length of the request |
2470 |
message's content, or with 411 (length required) if it wishes to |
2471 |
insist on receiving a valid Content-Length. |
2472 |
|
2473 |
9. Status Code Definitions |
2474 |
|
2475 |
Each Status-Code is described below, including a description of |
2476 |
which method(s) it can follow and any metainformation required in |
2477 |
the response. |
2478 |
|
2479 |
9.1 Informational 1xx |
2480 |
|
2481 |
This class of status code indicates a provisional response, |
2482 |
consisting only of the Status-Line and optional headers, and is |
2483 |
terminated by an empty line. Since HTTP/1.0 did not define any 1xx |
2484 |
status codes, servers should not send a 1xx response to an HTTP/1.0 |
2485 |
client except under experimental conditions. |
2486 |
|
2487 |
100 Continue |
2488 |
|
2489 |
The client may continue with its request. This interim response is |
2490 |
used to inform the client that the initial part of the request has |
2491 |
been received and has not yet been rejected by the server. The |
2492 |
client should continue by sending the remainder of the request or, |
2493 |
if the request has already been completed, ignore this response. |
2494 |
The server must send a final response after the request has been |
2495 |
completed. |
2496 |
|
2497 |
101 Switching Protocols |
2498 |
|
2499 |
The server understands and is willing to comply with the client's |
2500 |
request, via the Upgrade message header field (Section 10.41), for |
2501 |
a change in the application protocol being used on this connection. |
2502 |
The server will switch protocols to those defined by the response's |
2503 |
Upgrade header field immediately after the empty line which |
2504 |
terminates the 101 response. |
2505 |
|
2506 |
The protocol should only be switched when it is advantageous to do |
2507 |
so. For example, switching to a newer version of HTTP is |
2508 |
advantageous over older versions, and switching to a real-time, |
2509 |
synchronous protocol may be advantageous when delivering resources |
2510 |
that use such features. |
2511 |
|
2512 |
9.2 Successful 2xx |
2513 |
|
2514 |
This class of status code indicates that the client's request was |
2515 |
successfully received, understood, and accepted. |
2516 |
|
2517 |
200 OK |
2518 |
|
2519 |
The request has succeeded. The information returned with the |
2520 |
response is dependent on the method used in the request, as follows: |
2521 |
|
2522 |
GET an entity corresponding to the requested resource is sent |
2523 |
in the response; |
2524 |
|
2525 |
HEAD the response must only contain the header information and |
2526 |
no Entity-Body; |
2527 |
|
2528 |
POST an entity describing or containing the result of the action; |
2529 |
|
2530 |
TRACE an entity containing the request message as received by the |
2531 |
end server; |
2532 |
|
2533 |
otherwise, an entity describing the result of the action; |
2534 |
|
2535 |
If the entity corresponds to a resource, the response may include a |
2536 |
Location header field giving the actual location of that specific |
2537 |
resource for later reference. |
2538 |
|
2539 |
201 Created |
2540 |
|
2541 |
The request has been fulfilled and resulted in a new resource being |
2542 |
created. The newly created resource can be referenced by the URI(s) |
2543 |
returned in the URI-header field and/or the entity of the response, |
2544 |
with the most specific URL for the resource given by a Location |
2545 |
header field. The origin server should create the resource before |
2546 |
using this Status-Code. If the action cannot be carried out |
2547 |
immediately, the server must include in the response body a |
2548 |
description of when the resource will be available; otherwise, the |
2549 |
server should respond with 202 (accepted). |
2550 |
|
2551 |
202 Accepted |
2552 |
|
2553 |
The request has been accepted for processing, but the processing |
2554 |
has not been completed. The request may or may not eventually be |
2555 |
acted upon, as it may be disallowed when processing actually takes |
2556 |
place. There is no facility for re-sending a status code from an |
2557 |
asynchronous operation such as this. |
2558 |
|
2559 |
The 202 response is intentionally non-committal. Its purpose is to |
2560 |
allow a server to accept a request for some other process (perhaps |
2561 |
a batch-oriented process that is only run once per day) without |
2562 |
requiring that the user agent's connection to the server persist |
2563 |
until the process is completed. The entity returned with this |
2564 |
response should include an indication of the request's current |
2565 |
status and either a pointer to a status monitor or some estimate of |
2566 |
when the user can expect the request to be fulfilled. |
2567 |
|
2568 |
203 Non-Authoritative Information |
2569 |
|
2570 |
The returned metainformation in the Entity-Header is not the |
2571 |
definitive set as available from the origin server, but is gathered |
2572 |
from a local or a third-party copy. The set presented may be a |
2573 |
subset or superset of the original version. For example, including |
2574 |
local annotation information about the resource may result in a |
2575 |
superset of the metainformation known by the origin server. Use of |
2576 |
this response code is not required and is only appropriate when the |
2577 |
response would otherwise be 200 (ok). |
2578 |
|
2579 |
204 No Content |
2580 |
|
2581 |
The server has fulfilled the request but there is no new |
2582 |
information to send back. If the client is a user agent, it should |
2583 |
not change its document view from that which caused the request to |
2584 |
be generated. This response is primarily intended to allow input |
2585 |
for actions to take place without causing a change to the user |
2586 |
agent's active document view. The response may include new |
2587 |
metainformation in the form of entity headers, which should apply |
2588 |
to the document currently in the user agent's active view. |
2589 |
|
2590 |
The 204 response must not include an entity body, and thus is |
2591 |
always ternminated by the first empty line after the header fields. |
2592 |
|
2593 |
205 Reset Content |
2594 |
|
2595 |
The server has fulfilled the request and the user agent should |
2596 |
reset the document view which caused the request to be generated. |
2597 |
This response is primarily intended to allow input for actions to |
2598 |
take place via user input, followed by a clearing of the form in |
2599 |
which the input is given so that the user can easily initiate |
2600 |
another input action. The response must include a Content-Length |
2601 |
with a value of zero (0) and no entity body. |
2602 |
|
2603 |
206 Partial Content |
2604 |
|
2605 |
The server has fulfilled the partial GET request for the resource. |
2606 |
The request must have included a Range header field (Section 10.33) |
2607 |
indicating the desired range. The response must include a |
2608 |
Content-Range header field (Section 10.14) indicating the range |
2609 |
included with this response. All entity header fields in the |
2610 |
response must describe the actual entity transmitted rather than |
2611 |
what would have been transmitted in a full response. In particular, |
2612 |
the Content-Length header field in the response must match the |
2613 |
actual number of OCTETs transmitted in the entity body. It is |
2614 |
assumed that the client already has the complete entity's header |
2615 |
field data. |
2616 |
|
2617 |
9.3 Redirection 3xx |
2618 |
|
2619 |
This class of status code indicates that further action needs to be |
2620 |
taken by the user agent in order to fulfill the request. The action |
2621 |
required may be carried out by the user agent without interaction |
2622 |
with the user if and only if the method used in the second request |
2623 |
is GET or HEAD. A user agent should never automatically redirect a |
2624 |
request more than 5 times, since such redirections usually indicate |
2625 |
an infinite loop. |
2626 |
|
2627 |
300 Multiple Choices |
2628 |
|
2629 |
The requested resource is available at one or more locations and a |
2630 |
preferred location could not be determined via preemptive content |
2631 |
negotiation (Section 12). Unless it was a HEAD request, the |
2632 |
response should include an entity containing a list of resource |
2633 |
characteristics and locations from which the user or user agent can |
2634 |
choose the one most appropriate. The entity format is specified by |
2635 |
the media type given in the Content-Type header field. Depending |
2636 |
upon the format and the capabilities of the user agent, selection |
2637 |
of the most appropriate choice may be performed automatically. If |
2638 |
the server has a preferred choice, it should include the URL in a |
2639 |
Location field; user agents not capable of complex selection may |
2640 |
use this field value for automatic redirection. This response is |
2641 |
cachable unless indicated otherwise. |
2642 |
|
2643 |
301 Moved Permanently |
2644 |
|
2645 |
The requested resource has been assigned a new permanent URI and |
2646 |
any future references to this resource should be done using one of |
2647 |
the returned URIs. Clients with link editing capabilities should |
2648 |
automatically relink references to the Request-URI to one or more |
2649 |
of the new references returned by the server, where possible. This |
2650 |
response is cachable unless indicated otherwise. |
2651 |
|
2652 |
If the new URI is a single location, its URL must be given by the |
2653 |
Location field in the response. If more than one URI exists for the |
2654 |
resource, the primary URL should be given in the Location field and |
2655 |
the other URIs given in one or more URI-header fields. Unless it |
2656 |
was a HEAD request, the Entity-Body of the response should contain |
2657 |
a short hypertext note with a hyperlink to the new URI(s). |
2658 |
|
2659 |
If the 301 status code is received in response to a request other |
2660 |
than GET or HEAD, the user agent must not automatically redirect |
2661 |
the request unless it can be confirmed by the user, since this |
2662 |
might change the conditions under which the request was issued. |
2663 |
|
2664 |
302 Moved Temporarily |
2665 |
|
2666 |
The requested resource resides temporarily under a different URI. |
2667 |
Since the redirection may be altered on occasion, the client should |
2668 |
continue to use the Request-URI for future requests. This response |
2669 |
is only cachable if indicated by a Cache-Control or Expires header |
2670 |
field. |
2671 |
|
2672 |
If the new URI is a single location, its URL must be given by the |
2673 |
Location field in the response. If more than one URI exists for the |
2674 |
resource, the primary URL should be given in the Location field and |
2675 |
the other URIs given in one or more URI-header fields. Unless it |
2676 |
was a HEAD request, the Entity-Body of the response should contain |
2677 |
a short hypertext note with a hyperlink to the new URI(s). |
2678 |
|
2679 |
If the 302 status code is received in response to a request other |
2680 |
than GET or HEAD, the user agent must not automatically redirect |
2681 |
the request unless it can be confirmed by the user, since this |
2682 |
might change the conditions under which the request was issued. |
2683 |
|
2684 |
303 See Other |
2685 |
|
2686 |
The response to the request can be found under a different URI and |
2687 |
should be retrieved using a GET method on that resource. This |
2688 |
method exists primarily to allow the output of a POST-activated |
2689 |
script to redirect the user agent to a selected resource. The new |
2690 |
resource is not a replacement reference for the original |
2691 |
Request-URI. The 303 response is not cachable, but the response to |
2692 |
the second request may be cachable. |
2693 |
|
2694 |
If the new URI is a single location, its URL must be given by the |
2695 |
Location field in the response. If more than one URI exists for the |
2696 |
resource, the primary URL should be given in the Location field and |
2697 |
the other URIs given in one or more URI-header fields. Unless it |
2698 |
was a HEAD request, the Entity-Body of the response should contain |
2699 |
a short hypertext note with a hyperlink to the new URI(s). |
2700 |
|
2701 |
304 Not Modified |
2702 |
|
2703 |
If the client has performed a conditional GET request and access is |
2704 |
allowed, but the document has not been modified since the date and |
2705 |
time specified in the If-Modified-Since field, the server must |
2706 |
respond with this status code and not send an Entity-Body to the |
2707 |
client. Header fields contained in the response should only include |
2708 |
information which is relevant to cache managers or which may have |
2709 |
changed independently of the entity's Last-Modified date. Examples |
2710 |
of relevant header fields include: Date, Server, Content-Length, |
2711 |
Content-MD5, Content-Version, Cache-Control and Expires. |
2712 |
|
2713 |
A cache should update its cached entity to reflect any new field |
2714 |
values given in the 304 response. If the new field values indicate |
2715 |
that the cached entity differs from the current resource (as would |
2716 |
be indicated by a change in Content-Length, Content-MD5, or |
2717 |
Content-Version), then the cache must disregard the 304 response |
2718 |
and repeat the request without an If-Modified-Since field. |
2719 |
|
2720 |
The 304 response must not include an entity body, and thus is |
2721 |
always ternminated by the first empty line after the header fields. |
2722 |
|
2723 |
305 Use Proxy |
2724 |
|
2725 |
The requested resource must be accessed through the proxy given by |
2726 |
the Location field in the response. In other words, this is a proxy |
2727 |
redirect. |
2728 |
|
2729 |
9.4 Client Error 4xx |
2730 |
|
2731 |
The 4xx class of status code is intended for cases in which the |
2732 |
client seems to have erred. If the client has not completed the |
2733 |
request when a 4xx code is received, it should immediately cease |
2734 |
sending data to the server. Except when responding to a HEAD |
2735 |
request, the server should include an entity containing an |
2736 |
explanation of the error situation, and whether it is a temporary |
2737 |
or permanent condition. These status codes are applicable to any |
2738 |
request method. |
2739 |
|
2740 |
Note: If the client is sending data, server implementations |
2741 |
on TCP should be careful to ensure that the client |
2742 |
acknowledges receipt of the packet(s) containing the |
2743 |
response prior to closing the input connection. If the |
2744 |
client continues sending data to the server after the close, |
2745 |
the server's controller will send a reset packet to the |
2746 |
client, which may erase the client's unacknowledged input |
2747 |
buffers before they can be read and interpreted by the HTTP |
2748 |
application. |
2749 |
|
2750 |
400 Bad Request |
2751 |
|
2752 |
The request could not be understood by the server due to malformed |
2753 |
syntax. The client should not repeat the request without |
2754 |
modifications. |
2755 |
|
2756 |
401 Unauthorized |
2757 |
|
2758 |
The request requires user authentication. The response must include |
2759 |
a WWW-Authenticate header field (Section 10.44) containing a |
2760 |
challenge applicable to the requested resource. The client may |
2761 |
repeat the request with a suitable Authorization header field |
2762 |
(Section 10.6). If the request already included Authorization |
2763 |
credentials, then the 401 response indicates that authorization has |
2764 |
been refused for those credentials. If the 401 response contains |
2765 |
the same challenge as the prior response, and the user agent has |
2766 |
already attempted authentication at least once, then the user |
2767 |
should be presented the entity that was given in the response, |
2768 |
since that entity may include relevant diagnostic information. HTTP |
2769 |
access authentication is explained in Section 11. |
2770 |
|
2771 |
402 Payment Required |
2772 |
|
2773 |
This code is reserved for future use. |
2774 |
|
2775 |
403 Forbidden |
2776 |
|
2777 |
The server understood the request, but is refusing to fulfill it. |
2778 |
Authorization will not help and the request should not be repeated. |
2779 |
If the request method was not HEAD and the server wishes to make |
2780 |
public why the request has not been fulfilled, it should describe |
2781 |
the reason for the refusal in the entity body. This status code is |
2782 |
commonly used when the server does not wish to reveal exactly why |
2783 |
the request has been refused, or when no other response is |
2784 |
applicable. |
2785 |
|
2786 |
404 Not Found |
2787 |
|
2788 |
The server has not found anything matching the Request-URI. No |
2789 |
indication is given of whether the condition is temporary or |
2790 |
permanent. If the server does not wish to make this information |
2791 |
available to the client, the status code 403 (forbidden) can be |
2792 |
used instead. The 410 (gone) status code should be used if the |
2793 |
server knows, through some internally configurable mechanism, that |
2794 |
an old resource is permanently unavailable and has no forwarding |
2795 |
address. |
2796 |
|
2797 |
405 Method Not Allowed |
2798 |
|
2799 |
The method specified in the Request-Line is not allowed for the |
2800 |
resource identified by the Request-URI. The response must include |
2801 |
an Allow header containing a list of valid methods for the |
2802 |
requested resource. |
2803 |
|
2804 |
406 None Acceptable |
2805 |
|
2806 |
The server has found a resource matching the Request-URI, but not |
2807 |
one that satisfies the conditions identified by the Accept and |
2808 |
Accept-Encoding request headers. Unless it was a HEAD request, the |
2809 |
response should include an entity containing a list of resource |
2810 |
characteristics and locations from which the user or user agent can |
2811 |
choose the one most appropriate. The entity format is specified by |
2812 |
the media type given in the Content-Type header field. Depending |
2813 |
upon the format and the capabilities of the user agent, selection |
2814 |
of the most appropriate choice may be performed automatically. |
2815 |
|
2816 |
407 Proxy Authentication Required |
2817 |
|
2818 |
This code is similar to 401 (unauthorized), but indicates that the |
2819 |
client must first authenticate itself with the proxy. The proxy |
2820 |
must return a Proxy-Authenticate header field (Section 10.30) |
2821 |
containing a challenge applicable to the proxy for the requested |
2822 |
resource. The client may repeat the request with a suitable |
2823 |
Proxy-Authorization header field (Section 10.31). HTTP access |
2824 |
authentication is explained in Section 11. |
2825 |
|
2826 |
408 Request Timeout |
2827 |
|
2828 |
The client did not produce a request within the time that the |
2829 |
server was prepared to wait. The client may repeat the request |
2830 |
without modifications at any later time. |
2831 |
|
2832 |
409 Conflict |
2833 |
|
2834 |
The request could not be completed due to a conflict with the |
2835 |
current state of the resource. This code is only allowed in |
2836 |
situations where it is expected that the user may be able to |
2837 |
resolve the conflict and resubmit the request. The response body |
2838 |
should include enough information for the user to recognize the |
2839 |
source of the conflict. Ideally, the response entity would include |
2840 |
enough information for the user or user-agent to fix the problem; |
2841 |
however, that may not be possible and is not required. |
2842 |
|
2843 |
Conflicts are most likely to occur in response to a PUT or PATCH |
2844 |
request. If versioning is being used and the entity being PUT or |
2845 |
PATCHed includes changes to a resource which conflict with those |
2846 |
made by an earlier (third-party) request, the server may use the |
2847 |
409 response to indicate that it can't complete the request. In |
2848 |
this case, the response entity should contain a list of the |
2849 |
differences between the two versions in a format defined by the |
2850 |
response Content-Type. |
2851 |
|
2852 |
410 Gone |
2853 |
|
2854 |
The requested resource is no longer available at the server and no |
2855 |
forwarding address is known. This condition should be considered |
2856 |
permanent. Clients with link editing capabilities should delete |
2857 |
references to the Request-URI after user approval. If the server |
2858 |
does not know, or has no facility to determine, whether or not the |
2859 |
condition is permanent, the status code 404 (not found) should be |
2860 |
used instead. This response is cachable unless indicated otherwise. |
2861 |
|
2862 |
The 410 response is primarily intended to assist the task of web |
2863 |
maintenance by notifying the recipient that the resource is |
2864 |
intentionally unavailable and that the server owners desire that |
2865 |
remote links to that resource be removed. Such an event is common |
2866 |
for limited-time, promotional services and for resources belonging |
2867 |
to individuals no longer working at the server's site. It is not |
2868 |
necessary to mark all permanently unavailable resources as "gone" |
2869 |
or to keep the mark for any length of time -- that is left to the |
2870 |
discretion of the server owner. |
2871 |
|
2872 |
411 Length Required |
2873 |
|
2874 |
The server refuses to accept the request without a defined |
2875 |
Content-Length. The client may repeat the request if it adds a |
2876 |
valid Content-Length header field containing the length of the |
2877 |
entity body in the request message. |
2878 |
|
2879 |
412 Unless True |
2880 |
|
2881 |
The condition given in the Unless request-header field |
2882 |
(Section 10.40) evaluated to true when it was tested on the server |
2883 |
and the request did not include a Range header field (which would |
2884 |
indicate a partial GET) or an If-Modified-Since header field (which |
2885 |
would indicate a conditional GET). This response code allows the |
2886 |
client to place arbitrary preconditions on the current resource |
2887 |
metainformation (header field data) and thus prevent the requested |
2888 |
method from being applied to a resource other than the one intended. |
2889 |
|
2890 |
9.5 Server Error 5xx |
2891 |
|
2892 |
Response status codes beginning with the digit "5" indicate cases |
2893 |
in which the server is aware that it has erred or is incapable of |
2894 |
performing the request. If the client has not completed the request |
2895 |
when a 5xx code is received, it should immediately cease sending |
2896 |
data to the server. Except when responding to a HEAD request, the |
2897 |
server should include an entity containing an explanation of the |
2898 |
error situation, and whether it is a temporary or permanent |
2899 |
condition. These response codes are applicable to any request |
2900 |
method and there are no required header fields. |
2901 |
|
2902 |
500 Internal Server Error |
2903 |
|
2904 |
The server encountered an unexpected condition which prevented it |
2905 |
from fulfilling the request. |
2906 |
|
2907 |
501 Not Implemented |
2908 |
|
2909 |
The server does not support the functionality required to fulfill |
2910 |
the request. This is the appropriate response when the server does |
2911 |
not recognize the request method and is not capable of supporting |
2912 |
it for any resource. |
2913 |
|
2914 |
502 Bad Gateway |
2915 |
|
2916 |
The server, while acting as a gateway or proxy, received an invalid |
2917 |
response from the upstream server it accessed in attempting to |
2918 |
fulfill the request. |
2919 |
|
2920 |
503 Service Unavailable |
2921 |
|
2922 |
The server is currently unable to handle the request due to a |
2923 |
temporary overloading or maintenance of the server. The implication |
2924 |
is that this is a temporary condition which will be alleviated |
2925 |
after some delay. If known, the length of the delay may be |
2926 |
indicated in a Retry-After header. If no Retry-After is given, the |
2927 |
client should handle the response as it would for a 500 response. |
2928 |
|
2929 |
Note: The existence of the 503 status code does not imply |
2930 |
that a server must use it when becoming overloaded. Some |
2931 |
servers may wish to simply refuse the connection. |
2932 |
|
2933 |
504 Gateway Timeout |
2934 |
|
2935 |
The server, while acting as a gateway or proxy, did not receive a |
2936 |
timely response from the upstream server it accessed in attempting |
2937 |
to complete the request. |
2938 |
|
2939 |
10. Header Field Definitions |
2940 |
|
2941 |
This section defines the syntax and semantics of all standard |
2942 |
HTTP/1.1 header fields. For Entity-Header fields, both sender and |
2943 |
recipient refer to either the client or the server, depending on |
2944 |
who sends and who receives the entity. |
2945 |
|
2946 |
10.1 Accept |
2947 |
|
2948 |
The Accept response-header field can be used to indicate a list of |
2949 |
media ranges which are acceptable as a response to the request. The |
2950 |
asterisk "*" character is used to group media types into ranges, |
2951 |
with "*/*" indicating all media types and "type/*" indicating all |
2952 |
subtypes of that type. The set of ranges given by the client should |
2953 |
represent what types are acceptable given the context of the |
2954 |
request. The Accept field should only be used when the request is |
2955 |
specifically limited to a set of desired types, as in the case of a |
2956 |
request for an in-line image, or to indicate qualitative |
2957 |
preferences for specific media types. |
2958 |
|
2959 |
The field may be folded onto several lines and more than one |
2960 |
occurrence of the field is allowed, with the semantics being the |
2961 |
same as if all the entries had been in one field value. |
2962 |
|
2963 |
Accept = "Accept" ":" #( |
2964 |
media-range |
2965 |
[ ";" "q" "=" qvalue ] |
2966 |
[ ";" "mxb" "=" 1*DIGIT ] ) |
2967 |
|
2968 |
media-range = ( "*/*" |
2969 |
| ( type "/" "*" ) |
2970 |
| ( type "/" subtype ) |
2971 |
) *( ";" parameter ) |
2972 |
|
2973 |
The parameter q is used to indicate the quality factor, which |
2974 |
represents the user's preference for that range of media types. The |
2975 |
parameter mxb gives the maximum acceptable size of the Entity-Body, |
2976 |
in decimal number of octets, for that range of media types. |
2977 |
Section 12 describes the content negotiation algorithm which makes |
2978 |
use of these values. The default values are: q=1 and mxb=undefined |
2979 |
(i.e., infinity). |
2980 |
|
2981 |
The example |
2982 |
|
2983 |
Accept: audio/*; q=0.2, audio/basic |
2984 |
|
2985 |
should be interpreted as "I prefer audio/basic, but send me any |
2986 |
audio type if it is the best available after an 80% mark-down in |
2987 |
quality." |
2988 |
|
2989 |
If no Accept header is present, then it is assumed that the client |
2990 |
accepts all media types with quality factor 1. This is equivalent |
2991 |
to the client sending the following accept header field: |
2992 |
|
2993 |
Accept: */*; q=1 |
2994 |
|
2995 |
or |
2996 |
|
2997 |
Accept: */* |
2998 |
|
2999 |
If a single Accept header is provided and it contains no field |
3000 |
value, then the server must interpret it as a request to not |
3001 |
perform any preemptive content negotiation (Section 12) and instead |
3002 |
return a 406 (none acceptable) response if there are variants |
3003 |
available for the Request-URI. |
3004 |
|
3005 |
A more elaborate example is |
3006 |
|
3007 |
Accept: text/plain; q=0.5, text/html, |
3008 |
text/x-dvi; q=0.8; mxb=100000, text/x-c |
3009 |
|
3010 |
Verbally, this would be interpreted as "text/html and text/x-c are |
3011 |
the preferred media types, but if they do not exist, then send the |
3012 |
text/x-dvi entity if it is less than 100000 bytes, otherwise send |
3013 |
the text/plain entity." |
3014 |
|
3015 |
Media ranges can be overridden by more specific media ranges or |
3016 |
specific media types. If more than one media range applies to a |
3017 |
given type, the most specific reference has precedence. For example, |
3018 |
|
3019 |
Accept: text/*, text/html, text/html;version=2.0, */* |
3020 |
|
3021 |
have the following precedence: |
3022 |
|
3023 |
1) text/html;version=2.0 |
3024 |
2) text/html |
3025 |
3) text/* |
3026 |
4) */* |
3027 |
|
3028 |
The quality value associated with a given type is determined by |
3029 |
finding the media range with the highest precedence which matches |
3030 |
that type. For example, |
3031 |
|
3032 |
Accept: text/*;q=0.3, text/html;q=0.7, text/html;version=2.0, |
3033 |
*/*;q=0.5 |
3034 |
|
3035 |
would cause the following values to be associated: |
3036 |
|
3037 |
text/html;version=2.0 = 1 |
3038 |
text/html = 0.7 |
3039 |
text/plain = 0.3 |
3040 |
image/jpeg = 0.5 |
3041 |
text/html;level=3 = 0.7 |
3042 |
|
3043 |
It must be emphasized that the Accept field should only be used |
3044 |
when it is necessary to restrict the response media types to a |
3045 |
subset of those possible or when the user has been permitted to |
3046 |
specify qualitative values for ranges of media types. If no quality |
3047 |
factors have been set by the user, and the context of the request |
3048 |
is such that the user agent is capable of saving the entity to a |
3049 |
file if the received media type is unknown, then the only |
3050 |
appropriate value for Accept is "*/*", or an empty value if the |
3051 |
user desires reactive negotiation. |
3052 |
|
3053 |
Note: A user agent may be provided with a default set of |
3054 |
quality values for certain media ranges. However, unless the |
3055 |
user agent is a closed system which cannot interact with |
3056 |
other rendering agents, this default set should be |
3057 |
configurable by the user. |
3058 |
|
3059 |
10.2 Accept-Charset |
3060 |
|
3061 |
The Accept-Charset request-header field can be used to indicate |
3062 |
what character sets are acceptable for the response. This field |
3063 |
allows clients capable of understanding more comprehensive or |
3064 |
special-purpose character sets to signal that capability to a |
3065 |
server which is capable of representing documents in those |
3066 |
character sets. The US-ASCII character set can be assumed to be |
3067 |
acceptable to all user agents. |
3068 |
|
3069 |
Accept-Charset = "Accept-Charset" ":" 1#charset |
3070 |
|
3071 |
Character set values are described in Section 3.4. An example is |
3072 |
|
3073 |
Accept-Charset: iso-8859-1, unicode-1-1 |
3074 |
|
3075 |
If no Accept-Charset field is given, the default is that any |
3076 |
character set is acceptable. If the Accept-Charset field is given |
3077 |
and the requested resource is not available in one of the listed |
3078 |
character sets, then the server should respond with the 406 (none |
3079 |
acceptable) status code. |
3080 |
|
3081 |
10.3 Accept-Encoding |
3082 |
|
3083 |
The Accept-Encoding request-header field is similar to Accept, but |
3084 |
restricts the content-coding values (Section 3.5) which are |
3085 |
acceptable in the response. |
3086 |
|
3087 |
Accept-Encoding = "Accept-Encoding" ":" |
3088 |
#( content-coding ) |
3089 |
|
3090 |
An example of its use is |
3091 |
|
3092 |
Accept-Encoding: compress, gzip |
3093 |
|
3094 |
If no Accept-Encoding field is present in a request, the server may |
3095 |
assume that the client will accept any content coding. If an |
3096 |
Accept-Encoding field is present, but contains an empty field |
3097 |
value, then the user agent is refusing to accept any content coding. |
3098 |
|
3099 |
10.4 Accept-Language |
3100 |
|
3101 |
The Accept-Language request-header field is similar to Accept, but |
3102 |
restricts the set of natural languages that are preferred as a |
3103 |
response to the request. |
3104 |
|
3105 |
Accept-Language = "Accept-Language" ":" |
3106 |
1#( language-tag [ ";" "q" "=" qvalue ] ) |
3107 |
|
3108 |
The language-tag is described in Section 3.10. Each language may be |
3109 |
given an associated quality value which represents an estimate of |
3110 |
the user's comprehension of that language. The quality value |
3111 |
defaults to "q=1" (100% comprehension) for listed languages. This |
3112 |
value may be used in the server's content negotiation algorithm |
3113 |
(Section 12). For example, |
3114 |
|
3115 |
Accept-Language: da, en-gb;q=0.8, de;q=0.55 |
3116 |
|
3117 |
would mean: "I prefer Danish, but will accept British English (with |
3118 |
80% comprehension) or German (with a 55% comprehension)." |
3119 |
|
3120 |
If the server cannot fulfill the request with one or more of the |
3121 |
languages given, or if the languages only represent a subset of a |
3122 |
multi-linguistic Entity-Body, it is acceptable to serve the request |
3123 |
in an unspecified language. This is equivalent to assigning a |
3124 |
quality value of "q=0.001" to any unlisted language. |
3125 |
|
3126 |
If no Accept-Language header is present in the request, the server |
3127 |
should assume that all languages are equally acceptable. |
3128 |
|
3129 |
Note: As intelligibility is highly dependent on the |
3130 |
individual user, it is recommended that client applications |
3131 |
make the choice of linguistic preference available to the |
3132 |
user. If the choice is not made available, then the |
3133 |
Accept-Language header field must not be given in the |
3134 |
request. |
3135 |
|
3136 |
10.5 Allow |
3137 |
|
3138 |
The Allow entity-header field lists the set of methods supported by |
3139 |
the resource identified by the Request-URI. The purpose of this |
3140 |
field is strictly to inform the recipient of valid methods |
3141 |
associated with the resource. An Allow header field must be present |
3142 |
in a 405 (method not allowed) response. The Allow header field is |
3143 |
not permitted in a request using the POST method, and thus should |
3144 |
be ignored if it is received as part of a POST entity. |
3145 |
|
3146 |
Allow = "Allow" ":" 1#method |
3147 |
|
3148 |
Example of use: |
3149 |
|
3150 |
Allow: GET, HEAD, PUT |
3151 |
|
3152 |
This field cannot prevent a client from trying other methods. |
3153 |
However, the indications given by the Allow header field value |
3154 |
should be followed. The actual set of allowed methods is defined by |
3155 |
the origin server at the time of each request. |
3156 |
|
3157 |
The Allow header field may be provided with a PUT request to |
3158 |
recommend the methods to be supported by the new or modified |
3159 |
resource. The server is not required to support these methods and |
3160 |
should include an Allow header in the response giving the actual |
3161 |
supported methods. |
3162 |
|
3163 |
A proxy must not modify the Allow header field even if it does not |
3164 |
understand all the methods specified, since the user agent may have |
3165 |
other means of communicating with the origin server. |
3166 |
|
3167 |
The Allow header field does not indicate what methods are |
3168 |
implemented at the server level. Servers may use the Public |
3169 |
response header field (Section 10.32) to describe what methods are |
3170 |
implemented on the server as a whole. |
3171 |
|
3172 |
10.6 Authorization |
3173 |
|
3174 |
A user agent that wishes to authenticate itself with a |
3175 |
server--usually, but not necessarily, after receiving a 401 |
3176 |
response--may do so by including an Authorization request-header |
3177 |
field with the request. The Authorization field value consists of |
3178 |
credentials containing the authentication information of the user |
3179 |
agent for the realm of the resource being requested. |
3180 |
|
3181 |
Authorization = "Authorization" ":" credentials |
3182 |
|
3183 |
HTTP access authentication is described in Section 11. If a request |
3184 |
is authenticated and a realm specified, the same credentials should |
3185 |
be valid for all other requests within this realm. |
3186 |
|
3187 |
Responses to requests containing an Authorization field are not |
3188 |
cachable. |
3189 |
|
3190 |
10.7 Base |
3191 |
|
3192 |
The Base entity-header field may be used to specify the base URI |
3193 |
for resolving relative URLs, as described in RFC 1808 [11]. |
3194 |
|
3195 |
10.8 Cache-Control |
3196 |
|
3197 |
The Cache-Control general-header field is used to specify |
3198 |
directives that must be obeyed by all caching mechanisms along the |
3199 |
request/response chain. The directives specify behavior intended to |
3200 |
prevent caches from adversely interfering with the request or |
3201 |
response. Cache directives are unidirectional in that the presence |
3202 |
of a directive in a request does not imply that the same directive |
3203 |
should be given in the response. |
3204 |
|
3205 |
Cache-Control = "Cache-Control" ":" 1#cache-directive |
3206 |
|
3207 |
cache-directive = "cachable" |
3208 |
| "max-age" "=" delta-seconds |
3209 |
| "private" [ "=" <"> 1#field-name <"> ] |
3210 |
| "no-cache" [ "=" <"> 1#field-name <"> ] |
3211 |
|
3212 |
The Cache-Control header field may be used to modify the optional |
3213 |
behavior of caching mechanisms, and the default cachability of a |
3214 |
response message; it cannot be used to modify the required behavior |
3215 |
of caching mechanisms. HTTP requirements for caching and cachable |
3216 |
messages are described in Section 13. |
3217 |
|
3218 |
The "cachable" directive indicates that the entire response message |
3219 |
is cachable unless required otherwise by HTTP restrictions on the |
3220 |
request method and response code. In other words, this directive |
3221 |
indicates that the server believes the response to be cachable. |
3222 |
This directive applies only to responses and must not be used with |
3223 |
any other cache directive. |
3224 |
|
3225 |
When the "max-age" directive is present in a request message, an |
3226 |
application must forward the request toward the origin server if it |
3227 |
has no cached copy, or refresh its cached copy if it is older than |
3228 |
the age value given (in seconds) prior to returning a response. A |
3229 |
cached copy's age is determined by the cached message's Date header |
3230 |
field, or the equivalent as stored by the cache manager. |
3231 |
|
3232 |
In most cases, a cached copy can be refreshed by forwarding a |
3233 |
conditional GET request toward the origin server with the stored |
3234 |
message's Last-Modified value in the If-Modified-Since field. The |
3235 |
Unless header field may be used to add further restrictions to the |
3236 |
modification test on the server. If a 304 (not modified) response |
3237 |
is received, the cache should replace the cached message's Date |
3238 |
with that of the 304 response and send this refreshed message as |
3239 |
the response. Any other response should be forwarded directly to |
3240 |
the requestor and, depending on the response code and the |
3241 |
discretion of the cache manager, may replace the message in the |
3242 |
cache. |
3243 |
|
3244 |
When the "max-age" directive is present in a cached response |
3245 |
message, an application must refresh the message if it is older |
3246 |
than the age value given (in seconds) at the time of a new request |
3247 |
for that resource. The behavior should be equivalent to what would |
3248 |
occur if the request had included the max-age directive. If both |
3249 |
the new request and the cached message have max-age specified, then |
3250 |
the lesser of the two values must be used. A max-age value of zero |
3251 |
(0) forces a cache to perform a refresh (If-Modified-Since) on |
3252 |
every request. The max-age directive on a response implies that the |
3253 |
server believes it to be cachable. |
3254 |
|
3255 |
The "private" directive indicates that parts of the response |
3256 |
message are intended for a single user and must not be cached |
3257 |
except within a private (non-shared) cache controlled by the user |
3258 |
agent. If no list of field names is given, then the entire message |
3259 |
is private; otherwise, only the information within the header |
3260 |
fields identified by the list of names is private and the remainder |
3261 |
of the message is believed to be cachable by any application. This |
3262 |
allows an origin server to state that the specified parts of the |
3263 |
message are intended for only one user and are not a valid response |
3264 |
for requests by other agents. The "private" directive is only |
3265 |
applicable to responses and must not be generated by clients. |
3266 |
|
3267 |
Note: This usage of the word "private" implies only that the |
3268 |
message must not be cached publically; it does not ensure |
3269 |
the privacy of the message content. |
3270 |
|
3271 |
The "no-cache" directive on a request message requires any cache to |
3272 |
forward the request toward the origin server even if it has a |
3273 |
cached copy of what is being requested. This allows a client to |
3274 |
insist upon receiving an authoritative response to its request. It |
3275 |
also allows a client to refresh a cached copy which is known to be |
3276 |
corrupted or stale. This is equivalent to the "no-cache" |
3277 |
pragma-directive in Section 10.29. The list of field names is not |
3278 |
used with requests and must not be generated by clients. The |
3279 |
no-cache directive overrides any max-age directive. |
3280 |
|
3281 |
The "no-cache" directive on a response message indicates that parts |
3282 |
of the message must never be cached. If no list of field names is |
3283 |
given, then the entire message must not be cached; otherwise, only |
3284 |
the information within the header fields identified by the list of |
3285 |
names must not be cached and the remainder of the message is |
3286 |
believed to be cachable. This allows an origin server to state that |
3287 |
the specified parts of the message are intended for only one |
3288 |
recipient and must not be stored unless the user explicitly |
3289 |
requests it through a separate action. |
3290 |
|
3291 |
The max-age, private, and no-cache directives may be used in |
3292 |
combination to define the cachability of each part of the message. |
3293 |
In all cases, no-cache takes precedence over private, which in turn |
3294 |
takes precedence over max-age. |
3295 |
|
3296 |
Cache directives must be passed through by a proxy or gateway |
3297 |
application, regardless of their significance to that application, |
3298 |
since the directives may be applicable to all recipients along the |
3299 |
request/response chain. It is not possible to specify a |
3300 |
cache-directive for a specific cache. |
3301 |
|
3302 |
10.9 Connection |
3303 |
|
3304 |
The Connection general-header field is used to indicate a list of |
3305 |
keywords and header field names containing information which is |
3306 |
only applicable to the current connection between the sender and |
3307 |
the nearest non-tunnel recipient on the request/response chain. |
3308 |
This information must not be forwarded or cached. Unlike the |
3309 |
default behavior, the recipient cannot safely ignore the semantics |
3310 |
of the listed field-names if they are not understood, since |
3311 |
forwarding them may imply that understanding. |
3312 |
|
3313 |
Connection = "Connection" ":" 1#field-name |
3314 |
|
3315 |
Proxies and gateways must discard the named header fields, and the |
3316 |
Connection header itself, before forwarding the message. Proxies |
3317 |
and gateways may add their own Connection information to forwarded |
3318 |
messages if such options are desired for the forwarding connection. |
3319 |
These restrictions do not apply to a tunnel, since the tunnel is |
3320 |
acting as a relay between two connections and does not affect the |
3321 |
connection options. |
3322 |
|
3323 |
Whether or not the listed field-name(s) occur as header fields in |
3324 |
the message is optional. If no corresponding header field is |
3325 |
present, then the field name is treated as a keyword. Keywords are |
3326 |
useful for indicating a desired option without assigning parameters |
3327 |
to that option. This allows for a minimal syntax to provide |
3328 |
connection-based options without pre-restricting the syntax or |
3329 |
number of those options. HTTP/1.1 only defines the "keep-alive" |
3330 |
keyword. |
3331 |
|
3332 |
The semantics of Connection are defined by HTTP/1.1 in order to |
3333 |
provide a safe transition to connection-based features. Connection |
3334 |
header fields received in an HTTP/1.0 message, as would be the case |
3335 |
if an older proxy mistakenly forwards the field, cannot be trusted |
3336 |
and must be discarded except under experimental conditions. |
3337 |
|
3338 |
10.9.1 Persistent Connections |
3339 |
|
3340 |
The "keep-alive" keyword in a Connection header field allows the |
3341 |
sender to indicate its desire for a persistent connection (i.e., a |
3342 |
connection that lasts beyond the current request/response |
3343 |
transaction). Persistent connections allow the client to perform |
3344 |
multiple requests without the overhead of connection tear-down and |
3345 |
set-up between each request. |
3346 |
|
3347 |
As an example, a client would send |
3348 |
|
3349 |
Connection: Keep-Alive |
3350 |
|
3351 |
to indicate that it desires to keep the connection open for |
3352 |
multiple requests. The server may then respond with a message |
3353 |
containing |
3354 |
|
3355 |
Connection: Keep-Alive |
3356 |
|
3357 |
to indicate that the connection will be kept open for the next |
3358 |
request. The Connection header field with a keep-alive keyword must |
3359 |
be sent on all requests and responses that wish to continue the |
3360 |
persistence. The client sends requests as normal and the server |
3361 |
responds as normal, except that all messages containing an entity |
3362 |
body must have a length that can be determined without closing the |
3363 |
connection (i.e., each message containg an entity body must have a |
3364 |
valid Content-Length, be a multipart media type, or be encoded |
3365 |
using the "chunked" transfer coding, as described in Section 7.2.2). |
3366 |
|
3367 |
The Keep-Alive header field (Section 10.24) may be used to include |
3368 |
diagnostic information and other optional parameters. For example, |
3369 |
the server may responds with |
3370 |
|
3371 |
Connection: Keep-Alive |
3372 |
Keep-Alive: timeout=10, max=5 |
3373 |
|
3374 |
to indicate that the server has selected (perhaps dynamically) a |
3375 |
maximum of 5 requests, but will timeout if the next request is not |
3376 |
received within 10 seconds. Note, however, that this additional |
3377 |
information is optional and the Keep-Alive header field does not |
3378 |
need to be present. If it is present, the semantics of the |
3379 |
Connection header field prevents it from being accidentally |
3380 |
forwarded to downstream connections. |
3381 |
|
3382 |
The persistent connection ends when either side closes the |
3383 |
connection or after the receipt of a response which lacks the |
3384 |
"keep-alive" keyword. The server may close the connection |
3385 |
immediately after responding to a request without a "keep-alive" |
3386 |
keyword. A client can tell if the connection will be closed by |
3387 |
looking for a "keep-alive" in the response. |
3388 |
|
3389 |
10.10 Content-Encoding |
3390 |
|
3391 |
The Content-Encoding entity-header field is used as a modifier to |
3392 |
the media-type. When present, its value indicates what additional |
3393 |
content codings have been applied to the resource, and thus what |
3394 |
decoding mechanisms must be applied in order to obtain the |
3395 |
media-type referenced by the Content-Type header field. |
3396 |
Content-Encoding is primarily used to allow a document to be |
3397 |
compressed without losing the identity of its underlying media type. |
3398 |
|
3399 |
Content-Encoding = "Content-Encoding" ":" 1#content-coding |
3400 |
|
3401 |
Content codings are defined in Section 3.5. An example of its use is |
3402 |
|
3403 |
Content-Encoding: gzip |
3404 |
|
3405 |
The Content-Encoding is a characteristic of the resource identified |
3406 |
by the Request-URI. Typically, the resource is stored with this |
3407 |
encoding and is only decoded before rendering or analogous usage. |
3408 |
|
3409 |
If multiple encodings have been applied to a resource, the content |
3410 |
codings must be listed in the order in which they were applied. |
3411 |
Additional information about the encoding parameters may be |
3412 |
provided by other Entity-Header fields not defined by this |
3413 |
specification. |
3414 |
|
3415 |
10.11 Content-Language |
3416 |
|
3417 |
The Content-Language entity-header field describes the natural |
3418 |
language(s) of the intended audience for the enclosed entity. Note |
3419 |
that this may not be equivalent to all the languages used within |
3420 |
the entity. |
3421 |
|
3422 |
Content-Language = "Content-Language" ":" 1#language-tag |
3423 |
|
3424 |
Language tags are defined in Section 3.10. The primary purpose of |
3425 |
Content-Language is to allow a selective consumer to identify and |
3426 |
differentiate resources according to the consumer's own preferred |
3427 |
language. Thus, if the body content is intended only for a |
3428 |
Danish-literate audience, the appropriate field is |
3429 |
|
3430 |
Content-Language: dk |
3431 |
|
3432 |
If no Content-Language is specified, the default is that the |
3433 |
content is intended for all language audiences. This may mean that |
3434 |
the sender does not consider it to be specific to any natural |
3435 |
language, or that the sender does not know for which language it is |
3436 |
intended. |
3437 |
|
3438 |
Multiple languages may be listed for content that is intended for |
3439 |
multiple audiences. For example, a rendition of the "Treaty of |
3440 |
Waitangi," presented simultaneously in the original Maori and |
3441 |
English versions, would call for |
3442 |
|
3443 |
Content-Language: mi, en |
3444 |
|
3445 |
However, just because multiple languages are present within an |
3446 |
entity does not mean that it is intended for multiple linguistic |
3447 |
audiences. An example would be a beginner's language primer, such |
3448 |
as "A First Lesson in Latin," which is clearly intended to be used |
3449 |
by an English-literate audience. In this case, the Content-Language |
3450 |
should only include "en". |
3451 |
|
3452 |
Content-Language may be applied to any media type -- it should not |
3453 |
be limited to textual documents. |
3454 |
|
3455 |
10.12 Content-Length |
3456 |
|
3457 |
The Content-Length entity-header field indicates the size of the |
3458 |
Entity-Body, in decimal number of octets, sent to the recipient or, |
3459 |
in the case of the HEAD method, the size of the Entity-Body that |
3460 |
would have been sent had the request been a GET. |
3461 |
|
3462 |
Content-Length = "Content-Length" ":" 1*DIGIT |
3463 |
|
3464 |
An example is |
3465 |
|
3466 |
Content-Length: 3495 |
3467 |
|
3468 |
Applications should use this field to indicate the size of the |
3469 |
Entity-Body to be transferred, regardless of the media type of the |
3470 |
entity. A valid Content-Length field value is required on all |
3471 |
HTTP/1.1 request messages containing an entity body. |
3472 |
|
3473 |
Any Content-Length greater than or equal to zero is a valid value. |
3474 |
Section 7.2.2 describes how to determine the length of an |
3475 |
Entity-Body if a Content-Length is not given. |
3476 |
|
3477 |
Note: The meaning of this field is significantly different |
3478 |
from the corresponding definition in MIME, where it is an |
3479 |
optional field used within the "message/external-body" |
3480 |
content-type. In HTTP, it should be used whenever the |
3481 |
entity's length can be determined prior to being transferred. |
3482 |
|
3483 |
10.13 Content-MD5 |
3484 |
|
3485 |
TBS |
3486 |
|
3487 |
10.14 Content-Range |
3488 |
|
3489 |
TBS |
3490 |
|
3491 |
10.15 Content-Type |
3492 |
|
3493 |
The Content-Type entity-header field indicates the media type of |
3494 |
the Entity-Body sent to the recipient or, in the case of the HEAD |
3495 |
method, the media type that would have been sent had the request |
3496 |
been a GET. |
3497 |
|
3498 |
Content-Type = "Content-Type" ":" media-type |
3499 |
|
3500 |
Media types are defined in Section 3.7. An example of the field is |
3501 |
|
3502 |
Content-Type: text/html; charset=ISO-8859-4 |
3503 |
|
3504 |
Further discussion of methods for identifying the media type of an |
3505 |
entity is provided in Section 7.2.1. |
3506 |
|
3507 |
10.16 Content-Version |
3508 |
|
3509 |
The Content-Version entity-header field defines the version tag |
3510 |
associated with a rendition of an evolving entity. Together with |
3511 |
the Derived-From field described in Section 10.18, it allows a |
3512 |
group of people to work simultaneously on the creation of a work as |
3513 |
an iterative process. The field should be used to allow evolution |
3514 |
of a particular work along a single path. It should not be used to |
3515 |
indicate derived works or renditions in different representations. |
3516 |
It may also me used as an opaque value for comparing a cached |
3517 |
entity's version with that of the current resource. |
3518 |
|
3519 |
Content-Version= "Content-Version" ":" quoted-string |
3520 |
|
3521 |
Examples of the Content-Version field include: |
3522 |
|
3523 |
Content-Version: "2.1.2" |
3524 |
|
3525 |
Content-Version: "Fred 19950116-12:26:48" |
3526 |
|
3527 |
Content-Version: "2.5a4-omega7" |
3528 |
|
3529 |
The value of the Content-Version field should be considered opaque |
3530 |
to all parties but the origin server. A user agent may suggest a |
3531 |
value for the version of an entity transferred via a PUT request; |
3532 |
however, only the origin server can reliably assign that value. |
3533 |
|
3534 |
10.17 Date |
3535 |
|
3536 |
The Date general-header field represents the date and time at which |
3537 |
the message was originated, having the same semantics as orig-date |
3538 |
in RFC 822. The field value is an HTTP-date, as described in |
3539 |
Section 3.3. |
3540 |
|
3541 |
Date = "Date" ":" HTTP-date |
3542 |
|
3543 |
An example is |
3544 |
|
3545 |
Date: Tue, 15 Nov 1994 08:12:31 GMT |
3546 |
|
3547 |
If a message is received via direct connection with the user agent |
3548 |
(in the case of requests) or the origin server (in the case of |
3549 |
responses), then the date can be assumed to be the current date at |
3550 |
the receiving end. However, since the date--as it is believed by the |
3551 |
origin--is important for evaluating cached responses, origin servers |
3552 |
should always include a Date header. Clients should only send a |
3553 |
Date header field in messages that include an entity body, as in |
3554 |
the case of the PUT and POST requests, and even then it is |
3555 |
optional. A received message which does not have a Date header |
3556 |
field should be assigned one by the recipient if the message will |
3557 |
be cached by that recipient or gatewayed via a protocol which |
3558 |
requires a Date. |
3559 |
|
3560 |
In theory, the date should represent the moment just before the |
3561 |
entity is generated. In practice, the date can be generated at any |
3562 |
time during the message origination without affecting its semantic |
3563 |
value. |
3564 |
|
3565 |
Note: An earlier version of this document incorrectly |
3566 |
specified that this field should contain the creation date |
3567 |
of the enclosed Entity-Body. This has been changed to |
3568 |
reflect actual (and proper) usage. |
3569 |
|
3570 |
10.18 Derived-From |
3571 |
|
3572 |
The Derived-From entity-header field can be used to indicate the |
3573 |
version tag of the resource from which the enclosed entity was |
3574 |
derived before modifications were made by the sender. This field is |
3575 |
used to help manage the process of merging successive changes to a |
3576 |
resource, particularly when such changes are being made in parallel |
3577 |
and from multiple sources. |
3578 |
|
3579 |
Derived-From = "Derived-From" ":" quoted-string |
3580 |
|
3581 |
An example use of the field is: |
3582 |
|
3583 |
Derived-From: "2.1.1" |
3584 |
|
3585 |
The Derived-From field is required for PUT and PATCH requests if |
3586 |
the entity being sent was previously retrieved from the same URI |
3587 |
and a Content-Version header was included with the entity when it |
3588 |
was last retrieved. |
3589 |
|
3590 |
10.19 Expires |
3591 |
|
3592 |
The Expires entity-header field gives the date/time after which the |
3593 |
entity should be considered stale. This allows information |
3594 |
providers to suggest the volatility of the resource, or a date |
3595 |
after which the information may no longer be valid. Applications |
3596 |
must not cache this entity beyond the date given. The presence of |
3597 |
an Expires field does not imply that the original resource will |
3598 |
change or cease to exist at, before, or after that time. However, |
3599 |
information providers that know or even suspect that a resource |
3600 |
will change by a certain date should include an Expires header with |
3601 |
that date. The format is an absolute date and time as defined by |
3602 |
HTTP-date in Section 3.3. |
3603 |
|
3604 |
Expires = "Expires" ":" HTTP-date |
3605 |
|
3606 |
An example of its use is |
3607 |
|
3608 |
Expires: Thu, 01 Dec 1994 16:00:00 GMT |
3609 |
|
3610 |
If the date given is equal to or earlier than the value of the Date |
3611 |
header, the recipient must not cache the enclosed entity. If a |
3612 |
resource is dynamic by nature, as is the case with many |
3613 |
data-producing processes, entities from that resource should be |
3614 |
given an appropriate Expires value which reflects that dynamism. |
3615 |
|
3616 |
The Expires field cannot be used to force a user agent to refresh |
3617 |
its display or reload a resource; its semantics apply only to |
3618 |
caching mechanisms, and such mechanisms need only check a |
3619 |
resource's expiration status when a new request for that resource |
3620 |
is initiated. |
3621 |
|
3622 |
User agents often have history mechanisms, such as "Back" buttons |
3623 |
and history lists, which can be used to redisplay an entity |
3624 |
retrieved earlier in a session. By default, the Expires field does |
3625 |
not apply to history mechanisms. If the entity is still in storage, |
3626 |
a history mechanism should display it even if the entity has |
3627 |
expired, unless the user has specifically configured the agent to |
3628 |
refresh expired history documents. |
3629 |
|
3630 |
Note: Applications are encouraged to be tolerant of bad or |
3631 |
misinformed implementations of the Expires header. A value |
3632 |
of zero (0) or an invalid date format should be considered |
3633 |
equivalent to an "expires immediately." Although these |
3634 |
values are not legitimate for HTTP/1.1, a robust |
3635 |
implementation is always desirable. |
3636 |
|
3637 |
10.20 Forwarded |
3638 |
|
3639 |
The Forwarded general-header field is to be used by gateways and |
3640 |
proxies to indicate the intermediate steps between the user agent |
3641 |
and the server on requests, and between the origin server and the |
3642 |
client on responses. It is analogous to the "Received" field of RFC |
3643 |
822 [9] and is intended to be used for tracing transport problems |
3644 |
and avoiding request loops. |
3645 |
|
3646 |
Forwarded = "Forwarded" ":" #( "by" URI [ "(" product ")" ] |
3647 |
[ "for" FQDN ] ) |
3648 |
|
3649 |
FQDN = <Fully-Qualified Domain Name> |
3650 |
|
3651 |
For example, a message could be sent from a client on |
3652 |
ptsun00.cern.ch to a server at www.ics.uci.edu port 80, via an |
3653 |
intermediate HTTP proxy at info.cern.ch port 8000. The request |
3654 |
received by the server at www.ics.uci.edu would then have the |
3655 |
following Forwarded header field: |
3656 |
|
3657 |
Forwarded: by http://info.cern.ch:8000/ for ptsun00.cern.ch |
3658 |
|
3659 |
Multiple Forwarded header fields are allowed and should represent |
3660 |
each proxy/gateway that has forwarded the message. It is strongly |
3661 |
recommended that proxies/gateways used as a portal through a |
3662 |
network firewall do not, by default, send out information about the |
3663 |
internal hosts within the firewall region. This information should |
3664 |
only be propagated if explicitly enabled. If not enabled, the for |
3665 |
token and FQDN should not be included in the field value, and any |
3666 |
Forwarded headers already present in the message (those added |
3667 |
behind the firewall) should be removed. |
3668 |
|
3669 |
10.21 From |
3670 |
|
3671 |
The From request-header field, if given, should contain an Internet |
3672 |
e-mail address for the human user who controls the requesting user |
3673 |
agent. The address should be machine-usable, as defined by mailbox |
3674 |
in RFC 822 [9] (as updated by RFC 1123 [8]): |
3675 |
|
3676 |
From = "From" ":" mailbox |
3677 |
|
3678 |
An example is: |
3679 |
|
3680 |
From: webmaster@w3.org |
3681 |
|
3682 |
This header field may be used for logging purposes and as a means |
3683 |
for identifying the source of invalid or unwanted requests. It |
3684 |
should not be used as an insecure form of access protection. The |
3685 |
interpretation of this field is that the request is being performed |
3686 |
on behalf of the person given, who accepts responsibility for the |
3687 |
method performed. In particular, robot agents should include this |
3688 |
header so that the person responsible for running the robot can be |
3689 |
contacted if problems occur on the receiving end. |
3690 |
|
3691 |
The Internet e-mail address in this field may be separate from the |
3692 |
Internet host which issued the request. For example, when a request |
3693 |
is passed through a proxy the original issuer's address should be |
3694 |
used. |
3695 |
|
3696 |
Note: The client should not send the From header field |
3697 |
without the user's approval, as it may conflict with the |
3698 |
user's privacy interests or their site's security policy. It |
3699 |
is strongly recommended that the user be able to disable, |
3700 |
enable, and modify the value of this field at any time prior |
3701 |
to a request. |
3702 |
|
3703 |
10.22 Host |
3704 |
|
3705 |
The Host request-header field allows the client to specify, for the |
3706 |
server's benefit, the Internet host given by the original Uniform |
3707 |
Resource Identifier (Section 3.2) of the resource being requested, |
3708 |
as it was obtained from the user or the referring resource. This |
3709 |
allows a server to differentiate between internally-ambiguous URLs |
3710 |
(such as the root "/" URL of a server harboring multiple virtual |
3711 |
hostnames). This field is required on all HTTP/1.1 requests which |
3712 |
do not already include the host in the Request-URI. |
3713 |
|
3714 |
Host = "Host" ":" host ; Section 3.2.2 |
3715 |
|
3716 |
Example: |
3717 |
|
3718 |
Host: www.w3.org |
3719 |
|
3720 |
The contents of the Host header field should exactly match the host |
3721 |
information used to contact the origin server or gateway in |
3722 |
question. It must not include the trailing ":port" information |
3723 |
which may also be found in the net_loc portion of a URL |
3724 |
(Section 3.2). |
3725 |
|
3726 |
10.23 If-Modified-Since |
3727 |
|
3728 |
The If-Modified-Since request-header field is used with the GET |
3729 |
method to make it conditional: if the requested resource has not |
3730 |
been modified since the time specified in this field, a copy of the |
3731 |
resource will not be returned from the server; instead, a 304 (not |
3732 |
modified) response will be returned without any Entity-Body. |
3733 |
|
3734 |
If-Modified-Since = "If-Modified-Since" ":" HTTP-date |
3735 |
|
3736 |
An example of the field is: |
3737 |
|
3738 |
If-Modified-Since: Sat, 29 Oct 1994 19:43:31 GMT |
3739 |
|
3740 |
A conditional GET method requests that the identified resource be |
3741 |
transferred only if it has been modified since the date given by |
3742 |
the If-Modified-Since header. The algorithm for determining this |
3743 |
includes the following cases: |
3744 |
|
3745 |
a) If the request would normally result in anything other than |
3746 |
a 200 (ok) status, or if the passed If-Modified-Since date |
3747 |
is invalid, the response is exactly the same as for a |
3748 |
normal GET. A date which is later than the server's current |
3749 |
time is invalid. |
3750 |
|
3751 |
b) If the resource has been modified since the |
3752 |
If-Modified-Since date, the response is exactly the same as |
3753 |
for a normal GET. |
3754 |
|
3755 |
c) If the resource has not been modified since a valid |
3756 |
If-Modified-Since date, the server must return a 304 (not |
3757 |
modified) response. |
3758 |
|
3759 |
The purpose of this feature is to allow efficient updates of cached |
3760 |
information with a minimum amount of transaction overhead. |
3761 |
|
3762 |
10.24 Keep-Alive |
3763 |
|
3764 |
The Keep-Alive general-header field may be used to include |
3765 |
diagnostic information and other optional parameters associated |
3766 |
with the "keep-alive" keyword of the Connection header field |
3767 |
(Section 10.9). This Keep-Alive field must only be used when the |
3768 |
"keep-alive" keyword is present (Section 10.9.1). |
3769 |
|
3770 |
Keep-Alive = "Keep-Alive" ":" 1#kaparam |
3771 |
|
3772 |
kaparam = ( "timeout" "=" delta-seconds ) |
3773 |
| ( "max" "=" 1*DIGIT ) |
3774 |
| ( attribute [ "=" value ] ) |
3775 |
|
3776 |
The Keep-Alive header field and the additional information it |
3777 |
provides are optional and do not need to be present to indicate a |
3778 |
persistent connection has been established. The semantics of the |
3779 |
Connection header field prevent the Keep-Alive field from being |
3780 |
accidentally forwarded to downstream connections. |
3781 |
|
3782 |
HTTP/1.1 defines semantics for the optional "timeout" and "max" |
3783 |
parameters on responses; other parameters may be added and the |
3784 |
field may also be used on request messages. The "timeout" parameter |
3785 |
allows the server to indicate, for diagnostic purposes only, the |
3786 |
amount of time in seconds it is currently allowing between when the |
3787 |
response was generated and when the next request is received from |
3788 |
the client (i.e., the request timeout limit). Similarly, the "max" |
3789 |
parameter allows the server to indicate the maximum additional |
3790 |
requests that it will allow on the current persistent connection. |
3791 |
|
3792 |
For example, the server may respond to a request for a persistent |
3793 |
connection with |
3794 |
|
3795 |
Connection: Keep-Alive |
3796 |
Keep-Alive: timeout=10, max=5 |
3797 |
|
3798 |
to indicate that the server has selected (perhaps dynamically) a |
3799 |
maximum of 5 requests, but will timeout the connection if the next |
3800 |
request is not received within 10 seconds. Although these |
3801 |
parameters have no affect on the operational requirements of the |
3802 |
connection, they are sometimes useful for testing functionality and |
3803 |
monitoring server behavior. |
3804 |
|
3805 |
10.25 Last-Modified |
3806 |
|
3807 |
The Last-Modified entity-header field indicates the date and time |
3808 |
at which the sender believes the resource was last modified. The |
3809 |
exact semantics of this field are defined in terms of how the |
3810 |
recipient should interpret it: if the recipient has a copy of this |
3811 |
resource which is older than the date given by the Last-Modified |
3812 |
field, that copy should be considered stale. |
3813 |
|
3814 |
Last-Modified = "Last-Modified" ":" HTTP-date |
3815 |
|
3816 |
An example of its use is |
3817 |
|
3818 |
Last-Modified: Tue, 15 Nov 1994 12:45:26 GMT |
3819 |
|
3820 |
The exact meaning of this header field depends on the |
3821 |
implementation of the sender and the nature of the original |
3822 |
resource. For files, it may be just the file system last-modified |
3823 |
time. For entities with dynamically included parts, it may be the |
3824 |
most recent of the set of last-modify times for its component |
3825 |
parts. For database gateways, it may be the last-update timestamp |
3826 |
of the record. For virtual objects, it may be the last time the |
3827 |
internal state changed. |
3828 |
|
3829 |
An origin server must not send a Last-Modified date which is later |
3830 |
than the server's time of message origination. In such cases, where |
3831 |
the resource's last modification would indicate some time in the |
3832 |
future, the server must replace that date with the message |
3833 |
origination date. |
3834 |
|
3835 |
10.26 Link |
3836 |
|
3837 |
The Link entity-header field provides a means for describing a |
3838 |
relationship between the entity and some other resource. An entity |
3839 |
may include multiple Link values. Links at the metainformation |
3840 |
level typically indicate relationships like hierarchical structure |
3841 |
and navigation paths. The Link field is semantically equivalent to |
3842 |
the <LINK> element in HTML [5]. |
3843 |
|
3844 |
Link = "Link" ":" #("<" URI ">" |
3845 |
[ ";" "rel" "=" relationship ] |
3846 |
[ ";" "rev" "=" relationship ] |
3847 |
[ ";" "title" "=" quoted-string ] ) |
3848 |
|
3849 |
relationship = sgml-name |
3850 |
| ( <"> sgml-name *( SP sgml-name) <"> ) |
3851 |
|
3852 |
sgml-name = ALPHA *( ALPHA | DIGIT | "." | "-" ) |
3853 |
|
3854 |
Relationship values are case-insensitive and may be extended within |
3855 |
the constraints of the sgml-name syntax. The title parameter may be |
3856 |
used to label the destination of a link such that it can be used as |
3857 |
identification within a human-readable menu. |
3858 |
|
3859 |
Examples of usage include: |
3860 |
|
3861 |
Link: <http://www.cern.ch/TheBook/chapter2>; rel="Previous" |
3862 |
|
3863 |
Link: <mailto:timbl@w3.org>; rev="Made"; title="Tim Berners-Lee" |
3864 |
|
3865 |
The first example indicates that chapter2 is previous to the |
3866 |
entity in a logical navigation path. The second indicates that the |
3867 |
person responsible for making the resource available is identified |
3868 |
by the given e-mail address. |
3869 |
|
3870 |
10.27 Location |
3871 |
|
3872 |
The Location response-header field defines the exact location of |
3873 |
the resource that was identified by the Request-URI. For 2xx |
3874 |
responses, if the Request-URI corresponds to a negotiable set of |
3875 |
variants and the response includes one of those variants, then the |
3876 |
response must also include a Location header field containing the |
3877 |
exact location of the chosen variant. For 3xx responses, the |
3878 |
location should indicate the server's preferred URL for automatic |
3879 |
redirection to the resource. The field value consists of a single |
3880 |
absolute URL. |
3881 |
|
3882 |
Location = "Location" ":" absoluteURI |
3883 |
|
3884 |
An example is |
3885 |
|
3886 |
Location: http://www.w3.org/pub/WWW/People.html |
3887 |
|
3888 |
If no base URL is provided by or within the entity, the value of |
3889 |
the Location field should be used as the base for resolving |
3890 |
relative URLs [11]. |
3891 |
|
3892 |
10.28 MIME-Version |
3893 |
|
3894 |
HTTP is not a MIME-compliant protocol (see Appendix C). However, |
3895 |
HTTP/1.1 messages may include a single MIME-Version general-header |
3896 |
field to indicate what version of the MIME protocol was used to |
3897 |
construct the message. Use of the MIME-Version header field |
3898 |
indicates that the message is in full compliance with the MIME |
3899 |
protocol (as defined in [7]). Proxies/gateways are responsible for |
3900 |
ensuring full compliance (where possible) when exporting HTTP |
3901 |
messages to strict MIME environments. |
3902 |
|
3903 |
MIME-Version = "MIME-Version" ":" 1*DIGIT "." 1*DIGIT |
3904 |
|
3905 |
MIME version "1.0" is the default for use in HTTP/1.1. However, |
3906 |
HTTP/1.1 message parsing and semantics are defined by this document |
3907 |
and not the MIME specification. |
3908 |
|
3909 |
10.29 Pragma |
3910 |
|
3911 |
The Pragma general-header field is used to include |
3912 |
implementation-specific directives that may apply to any recipient |
3913 |
along the request/response chain. All pragma directives specify |
3914 |
optional behavior from the viewpoint of the protocol; however, some |
3915 |
systems may require that behavior be consistent with the directives. |
3916 |
|
3917 |
Pragma = "Pragma" ":" 1#pragma-directive |
3918 |
|
3919 |
pragma-directive = "no-cache" | extension-pragma |
3920 |
extension-pragma = token [ "=" word ] |
3921 |
|
3922 |
When the "no-cache" directive is present in a request message, an |
3923 |
application should forward the request toward the origin server |
3924 |
even if it has a cached copy of what is being requested. This |
3925 |
pragma directive has the same semantics as the "no-cache" |
3926 |
cache-directive (see Section 10.8) and is defined here for |
3927 |
backwards compatibility with HTTP/1.0. Clients should include both |
3928 |
header fields when a "no-cache" request is sent to a server not |
3929 |
known to be HTTP/1.1 compliant. |
3930 |
|
3931 |
Pragma directives must be passed through by a proxy or gateway |
3932 |
application, regardless of their significance to that application, |
3933 |
since the directives may be applicable to all recipients along the |
3934 |
request/response chain. It is not possible to specify a pragma for |
3935 |
a specific recipient; however, any pragma directive not relevant to |
3936 |
a recipient should be ignored by that recipient. |
3937 |
|
3938 |
10.30 Proxy-Authenticate |
3939 |
|
3940 |
The Proxy-Authenticate response-header field must be included as |
3941 |
part of a 407 (proxy authentication required) response. The field |
3942 |
value consists of a challenge that indicates the authentication |
3943 |
scheme and parameters applicable to the proxy for this Request-URI. |
3944 |
|
3945 |
Proxy-Authentication = "Proxy-Authentication" ":" challenge |
3946 |
|
3947 |
The HTTP access authentication process is described in Section 11. |
3948 |
Unlike WWW-Authenticate, the Proxy-Authenticate header field |
3949 |
applies only to the current connection and must not be passed on to |
3950 |
downstream clients. |
3951 |
|
3952 |
10.31 Proxy-Authorization |
3953 |
|
3954 |
The Proxy-Authorization request-header field allows the client to |
3955 |
identify itself (or its user) to a proxy which requires |
3956 |
authentication. The Proxy-Authorization field value consists of |
3957 |
credentials containing the authentication information of the user |
3958 |
agent for the proxy and/or realm of the resource being requested. |
3959 |
|
3960 |
Proxy-Authorization = "Proxy-Authorization" ":" credentials |
3961 |
|
3962 |
The HTTP access authentication process is described in Section 11. |
3963 |
Unlike Authorization, the Proxy-Authorization applies only to the |
3964 |
current connection and must not be passed on to upstream servers. |
3965 |
If a request is authenticated and a realm specified, the same |
3966 |
credentials should be valid for all other requests within this |
3967 |
realm. |
3968 |
|
3969 |
10.32 Public |
3970 |
|
3971 |
The Public response-header field lists the set of non-standard |
3972 |
methods supported by the server. The purpose of this field is |
3973 |
strictly to inform the recipient of the capabilities of the server |
3974 |
regarding unusual methods. The methods listed may or may not be |
3975 |
applicable to the Request-URI; the Allow header field |
3976 |
(Section 10.5) should be used to indicate methods allowed for a |
3977 |
particular URI. This does not prevent a client from trying other |
3978 |
methods. The field value should not include the methods predefined |
3979 |
for HTTP/1.1 in Section 5.1.1. |
3980 |
|
3981 |
Public = "Public" ":" 1#method |
3982 |
|
3983 |
Example of use: |
3984 |
|
3985 |
Public: OPTIONS, MGET, MHEAD |
3986 |
|
3987 |
This header field applies only to the server directly connected to |
3988 |
the client (i.e., the nearest neighbor in a chain of connections). |
3989 |
If the response passes through a proxy, the proxy must either |
3990 |
remove the Public header field or replace it with one applicable to |
3991 |
its own capabilities. |
3992 |
|
3993 |
10.33 Range |
3994 |
|
3995 |
TBS |
3996 |
|
3997 |
10.34 Referer |
3998 |
|
3999 |
The Referer request-header field allows the client to specify, for |
4000 |
the server's benefit, the address (URI) of the resource from which |
4001 |
the Request-URI was obtained. This allows a server to generate |
4002 |
lists of back-links to resources for interest, logging, optimized |
4003 |
caching, etc. It also allows obsolete or mistyped links to be |
4004 |
traced for maintenance. The Referer field must not be sent if the |
4005 |
Request-URI was obtained from a source that does not have its own |
4006 |
URI, such as input from the user keyboard. |
4007 |
|
4008 |
Referer = "Referer" ":" ( absoluteURI | relativeURI ) |
4009 |
|
4010 |
Example: |
4011 |
|
4012 |
Referer: http://www.w3.org/hypertext/DataSources/Overview.html |
4013 |
|
4014 |
If a partial URI is given, it should be interpreted relative to the |
4015 |
Request-URI. The URI must not include a fragment. |
4016 |
|
4017 |
Note: Because the source of a link may be private |
4018 |
information or may reveal an otherwise private information |
4019 |
source, it is strongly recommended that the user be able to |
4020 |
select whether or not the Referer field is sent. For |
4021 |
example, a browser client could have a toggle switch for |
4022 |
browsing openly/anonymously, which would respectively |
4023 |
enable/disable the sending of Referer and From information. |
4024 |
|
4025 |
10.35 Refresh |
4026 |
|
4027 |
TBS |
4028 |
|
4029 |
10.36 Retry-After |
4030 |
|
4031 |
The Retry-After response-header field can be used with a 503 |
4032 |
(service unavailable) response to indicate how long the service is |
4033 |
expected to be unavailable to the requesting client. The value of |
4034 |
this field can be either an HTTP-date or an integer number of |
4035 |
seconds (in decimal) after the time of the response. |
4036 |
|
4037 |
Retry-After = "Retry-After" ":" ( HTTP-date | delta-seconds ) |
4038 |
|
4039 |
Two examples of its use are |
4040 |
|
4041 |
Retry-After: Wed, 14 Dec 1994 18:22:54 GMT |
4042 |
Retry-After: 120 |
4043 |
|
4044 |
In the latter example, the delay is 2 minutes. |
4045 |
|
4046 |
10.37 Server |
4047 |
|
4048 |
The Server response-header field contains information about the |
4049 |
software used by the origin server to handle the request. The field |
4050 |
can contain multiple product tokens (Section 3.8) and comments |
4051 |
identifying the server and any significant subproducts. By |
4052 |
convention, the product tokens are listed in order of their |
4053 |
significance for identifying the application. |
4054 |
|
4055 |
Server = "Server" ":" 1*( product | comment ) |
4056 |
|
4057 |
Example: |
4058 |
|
4059 |
Server: CERN/3.0 libwww/2.17 |
4060 |
|
4061 |
If the response is being forwarded through a proxy, the proxy |
4062 |
application must not add its data to the product list. Instead, it |
4063 |
should include a Forwarded field (as described in Section 10.20). |
4064 |
|
4065 |
Note: Revealing the specific software version of the server |
4066 |
may allow the server machine to become more vulnerable to |
4067 |
attacks against software that is known to contain security |
4068 |
holes. Server implementors are encouraged to make this field |
4069 |
a configurable option. |
4070 |
|
4071 |
10.38 Title |
4072 |
|
4073 |
The Title entity-header field indicates the title of the entity |
4074 |
|
4075 |
Title = "Title" ":" *TEXT |
4076 |
|
4077 |
An example of the field is |
4078 |
|
4079 |
Title: Hypertext Transfer Protocol -- HTTP/1.1 |
4080 |
|
4081 |
This field is isomorphic with the <TITLE> element in HTML [5]. |
4082 |
|
4083 |
10.39 Transfer Encoding |
4084 |
|
4085 |
The Transfer-Encoding general-header field indicates what (if any) |
4086 |
type of transformation has been applied to the message body in |
4087 |
order to safely transfer it between the sender and the recipient. |
4088 |
This differs from the Content-Encoding in that the transfer coding |
4089 |
is a property of the message, not of the original resource. |
4090 |
|
4091 |
Transfer-Encoding = "Transfer-Encoding" ":" 1#transfer-coding |
4092 |
|
4093 |
Transfer codings are defined in Section 3.6. An example is: |
4094 |
|
4095 |
Transfer-Encoding: chunked |
4096 |
|
4097 |
Many older HTTP/1.0 applications do not understand the |
4098 |
Transfer-Encoding header. |
4099 |
|
4100 |
10.40 Unless |
4101 |
|
4102 |
The Unless request-header field performs a similar function as |
4103 |
If-Modified-Since, but the comparison is based on any Entity-Header |
4104 |
field value of the resource and is not restricted to the GET method. |
4105 |
|
4106 |
Unless = "Unless" ":" 1#logic-bag |
4107 |
|
4108 |
For example, |
4109 |
|
4110 |
Unless: {or {ne {Content-MD5 "Q2hlY2sgSW50ZWdyaXR5IQ=="}} |
4111 |
{ne {Content-Length 10036}} |
4112 |
{ne {Content-Version "12.4.8"}} |
4113 |
{gt {Last-Modified "Mon, 04 Dec 1995 01:23:45 GMT"}}} |
4114 |
|
4115 |
Multiple Unless headers, or multiple bags separated by commas, can |
4116 |
be combined by OR'ing them together: |
4117 |
|
4118 |
Unless: {eq {A "a"}} |
4119 |
Unless: {eq {B "b"}} |
4120 |
|
4121 |
is equivalent to |
4122 |
|
4123 |
Unless: {eq {A "a"}},{eq {B "b"}} |
4124 |
|
4125 |
which in turn is equivalent to |
4126 |
|
4127 |
Unless: {or {eq {A "a"}} {eq {B "b"}}} |
4128 |
|
4129 |
When a request containing an Unless header field is received, the |
4130 |
server must evaluate the expression defined by the listed |
4131 |
logic-bags (Section 3.11). If the expression evaluates to false, |
4132 |
then no change is made to the semantics of the request. If it |
4133 |
evaluates true and the request is not a conditional GET |
4134 |
(If-Modified-Since, Section 10.23) or a partial GET (Range, |
4135 |
Section 10.33), then the server must abort the request and respond |
4136 |
with the 412 (unless true) status code. If the request is a |
4137 |
conditional GET, then the server must disregard the |
4138 |
If-Modified-Since value and respond as it would for a normal GET. |
4139 |
Similarly, if the request is a partial GET, then the server must |
4140 |
disregard the Range value and respond as it would for a normal GET. |
4141 |
|
4142 |
10.41 Upgrade |
4143 |
|
4144 |
The Upgrade general-header allows the client to specify what |
4145 |
additional communication protocols it supports and would like to |
4146 |
use if the server finds it appropriate to switch protocols. The |
4147 |
server must use the Upgrade header field within a 101 (switching |
4148 |
protocols) response to indicate which protocol(s) are being |
4149 |
switched. |
4150 |
|
4151 |
Upgrade = "Upgrade" ":" 1#product |
4152 |
|
4153 |
For example, |
4154 |
|
4155 |
Upgrade: HTTP/2.0, SHTTP/1.3, IRC/6.9, RTA/x11 |
4156 |
|
4157 |
The purpose of the Upgrade header is to allow easier migration |
4158 |
across protocols in order to better match the application needs |
4159 |
with protocol capabilities. |
4160 |
|
4161 |
10.42 URI |
4162 |
|
4163 |
The URI entity-header field is used to inform the recipient of |
4164 |
other Uniform Resource Identifiers (Section 3.2) by which the |
4165 |
resource can be identified, and of all negotiable variants |
4166 |
corresponding to the Request-URI. |
4167 |
|
4168 |
URI-header = "URI" ":" 1#( uri-mirror | uri-name | uri-variant ) |
4169 |
|
4170 |
uri-mirror = "{" "mirror" <"> URI <"> "}" |
4171 |
uri-name = "{" "name" <"> URI <"> "}" |
4172 |
uri-variant = "{" "variant" <"> URI <"> qvalue |
4173 |
[ "{" "type" <"> media-type <"> "}" ] |
4174 |
[ "{" "language" <"> 1#language-tag <"> "}" ] |
4175 |
[ "{" "encoding" <"> 1#content-coding <"> "}" ] |
4176 |
[ "{" "length" 1*DIGIT "}" ] |
4177 |
[ "{" "user-agent" "}" ] |
4178 |
"}" |
4179 |
|
4180 |
Any URI specified in this field can be absolute or relative to the |
4181 |
Request-URI. The "mirror" form of URI refers to a location which is |
4182 |
a mirror copy of the Request-URI. The "name" form refers to a |
4183 |
location-independent name corresponding to the Request-URI. The |
4184 |
"variant" form refers to one of the set of negotiable variants that |
4185 |
may be retrieved via a request on the Request-URI. |
4186 |
|
4187 |
If the Request-URI maps to a set of variants, then the dimensions |
4188 |
of that variance must be given in any response containing one of |
4189 |
those variants. If the Location header field is present in a 2xx |
4190 |
response, its value identifies which one of the variants is |
4191 |
included with the response. An example is: |
4192 |
|
4193 |
Location: http://www.w3.org/pub/WWW/TheProject.en.html |
4194 |
|
4195 |
URI: {variant "TheProject.fr.html" 1.0 |
4196 |
{type "text/html"} {language "fr"}}, |
4197 |
{variant "TheProject.en.html" 1.0 |
4198 |
{type "text/html"} {language "en"}}, |
4199 |
{variant "TheProject.fr.txt" 0.7 |
4200 |
{type "text/plain"} {language "fr"}}, |
4201 |
{variant "TheProject.en.txt" 0.8 |
4202 |
{type "text/plain"} {language "en"}} |
4203 |
|
4204 |
which indicates that the negotiable Request-URI covers a group of |
4205 |
four individual resources that vary in media type and natural |
4206 |
language. The type, language, encoding, and length attributes refer |
4207 |
to their Content-* counterparts for each resource. The user-agent |
4208 |
attribute indicates that the associated URI is negotiable based on |
4209 |
the User-Agent header field. |
4210 |
|
4211 |
User agents may use this information to notify the user of |
4212 |
additional formats and to guide the process of reactive content |
4213 |
negotiation (Section 12). |
4214 |
|
4215 |
10.43 User-Agent |
4216 |
|
4217 |
The User-Agent request-header field contains information about the |
4218 |
user agent originating the request. This is for statistical |
4219 |
purposes, the tracing of protocol violations, and automated |
4220 |
recognition of user agents for the sake of tailoring responses to |
4221 |
avoid particular user agent limitations. Although it is not |
4222 |
required, user agents should include this field with requests. The |
4223 |
field can contain multiple product tokens (Section 3.8) and |
4224 |
comments identifying the agent and any subproducts which form a |
4225 |
significant part of the user agent. By convention, the product |
4226 |
tokens are listed in order of their significance for identifying |
4227 |
the application. |
4228 |
|
4229 |
User-Agent = "User-Agent" ":" 1*( product | comment ) |
4230 |
|
4231 |
Example: |
4232 |
|
4233 |
User-Agent: CERN-LineMode/2.15 libwww/2.17b3 |
4234 |
|
4235 |
10.44 WWW-Authenticate |
4236 |
|
4237 |
The WWW-Authenticate response-header field must be included in 401 |
4238 |
(unauthorized) response messages. The field value consists of at |
4239 |
least one challenge that indicates the authentication scheme(s) and |
4240 |
parameters applicable to the Request-URI. |
4241 |
|
4242 |
WWW-Authenticate = "WWW-Authenticate" ":" 1#challenge |
4243 |
|
4244 |
The HTTP access authentication process is described in Section 11. |
4245 |
User agents must take special care in parsing the WWW-Authenticate |
4246 |
field value if it contains more than one challenge, or if more than |
4247 |
one WWW-Authenticate header field is provided, since the contents |
4248 |
of a challenge may itself contain a comma-separated list of |
4249 |
authentication parameters. |
4250 |
|
4251 |
11. Access Authentication |
4252 |
|
4253 |
HTTP provides a simple challenge-response authentication mechanism |
4254 |
which may be used by a server to challenge a client request and by |
4255 |
a client to provide authentication information. It uses an |
4256 |
extensible, case-insensitive token to identify the authentication |
4257 |
scheme, followed by a comma-separated list of attribute-value pairs |
4258 |
which carry the parameters necessary for achieving authentication |
4259 |
via that scheme. |
4260 |
|
4261 |
auth-scheme = token |
4262 |
|
4263 |
auth-param = token "=" quoted-string |
4264 |
|
4265 |
The 401 (unauthorized) response message is used by an origin server |
4266 |
to challenge the authorization of a user agent. This response must |
4267 |
include a WWW-Authenticate header field containing at least one |
4268 |
challenge applicable to the requested resource. |
4269 |
|
4270 |
challenge = auth-scheme 1*SP realm *( "," auth-param ) |
4271 |
|
4272 |
realm = "realm" "=" realm-value |
4273 |
realm-value = quoted-string |
4274 |
|
4275 |
The realm attribute (case-insensitive) is required for all |
4276 |
authentication schemes which issue a challenge. The realm value |
4277 |
(case-sensitive), in combination with the canonical root URL of the |
4278 |
server being accessed, defines the protection space. These realms |
4279 |
allow the protected resources on a server to be partitioned into a |
4280 |
set of protection spaces, each with its own authentication scheme |
4281 |
and/or authorization database. The realm value is a string, |
4282 |
generally assigned by the origin server, which may have additional |
4283 |
semantics specific to the authentication scheme. |
4284 |
|
4285 |
A user agent that wishes to authenticate itself with a |
4286 |
server--usually, but not necessarily, after receiving a 401 or 411 |
4287 |
response--may do so by including an Authorization header field with |
4288 |
the request. The Authorization field value consists of credentials |
4289 |
containing the authentication information of the user agent for the |
4290 |
realm of the resource being requested. |
4291 |
|
4292 |
credentials = basic-credentials |
4293 |
| auth-scheme *("," auth-param ) |
4294 |
|
4295 |
The domain over which credentials can be automatically applied by a |
4296 |
user agent is determined by the protection space. If a prior |
4297 |
request has been authorized, the same credentials may be reused for |
4298 |
all other requests within that protection space for a period of |
4299 |
time determined by the authentication scheme, parameters, and/or |
4300 |
user preference. Unless otherwise defined by the authentication |
4301 |
scheme, a single protection space cannot extend outside the scope |
4302 |
of its server. |
4303 |
|
4304 |
If the server does not wish to accept the credentials sent with a |
4305 |
request, it should return a 401 (unauthorized) response. The |
4306 |
response must include a WWW-Authenticate header field containing |
4307 |
the (possibly new) challenge applicable to the requested resource |
4308 |
and an entity explaining the refusal. |
4309 |
|
4310 |
The HTTP protocol does not restrict applications to this simple |
4311 |
challenge-response mechanism for access authentication. Additional |
4312 |
mechanisms may be used, such as encryption at the transport level |
4313 |
or via message encapsulation, and with additional header fields |
4314 |
specifying authentication information. However, these additional |
4315 |
mechanisms are not defined by this specification. |
4316 |
|
4317 |
Proxies must be completely transparent regarding user agent |
4318 |
authentication. That is, they must forward the WWW-Authenticate and |
4319 |
Authorization headers untouched, and must not cache the response to |
4320 |
a request containing Authorization. |
4321 |
|
4322 |
HTTP/1.1 allows a client pass authentication information to and |
4323 |
from a proxy via the Proxy-Authenticate and Proxy-Authorization |
4324 |
headers. |
4325 |
|
4326 |
11.1 Basic Authentication Scheme |
4327 |
|
4328 |
The "basic" authentication scheme is based on the model that the |
4329 |
user agent must authenticate itself with a user-ID and a password |
4330 |
for each realm. The realm value should be considered an opaque |
4331 |
string which can only be compared for equality with other realms on |
4332 |
that server. The server will service the request only if it can |
4333 |
validate the user-ID and password for the protection space of the |
4334 |
Request-URI. There are no optional authentication parameters. |
4335 |
|
4336 |
Upon receipt of an unauthorized request for a URI within the |
4337 |
protection space, the server should respond with a challenge like |
4338 |
the following: |
4339 |
|
4340 |
WWW-Authenticate: Basic realm="WallyWorld" |
4341 |
|
4342 |
where "WallyWorld" is the string assigned by the server to identify |
4343 |
the protection space of the Request-URI. |
4344 |
|
4345 |
To receive authorization, the client sends the user-ID and |
4346 |
password, separated by a single colon (":") character, within a |
4347 |
base64 [7] encoded string in the credentials. |
4348 |
|
4349 |
basic-credentials = " Basic" SP basic-cookie |
4350 |
|
4351 |
basic-cookie = <base64 [7] encoding of userid-password, |
4352 |
except not limited to 76 char/line> |
4353 |
|
4354 |
userid-password = [ token ] ":" *TEXT |
4355 |
|
4356 |
If the user agent wishes to send the user-ID "Aladdin" and password |
4357 |
"open sesame", it would use the following header field: |
4358 |
|
4359 |
Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ== |
4360 |
|
4361 |
The basic authentication scheme is a non-secure method of filtering |
4362 |
unauthorized access to resources on an HTTP server. It is based on |
4363 |
the assumption that the connection between the client and the |
4364 |
server can be regarded as a trusted carrier. As this is not |
4365 |
generally true on an open network, the basic authentication scheme |
4366 |
should be used accordingly. In spite of this, clients should |
4367 |
implement the scheme in order to communicate with servers that use |
4368 |
it. |
4369 |
|
4370 |
11.2 Digest Authentication Scheme |
4371 |
|
4372 |
The "digest" authentication scheme is [currently described in an |
4373 |
expired Internet-Draft, and this description will have to be |
4374 |
improved to reference a new draft or include the old one]. |
4375 |
|
4376 |
12. Content Negotiation |
4377 |
|
4378 |
Content negotiation is an optional feature of the HTTP protocol. It |
4379 |
is designed to allow for selection of a preferred content |
4380 |
representation based upon the attributes of the negotiable variants |
4381 |
corresponding to the requested resource. HTTP/1.1 provides for two |
4382 |
types of negotiation: preemptive and reactive. |
4383 |
|
4384 |
Servers that make use of content negotiated resources must include |
4385 |
URI response headers which accurately describe the available |
4386 |
variants, and include the relevant parameters necessary for the |
4387 |
client (user agent or proxy) to evaluate those variants. |
4388 |
|
4389 |
12.1 Preemptive Negotiation |
4390 |
|
4391 |
Preemptive negotiation attempts to "negotiate" the variant |
4392 |
parameters by including the user agent preferences within each |
4393 |
request. In this way, the preferred representation of the resource |
4394 |
may be negotiated and obtained within a single request-response |
4395 |
round-trip, and without intervention from the user. However, this |
4396 |
also means that the user agent preferences are all the time, even |
4397 |
though relatively few resources are ever negotiable. Preemptive |
4398 |
negotiation may not always be desirable for the user and is |
4399 |
sometimes unnecessary for the content provider. Implementors should |
4400 |
provide mechanisms whereby the amount of preemptive content |
4401 |
negotiation, and the parameters of that negotiation, are |
4402 |
configurable by the user and server maintainer. |
4403 |
|
4404 |
The first step in the negotiation algorithm is for the server to |
4405 |
determine whether or not there are any content variants for the |
4406 |
requested resource. Content variants may be in the form of multiple |
4407 |
preexisting entities or a set of dynamic conversion filters. These |
4408 |
variants make up the set of entities which may be sent in response |
4409 |
to a request for the given Request-URI. In most cases, there will |
4410 |
only be one available form of the resource, and thus a single |
4411 |
"variant". |
4412 |
|
4413 |
For each variant form of the resource, the server identifies a set |
4414 |
of quality values (Section 3.9) which act as weights for measuring |
4415 |
the desirability of that resource as a response to the current |
4416 |
request. The calculated weights are all real numbers in the range 0 |
4417 |
through 1, where 0 is the minimum and 1 the maximum value. The |
4418 |
maximum acceptable bytes for each media range and the size of the |
4419 |
resource variant are also factors in the equation. |
4420 |
|
4421 |
The following parameters are included in the calculation: |
4422 |
|
4423 |
qs Source quality is measured by the content provider as |
4424 |
representing the amount of degradation from the original |
4425 |
source. For example, a picture originally in JPEG form |
4426 |
would have a lower qs when translated to the XBM format, |
4427 |
and much lower qs when translated to an ASCII-art |
4428 |
representation. Note, however, that this is a function of |
4429 |
the source -- an original piece of ASCII-art may degrade in |
4430 |
quality if it is captured in JPEG form. The qs value should |
4431 |
be assigned to each variant by the content provider; if no |
4432 |
qs value has been assigned, the default is generally |
4433 |
"qs=1". A server may define its own default qs value based |
4434 |
on the resource characteristics, but only if individual |
4435 |
resources can override those defaults. |
4436 |
|
4437 |
qe Encoding quality is measured by comparing the variant's |
4438 |
applied content-codings (Section 3.5) to those listed in |
4439 |
the request message's Accept-Encoding field. If the variant |
4440 |
has no assigned Content-Encoding, or if no Accept-Encoding |
4441 |
field is present, the value assigned is "qe=1". If all of |
4442 |
the variant's content encodings are listed in the |
4443 |
Accept-Encoding field, then the value assigned is "qe=1". |
4444 |
If any of the variant's content encodings are not listed in |
4445 |
the provided Accept-Encoding field, then the value assigned |
4446 |
is "qe=0". |
4447 |
|
4448 |
qc Charset quality is measured by comparing the variant |
4449 |
media-type's charset parameter value (if any) to those |
4450 |
character sets (Section 3.4) listed in the request |
4451 |
message's Accept-Charset field. If the variant's media-type |
4452 |
has no charset parameter, or the variant's charset is |
4453 |
US-ASCII, or if no Accept-Charset field is present, then |
4454 |
the value assigned is "qc=1". If the variant's charset is |
4455 |
listed in the Accept-Charset field, then the value assigned |
4456 |
is "qc=1". Otherwise, if the variant's charset is not |
4457 |
listed in the provided Accept-Encoding field, then the |
4458 |
value assigned is "qc=0". |
4459 |
|
4460 |
ql Language quality is measured by comparing the variant's |
4461 |
assigned language tag(s) (Section 3.10) to those listed in |
4462 |
the request message's Accept-Language field. If no variant |
4463 |
has an assigned Content-Language, or if no Accept-Language |
4464 |
field is present, the value assigned is "ql=1". If at least |
4465 |
one variant has an assigned content language, but the one |
4466 |
currently under consideration does not, then it should be |
4467 |
assigned the value "ql=0.5". If any of the variant's |
4468 |
content languages are listed in the Accept-Language field, |
4469 |
then the value assigned is the maximum of the "q" parameter |
4470 |
values for those language tags (Section 10.4); if there was |
4471 |
no exact match and at least one of the Accept-Language |
4472 |
field values is a complete subtag prefix of the content |
4473 |
language tag(s), then the "q" parameter value of the |
4474 |
largest matching prefix is used. If none of the variant's |
4475 |
content language tags or tag prefixes are listed in the |
4476 |
provided Accept-Language field, then the value assigned is |
4477 |
"ql=0.001". |
4478 |
|
4479 |
q Media type quality is measured by comparing the variant's |
4480 |
assigned media type (Section 3.7) to those listed in the |
4481 |
request message's Accept field. If no Accept field is |
4482 |
given, then the value assigned is "q=1". If at least one |
4483 |
listed media range (Section 10.1) matches the variant's |
4484 |
media type, then the "q" parameter value assigned to the |
4485 |
most specific of those matched is used (e.g., |
4486 |
"text/html;version=3.0" is more specific than "text/html", |
4487 |
which is more specific than "text/*", which in turn is more |
4488 |
specific than "*/*"). If no media range in the provided |
4489 |
Accept field matches the variant's media type, then the |
4490 |
value assigned is "q=0". |
4491 |
|
4492 |
mxb The maximum number of bytes in an Entity-Body that the |
4493 |
client will accept is also obtained from the matching of |
4494 |
the variant's assigned media type to those listed in the |
4495 |
request message's Accept field. If no Accept field is |
4496 |
given, or if no media range in the provided Accept field |
4497 |
matches the variant's media type, then the value assigned |
4498 |
is "mxb=undefined" (i.e., infinity). Otherwise, the value |
4499 |
used is that given to the "mxb" parameter in the media |
4500 |
range chosen above for the q value. |
4501 |
|
4502 |
bs The actual number of bytes in the Entity-Body for the |
4503 |
variant when it is included in a response message. This |
4504 |
should equal the value of Content-Length. |
4505 |
|
4506 |
The mapping function is defined as: |
4507 |
|
4508 |
Q(qs,qe,qc,ql, { if mxb=undefined, then (qs*qe*qc*ql*q) } |
4509 |
q,mxb,bs) = { if mxb >= bs, then (qs*qe*qc*ql*q) } |
4510 |
{ if mxb < bs, then 0 } |
4511 |
|
4512 |
The variants with a maximal value for the Q function represent the |
4513 |
preferred representation(s) of the entity; those with a Q values |
4514 |
less than the maximal value are therefore excluded from further |
4515 |
consideration. If multiple representations exist that only vary by |
4516 |
Content-Encoding, then the smallest representation (lowest bs) is |
4517 |
preferred. |
4518 |
|
4519 |
If no variants remain with a value of Q greater than zero (0), the |
4520 |
server should respond with a 406 (none acceptable) response |
4521 |
message. If multiple variants remain with an equally high Q value, |
4522 |
the server may either choose one from those available and respond |
4523 |
with 200 (ok) or respond with 300 (multiple choices) and include an |
4524 |
entity describing the choices. In the latter case, the entity |
4525 |
should either be of type "text/html', such that the user can choose |
4526 |
from among the choices by following an exact link, or of some type |
4527 |
that would allow the user agent to perform the selection |
4528 |
automatically. |
4529 |
|
4530 |
The 300 (multiple choices) response can be given even if the server |
4531 |
does not perform any winnowing of the representation choices via |
4532 |
the content negotiation algorithm described above. Furthermore, it |
4533 |
may include choices that were not considered as part of the |
4534 |
negotiation algorithm and resources that may be located at other |
4535 |
servers. |
4536 |
|
4537 |
The algorithm presented above assumes that the user agent has |
4538 |
correctly implemented the protocol and is accurately communicating |
4539 |
its intentions in the form of Accept-related header fields. The |
4540 |
server may alter its response if it knows that the particular |
4541 |
version of user agent software making the request has incorrectly |
4542 |
or inadequately implemented these fields. |
4543 |
|
4544 |
13. Caching |
4545 |
|
4546 |
[This will be a summary of what is already defined in the Methods, |
4547 |
Status Codes, Cache-Control, Unless, and If-Modified-Since |
4548 |
sections.] |
4549 |
|
4550 |
14. Security Considerations |
4551 |
|
4552 |
This section is meant to inform application developers, information |
4553 |
providers, and users of the security limitations in HTTP/1.1 as |
4554 |
described by this document. The discussion does not include |
4555 |
definitive solutions to the problems revealed, though it does make |
4556 |
some suggestions for reducing security risks. |
4557 |
|
4558 |
14.1 Authentication of Clients |
4559 |
|
4560 |
As mentioned in Section 11.1, the Basic authentication scheme is |
4561 |
not a secure method of user authentication, nor does it prevent the |
4562 |
Entity-Body from being transmitted in clear text across the |
4563 |
physical network used as the carrier. HTTP does not prevent |
4564 |
additional authentication schemes and encryption mechanisms from |
4565 |
being employed to increase security. |
4566 |
|
4567 |
14.2 Safe Methods |
4568 |
|
4569 |
The writers of client software should be aware that the software |
4570 |
represents the user in their interactions over the Internet, and |
4571 |
should be careful to allow the user to be aware of any actions they |
4572 |
may take which may have an unexpected significance to themselves or |
4573 |
others. |
4574 |
|
4575 |
In particular, the convention has been established that the GET and |
4576 |
HEAD methods should never have the significance of taking an action |
4577 |
other than retrieval. These methods should be considered "safe." |
4578 |
This allows user agents to represent other methods, such as POST, |
4579 |
PUT and DELETE, in a special way, so that the user is made aware of |
4580 |
the fact that a possibly unsafe action is being requested. |
4581 |
|
4582 |
Naturally, it is not possible to ensure that the server does not |
4583 |
generate side-effects as a result of performing a GET request; in |
4584 |
fact, some dynamic resources consider that a feature. The important |
4585 |
distinction here is that the user did not request the side-effects, |
4586 |
so therefore cannot be held accountable for them. |
4587 |
|
4588 |
14.3 Abuse of Server Log Information |
4589 |
|
4590 |
A server is in the position to save personal data about a user's |
4591 |
requests which may identify their reading patterns or subjects of |
4592 |
interest. This information is clearly confidential in nature and |
4593 |
its handling may be constrained by law in certain countries. People |
4594 |
using the HTTP protocol to provide data are responsible for |
4595 |
ensuring that such material is not distributed without the |
4596 |
permission of any individuals that are identifiable by the |
4597 |
published results. |
4598 |
|
4599 |
14.4 Transfer of Sensitive Information |
4600 |
|
4601 |
Like any generic data transfer protocol, HTTP cannot regulate the |
4602 |
content of the data that is transferred, nor is there any a priori |
4603 |
method of determining the sensitivity of any particular piece of |
4604 |
information within the context of any given request. Therefore, |
4605 |
applications should supply as much control over this information as |
4606 |
possible to the provider of that information. Four header fields |
4607 |
are worth special mention in this context: Server, Forwarded, |
4608 |
Referer and From. |
4609 |
|
4610 |
Revealing the specific software version of the server may allow the |
4611 |
server machine to become more vulnerable to attacks against |
4612 |
software that is known to contain security holes. Implementors |
4613 |
should make the Server header field a configurable option. |
4614 |
|
4615 |
Proxies which serve as a portal through a network firewall should |
4616 |
take special precautions regarding the transfer of header |
4617 |
information that identifies the hosts behind the firewall. In |
4618 |
particular, they should remove, or replace with sanitized versions, |
4619 |
any Forwarded fields generated behind the firewall. |
4620 |
|
4621 |
The Referer field allows reading patterns to be studied and reverse |
4622 |
links drawn. Although it can be very useful, its power can be |
4623 |
abused if user details are not separated from the information |
4624 |
contained in the Referer. Even when the personal information has |
4625 |
been removed, the Referer field may indicate a private document's |
4626 |
URI whose publication would be inappropriate. |
4627 |
|
4628 |
The information sent in the From field might conflict with the |
4629 |
user's privacy interests or their site's security policy, and hence |
4630 |
it should not be transmitted without the user being able to |
4631 |
disable, enable, and modify the contents of the field. The user |
4632 |
must be able to set the contents of this field within a user |
4633 |
preference or application defaults configuration. |
4634 |
|
4635 |
We suggest, though do not require, that a convenient toggle |
4636 |
interface be provided for the user to enable or disable the sending |
4637 |
of From and Referer information. |
4638 |
|
4639 |
15. Acknowledgments |
4640 |
|
4641 |
This specification makes heavy use of the augmented BNF and generic |
4642 |
constructs defined by David H. Crocker for RFC 822 [9]. Similarly, |
4643 |
it reuses many of the definitions provided by Nathaniel Borenstein |
4644 |
and Ned Freed for MIME [7]. We hope that their inclusion in this |
4645 |
specification will help reduce past confusion over the relationship |
4646 |
between HTTP and Internet mail message formats. |
4647 |
|
4648 |
The HTTP protocol has evolved considerably over the past four |
4649 |
years. It has benefited from a large and active developer |
4650 |
community--the many people who have participated on the www-talk |
4651 |
mailing list--and it is that community which has been most |
4652 |
responsible for the success of HTTP and of the World-Wide Web in |
4653 |
general. Marc Andreessen, Robert Cailliau, Daniel W. Connolly, Bob |
4654 |
Denny, John Franks, Jean-Francois Groff, Phillip M. Hallam-Baker, |
4655 |
H&kon W. Lie, Ari Luotonen, Rob McCool, Lou Montulli, Dave Raggett, |
4656 |
Tony Sanders, and Marc VanHeyningen deserve special recognition for |
4657 |
their efforts in defining early aspects of the protocol. |
4658 |
|
4659 |
This document has benefited greatly from the comments of all those |
4660 |
participating in the HTTP-WG. In addition to those already |
4661 |
mentioned, the following individuals have contributed to this |
4662 |
specification: |
4663 |
|
4664 |
Gary Adams Harald Tveit Alvestrand |
4665 |
Keith Ball Brian Behlendorf |
4666 |
Paul Burchard Maurizio Codogno |
4667 |
Mike Cowlishaw Roman Czyborra |
4668 |
Michael A. Dolan Jim Gettys |
4669 |
Marc Hedlund Koen Holtman |
4670 |
Alex Hopmann Bob Jernigan |
4671 |
Shel Kaphan Rohit Khare |
4672 |
Martijn Koster Alexei Kosut |
4673 |
Dave Kristol Daniel LaLiberte |
4674 |
Paul Leach Albert Lunde |
4675 |
John C. Mallery Jean-Philippe Martin-Flatin |
4676 |
Larry Masinter Mitra |
4677 |
Jeffrey Mogul Gavin Nicol |
4678 |
Bill Perry Jeffrey Perry |
4679 |
Owen Rees Luigi Rizzo |
4680 |
David Robinson Marc Salomon |
4681 |
Rich Salz Jim Seidman |
4682 |
Chuck Shotton Eric W. Sink |
4683 |
Simon E. Spero Richard N. Taylor |
4684 |
Robert S. Thau Franccedillaois Yergeau |
4685 |
Mary Ellen Zurko |
4686 |
|
4687 |
16. References |
4688 |
|
4689 |
[1] H. Alvestrand. "Tags for the identification of languages." RFC |
4690 |
1766, UNINETT, March 1995. |
4691 |
|
4692 |
[2] F. Anklesaria, M. McCahill, P. Lindner, D. Johnson, D. Torrey, |
4693 |
B. Alberti. "The Internet Gopher Protocol: A distributed |
4694 |
document search and retrieval protocol." RFC 1436, University |
4695 |
of Minnesota, March 1993. |
4696 |
|
4697 |
[3] T. Berners-Lee. "Universal Resource Identifiers in WWW: A |
4698 |
Unifying Syntax for the Expression of Names and Addresses of |
4699 |
Objects on the Network as used in the World-Wide Web." |
4700 |
RFC 1630, CERN, June 1994. |
4701 |
|
4702 |
[4] T. Berners-Lee, L. Masinter, M. McCahill. "Uniform Resource |
4703 |
Locators (URL)." RFC 1738, CERN, Xerox PARC, University of |
4704 |
Minnesota, December 1994. |
4705 |
|
4706 |
[5] T. Berners-Lee, D. Connolly. "HyperText Markup Language |
4707 |
Specification - 2.0." RFC 1866, MIT/LCS, November 1995. |
4708 |
|
4709 |
[6] T. Berners-Lee, R. Fielding, H. Frystyk. "Hypertext Transfer |
4710 |
Protocol - HTTP/1.0." Work in Progress |
4711 |
(draft-ietf-http-v10-spec-04.txt), MIT/LCS, UC Irvine, |
4712 |
September 1995. |
4713 |
|
4714 |
[7] N. Borenstein, N. Freed. "MIME (Multipurpose Internet Mail |
4715 |
Extensions) Part One: Mechanisms for Specifying and Describing |
4716 |
the Format of Internet Message Bodies." RFC 1521, Bellcore, |
4717 |
Innosoft, September 1993. |
4718 |
|
4719 |
[8] R. Braden. "Requirements for Internet hosts - application and |
4720 |
support." STD 3, RFC 1123, IETF, October 1989. |
4721 |
|
4722 |
[9] D. H. Crocker. "Standard for the Format of ARPA Internet Text |
4723 |
Messages." STD 11, RFC 822, UDEL, August 1982. |
4724 |
|
4725 |
[10] F. Davis, B. Kahle, H. Morris, J. Salem, T. Shen, R. Wang, |
4726 |
J. Sui, M. Grinbaum. "WAIS Interface Protocol Prototype |
4727 |
Functional Specification." (v1.5), Thinking Machines |
4728 |
Corporation, April 1990. |
4729 |
|
4730 |
[11] R. Fielding. "Relative Uniform Resource Locators." RFC 1808, UC |
4731 |
Irvine, June 1995. |
4732 |
|
4733 |
[12] M. Horton, R. Adams. "Standard for interchange of USENET |
4734 |
messages." RFC 1036 (Obsoletes RFC 850), AT&T Bell |
4735 |
Laboratories, Center for Seismic Studies, December 1987. |
4736 |
|
4737 |
[13] B. Kantor, P. Lapsley. "Network News Transfer Protocol: A |
4738 |
Proposed Standard for the Stream-Based Transmission of News." |
4739 |
RFC 977, UC San Diego, UC Berkeley, February 1986. |
4740 |
|
4741 |
[14] K. Moore. "MIME (Multipurpose Internet Mail Extensions) Part |
4742 |
Two: Message Header Extensions for Non-ASCII Text." RFC 1522, |
4743 |
University of Tennessee, September 1993. |
4744 |
|
4745 |
[15] E. Nebel, L. Masinter. "Form-based File Upload in HTML." |
4746 |
RFC 1867, Xerox Corporation, November 1995. |
4747 |
|
4748 |
[16] J. Postel. "Simple Mail Transfer Protocol." STD 10, RFC 821, |
4749 |
USC/ISI, August 1982. |
4750 |
|
4751 |
[17] J. Postel. "Media Type Registration Procedure." RFC 1590, |
4752 |
USC/ISI, March 1994. |
4753 |
|
4754 |
[18] J. Postel, J. K. Reynolds. "File Transfer Protocol (FTP)." STD |
4755 |
9, RFC 959, USC/ISI, October 1985. |
4756 |
|
4757 |
[19] J. Reynolds, J. Postel. "Assigned Numbers." STD 2, RFC 1700, |
4758 |
USC/ISI, October 1994. |
4759 |
|
4760 |
[20] K. Sollins, L. Masinter. "Functional Requirements for Uniform |
4761 |
Resource Names." RFC 1737, MIT/LCS, Xerox Corporation, December |
4762 |
1994. |
4763 |
|
4764 |
[21] US-ASCII. Coded Character Set - 7-Bit American Standard Code |
4765 |
for Information Interchange. Standard ANSI X3.4-1986, ANSI, |
4766 |
1986. |
4767 |
|
4768 |
[22] ISO-8859. International Standard -- Information Processing -- |
4769 |
8-bit Single-Byte Coded Graphic Character Sets -- |
4770 |
Part 1: Latin alphabet No. 1, ISO 8859-1:1987. |
4771 |
Part 2: Latin alphabet No. 2, ISO 8859-2, 1987. |
4772 |
Part 3: Latin alphabet No. 3, ISO 8859-3, 1988. |
4773 |
Part 4: Latin alphabet No. 4, ISO 8859-4, 1988. |
4774 |
Part 5: Latin/Cyrillic alphabet, ISO 8859-5, 1988. |
4775 |
Part 6: Latin/Arabic alphabet, ISO 8859-6, 1987. |
4776 |
Part 7: Latin/Greek alphabet, ISO 8859-7, 1987. |
4777 |
Part 8: Latin/Hebrew alphabet, ISO 8859-8, 1988. |
4778 |
Part 9: Latin alphabet No. 5, ISO 8859-9, 1990. |
4779 |
|
4780 |
17. Authors' Addresses |
4781 |
|
4782 |
Roy T. Fielding |
4783 |
Department of Information and Computer Science |
4784 |
University of California |
4785 |
Irvine, CA 92717-3425, U.S.A. |
4786 |
Fax: +1 (714) 824-4056 |
4787 |
Email: fielding@ics.uci.edu |
4788 |
|
4789 |
Henrik Frystyk Nielsen |
4790 |
W3 Consortium |
4791 |
MIT Laboratory for Computer Science |
4792 |
545 Technology Square |
4793 |
Cambridge, MA 02139, U.S.A. |
4794 |
Fax: +1 (617) 258 8682 |
4795 |
Email: frystyk@w3.org |
4796 |
|
4797 |
Tim Berners-Lee |
4798 |
Director, W3 Consortium |
4799 |
MIT Laboratory for Computer Science |
4800 |
545 Technology Square |
4801 |
Cambridge, MA 02139, U.S.A. |
4802 |
Fax: +1 (617) 258 8682 |
4803 |
Email: timbl@w3.org |
4804 |
|
4805 |
Appendices |
4806 |
|
4807 |
These appendices are provided for informational reasons only -- they |
4808 |
do not form a part of the HTTP/1.1 specification. |
4809 |
|
4810 |
A. Internet Media Type message/http |
4811 |
|
4812 |
In addition to defining the HTTP/1.1 protocol, this document serves |
4813 |
as the specification for the Internet media type "message/http". |
4814 |
The following is to be registered with IANA [17]. |
4815 |
|
4816 |
Media Type name: message |
4817 |
|
4818 |
Media subtype name: http |
4819 |
|
4820 |
Required parameters: none |
4821 |
|
4822 |
Optional parameters: version, msgtype |
4823 |
|
4824 |
version: The HTTP-Version number of the enclosed message |
4825 |
(e.g., "1.1"). If not present, the version can be |
4826 |
determined from the first line of the body. |
4827 |
|
4828 |
msgtype: The message type -- "request" or "response". If |
4829 |
not present, the type can be determined from the |
4830 |
first line of the body. |
4831 |
|
4832 |
Encoding considerations: only "7bit", "8bit", or "binary" are |
4833 |
permitted |
4834 |
|
4835 |
Security considerations: none |
4836 |
|
4837 |
B. Tolerant Applications |
4838 |
|
4839 |
Although this document specifies the requirements for the |
4840 |
generation of HTTP/1.1 messages, not all applications will be |
4841 |
correct in their implementation. We therefore recommend that |
4842 |
operational applications be tolerant of deviations whenever those |
4843 |
deviations can be interpreted unambiguously. |
4844 |
|
4845 |
Clients should be tolerant in parsing the Status-Line and servers |
4846 |
tolerant when parsing the Request-Line. In particular, they should |
4847 |
accept any amount of SP or HT characters between fields, even |
4848 |
though only a single SP is required. |
4849 |
|
4850 |
The line terminator for HTTP-header fields is the sequence CRLF. |
4851 |
However, we recommend that applications, when parsing such headers, |
4852 |
recognize a single LF as a line terminator and ignore the leading |
4853 |
CR. |
4854 |
|
4855 |
C. Relationship to MIME |
4856 |
|
4857 |
HTTP/1.1 reuses many of the constructs defined for Internet Mail |
4858 |
(RFC 822 [9]) and the Multipurpose Internet Mail Extensions |
4859 |
(MIME [7]) to allow entities to be transmitted in an open variety |
4860 |
of representations and with extensible mechanisms. However, HTTP is |
4861 |
not a MIME-compliant application. HTTP's performance requirements |
4862 |
differ substantially from those of Internet mail. Since it is not |
4863 |
limited by the restrictions of existing mail protocols and SMTP |
4864 |
gateways, HTTP does not obey some of the constraints imposed by |
4865 |
RFC 822 and MIME for mail transport. |
4866 |
|
4867 |
This appendix describes specific areas where HTTP differs from |
4868 |
MIME. Proxies/gateways to MIME-compliant protocols must be aware of |
4869 |
these differences and provide the appropriate conversions where |
4870 |
necessary. |
4871 |
|
4872 |
C.1 Conversion to Canonical Form |
4873 |
|
4874 |
MIME requires that an entity be converted to canonical form prior |
4875 |
to being transferred, as described in Appendix G of RFC 1521 [7]. |
4876 |
Although HTTP does require media types to be transferred in |
4877 |
canonical form, it changes the definition of "canonical form" for |
4878 |
text-based media types as described in Section 3.7.1. |
4879 |
|
4880 |
C.1.1 Representation of Line Breaks |
4881 |
|
4882 |
MIME requires that the canonical form of any text type represent |
4883 |
line breaks as CRLF and forbids the use of CR or LF outside of line |
4884 |
break sequences. Since HTTP allows CRLF, bare CR, and bare LF (or |
4885 |
the octet sequence(s) to which they would be translated for the |
4886 |
given character set) to indicate a line break within text content, |
4887 |
recipients of an HTTP message cannot rely upon receiving |
4888 |
MIME-canonical line breaks in text. |
4889 |
|
4890 |
Where it is possible, a proxy/gateway from HTTP to a MIME-compliant |
4891 |
protocol should translate all line breaks within text/* media types |
4892 |
to the MIME canonical form of CRLF. However, this may be |
4893 |
complicated by the presence of a Content-Encoding and by the fact |
4894 |
that HTTP allows the use of some character sets which do not use |
4895 |
octets 13 and 10 to represent CR and LF, as is the case for some |
4896 |
multi-byte character sets. If canonicalization is performed, the |
4897 |
Content-Length header field value must be updated to reflect the |
4898 |
new body length. |
4899 |
|
4900 |
C.1.2 Default Character Set |
4901 |
|
4902 |
MIME requires that all subtypes of the top-level Content-Type |
4903 |
"text" have a default character set of US-ASCII [21]. In contrast, |
4904 |
HTTP defines the default character set for "text" to be |
4905 |
ISO-8859-1 [22] (a superset of US-ASCII). Therefore, if a text/* |
4906 |
media type given in the Content-Type header field does not already |
4907 |
include an explicit charset parameter, the parameter |
4908 |
|
4909 |
;charset="iso-8859-1" |
4910 |
|
4911 |
should be added by the proxy/gateway if the entity contains any |
4912 |
octets greater than 127. |
4913 |
|
4914 |
C.2 Conversion of Date Formats |
4915 |
|
4916 |
HTTP/1.1 uses a restricted subset of date formats to simplify the |
4917 |
process of date comparison. Proxies/gateways from other protocols |
4918 |
should ensure that any Date header field present in a message |
4919 |
conforms to one of the HTTP/1.1 formats and rewrite the date if |
4920 |
necessary. |
4921 |
|
4922 |
C.3 Introduction of Content-Encoding |
4923 |
|
4924 |
MIME does not include any concept equivalent to HTTP's |
4925 |
Content-Encoding header field. Since this acts as a modifier on the |
4926 |
media type, proxies/gateways to MIME-compliant protocols must |
4927 |
either change the value of the Content-Type header field or decode |
4928 |
the Entity-Body before forwarding the message. |
4929 |
|
4930 |
Note: Some experimental applications of Content-Type for |
4931 |
Internet mail have used a media-type parameter of |
4932 |
";conversions=<content-coding>" to perform an equivalent |
4933 |
function as Content-Encoding. However, this parameter is not |
4934 |
part of the MIME specification at the time of this writing. |
4935 |
|
4936 |
C.4 No Content-Transfer-Encoding |
4937 |
|
4938 |
HTTP does not use the Content-Transfer-Encoding (CTE) field of |
4939 |
MIME. Proxies/gateways from MIME-compliant protocols must remove |
4940 |
any non-identity CTE ("quoted-printable" or "base64") encoding |
4941 |
prior to delivering the response message to an HTTP client. |
4942 |
Proxies/gateways to MIME-compliant protocols are responsible for |
4943 |
ensuring that the message is in the correct format and encoding for |
4944 |
safe transport on that protocol, where "safe transport" is defined |
4945 |
by the limitations of the protocol being used. At a minimum, the |
4946 |
CTE field of |
4947 |
|
4948 |
Content-Transfer-Encoding: binary |
4949 |
|
4950 |
should be added by the proxy/gateway if it is unwilling to apply a |
4951 |
content transfer encoding. |
4952 |
|
4953 |
An HTTP client may include a Content-Transfer-Encoding as an |
4954 |
extension Entity-Header in a POST request when it knows the |
4955 |
destination of that request is a proxy/gateway to a MIME-compliant |
4956 |
protocol. |
4957 |
|
4958 |
C.5 Introduction of Transfer-Encoding |
4959 |
|
4960 |
HTTP/1.1 introduces the Transfer-Encoding header field |
4961 |
(Section 10.39). Proxies/gateways must remove any transfer coding |
4962 |
prior to forwarding a message via a MIME-compliant protocol. The |
4963 |
process for decoding the "chunked" transfer coding (Section 3.6) |
4964 |
can be represented in pseudo-code as: |
4965 |
|
4966 |
length := 0 |
4967 |
read chunk-size and CRLF |
4968 |
while (chunk-size > 0) { |
4969 |
read chunk-data and CRLF |
4970 |
append chunk-data to Entity-Body |
4971 |
length := length + chunk-size |
4972 |
read chunk-size and CRLF |
4973 |
} |
4974 |
read entity-header |
4975 |
while (entity-header not empty) { |
4976 |
append entity-header to existing header fields |
4977 |
read entity-header |
4978 |
} |
4979 |
Content-Length := length |
4980 |
Remove "chunked" from Transfer-Encoding |
4981 |
|
4982 |
D. Changes from HTTP/1.0 |
4983 |
|
4984 |
This section will summarize the differences between versions 1.0 |
4985 |
and 1.1 of the Hypertext Transfer Protocol. |
4986 |
|