1 |
|
2 |
HTTP Working Group Jeffrey Mogul, DECWRL |
3 |
Internet-Draft Ari Luotonen, Netscape |
4 |
Expires: 28 September 1997 13 March 1997 |
5 |
|
6 |
|
7 |
Problem with HTTP/1.1 Warning header, and proposed fix |
8 |
|
9 |
draft-ietf-http-warning-00.txt |
10 |
|
11 |
|
12 |
STATUS OF THIS MEMO |
13 |
|
14 |
This document is an Internet-Draft. Internet-Drafts are |
15 |
working documents of the Internet Engineering Task Force |
16 |
(IETF), its areas, and its working groups. Note that other |
17 |
groups may also distribute working documents as |
18 |
Internet-Drafts. |
19 |
|
20 |
Internet-Drafts are draft documents valid for a maximum of |
21 |
six months and may be updated, replaced, or obsoleted by |
22 |
other documents at any time. It is inappropriate to use |
23 |
Internet-Drafts as reference material or to cite them other |
24 |
than as "work in progress." |
25 |
|
26 |
To learn the current status of any Internet-Draft, please |
27 |
check the "1id-abstracts.txt" listing contained in the |
28 |
Internet-Drafts Shadow Directories on ftp.is.co.za |
29 |
(Africa), nic.nordu.net (Europe), munnari.oz.au (Pacific |
30 |
Rim), ds.internic.net (US East Coast), or ftp.isi.edu (US |
31 |
West Coast). |
32 |
|
33 |
Distribution of this document is unlimited. Please send |
34 |
comments to the HTTP working group at |
35 |
<http-wg@cuckoo.hpl.hp.com>. Discussions of the working |
36 |
group are archived at |
37 |
<URL:http://www.ics.uci.edu/pub/ietf/http/>. General |
38 |
discussions about HTTP and the applications which use HTTP |
39 |
should take place on the <www-talk@w3.org> mailing list. |
40 |
|
41 |
|
42 |
ABSTRACT |
43 |
|
44 |
The current HTTP/1.1 (RFC2068) specification introduces a |
45 |
new "Warning" header, meant to carry status information |
46 |
about a request that cannot or should not be carried by the |
47 |
response status code. The existing specification for the |
48 |
interaction between Warning and HTTP caches is faulty, in |
49 |
that it may allow incorrect results after cache validation |
50 |
operations. This document identifies two separate (but |
51 |
related) problems, and proposes revisions of the HTTP/1.1 |
52 |
specification to solve these problems. |
53 |
|
54 |
|
55 |
|
56 |
|
57 |
Mogul, Luotonen [Page 1] |
58 |
|
59 |
Internet-Draft HTTP Warning Header 13 March 1997 17:10 |
60 |
|
61 |
|
62 |
TABLE OF CONTENTS |
63 |
|
64 |
1 Introduction 2 |
65 |
2 Description of the problems 3 |
66 |
2.1 Proxy P2 implements HTTP/1.1 4 |
67 |
2.2 Proxy P2 implements HTTP/1.0 5 |
68 |
3 Proposed solutions 5 |
69 |
3.1 Solution to the ambiguity of future Warning codes 5 |
70 |
3.2 Solution to the HTTP/1.0 proxy problem 6 |
71 |
3.3 Editorial issues 7 |
72 |
3.3.1 RFC2068 Section 13.1.2: Warnings 7 |
73 |
3.3.2 RFC2068 Section 13.5.3 Combining Headers 8 |
74 |
3.3.3 RFC2068 Section 14.45 Warning 9 |
75 |
4 Security Considerations 12 |
76 |
5 Revision history 12 |
77 |
5.1 draft-ietf-http-warning-00.txt 12 |
78 |
6 Acknowledgements 12 |
79 |
7 References 12 |
80 |
8 Authors' addresses 12 |
81 |
|
82 |
|
83 |
1 Introduction |
84 |
|
85 |
The HTTP/1.1 specification (RFC2068) [1] introduces a new response |
86 |
header named "Warning", described this way (RFC2068 section 14.45): |
87 |
|
88 |
The Warning response-header field is used to carry additional |
89 |
information about the status of a response which may not be |
90 |
reflected by the response status code. This information is |
91 |
typically, though not exclusively, used to warn about a |
92 |
possible lack of semantic transparency from caching |
93 |
operations. |
94 |
|
95 |
The specification also says: |
96 |
|
97 |
A cache MUST NOT delete any Warning header that it received |
98 |
with a response. However, if a cache successfully validates a |
99 |
cache entry, it SHOULD remove any Warning headers previously |
100 |
attached to that entry except as specified for specific |
101 |
Warning codes. It MUST then add any Warning headers received |
102 |
in the validating response. |
103 |
|
104 |
while RFC2068 section 13.5.3 states, regarding what a cache does when |
105 |
receiving a 304 response: |
106 |
|
107 |
The end-to-end headers stored in the cache entry are used for |
108 |
the constructed response, except that any end-to-end headers |
109 |
provided in the 304 response MUST replace the corresponding |
110 |
headers from the cache entry. |
111 |
|
112 |
Note that there is an implicit disagreement about whether existing |
113 |
|
114 |
Mogul, Luotonen [Page 2] |
115 |
|
116 |
Internet-Draft HTTP Warning Header 13 March 1997 17:10 |
117 |
|
118 |
|
119 |
Warning headers are associated with a cache entry after it is |
120 |
revalidated. |
121 |
|
122 |
Also, RFC2068 section 13.1.2 states: |
123 |
|
124 |
Warnings are always cachable, because they never weaken the |
125 |
transparency of a response. This means that warnings can be |
126 |
passed to HTTP/1.0 caches without danger; such caches will |
127 |
simply pass the warning along as an entity-header in the |
128 |
response. |
129 |
|
130 |
This statement turns out to be somewhat erroneous. |
131 |
|
132 |
The (implicit) goal behind the design of the Warning mechanism was |
133 |
that when an HTTP/1.1 client receives a message with a Warning |
134 |
header, that header should accurately reflect the status of the |
135 |
message. However, since the issuance of RFC2068, it has been pointed |
136 |
out that the current specification can lead to Warning headers being |
137 |
attached to messages that should not have them, because of the |
138 |
interaction between the Warning specification and other |
139 |
specifications for HTTP/1.1 caches. |
140 |
|
141 |
Another goal of the Warning design is that when a Warning is properly |
142 |
attached to a response, the response should be delivered to any |
143 |
end-client with the Warning intact. This should be true even if the |
144 |
path includes one or more HTTP/1.0 proxies. |
145 |
|
146 |
|
147 |
2 Description of the problems |
148 |
|
149 |
The two known problems both involve a form of the following scenario. |
150 |
|
151 |
Suppose that the end-client is connected to the origin server via a |
152 |
path with two or more caching proxies: |
153 |
|
154 |
Origin HTTP/1.1 HTTP/1.1 |
155 |
Server ------ Proxy P1 ------ Proxy P2 ------ Client |
156 |
|
157 |
Also suppose that proxy P1 has a cached response for resource D in |
158 |
its cache, but proxy P2 does not. Also suppose that proxy P1 is |
159 |
configured to provide stale responses in some situations (e.g., |
160 |
because of network bandwidth constraints). |
161 |
|
162 |
Now the end-client requests resource D, via proxy P2. Proxy P2 does |
163 |
not have a cache entry for D, so it forwards the request to proxy P1. |
164 |
Proxy P1 does have a stale cache entry for D, but decides to provide |
165 |
the response without validating the cache entry (i.e., without |
166 |
sending a conditional GET to the origin server.) So proxy P1 sends a |
167 |
response containing its cache entry for D, and attaches |
168 |
|
169 |
Warning: 10 P1 "Response is stale" |
170 |
|
171 |
Mogul, Luotonen [Page 3] |
172 |
|
173 |
Internet-Draft HTTP Warning Header 13 March 1997 17:10 |
174 |
|
175 |
|
176 |
P2 receives this response, forwards it to the end-client, and also |
177 |
stores the response in its own cache. So far, there is no problem. |
178 |
|
179 |
At a later time some client of proxy P2 (perhaps the same one as |
180 |
before) requests resource D again from that proxy. This time, both |
181 |
proxies decide to validate their cached responses (since both |
182 |
responses are stale). So proxy P2 forwards a conditional GET to |
183 |
proxy P1, which forwards a conditional GET to the origin server. |
184 |
Suppose that the origin server sends a 304 (Not Modified) response to |
185 |
proxy P1, which forwards it to proxy P2. |
186 |
|
187 |
At this point, the "Response is stale" Warning stored in the cache |
188 |
entry at P2 is clearly not correct; the response has been |
189 |
successfully revalidated. The correct behavior in this case would be |
190 |
for P2 to remove the warning from its cache entry, and to ensure that |
191 |
it is not attached to the response it forwards to the end-client. |
192 |
|
193 |
Given this scenario, there are two different situations, depending on |
194 |
whether P2 implements HTTP/1.1 or higher (i.e., it understands the |
195 |
Warning header), or HTTP/1.0 or lower (i.e., it does not understand |
196 |
the warning header). |
197 |
|
198 |
2.1 Proxy P2 implements HTTP/1.1 |
199 |
The HTTP/1.1 specification already hints at a solution for the case |
200 |
where the proxy (or any other caching agent) in question actually |
201 |
implements the Warning header. RFC2068 section 14.45 says: |
202 |
|
203 |
A cache MUST NOT delete any Warning header that it received |
204 |
with a response. However, if a cache successfully validates a |
205 |
cache entry, it SHOULD remove any Warning headers previously |
206 |
attached to that entry except as specified for specific |
207 |
Warning codes. It MUST then add any Warning headers received |
208 |
in the validating response. |
209 |
|
210 |
Implicit in this is that there are two categories of Warnings: |
211 |
|
212 |
1. Those that describe the freshness or revalidation status |
213 |
of the response, and so must be deleted after a successful |
214 |
revalidation. |
215 |
|
216 |
2. Those that describe some aspect of the entity body or |
217 |
entity headers that is not rectified by a revalidation; |
218 |
for example, a lossy compression of the entity body. |
219 |
These Warnings cannot be deleted after a revalidation. |
220 |
|
221 |
Also implicit here is that a cache can reliably tell the difference |
222 |
between Warnings that should be deleted upon revalidation, and |
223 |
Warnings that should be retained even with revalidation. The problem |
224 |
here is that the set of Warning codes might be expanded beyond the |
225 |
set listed in the HTTP/1.1 specification. |
226 |
|
227 |
|
228 |
Mogul, Luotonen [Page 4] |
229 |
|
230 |
Internet-Draft HTTP Warning Header 13 March 1997 17:10 |
231 |
|
232 |
|
233 |
For example, if an HTTP/1.1 cache receives |
234 |
|
235 |
Warning: 37 "P1" "My hovercraft is full of eels" |
236 |
|
237 |
that cache would not be able to tell if the Warning should be deleted |
238 |
or retained after a revalidation of the response. |
239 |
|
240 |
2.2 Proxy P2 implements HTTP/1.0 |
241 |
If the proxy implements HTTP/1.0 (or lower), then it does not |
242 |
understand the Warning header at all. Therefore, it will always |
243 |
retain the Warning header in its cache entry, even after |
244 |
revalidation, and will pass this on to its clients. |
245 |
|
246 |
This is not a problem for HTTP/1.0 clients (which ignore Warning), |
247 |
but HTTP/1.1 clients of proxy P2 could receive spurious Warning |
248 |
headers for the indefinite future. |
249 |
|
250 |
|
251 |
3 Proposed solutions |
252 |
|
253 |
This section proposes independent solutions to the two problems |
254 |
described in section 2. These solutions, together, are consistent |
255 |
with the two goals stated for Warnings in section 1. (These goals |
256 |
would prevent the adoption of several other proposed solutions, such |
257 |
as changing the Expires header when forwarding a response to an |
258 |
HTTP/1.0 client, or deleting the Warning header in this case.) |
259 |
|
260 |
3.1 Solution to the ambiguity of future Warning codes |
261 |
Section 2.1 shows that HTTP/1.1 caches do not have unambiguous |
262 |
information about whether a Warning should be retained or deleted |
263 |
upon revalidation of a cached response. |
264 |
|
265 |
This can be solved by adding explicit information to the Warning |
266 |
values, so that the retain/delete choice is encoded in a way that |
267 |
does not require a cache to understand the full set of Warning codes. |
268 |
|
269 |
Several protocols, including FTP [2] and HTTP itself, use three-digit |
270 |
status codes where the first digit conveys information about the |
271 |
success or failure of an operation; this allows some extensibility of |
272 |
the set of status codes without breaking existing implementations. |
273 |
|
274 |
The same general technique can be used for the Warning code: |
275 |
|
276 |
- Expand the warning code from two digits to three digits |
277 |
|
278 |
- Use the leading digit to divide the Warnings into those |
279 |
that refer to the freshness (validation state) of a |
280 |
response, and must be deleted upon revalidation, and those |
281 |
that refer to other aspects of the response, and must be |
282 |
retained after revalidation. |
283 |
|
284 |
|
285 |
Mogul, Luotonen [Page 5] |
286 |
|
287 |
Internet-Draft HTTP Warning Header 13 March 1997 17:10 |
288 |
|
289 |
|
290 |
- Redefine the existing Warning codes according to this |
291 |
scheme |
292 |
|
293 |
- Update the language in other parts of the specification to |
294 |
be consistent with the new scheme. |
295 |
|
296 |
This approach allows the agent that initially attaches a Warning |
297 |
code, and so presumably knows the desired semantics, to explicitly |
298 |
indicate whether it should be retained or deleted after revalidation. |
299 |
It entirely removes the need for a recipient to make a non-trivial |
300 |
decision. |
301 |
|
302 |
Section 3.3.3 provides a revised specification for Warning. |
303 |
|
304 |
3.2 Solution to the HTTP/1.0 proxy problem |
305 |
The solution to the problem described in section 2.2 is more |
306 |
difficult, because HTTP/1.0 caches cannot be expected to protect |
307 |
against incorrect caching of received Warning headers. |
308 |
|
309 |
Since HTTP/1.0 agents ignore Warning entirely, the specific problem |
310 |
is to prevent an HTTP/1.1 recipient from interpreting a Warning |
311 |
header that has incorrectly been associated with a response. If such |
312 |
an incorrect association has been made, this is because an HTTP/1.0 |
313 |
cache first received a response with an appropriate Warning header, |
314 |
then revalidated the response but failed to delete the Warning |
315 |
header. |
316 |
|
317 |
In other words, an HTTP/1.1 recipient of a Warning needs a way to |
318 |
determine whether it came from the most recent validation attempt for |
319 |
a cache entry, or whether it came with an earlier response. |
320 |
|
321 |
Every HTTP response carries a Date header indicating when it was |
322 |
generated. It appears that when an HTTP/1.0 cache forwards a request |
323 |
and receives a 304 (Not Modified) response, the response that it |
324 |
forwards to its own client carries the (more recent) Date of the 304 |
325 |
response, not the Date that was associated with the original (cached) |
326 |
response. |
327 |
|
328 |
--------- |
329 |
NOTE: We need to verify that this is indeed the way that |
330 |
HTTP/1.0 caches behave! |
331 |
--------- |
332 |
|
333 |
If Warning headers were to carry an (optional) warning-date value, |
334 |
duplicating the value of the Date header associated with the response |
335 |
when the Warning was first attached to it, then an HTTP/1.1 recipient |
336 |
could compare this warning-date to the Date header in the received |
337 |
response. If these timestamps are the same, then (within the |
338 |
1-second resolution of the Date header) the recipient can be sure |
339 |
that the Warning was not left over from an earlier response. |
340 |
|
341 |
|
342 |
Mogul, Luotonen [Page 6] |
343 |
|
344 |
Internet-Draft HTTP Warning Header 13 March 1997 17:10 |
345 |
|
346 |
|
347 |
If the warning-date is earlier than the Date, however, then the |
348 |
Warning had to have been created for an earlier response. If, in |
349 |
this case, the Warning code indicates that the Warning should have |
350 |
been deleted upon revalidation, then the recipient can safely delete |
351 |
it. |
352 |
|
353 |
--------- |
354 |
NOTE: The warning-date should never be later than the Date, if |
355 |
I understand things correctly. If this ever happens, it |
356 |
implies that some cache is not updating the Date of a cached |
357 |
response with the Date of a subsequent 304 response. This |
358 |
should never happen with HTTP/1.1 proxies, but it's not clear |
359 |
if this could ever happen with an HTTP/1.0 proxy. |
360 |
--------- |
361 |
|
362 |
Therefore, a solution to the problem of HTTP/1.0 caches and Warnings |
363 |
is for |
364 |
|
365 |
- HTTP/1.1 proxies that create or forward a Warning to copy |
366 |
the Date value into an optional field of the Warning, if |
367 |
and only if the message is being sent to an HTTP/1.0 or |
368 |
lower recipient. |
369 |
|
370 |
- HTTP/1.1 caches that receive an HTTP/1.0 response with a |
371 |
Warning to delete that Warning if its warning-date does not |
372 |
match the Date in the message, and if the Warning code |
373 |
indicates that it should be deleted upon revalidation. |
374 |
|
375 |
Section 3.3.3 provides a revised specification for Warning, which |
376 |
includes this optional warning-date field. |
377 |
|
378 |
3.3 Editorial issues |
379 |
This section describes the editorial changes to RFC2068 that are |
380 |
required to implement both of the proposed modifications, and to |
381 |
eliminate contradictory language regarding the Warning header. |
382 |
|
383 |
3.3.1 RFC2068 Section 13.1.2: Warnings |
384 |
RFC2068 section 13.1.2 states: |
385 |
|
386 |
Warnings are always cachable, because they never weaken the |
387 |
transparency of a response. This means that warnings can be |
388 |
passed to HTTP/1.0 caches without danger; such caches will |
389 |
simply pass the warning along as an entity-header in the |
390 |
response. |
391 |
|
392 |
Warnings are assigned numbers between 0 and 99. This |
393 |
specification defines the code numbers and meanings of each |
394 |
currently assigned warnings, allowing a client or cache to |
395 |
take automated action in some (but not all) cases. |
396 |
|
397 |
This passaged must be revised as follows: |
398 |
|
399 |
Mogul, Luotonen [Page 7] |
400 |
|
401 |
Internet-Draft HTTP Warning Header 13 March 1997 17:10 |
402 |
|
403 |
|
404 |
Warnings come in two categories: |
405 |
|
406 |
1. Those that describe the freshness or revalidation |
407 |
status of the response, and so MUST be deleted after a |
408 |
successful revalidation (see section 13.3 for a |
409 |
definition of revalidation). |
410 |
|
411 |
2. Those that describe some aspect of the entity body or |
412 |
entity headers that is not rectified by a |
413 |
revalidation; for example, a lossy compression of the |
414 |
entity body. These Warnings MUST NOT be deleted after |
415 |
a successful revalidation. |
416 |
|
417 |
Warnings are assigned 3-digit code numbers. The first digit |
418 |
indicates whether the Warning must or must not be deleted |
419 |
from a cached response after it is successfully revalidated. |
420 |
This specification defines the code numbers and meanings of |
421 |
each currently assigned warnings, allowing a client or cache |
422 |
to take automated action in some (but not all) cases. |
423 |
|
424 |
HTTP/1.0 caches will cache all Warnings, without deleting the |
425 |
ones in the first category. Warnings that are passed to |
426 |
HTTP/1.0 caches carry an extra warning-date field, which |
427 |
prevents a future HTTP/1.1 recipient from believing an |
428 |
erroneously cached Warning. |
429 |
|
430 |
3.3.2 RFC2068 Section 13.5.3 Combining Headers |
431 |
RFC2068 section 13.5.3 states: |
432 |
|
433 |
When a cache makes a validating request to a server, and the |
434 |
server provides a 304 (Not Modified) response, the cache must |
435 |
construct a response to send to the requesting client. The |
436 |
cache uses the entity-body stored in the cache entry as the |
437 |
entity-body of this outgoing response. The end-to-end headers |
438 |
stored in the cache entry are used for the constructed |
439 |
response, except that any end-to-end headers provided in the |
440 |
304 response MUST replace the corresponding headers from the |
441 |
cache entry. Unless the cache decides to remove the cache |
442 |
entry, it MUST also replace the end-to-end headers stored |
443 |
with the cache entry with corresponding headers received in |
444 |
the incoming response. |
445 |
|
446 |
In other words, the set of end-to-end headers received in the |
447 |
incoming response overrides all corresponding end-to-end |
448 |
headers stored with the cache entry. The cache may add |
449 |
Warning headers (see section 14.45) to this set. |
450 |
|
451 |
This must be revised to say: |
452 |
|
453 |
When a cache makes a validating request to a server, and the |
454 |
server provides a 304 (Not Modified) response, the cache must |
455 |
|
456 |
Mogul, Luotonen [Page 8] |
457 |
|
458 |
Internet-Draft HTTP Warning Header 13 March 1997 17:10 |
459 |
|
460 |
|
461 |
construct a response to send to the requesting client. The |
462 |
cache uses the entity-body stored in the cache entry as the |
463 |
entity-body of this outgoing response. The end-to-end headers |
464 |
stored in the cache entry are used for the constructed |
465 |
response, except that |
466 |
|
467 |
- any stored Warning headers with warn-code 1XX (see |
468 |
section 14.45) are deleted from the cache entry and the |
469 |
forwarded response. |
470 |
|
471 |
- any stored Warning headers with warn-code 2XX are |
472 |
retained in the cache entry and the forwarded response. |
473 |
|
474 |
- any end-to-end headers provided in the 304 response |
475 |
MUST replace the corresponding headers from the cache |
476 |
entry. |
477 |
|
478 |
Unless the cache decides to remove the cache entry, it MUST |
479 |
also replace the end-to-end headers stored with the cache |
480 |
entry with corresponding headers received in the incoming |
481 |
response. |
482 |
|
483 |
In other words, the set of end-to-end headers received in the |
484 |
incoming response overrides all corresponding end-to-end |
485 |
headers stored with the cache entry (except for stored |
486 |
Warning headers with warn-code 1XX, which are deleted even if |
487 |
not overridden). |
488 |
|
489 |
3.3.3 RFC2068 Section 14.45 Warning |
490 |
The entire RFC2068 Section 14.45 (Warning) is replaced as follows: |
491 |
|
492 |
The Warning response-header field is used to carry additional |
493 |
information about the status of a response which may not be reflected |
494 |
by the response status code. This information is typically, though |
495 |
not exclusively, used to warn about a possible lack of semantic |
496 |
transparency from caching operations. |
497 |
|
498 |
Warning headers are sent with responses using: |
499 |
|
500 |
Warning = "Warning" ":" 1#warning-value |
501 |
|
502 |
warning-value = warn-code SP warn-agent SP warn-text |
503 |
[SP warn-date] |
504 |
warn-code = 3DIGIT |
505 |
warn-agent = ( host [ ":" port ] ) | pseudonym |
506 |
; the name or pseudonym of the server adding |
507 |
; the Warning header, for use in debugging |
508 |
warn-text = quoted-string |
509 |
warn-date = <"> HTTP-date <"> |
510 |
|
511 |
|
512 |
|
513 |
Mogul, Luotonen [Page 9] |
514 |
|
515 |
Internet-Draft HTTP Warning Header 13 March 1997 17:10 |
516 |
|
517 |
|
518 |
--------- |
519 |
NOTE: The warn-date syntax requires the quotes because of the |
520 |
comma in the HTTP-date syntax. The comma serves to separate |
521 |
the wkday (day of week) token from the rest of the date, and |
522 |
since the wkday is completely redundant, we could save seven |
523 |
bytes (including the two commas) by definining a different date |
524 |
format for use here. We could also eliminate the "GMT" from |
525 |
this format, since it is mandatory for HTTP-Date. |
526 |
--------- |
527 |
|
528 |
A response may carry more than one Warning header. |
529 |
|
530 |
The warn-text should be in a natural language and character set that |
531 |
is most likely to be intelligible to the human user receiving the |
532 |
response. This decision may be based on any available knowledge, |
533 |
such as the location of the cache or user, the Accept-Language field |
534 |
in a request, the Content-Language field in a response, etc. The |
535 |
default language is English and the default character set is |
536 |
ISO-8859-1. |
537 |
|
538 |
If a character set other than ISO-8859-1 is used, it MUST be encoded |
539 |
in the warn-text using the method described in RFC 1522 [14]. Any |
540 |
server or cache may add Warning headers to a response. New Warning |
541 |
headers should be added after any existing Warning headers. A cache |
542 |
MUST NOT delete any Warning header that it received with a response. |
543 |
However, if a cache successfully validates a cache entry, it SHOULD |
544 |
remove any Warning headers previously attached to that entry except |
545 |
as specified for specific Warning codes. It MUST then add any Warning |
546 |
headers received in the validating response. In other words, Warning |
547 |
headers are those that would be attached to the most recent relevant |
548 |
response. |
549 |
|
550 |
When multiple Warning headers are attached to a response, the user |
551 |
agent SHOULD display as many of them as possible, in the order that |
552 |
they appear in the response. If it is not possible to display all of |
553 |
the warnings, the user agent should follow these heuristics: |
554 |
|
555 |
- Warnings that appear early in the response take priority |
556 |
over those appearing later in the response. |
557 |
|
558 |
- Warnings in the user's preferred character set take |
559 |
priority over warnings in other character sets but with |
560 |
identical warn-codes and warn-agents. |
561 |
|
562 |
Systems that generate multiple Warning headers should order them with |
563 |
this user agent behavior in mind. |
564 |
|
565 |
The warn-code consists of three digits. The first digit indicates |
566 |
whether the Warning MUST or MUST NOT be deleted from a stored cache |
567 |
entry after a successful revalidation: |
568 |
|
569 |
|
570 |
Mogul, Luotonen [Page 10] |
571 |
|
572 |
Internet-Draft HTTP Warning Header 13 March 1997 17:10 |
573 |
|
574 |
|
575 |
1XX Warnings that describe the freshness or revalidation |
576 |
status of the response, and so MUST be deleted after |
577 |
a successful revalidation. |
578 |
|
579 |
2XX Warnings that describe some aspect of the entity body |
580 |
or entity headers that is not rectified by a |
581 |
revalidation, and which MUST NOT be deleted after a |
582 |
successful revalidation. |
583 |
|
584 |
This is a list of the currently-defined warn-codes, each with a |
585 |
recommended warn-text in English, and a description of its meaning. |
586 |
|
587 |
110 Response is stale |
588 |
MUST be included whenever the returned response is |
589 |
stale. |
590 |
|
591 |
111 Revalidation failed |
592 |
MUST be included if a cache returns a stale response |
593 |
because an attempt to revalidate the response failed, |
594 |
due to an inability to reach the server. |
595 |
|
596 |
112 Disconnected operation |
597 |
SHOULD be included if the cache is intentionally |
598 |
disconnected from the rest of the network for a |
599 |
period of time. |
600 |
|
601 |
113 Heuristic expiration |
602 |
MUST be included if the cache heuristically chose a |
603 |
freshness lifetime greater than 24 hours and the |
604 |
response's age is greater than 24 hours. |
605 |
|
606 |
199 Miscellaneous warning |
607 |
The warning text may include arbitrary information to |
608 |
be presented to a human user, or logged. A system |
609 |
receiving this warning MUST NOT take any automated |
610 |
action. |
611 |
|
612 |
214 Transformation applied |
613 |
MUST be added by an intermediate cache or proxy if it |
614 |
applies any transformation changing the |
615 |
content-coding (as specified in the Content-Encoding |
616 |
header) or media-type (as specified in the |
617 |
Content-Type header) of the response, unless this |
618 |
Warning code already appears in the response. |
619 |
|
620 |
299 Miscellaneous persistent warning |
621 |
The warning text may include arbitrary information to |
622 |
be presented to a human user, or logged. A system |
623 |
receiving this warning MUST NOT take any automated |
624 |
action. |
625 |
|
626 |
|
627 |
Mogul, Luotonen [Page 11] |
628 |
|
629 |
Internet-Draft HTTP Warning Header 13 March 1997 17:10 |
630 |
|
631 |
|
632 |
If an implementation sends a response with one or more Warning |
633 |
headers to a client whose version is HTTP/1.0 or lower, then the |
634 |
sender MUST include a warn-date in each warning-value. |
635 |
|
636 |
If an implementation receives a response with a warning-value that |
637 |
includes a warn-date, and that warn-date is different from the Date |
638 |
value in the response, then that warning-value MUST be deleted from |
639 |
the message before storing, forwarding, or using it. If all of the |
640 |
warning-values are deleted for this reason, the Warning header MUST |
641 |
be deleted as well. |
642 |
|
643 |
|
644 |
4 Security Considerations |
645 |
|
646 |
No known security implications beyond those listed in RFC2068. |
647 |
|
648 |
|
649 |
5 Revision history |
650 |
|
651 |
Minor clarifications, and grammar and spelling corrections, are not |
652 |
listed here. |
653 |
|
654 |
5.1 draft-ietf-http-warning-00.txt |
655 |
Initial draft. |
656 |
|
657 |
|
658 |
6 Acknowledgements |
659 |
|
660 |
We gratefully acknowledge the constructive comments received from Roy |
661 |
Fielding, Koen Holtman, and Ben Laurie. |
662 |
|
663 |
|
664 |
7 References |
665 |
|
666 |
1. Roy T. Fielding, Jim Gettys, Jeffrey C. Mogul, Henrik Frystyk |
667 |
Nielsen, and Tim Berners-Lee. Hypertext Transfer Protocol -- |
668 |
HTTP/1.1. RFC 2068, HTTP Working Group, January, 1997. |
669 |
|
670 |
2. Jon Postel and Joyce Reynolds. File Transfer Protocol (FTP). |
671 |
RFC 959, Network Working Group, October, 1985. |
672 |
|
673 |
|
674 |
8 Authors' addresses |
675 |
|
676 |
Jeffrey C. Mogul |
677 |
Western Research Laboratory |
678 |
Digital Equipment Corporation |
679 |
250 University Avenue |
680 |
Palo Alto, California, 94305, U.S.A. |
681 |
Email: mogul@wrl.dec.com |
682 |
Phone: 1 415 617 3304 (email preferred) |
683 |
|
684 |
Mogul, Luotonen [Page 12] |
685 |
|
686 |
Internet-Draft HTTP Warning Header 13 March 1997 17:10 |
687 |
|
688 |
|
689 |
Ari Luotonen |
690 |
Netscape Communications Corp. |
691 |
501 East Middlefield Road |
692 |
Mountain View, CA 94043 |
693 |
Email: ari@netscape.com |
694 |
|
695 |
|
696 |
|
697 |
|
698 |
|
699 |
|
700 |
|
701 |
|
702 |
|
703 |
|
704 |
|
705 |
|
706 |
|
707 |
|
708 |
|
709 |
|
710 |
|
711 |
|
712 |
|
713 |
|
714 |
|
715 |
|
716 |
|
717 |
|
718 |
|
719 |
|
720 |
|
721 |
|
722 |
|
723 |
|
724 |
|
725 |
|
726 |
|
727 |
|
728 |
|
729 |
|
730 |
|
731 |
|
732 |
|
733 |
|
734 |
|
735 |
|
736 |
|
737 |
|
738 |
|
739 |
|
740 |
|
741 |
Mogul, Luotonen [Page 13] |