source: draft-ietf-httpbis/11/draft-ietf-httpbis-p2-semantics-11.txt @ 973

Last change on this file since 973 was 973, checked in by julian.reschke@…, 9 years ago

prepare publication of -11 drafts on 2010-08-04.

  • Property svn:eol-style set to native
  • Property svn:executable set to *
File size: 121.0 KB
RevLine 
[973]1
2
3
4HTTPbis Working Group                                   R. Fielding, Ed.
5Internet-Draft                                              Day Software
6Obsoletes: 2616 (if approved)                                  J. Gettys
7Updates: 2817 (if approved)                               Alcatel-Lucent
8Intended status: Standards Track                                J. Mogul
9Expires: February 5, 2011                                             HP
10                                                              H. Frystyk
11                                                               Microsoft
12                                                             L. Masinter
13                                                           Adobe Systems
14                                                                P. Leach
15                                                               Microsoft
16                                                          T. Berners-Lee
17                                                                 W3C/MIT
18                                                           Y. Lafon, Ed.
19                                                                     W3C
20                                                         J. Reschke, Ed.
21                                                              greenbytes
22                                                          August 4, 2010
23
24
25                  HTTP/1.1, part 2: Message Semantics
26                   draft-ietf-httpbis-p2-semantics-11
27
28Abstract
29
30   The Hypertext Transfer Protocol (HTTP) is an application-level
31   protocol for distributed, collaborative, hypermedia information
32   systems.  HTTP has been in use by the World Wide Web global
33   information initiative since 1990.  This document is Part 2 of the
34   seven-part specification that defines the protocol referred to as
35   "HTTP/1.1" and, taken together, obsoletes RFC 2616.  Part 2 defines
36   the semantics of HTTP messages as expressed by request methods,
37   request-header fields, response status codes, and response-header
38   fields.
39
40Editorial Note (To be removed by RFC Editor)
41
42   Discussion of this draft should take place on the HTTPBIS working
43   group mailing list (ietf-http-wg@w3.org).  The current issues list is
44   at <http://tools.ietf.org/wg/httpbis/trac/report/3> and related
45   documents (including fancy diffs) can be found at
46   <http://tools.ietf.org/wg/httpbis/>.
47
48   The changes in this draft are summarized in Appendix C.12.
49
50Status of This Memo
51
52
53
54
55Fielding, et al.        Expires February 5, 2011                [Page 1]
56
57Internet-Draft              HTTP/1.1, Part 2                 August 2010
58
59
60   This Internet-Draft is submitted in full conformance with the
61   provisions of BCP 78 and BCP 79.
62
63   Internet-Drafts are working documents of the Internet Engineering
64   Task Force (IETF).  Note that other groups may also distribute
65   working documents as Internet-Drafts.  The list of current Internet-
66   Drafts is at http://datatracker.ietf.org/drafts/current/.
67
68   Internet-Drafts are draft documents valid for a maximum of six months
69   and may be updated, replaced, or obsoleted by other documents at any
70   time.  It is inappropriate to use Internet-Drafts as reference
71   material or to cite them other than as "work in progress."
72
73   This Internet-Draft will expire on February 5, 2011.
74
75Copyright Notice
76
77   Copyright (c) 2010 IETF Trust and the persons identified as the
78   document authors.  All rights reserved.
79
80   This document is subject to BCP 78 and the IETF Trust's Legal
81   Provisions Relating to IETF Documents
82   (http://trustee.ietf.org/license-info) in effect on the date of
83   publication of this document.  Please review these documents
84   carefully, as they describe your rights and restrictions with respect
85   to this document.  Code Components extracted from this document must
86   include Simplified BSD License text as described in Section 4.e of
87   the Trust Legal Provisions and are provided without warranty as
88   described in the Simplified BSD License.
89
90   This document may contain material from IETF Documents or IETF
91   Contributions published or made publicly available before November
92   10, 2008.  The person(s) controlling the copyright in some of this
93   material may not have granted the IETF Trust the right to allow
94   modifications of such material outside the IETF Standards Process.
95   Without obtaining an adequate license from the person(s) controlling
96   the copyright in such materials, this document may not be modified
97   outside the IETF Standards Process, and derivative works of it may
98   not be created outside the IETF Standards Process, except to format
99   it for publication as an RFC or to translate it into languages other
100   than English.
101
102Table of Contents
103
104   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  6
105     1.1.  Requirements . . . . . . . . . . . . . . . . . . . . . . .  6
106     1.2.  Syntax Notation  . . . . . . . . . . . . . . . . . . . . .  6
107       1.2.1.  Core Rules . . . . . . . . . . . . . . . . . . . . . .  7
108
109
110
111Fielding, et al.        Expires February 5, 2011                [Page 2]
112
113Internet-Draft              HTTP/1.1, Part 2                 August 2010
114
115
116       1.2.2.  ABNF Rules defined in other Parts of the
117               Specification  . . . . . . . . . . . . . . . . . . . .  7
118   2.  Method . . . . . . . . . . . . . . . . . . . . . . . . . . . .  8
119     2.1.  Method Registry  . . . . . . . . . . . . . . . . . . . . .  8
120   3.  Request Header Fields  . . . . . . . . . . . . . . . . . . . .  9
121   4.  Status Code and Reason Phrase  . . . . . . . . . . . . . . . . 10
122     4.1.  Status Code Registry . . . . . . . . . . . . . . . . . . . 12
123   5.  Response Header Fields . . . . . . . . . . . . . . . . . . . . 12
124   6.  Representation . . . . . . . . . . . . . . . . . . . . . . . . 13
125     6.1.  Identifying the Resource Associated with a
126           Representation . . . . . . . . . . . . . . . . . . . . . . 13
127   7.  Method Definitions . . . . . . . . . . . . . . . . . . . . . . 14
128     7.1.  Safe and Idempotent Methods  . . . . . . . . . . . . . . . 14
129       7.1.1.  Safe Methods . . . . . . . . . . . . . . . . . . . . . 14
130       7.1.2.  Idempotent Methods . . . . . . . . . . . . . . . . . . 14
131     7.2.  OPTIONS  . . . . . . . . . . . . . . . . . . . . . . . . . 15
132     7.3.  GET  . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
133     7.4.  HEAD . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
134     7.5.  POST . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
135     7.6.  PUT  . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
136     7.7.  DELETE . . . . . . . . . . . . . . . . . . . . . . . . . . 19
137     7.8.  TRACE  . . . . . . . . . . . . . . . . . . . . . . . . . . 19
138     7.9.  CONNECT  . . . . . . . . . . . . . . . . . . . . . . . . . 20
139   8.  Status Code Definitions  . . . . . . . . . . . . . . . . . . . 20
140     8.1.  Informational 1xx  . . . . . . . . . . . . . . . . . . . . 20
141       8.1.1.  100 Continue . . . . . . . . . . . . . . . . . . . . . 20
142       8.1.2.  101 Switching Protocols  . . . . . . . . . . . . . . . 21
143     8.2.  Successful 2xx . . . . . . . . . . . . . . . . . . . . . . 21
144       8.2.1.  200 OK . . . . . . . . . . . . . . . . . . . . . . . . 21
145       8.2.2.  201 Created  . . . . . . . . . . . . . . . . . . . . . 21
146       8.2.3.  202 Accepted . . . . . . . . . . . . . . . . . . . . . 22
147       8.2.4.  203 Non-Authoritative Information  . . . . . . . . . . 22
148       8.2.5.  204 No Content . . . . . . . . . . . . . . . . . . . . 22
149       8.2.6.  205 Reset Content  . . . . . . . . . . . . . . . . . . 23
150       8.2.7.  206 Partial Content  . . . . . . . . . . . . . . . . . 23
151     8.3.  Redirection 3xx  . . . . . . . . . . . . . . . . . . . . . 23
152       8.3.1.  300 Multiple Choices . . . . . . . . . . . . . . . . . 24
153       8.3.2.  301 Moved Permanently  . . . . . . . . . . . . . . . . 24
154       8.3.3.  302 Found  . . . . . . . . . . . . . . . . . . . . . . 25
155       8.3.4.  303 See Other  . . . . . . . . . . . . . . . . . . . . 25
156       8.3.5.  304 Not Modified . . . . . . . . . . . . . . . . . . . 26
157       8.3.6.  305 Use Proxy  . . . . . . . . . . . . . . . . . . . . 26
158       8.3.7.  306 (Unused) . . . . . . . . . . . . . . . . . . . . . 26
159       8.3.8.  307 Temporary Redirect . . . . . . . . . . . . . . . . 26
160     8.4.  Client Error 4xx . . . . . . . . . . . . . . . . . . . . . 27
161       8.4.1.  400 Bad Request  . . . . . . . . . . . . . . . . . . . 27
162       8.4.2.  401 Unauthorized . . . . . . . . . . . . . . . . . . . 27
163       8.4.3.  402 Payment Required . . . . . . . . . . . . . . . . . 27
164
165
166
167Fielding, et al.        Expires February 5, 2011                [Page 3]
168
169Internet-Draft              HTTP/1.1, Part 2                 August 2010
170
171
172       8.4.4.  403 Forbidden  . . . . . . . . . . . . . . . . . . . . 27
173       8.4.5.  404 Not Found  . . . . . . . . . . . . . . . . . . . . 28
174       8.4.6.  405 Method Not Allowed . . . . . . . . . . . . . . . . 28
175       8.4.7.  406 Not Acceptable . . . . . . . . . . . . . . . . . . 28
176       8.4.8.  407 Proxy Authentication Required  . . . . . . . . . . 28
177       8.4.9.  408 Request Timeout  . . . . . . . . . . . . . . . . . 29
178       8.4.10. 409 Conflict . . . . . . . . . . . . . . . . . . . . . 29
179       8.4.11. 410 Gone . . . . . . . . . . . . . . . . . . . . . . . 29
180       8.4.12. 411 Length Required  . . . . . . . . . . . . . . . . . 30
181       8.4.13. 412 Precondition Failed  . . . . . . . . . . . . . . . 30
182       8.4.14. 413 Request Entity Too Large . . . . . . . . . . . . . 30
183       8.4.15. 414 URI Too Long . . . . . . . . . . . . . . . . . . . 30
184       8.4.16. 415 Unsupported Media Type . . . . . . . . . . . . . . 30
185       8.4.17. 416 Requested Range Not Satisfiable  . . . . . . . . . 30
186       8.4.18. 417 Expectation Failed . . . . . . . . . . . . . . . . 31
187     8.5.  Server Error 5xx . . . . . . . . . . . . . . . . . . . . . 31
188       8.5.1.  500 Internal Server Error  . . . . . . . . . . . . . . 31
189       8.5.2.  501 Not Implemented  . . . . . . . . . . . . . . . . . 31
190       8.5.3.  502 Bad Gateway  . . . . . . . . . . . . . . . . . . . 31
191       8.5.4.  503 Service Unavailable  . . . . . . . . . . . . . . . 31
192       8.5.5.  504 Gateway Timeout  . . . . . . . . . . . . . . . . . 32
193       8.5.6.  505 HTTP Version Not Supported . . . . . . . . . . . . 32
194   9.  Header Field Definitions . . . . . . . . . . . . . . . . . . . 32
195     9.1.  Allow  . . . . . . . . . . . . . . . . . . . . . . . . . . 32
196     9.2.  Expect . . . . . . . . . . . . . . . . . . . . . . . . . . 33
197     9.3.  From . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
198     9.4.  Location . . . . . . . . . . . . . . . . . . . . . . . . . 34
199     9.5.  Max-Forwards . . . . . . . . . . . . . . . . . . . . . . . 35
200     9.6.  Referer  . . . . . . . . . . . . . . . . . . . . . . . . . 36
201     9.7.  Retry-After  . . . . . . . . . . . . . . . . . . . . . . . 36
202     9.8.  Server . . . . . . . . . . . . . . . . . . . . . . . . . . 37
203     9.9.  User-Agent . . . . . . . . . . . . . . . . . . . . . . . . 37
204   10. IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 38
205     10.1. Method Registry  . . . . . . . . . . . . . . . . . . . . . 38
206     10.2. Status Code Registry . . . . . . . . . . . . . . . . . . . 38
207     10.3. Header Field Registration  . . . . . . . . . . . . . . . . 39
208   11. Security Considerations  . . . . . . . . . . . . . . . . . . . 40
209     11.1. Transfer of Sensitive Information  . . . . . . . . . . . . 40
210     11.2. Encoding Sensitive Information in URIs . . . . . . . . . . 41
211     11.3. Location Headers and Spoofing  . . . . . . . . . . . . . . 42
212   12. Acknowledgments  . . . . . . . . . . . . . . . . . . . . . . . 42
213   13. References . . . . . . . . . . . . . . . . . . . . . . . . . . 42
214     13.1. Normative References . . . . . . . . . . . . . . . . . . . 42
215     13.2. Informative References . . . . . . . . . . . . . . . . . . 43
216   Appendix A.  Changes from RFC 2616 . . . . . . . . . . . . . . . . 43
217   Appendix B.  Collected ABNF  . . . . . . . . . . . . . . . . . . . 44
218   Appendix C.  Change Log (to be removed by RFC Editor before
219                publication)  . . . . . . . . . . . . . . . . . . . . 47
220
221
222
223Fielding, et al.        Expires February 5, 2011                [Page 4]
224
225Internet-Draft              HTTP/1.1, Part 2                 August 2010
226
227
228     C.1.  Since RFC2616  . . . . . . . . . . . . . . . . . . . . . . 47
229     C.2.  Since draft-ietf-httpbis-p2-semantics-00 . . . . . . . . . 47
230     C.3.  Since draft-ietf-httpbis-p2-semantics-01 . . . . . . . . . 47
231     C.4.  Since draft-ietf-httpbis-p2-semantics-02 . . . . . . . . . 48
232     C.5.  Since draft-ietf-httpbis-p2-semantics-03 . . . . . . . . . 49
233     C.6.  Since draft-ietf-httpbis-p2-semantics-04 . . . . . . . . . 49
234     C.7.  Since draft-ietf-httpbis-p2-semantics-05 . . . . . . . . . 49
235     C.8.  Since draft-ietf-httpbis-p2-semantics-06 . . . . . . . . . 50
236     C.9.  Since draft-ietf-httpbis-p2-semantics-07 . . . . . . . . . 50
237     C.10. Since draft-ietf-httpbis-p2-semantics-08 . . . . . . . . . 51
238     C.11. Since draft-ietf-httpbis-p2-semantics-09 . . . . . . . . . 51
239     C.12. Since draft-ietf-httpbis-p2-semantics-10 . . . . . . . . . 51
240   Index  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279Fielding, et al.        Expires February 5, 2011                [Page 5]
280
281Internet-Draft              HTTP/1.1, Part 2                 August 2010
282
283
2841.  Introduction
285
286   This document defines HTTP/1.1 request and response semantics.  Each
287   HTTP message, as defined in [Part1], is in the form of either a
288   request or a response.  An HTTP server listens on a connection for
289   HTTP requests and responds to each request, in the order received on
290   that connection, with one or more HTTP response messages.  This
291   document defines the commonly agreed upon semantics of the HTTP
292   uniform interface, the intentions defined by each request method, and
293   the various response messages that might be expected as a result of
294   applying that method to the target resource.
295
296   This document is currently disorganized in order to minimize the
297   changes between drafts and enable reviewers to see the smaller errata
298   changes.  The next draft will reorganize the sections to better
299   reflect the content.  In particular, the sections will be ordered
300   according to the typical processing of an HTTP request message (after
301   message parsing): resource mapping, general header fields, methods,
302   request modifiers, response status, and resource metadata.  The
303   current mess reflects how widely dispersed these topics and
304   associated requirements had become in [RFC2616].
305
3061.1.  Requirements
307
308   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
309   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
310   document are to be interpreted as described in [RFC2119].
311
312   An implementation is not compliant if it fails to satisfy one or more
313   of the "MUST" or "REQUIRED" level requirements for the protocols it
314   implements.  An implementation that satisfies all the "MUST" or
315   "REQUIRED" level and all the "SHOULD" level requirements for its
316   protocols is said to be "unconditionally compliant"; one that
317   satisfies all the "MUST" level requirements but not all the "SHOULD"
318   level requirements for its protocols is said to be "conditionally
319   compliant".
320
3211.2.  Syntax Notation
322
323   This specification uses the ABNF syntax defined in Section 1.2 of
324   [Part1] (which extends the syntax defined in [RFC5234] with a list
325   rule).  Appendix B shows the collected ABNF, with the list rule
326   expanded.
327
328   The following core rules are included by reference, as defined in
329   [RFC5234], Appendix B.1: ALPHA (letters), CR (carriage return), CRLF
330   (CR LF), CTL (controls), DIGIT (decimal 0-9), DQUOTE (double quote),
331   HEXDIG (hexadecimal 0-9/A-F/a-f), LF (line feed), OCTET (any 8-bit
332
333
334
335Fielding, et al.        Expires February 5, 2011                [Page 6]
336
337Internet-Draft              HTTP/1.1, Part 2                 August 2010
338
339
340   sequence of data), SP (space), VCHAR (any visible USASCII character),
341   and WSP (whitespace).
342
3431.2.1.  Core Rules
344
345   The core rules below are defined in Section 1.2.2 of [Part1]:
346
347     quoted-string = <quoted-string, defined in [Part1], Section 1.2.2>
348     token         = <token, defined in [Part1], Section 1.2.2>
349     OWS           = <OWS, defined in [Part1], Section 1.2.2>
350     RWS           = <RWS, defined in [Part1], Section 1.2.2>
351     obs-text      = <obs-text, defined in [Part1], Section 1.2.2>
352
3531.2.2.  ABNF Rules defined in other Parts of the Specification
354
355   The ABNF rules below are defined in other parts:
356
357     absolute-URI  = <absolute-URI, defined in [Part1], Section 2.6>
358     comment       = <comment, defined in [Part1], Section 3.2>
359     Host          = <Host, defined in [Part1], Section 2.6>
360     HTTP-date     = <HTTP-date, defined in [Part1], Section 6.1>
361     partial-URI   = <partial-URI, defined in [Part1], Section 2.6>
362     product       = <product, defined in [Part1], Section 6.3>
363     TE            = <TE, defined in [Part1], Section 9.5>
364     URI-reference = <URI-reference, defined in [Part1], Section 2.6>
365
366
367     Accept        = <Accept, defined in [Part3], Section 6.1>
368     Accept-Charset =
369                <Accept-Charset, defined in [Part3], Section 6.2>
370     Accept-Encoding =
371                <Accept-Encoding, defined in [Part3], Section 6.3>
372     Accept-Language =
373                <Accept-Language, defined in [Part3], Section 6.4>
374
375
376     ETag          = <ETag, defined in [Part4], Section 6.1>
377     If-Match      = <If-Match, defined in [Part4], Section 6.2>
378     If-Modified-Since =
379                <If-Modified-Since, defined in [Part4], Section 6.3>
380     If-None-Match = <If-None-Match, defined in [Part4], Section 6.4>
381     If-Unmodified-Since =
382                <If-Unmodified-Since, defined in [Part4], Section 6.5>
383
384
385     Accept-Ranges = <Accept-Ranges, defined in [Part5], Section 5.1>
386     If-Range      = <If-Range, defined in [Part5], Section 5.3>
387     Range         = <Range, defined in [Part5], Section 5.4>
388
389
390
391Fielding, et al.        Expires February 5, 2011                [Page 7]
392
393Internet-Draft              HTTP/1.1, Part 2                 August 2010
394
395
396     Age           = <Age, defined in [Part6], Section 3.1>
397     Vary          = <Vary, defined in [Part6], Section 3.5>
398
399
400     Authorization = <Authorization, defined in [Part7], Section 3.1>
401     Proxy-Authenticate =
402                <Proxy-Authenticate, defined in [Part7], Section 3.2>
403     Proxy-Authorization =
404                <Proxy-Authorization, defined in [Part7], Section 3.3>
405     WWW-Authenticate =
406                <WWW-Authenticate, defined in [Part7], Section 3.4>
407
4082.  Method
409
410   The Method token indicates the method to be performed on the target
411   resource (Section 4.3 of [Part1]).  The method is case-sensitive.
412
413     Method         = %x4F.50.54.49.4F.4E.53   ; "OPTIONS", Section 7.2
414                    / %x47.45.54               ; "GET", Section 7.3
415                    / %x48.45.41.44            ; "HEAD", Section 7.4
416                    / %x50.4F.53.54            ; "POST", Section 7.5
417                    / %x50.55.54               ; "PUT", Section 7.6
418                    / %x44.45.4C.45.54.45      ; "DELETE", Section 7.7
419                    / %x54.52.41.43.45         ; "TRACE", Section 7.8
420                    / %x43.4F.4E.4E.45.43.54   ; "CONNECT", Section 7.9
421                    / extension-method
422     extension-method = token
423
424   The list of methods allowed by a resource can be specified in an
425   Allow header field (Section 9.1).  The status code of the response
426   always notifies the client whether a method is currently allowed on a
427   resource, since the set of allowed methods can change dynamically.
428   An origin server SHOULD respond with the status code 405 (Method Not
429   Allowed) if the method is known by the origin server but not allowed
430   for the resource, and 501 (Not Implemented) if the method is
431   unrecognized or not implemented by the origin server.  The methods
432   GET and HEAD MUST be supported by all general-purpose servers.  All
433   other methods are OPTIONAL; however, if the above methods are
434   implemented, they MUST be implemented with the same semantics as
435   those specified in Section 7.
436
4372.1.  Method Registry
438
439   The HTTP Method Registry defines the name space for the Method token
440   in the Request line of an HTTP request.
441
442   Registrations MUST include the following fields:
443
444
445
446
447Fielding, et al.        Expires February 5, 2011                [Page 8]
448
449Internet-Draft              HTTP/1.1, Part 2                 August 2010
450
451
452   o  Method Name (see Section 2)
453
454   o  Safe ("yes" or "no", see Section 7.1.1)
455
456   o  Pointer to specification text
457
458   Values to be added to this name space are subject to IETF review
459   ([RFC5226], Section 4.1).
460
461   The registry itself is maintained at
462   <http://www.iana.org/assignments/http-methods>.
463
4643.  Request Header Fields
465
466   The request-header fields allow the client to pass additional
467   information about the request, and about the client itself, to the
468   server.  These fields act as request modifiers, with semantics
469   equivalent to the parameters on a programming language method
470   invocation.
471
472     request-header = Accept                   ; [Part3], Section 6.1
473                    / Accept-Charset           ; [Part3], Section 6.2
474                    / Accept-Encoding          ; [Part3], Section 6.3
475                    / Accept-Language          ; [Part3], Section 6.4
476                    / Authorization            ; [Part7], Section 3.1
477                    / Expect                   ; Section 9.2
478                    / From                     ; Section 9.3
479                    / Host                     ; [Part1], Section 9.4
480                    / If-Match                 ; [Part4], Section 6.2
481                    / If-Modified-Since        ; [Part4], Section 6.3
482                    / If-None-Match            ; [Part4], Section 6.4
483                    / If-Range                 ; [Part5], Section 5.3
484                    / If-Unmodified-Since      ; [Part4], Section 6.5
485                    / Max-Forwards             ; Section 9.5
486                    / Proxy-Authorization      ; [Part7], Section 3.3
487                    / Range                    ; [Part5], Section 5.4
488                    / Referer                  ; Section 9.6
489                    / TE                       ; [Part1], Section 9.5
490                    / User-Agent               ; Section 9.9
491
492   Request-header field names can be extended reliably only in
493   combination with a change in the protocol version.  However, new or
494   experimental header fields MAY be given the semantics of request-
495   header fields if all parties in the communication recognize them to
496   be request-header fields.
497
498
499
500
501
502
503Fielding, et al.        Expires February 5, 2011                [Page 9]
504
505Internet-Draft              HTTP/1.1, Part 2                 August 2010
506
507
5084.  Status Code and Reason Phrase
509
510   The Status-Code element is a 3-digit integer result code of the
511   attempt to understand and satisfy the request.  The status codes
512   listed below are defined in Section 8, Section 3 of [Part4], Section
513   3 of [Part5], and Section 2 of [Part7].
514
515   The Reason-Phrase is intended to give a short textual description of
516   the Status-Code.  The Status-Code is intended for use by automata and
517   the Reason-Phrase is intended for the human user.  The client is not
518   required to examine or display the Reason-Phrase.
519
520   The individual values of the numeric status codes defined for
521   HTTP/1.1, and an example set of corresponding Reason-Phrase values,
522   are presented below.  The reason phrases listed here are only
523   recommendations -- they MAY be replaced by local equivalents without
524   affecting the protocol.
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559Fielding, et al.        Expires February 5, 2011               [Page 10]
560
561Internet-Draft              HTTP/1.1, Part 2                 August 2010
562
563
564     Status-Code =
565          "100"  ; Section 8.1.1: Continue
566        / "101"  ; Section 8.1.2: Switching Protocols
567        / "200"  ; Section 8.2.1: OK
568        / "201"  ; Section 8.2.2: Created
569        / "202"  ; Section 8.2.3: Accepted
570        / "203"  ; Section 8.2.4: Non-Authoritative Information
571        / "204"  ; Section 8.2.5: No Content
572        / "205"  ; Section 8.2.6: Reset Content
573        / "206"  ; [Part5], Section 3.1: Partial Content
574        / "300"  ; Section 8.3.1: Multiple Choices
575        / "301"  ; Section 8.3.2: Moved Permanently
576        / "302"  ; Section 8.3.3: Found
577        / "303"  ; Section 8.3.4: See Other
578        / "304"  ; [Part4], Section 3.1: Not Modified
579        / "305"  ; Section 8.3.6: Use Proxy
580        / "307"  ; Section 8.3.8: Temporary Redirect
581        / "400"  ; Section 8.4.1: Bad Request
582        / "401"  ; [Part7], Section 2.1: Unauthorized
583        / "402"  ; Section 8.4.3: Payment Required
584        / "403"  ; Section 8.4.4: Forbidden
585        / "404"  ; Section 8.4.5: Not Found
586        / "405"  ; Section 8.4.6: Method Not Allowed
587        / "406"  ; Section 8.4.7: Not Acceptable
588        / "407"  ; [Part7], Section 2.2: Proxy Authentication Required
589        / "408"  ; Section 8.4.9: Request Time-out
590        / "409"  ; Section 8.4.10: Conflict
591        / "410"  ; Section 8.4.11: Gone
592        / "411"  ; Section 8.4.12: Length Required
593        / "412"  ; [Part4], Section 3.2: Precondition Failed
594        / "413"  ; Section 8.4.14: Request Entity Too Large
595        / "414"  ; Section 8.4.15: URI Too Long
596        / "415"  ; Section 8.4.16: Unsupported Media Type
597        / "416"  ; [Part5], Section 3.2: Requested range not satisfiable
598        / "417"  ; Section 8.4.18: Expectation Failed
599        / "500"  ; Section 8.5.1: Internal Server Error
600        / "501"  ; Section 8.5.2: Not Implemented
601        / "502"  ; Section 8.5.3: Bad Gateway
602        / "503"  ; Section 8.5.4: Service Unavailable
603        / "504"  ; Section 8.5.5: Gateway Time-out
604        / "505"  ; Section 8.5.6: HTTP Version not supported
605        / extension-code
606
607     extension-code = 3DIGIT
608     Reason-Phrase  = *( WSP / VCHAR / obs-text )
609
610   HTTP status codes are extensible.  HTTP applications are not required
611   to understand the meaning of all registered status codes, though such
612
613
614
615Fielding, et al.        Expires February 5, 2011               [Page 11]
616
617Internet-Draft              HTTP/1.1, Part 2                 August 2010
618
619
620   understanding is obviously desirable.  However, applications MUST
621   understand the class of any status code, as indicated by the first
622   digit, and treat any unrecognized response as being equivalent to the
623   x00 status code of that class, with the exception that an
624   unrecognized response MUST NOT be cached.  For example, if an
625   unrecognized status code of 431 is received by the client, it can
626   safely assume that there was something wrong with its request and
627   treat the response as if it had received a 400 status code.  In such
628   cases, user agents SHOULD present to the user the representation
629   enclosed with the response, since that representation is likely to
630   include human-readable information which will explain the unusual
631   status.
632
6334.1.  Status Code Registry
634
635   The HTTP Status Code Registry defines the name space for the Status-
636   Code token in the Status-Line of an HTTP response.
637
638   Values to be added to this name space are subject to IETF review
639   ([RFC5226], Section 4.1).
640
641   The registry itself is maintained at
642   <http://www.iana.org/assignments/http-status-codes>.
643
6445.  Response Header Fields
645
646   The response-header fields allow the server to pass additional
647   information about the response which cannot be placed in the Status-
648   Line.  These header fields give information about the server and
649   about further access to the target resource (Section 4.3 of [Part1]).
650
651     response-header = Accept-Ranges           ; [Part5], Section 5.1
652                     / Age                     ; [Part6], Section 3.1
653                     / Allow                   ; Section 9.1
654                     / ETag                    ; [Part4], Section 6.1
655                     / Location                ; Section 9.4
656                     / Proxy-Authenticate      ; [Part7], Section 3.2
657                     / Retry-After             ; Section 9.7
658                     / Server                  ; Section 9.8
659                     / Vary                    ; [Part6], Section 3.5
660                     / WWW-Authenticate        ; [Part7], Section 3.4
661
662   Response-header field names can be extended reliably only in
663   combination with a change in the protocol version.  However, new or
664   experimental header fields MAY be given the semantics of response-
665   header fields if all parties in the communication recognize them to
666   be response-header fields.
667
668
669
670
671Fielding, et al.        Expires February 5, 2011               [Page 12]
672
673Internet-Draft              HTTP/1.1, Part 2                 August 2010
674
675
6766.  Representation
677
678   Request and Response messages MAY transfer a representation if not
679   otherwise restricted by the request method or response status code.
680   A representation consists of metadata (representation header fields)
681   and data (representation body).  When a complete or partial
682   representation is enclosed in an HTTP message, it is referred to as
683   the payload of the message.  HTTP representations are defined in
684   [Part3].
685
686   A representation body is only present in a message when a message-
687   body is present, as described in Section 3.3 of [Part1].  The
688   representation body is obtained from the message-body by decoding any
689   Transfer-Encoding that might have been applied to ensure safe and
690   proper transfer of the message.
691
6926.1.  Identifying the Resource Associated with a Representation
693
694   It is sometimes necessary to determine an identifier for the resource
695   associated with a representation.
696
697   An HTTP request representation, when present, is always associated
698   with an anonymous (i.e., unidentified) resource.
699
700   In the common case, an HTTP response is a representation of the
701   target resource (see Section 4.3 of [Part1]).  However, this is not
702   always the case.  To determine the URI of the resource a response is
703   associated with, the following rules are used (with the first
704   applicable one being selected):
705
706   1.  If the response status code is 200 or 203 and the request method
707       was GET, the response payload is a representation of the target
708       resource.
709
710   2.  If the response status code is 204, 206, or 304 and the request
711       method was GET or HEAD, the response payload is a partial
712       representation of the target (see Section 2.8 of [Part6]).
713
714   3.  If the response has a Content-Location header, and that URI is
715       the same as the effective request URI, the response payload is a
716       representation of the target resource.
717
718   4.  If the response has a Content-Location header, and that URI is
719       not the same as the effective request URI, then the response
720       asserts that its payload is a representation of the resource
721       identified by the Content-Location URI.  However, such an
722       assertion cannot be trusted unless it can be verified by other
723       means (not defined by HTTP).
724
725
726
727Fielding, et al.        Expires February 5, 2011               [Page 13]
728
729Internet-Draft              HTTP/1.1, Part 2                 August 2010
730
731
732   5.  Otherwise, the response is a representation of an anonymous
733       (i.e., unidentified) resource.
734
735   [[TODO-req-uri: The comparison function is going to have to be
736   defined somewhere, because we already need to compare URIs for things
737   like cache invalidation.]]
738
7397.  Method Definitions
740
741   The set of common methods for HTTP/1.1 is defined below.  Although
742   this set can be expanded, additional methods cannot be assumed to
743   share the same semantics for separately extended clients and servers.
744
7457.1.  Safe and Idempotent Methods
746
7477.1.1.  Safe Methods
748
749   Implementors need to be aware that the software represents the user
750   in their interactions over the Internet, and need to allow the user
751   to be aware of any actions they take which might have an unexpected
752   significance to themselves or others.
753
754   In particular, the convention has been established that the GET,
755   HEAD, OPTIONS, and TRACE methods SHOULD NOT have the significance of
756   taking an action other than retrieval.  These methods ought to be
757   considered "safe".  This allows user agents to represent other
758   methods, such as POST, PUT and DELETE, in a special way, so that the
759   user is made aware of the fact that a possibly unsafe action is being
760   requested.
761
762   Naturally, it is not possible to ensure that the server does not
763   generate side-effects as a result of performing a GET request; in
764   fact, some dynamic resources consider that a feature.  The important
765   distinction here is that the user did not request the side-effects,
766   so therefore cannot be held accountable for them.
767
7687.1.2.  Idempotent Methods
769
770   Methods can also have the property of "idempotence" in that, aside
771   from error or expiration issues, the intended effect of multiple
772   identical requests is the same as for a single request.  The methods
773   PUT, DELETE, and all safe methods are idempotent.  It is important to
774   note that idempotence refers only to changes requested by the client:
775   a server is free to change its state due to multiple requests for the
776   purpose of tracking those requests, versioning of results, etc.
777
778
779
780
781
782
783Fielding, et al.        Expires February 5, 2011               [Page 14]
784
785Internet-Draft              HTTP/1.1, Part 2                 August 2010
786
787
7887.2.  OPTIONS
789
790   The OPTIONS method represents a request for information about the
791   communication options available on the request/response chain
792   identified by the effective request URI.  This method allows the
793   client to determine the options and/or requirements associated with a
794   resource, or the capabilities of a server, without implying a
795   resource action or initiating a resource retrieval.
796
797   Responses to this method are not cacheable.
798
799   If the OPTIONS request includes a message-body (as indicated by the
800   presence of Content-Length or Transfer-Encoding), then the media type
801   MUST be indicated by a Content-Type field.  Although this
802   specification does not define any use for such a body, future
803   extensions to HTTP might use the OPTIONS body to make more detailed
804   queries on the server.
805
806   If the request-target is an asterisk ("*"), the OPTIONS request is
807   intended to apply to the server in general rather than to a specific
808   resource.  Since a server's communication options typically depend on
809   the resource, the "*" request is only useful as a "ping" or "no-op"
810   type of method; it does nothing beyond allowing the client to test
811   the capabilities of the server.  For example, this can be used to
812   test a proxy for HTTP/1.1 compliance (or lack thereof).
813
814   If the request-target is not an asterisk, the OPTIONS request applies
815   only to the options that are available when communicating with that
816   resource.
817
818   A 200 response SHOULD include any header fields that indicate
819   optional features implemented by the server and applicable to that
820   resource (e.g., Allow), possibly including extensions not defined by
821   this specification.  The response body, if any, SHOULD also include
822   information about the communication options.  The format for such a
823   body is not defined by this specification, but might be defined by
824   future extensions to HTTP.  Content negotiation MAY be used to select
825   the appropriate response format.  If no response body is included,
826   the response MUST include a Content-Length field with a field-value
827   of "0".
828
829   The Max-Forwards request-header field MAY be used to target a
830   specific proxy in the request chain (see Section 9.5).  If no Max-
831   Forwards field is present in the request, then the forwarded request
832   MUST NOT include a Max-Forwards field.
833
834
835
836
837
838
839Fielding, et al.        Expires February 5, 2011               [Page 15]
840
841Internet-Draft              HTTP/1.1, Part 2                 August 2010
842
843
8447.3.  GET
845
846   The GET method means retrieve whatever information (in the form of a
847   representation) currently corresponds to the target resource.
848
849   If the target resource is a data-producing process, it is the
850   produced data which shall be returned as the representation in the
851   response and not the source text of the process, unless that text
852   happens to be the output of the process.
853
854   The semantics of the GET method change to a "conditional GET" if the
855   request message includes an If-Modified-Since, If-Unmodified-Since,
856   If-Match, If-None-Match, or If-Range header field.  A conditional GET
857   method requests that the representation be transferred only under the
858   circumstances described by the conditional header field(s).  The
859   conditional GET method is intended to reduce unnecessary network
860   usage by allowing cached representations to be refreshed without
861   requiring multiple requests or transferring data already held by the
862   client.
863
864   The semantics of the GET method change to a "partial GET" if the
865   request message includes a Range header field.  A partial GET
866   requests that only part of the representation be transferred, as
867   described in Section 5.4 of [Part5].  The partial GET method is
868   intended to reduce unnecessary network usage by allowing partially-
869   retrieved representations to be completed without transferring data
870   already held by the client.
871
872   The response to a GET request is cacheable and MAY be used to satisfy
873   subsequent GET and HEAD requests (see [Part6]).
874
875   See Section 11.2 for security considerations when used for forms.
876
8777.4.  HEAD
878
879   The HEAD method is identical to GET except that the server MUST NOT
880   return a message-body in the response.  The metadata contained in the
881   HTTP headers in response to a HEAD request SHOULD be identical to the
882   information sent in response to a GET request.  This method can be
883   used for obtaining metadata about the representation implied by the
884   request without transferring the representation body.  This method is
885   often used for testing hypertext links for validity, accessibility,
886   and recent modification.
887
888   The response to a HEAD request is cacheable and MAY be used to
889   satisfy a subsequent HEAD request; see [Part6].  It also MAY be used
890   to update a previously cached representation from that resource; if
891   the new field values indicate that the cached representation differs
892
893
894
895Fielding, et al.        Expires February 5, 2011               [Page 16]
896
897Internet-Draft              HTTP/1.1, Part 2                 August 2010
898
899
900   from the current representation (as would be indicated by a change in
901   Content-Length, Content-MD5, ETag or Last-Modified), then the cache
902   MUST treat the cache entry as stale.
903
9047.5.  POST
905
906   The POST method is used to request that the origin server accept the
907   representation enclosed in the request as data to be processed by the
908   target resource.  POST is designed to allow a uniform method to cover
909   the following functions:
910
911   o  Annotation of existing resources;
912
913   o  Posting a message to a bulletin board, newsgroup, mailing list, or
914      similar group of articles;
915
916   o  Providing a block of data, such as the result of submitting a
917      form, to a data-handling process;
918
919   o  Extending a database through an append operation.
920
921   The actual function performed by the POST method is determined by the
922   server and is usually dependent on the effective request URI.
923
924   The action performed by the POST method might not result in a
925   resource that can be identified by a URI.  In this case, either 200
926   (OK) or 204 (No Content) is the appropriate response status code,
927   depending on whether or not the response includes a representation
928   that describes the result.
929
930   If a resource has been created on the origin server, the response
931   SHOULD be 201 (Created) and contain a representation which describes
932   the status of the request and refers to the new resource, and a
933   Location header (see Section 9.4).
934
935   Responses to POST requests are only cacheable when they include
936   explicit freshness information (see Section 2.3.1 of [Part6]).  A
937   cached POST response with a Content-Location header (see Section 6.7
938   of [Part3]) whose value is the effective Request URI MAY be used to
939   satisfy subsequent GET and HEAD requests.
940
941   Note that POST caching is not widely implemented.  However, the 303
942   (See Other) response can be used to direct the user agent to retrieve
943   a cacheable resource.
944
945
946
947
948
949
950
951Fielding, et al.        Expires February 5, 2011               [Page 17]
952
953Internet-Draft              HTTP/1.1, Part 2                 August 2010
954
955
9567.6.  PUT
957
958   The PUT method requests that the enclosed representation be stored at
959   the effective request URI.  If the effective request URI refers to an
960   already existing resource, the enclosed representation SHOULD be
961   considered a modified version of the one residing on the origin
962   server.  Otherwise, if the effective request URI does not point to an
963   existing resource, and that URI is capable of being defined as a new
964   resource by the requesting user agent, the origin server can create
965   the resource with that URI.
966
967   If a new resource is created at the effective request URI, the origin
968   server MUST inform the user agent via the 201 (Created) response.  If
969   an existing resource is modified, either the 200 (OK) or 204 (No
970   Content) response codes SHOULD be sent to indicate successful
971   completion of the request.
972
973   If the target resource could not be created or modified, an
974   appropriate error response SHOULD be given that reflects the nature
975   of the problem.  The recipient of the representation MUST NOT ignore
976   any Content-* headers (headers starting with the prefix "Content-")
977   that it does not understand or implement and MUST return a 501 (Not
978   Implemented) response in such cases.
979
980   If the request passes through a cache that has one or more stored
981   responses for the effective request URI, those stored responses
982   SHOULD be marked as stale if the response to the PUT request has a
983   success status code.  Responses to the PUT method are not cacheable.
984
985   The fundamental difference between the POST and PUT requests is
986   reflected in the different meaning of the effective request URI.  The
987   URI in a POST request identifies the resource that will handle the
988   enclosed representation.  That resource might be a data-accepting
989   process, a gateway to some other protocol, or a document that accepts
990   annotations.  In contrast, the URI in a PUT request identifies the
991   resource for which enclosed representation is a new or replacement
992   value; the user agent knows what URI is intended and the server MUST
993   NOT attempt to apply the request to some other resource.  If the
994   server desires that the request be applied to a different URI, it
995   MUST send a 301 (Moved Permanently) response; the user agent MAY then
996   make its own decision regarding whether or not to redirect the
997   request.
998
999   A single resource MAY be identified by many different URIs.  For
1000   example, an article might have a URI for identifying "the current
1001   version" which is separate from the URI identifying each particular
1002   version.  In this case, a PUT request on a general URI might result
1003   in several other URIs being defined by the origin server.
1004
1005
1006
1007Fielding, et al.        Expires February 5, 2011               [Page 18]
1008
1009Internet-Draft              HTTP/1.1, Part 2                 August 2010
1010
1011
1012   HTTP/1.1 does not define how a PUT method affects the state of an
1013   origin server.
1014
1015   Header fields in a PUT request that are recognized as representation
1016   metadata SHOULD be applied to the resource created or modified by the
1017   PUT.  Unrecognized header fields SHOULD be ignored.
1018
10197.7.  DELETE
1020
1021   The DELETE method requests that the origin server delete the target
1022   resource.  This method MAY be overridden by human intervention (or
1023   other means) on the origin server.  The client cannot be guaranteed
1024   that the operation has been carried out, even if the status code
1025   returned from the origin server indicates that the action has been
1026   completed successfully.  However, the server SHOULD NOT indicate
1027   success unless, at the time the response is given, it intends to
1028   delete the resource or move it to an inaccessible location.
1029
1030   A successful response SHOULD be 200 (OK) if the response includes an
1031   representation describing the status, 202 (Accepted) if the action
1032   has not yet been enacted, or 204 (No Content) if the action has been
1033   enacted but the response does not include a representation.
1034
1035   If the request passes through a cache and the effective request URI
1036   identifies one or more currently cached representations, those
1037   entries SHOULD be treated as stale.  Responses to the DELETE method
1038   are not cacheable.
1039
10407.8.  TRACE
1041
1042   The TRACE method is used to invoke a remote, application-layer loop-
1043   back of the request message.  The final recipient of the request
1044   SHOULD reflect the message received back to the client as the
1045   message-body of a 200 (OK) response.  The final recipient is either
1046   the origin server or the first proxy or gateway to receive a Max-
1047   Forwards value of zero (0) in the request (see Section 9.5).  A TRACE
1048   request MUST NOT include a message-body.
1049
1050   TRACE allows the client to see what is being received at the other
1051   end of the request chain and use that data for testing or diagnostic
1052   information.  The value of the Via header field (Section 9.9 of
1053   [Part1]) is of particular interest, since it acts as a trace of the
1054   request chain.  Use of the Max-Forwards header field allows the
1055   client to limit the length of the request chain, which is useful for
1056   testing a chain of proxies forwarding messages in an infinite loop.
1057
1058   If the request is valid, the response SHOULD have a Content-Type of
1059   "message/http" (see Section 10.3.1 of [Part1]) and contain a message-
1060
1061
1062
1063Fielding, et al.        Expires February 5, 2011               [Page 19]
1064
1065Internet-Draft              HTTP/1.1, Part 2                 August 2010
1066
1067
1068   body that encloses a copy of the entire request message.  Responses
1069   to the TRACE method are not cacheable.
1070
10717.9.  CONNECT
1072
1073   This specification reserves the method name CONNECT for use with a
1074   proxy that can dynamically switch to being a tunnel (e.g., SSL
1075   tunneling [RFC2817]).
1076
10778.  Status Code Definitions
1078
1079   Each Status-Code is described below, including any metadata required
1080   in the response.
1081
10828.1.  Informational 1xx
1083
1084   This class of status code indicates a provisional response,
1085   consisting only of the Status-Line and optional headers, and is
1086   terminated by an empty line.  There are no required headers for this
1087   class of status code.  Since HTTP/1.0 did not define any 1xx status
1088   codes, servers MUST NOT send a 1xx response to an HTTP/1.0 client
1089   except under experimental conditions.
1090
1091   A client MUST be prepared to accept one or more 1xx status responses
1092   prior to a regular response, even if the client does not expect a 100
1093   (Continue) status message.  Unexpected 1xx status responses MAY be
1094   ignored by a user agent.
1095
1096   Proxies MUST forward 1xx responses, unless the connection between the
1097   proxy and its client has been closed, or unless the proxy itself
1098   requested the generation of the 1xx response.  (For example, if a
1099   proxy adds a "Expect: 100-continue" field when it forwards a request,
1100   then it need not forward the corresponding 100 (Continue)
1101   response(s).)
1102
11038.1.1.  100 Continue
1104
1105   The client SHOULD continue with its request.  This interim response
1106   is used to inform the client that the initial part of the request has
1107   been received and has not yet been rejected by the server.  The
1108   client SHOULD continue by sending the remainder of the request or, if
1109   the request has already been completed, ignore this response.  The
1110   server MUST send a final response after the request has been
1111   completed.  See Section 7.2.3 of [Part1] for detailed discussion of
1112   the use and handling of this status code.
1113
1114
1115
1116
1117
1118
1119Fielding, et al.        Expires February 5, 2011               [Page 20]
1120
1121Internet-Draft              HTTP/1.1, Part 2                 August 2010
1122
1123
11248.1.2.  101 Switching Protocols
1125
1126   The server understands and is willing to comply with the client's
1127   request, via the Upgrade message header field (Section 9.8 of
1128   [Part1]), for a change in the application protocol being used on this
1129   connection.  The server will switch protocols to those defined by the
1130   response's Upgrade header field immediately after the empty line
1131   which terminates the 101 response.
1132
1133   The protocol SHOULD be switched only when it is advantageous to do
1134   so.  For example, switching to a newer version of HTTP is
1135   advantageous over older versions, and switching to a real-time,
1136   synchronous protocol might be advantageous when delivering resources
1137   that use such features.
1138
11398.2.  Successful 2xx
1140
1141   This class of status code indicates that the client's request was
1142   successfully received, understood, and accepted.
1143
11448.2.1.  200 OK
1145
1146   The request has succeeded.  The payload returned with the response is
1147   dependent on the method used in the request, for example:
1148
1149   GET  a representation of the target resource is sent in the response;
1150
1151   HEAD  the same representation as GET, except without the message-
1152      body;
1153
1154   POST  a representation describing or containing the result of the
1155      action;
1156
1157   TRACE  a representation containing the request message as received by
1158      the end server.
1159
1160   Caches MAY use a heuristic (see Section 2.3.1.1 of [Part6]) to
1161   determine freshness for 200 responses.
1162
11638.2.2.  201 Created
1164
1165   The request has been fulfilled and has resulted in a new resource
1166   being created.  The newly created resource can be referenced by the
1167   URI(s) returned in the payload of the response, with the most
1168   specific URI for the resource given by a Location header field.  The
1169   response SHOULD include a payload containing a list of resource
1170   characteristics and location(s) from which the user or user agent can
1171   choose the one most appropriate.  The payload format is specified by
1172
1173
1174
1175Fielding, et al.        Expires February 5, 2011               [Page 21]
1176
1177Internet-Draft              HTTP/1.1, Part 2                 August 2010
1178
1179
1180   the media type given in the Content-Type header field.  The origin
1181   server MUST create the resource before returning the 201 status code.
1182   If the action cannot be carried out immediately, the server SHOULD
1183   respond with 202 (Accepted) response instead.
1184
1185   A 201 response MAY contain an ETag response header field indicating
1186   the current value of the entity-tag for the representation of the
1187   resource just created (see Section 6.1 of [Part4]).
1188
11898.2.3.  202 Accepted
1190
1191   The request has been accepted for processing, but the processing has
1192   not been completed.  The request might or might not eventually be
1193   acted upon, as it might be disallowed when processing actually takes
1194   place.  There is no facility for re-sending a status code from an
1195   asynchronous operation such as this.
1196
1197   The 202 response is intentionally non-committal.  Its purpose is to
1198   allow a server to accept a request for some other process (perhaps a
1199   batch-oriented process that is only run once per day) without
1200   requiring that the user agent's connection to the server persist
1201   until the process is completed.  The representation returned with
1202   this response SHOULD include an indication of the request's current
1203   status and either a pointer to a status monitor or some estimate of
1204   when the user can expect the request to be fulfilled.
1205
12068.2.4.  203 Non-Authoritative Information
1207
1208   The returned metadata in the header fields is not the definitive set
1209   as available from the origin server, but is gathered from a local or
1210   a third-party copy.  The set presented MAY be a subset or superset of
1211   the original version.  For example, including local annotation
1212   information about the resource might result in a superset of the
1213   metadata known by the origin server.  Use of this response code is
1214   not required and is only appropriate when the response would
1215   otherwise be 200 (OK).
1216
1217   Caches MAY use a heuristic (see Section 2.3.1.1 of [Part6]) to
1218   determine freshness for 203 responses.
1219
12208.2.5.  204 No Content
1221
1222   The server has successfully fulfilled the request, but there is no
1223   additional content to return in the response payload body.  The
1224   resource metadata and representation metadata in the response
1225   message's header fields refer to the target resource and its current
1226   representation, respectively, after the requested action.  For
1227   example, if a 204 status code is received in response to a PUT and
1228
1229
1230
1231Fielding, et al.        Expires February 5, 2011               [Page 22]
1232
1233Internet-Draft              HTTP/1.1, Part 2                 August 2010
1234
1235
1236   the response contains an ETag header field, then the value of that
1237   field is the current entity-tag for the representation that was
1238   successfully PUT.
1239
1240   If the client is a user agent, it SHOULD NOT change its document view
1241   from that which caused the request to be sent.  This response is
1242   primarily intended to allow input for actions to take place without
1243   causing a change to the user agent's active document view, although
1244   any new or updated metadata SHOULD be applied to the document
1245   currently in the user agent's active view.
1246
1247   The 204 response MUST NOT include a message-body, and thus is always
1248   terminated by the first empty line after the header fields.
1249
12508.2.6.  205 Reset Content
1251
1252   The server has fulfilled the request and the user agent SHOULD reset
1253   the document view which caused the request to be sent.  This response
1254   is primarily intended to allow input for actions to take place via
1255   user input, followed by a clearing of the form in which the input is
1256   given so that the user can easily initiate another input action.  The
1257   response MUST NOT include a message-body.
1258
12598.2.7.  206 Partial Content
1260
1261   The server has fulfilled the partial GET request for the resource and
1262   the enclosed payload is a partial representation as defined in
1263   Section 3.1 of [Part5].
1264
1265   Caches MAY use a heuristic (see Section 2.3.1.1 of [Part6]) to
1266   determine freshness for 206 responses.
1267
12688.3.  Redirection 3xx
1269
1270   This class of status code indicates that further action needs to be
1271   taken by the user agent in order to fulfill the request.  The action
1272   required MAY be carried out by the user agent without interaction
1273   with the user if and only if the method used in the second request is
1274   known to be "safe", as defined in Section 7.1.1.  A client SHOULD
1275   detect infinite redirection loops, since such loops generate network
1276   traffic for each redirection.
1277
1278      Note: An earlier version of this specification recommended a
1279      maximum of five redirections ([RFC2068], Section 10.3).  Content
1280      developers need to be aware that some clients might implement such
1281      a fixed limitation.
1282
1283
1284
1285
1286
1287Fielding, et al.        Expires February 5, 2011               [Page 23]
1288
1289Internet-Draft              HTTP/1.1, Part 2                 August 2010
1290
1291
12928.3.1.  300 Multiple Choices
1293
1294   The target resource more than one representation, each with its own
1295   specific location, and agent-driven negotiation information (Section
1296   5 of [Part3]) is being provided so that the user (or user agent) can
1297   select a preferred representation by redirecting its request to that
1298   location.
1299
1300   Unless it was a HEAD request, the response SHOULD include a
1301   representation containing a list of representation metadata and
1302   location(s) from which the user or user agent can choose the one most
1303   appropriate.  The data format is specified by the media type given in
1304   the Content-Type header field.  Depending upon the format and the
1305   capabilities of the user agent, selection of the most appropriate
1306   choice MAY be performed automatically.  However, this specification
1307   does not define any standard for such automatic selection.
1308
1309   If the server has a preferred choice of representation, it SHOULD
1310   include the specific URI for that representation in the Location
1311   field; user agents MAY use the Location field value for automatic
1312   redirection.
1313
1314   Caches MAY use a heuristic (see Section 2.3.1.1 of [Part6]) to
1315   determine freshness for 300 responses.
1316
13178.3.2.  301 Moved Permanently
1318
1319   The target resource has been assigned a new permanent URI and any
1320   future references to this resource SHOULD use one of the returned
1321   URIs.  Clients with link editing capabilities ought to automatically
1322   re-link references to the effective request URI to one or more of the
1323   new references returned by the server, where possible.
1324
1325   Caches MAY use a heuristic (see Section 2.3.1.1 of [Part6]) to
1326   determine freshness for 301 responses.
1327
1328   The new permanent URI SHOULD be given by the Location field in the
1329   response.  Unless the request method was HEAD, the representation of
1330   the response SHOULD contain a short hypertext note with a hyperlink
1331   to the new URI(s).
1332
1333   If the 301 status code is received in response to a request method
1334   that is known to be "safe", as defined in Section 7.1.1, then the
1335   request MAY be automatically redirected by the user agent without
1336   confirmation.  Otherwise, the user agent MUST NOT automatically
1337   redirect the request unless it can be confirmed by the user, since
1338   this might change the conditions under which the request was issued.
1339
1340
1341
1342
1343Fielding, et al.        Expires February 5, 2011               [Page 24]
1344
1345Internet-Draft              HTTP/1.1, Part 2                 August 2010
1346
1347
1348      Note: When automatically redirecting a POST request after
1349      receiving a 301 status code, some existing HTTP/1.0 user agents
1350      will erroneously change it into a GET request.
1351
13528.3.3.  302 Found
1353
1354   The target resource resides temporarily under a different URI.  Since
1355   the redirection might be altered on occasion, the client SHOULD
1356   continue to use the effective request URI for future requests.
1357
1358   The temporary URI SHOULD be given by the Location field in the
1359   response.  Unless the request method was HEAD, the representation of
1360   the response SHOULD contain a short hypertext note with a hyperlink
1361   to the new URI(s).
1362
1363   If the 302 status code is received in response to a request method
1364   that is known to be "safe", as defined in Section 7.1.1, then the
1365   request MAY be automatically redirected by the user agent without
1366   confirmation.  Otherwise, the user agent MUST NOT automatically
1367   redirect the request unless it can be confirmed by the user, since
1368   this might change the conditions under which the request was issued.
1369
1370      Note: HTTP/1.0 ([RFC1945], Section 9.3) and the first version of
1371      HTTP/1.1 ([RFC2068], Section 10.3.3) specify that the client is
1372      not allowed to change the method on the redirected request.
1373      However, most existing user agent implementations treat 302 as if
1374      it were a 303 response, performing a GET on the Location field-
1375      value regardless of the original request method.  Therefore, a
1376      previous version of this specification ([RFC2616], Section 10.3.3)
1377      has added the status codes 303 and 307 for servers that wish to
1378      make unambiguously clear which kind of reaction is expected of the
1379      client.
1380
13818.3.4.  303 See Other
1382
1383   The server directs the user agent to a different resource, indicated
1384   by a URI in the Location header field, that provides an indirect
1385   response to the original request.  The user agent MAY perform a GET
1386   request on the URI in the Location field in order to obtain a
1387   representation corresponding to the response, be redirected again, or
1388   end with an error status.  The Location URI is not a substitute
1389   reference for the effective request URI.
1390
1391   The 303 status code is generally applicable to any HTTP method.  It
1392   is primarily used to allow the output of a POST action to redirect
1393   the user agent to a selected resource, since doing so provides the
1394   information corresponding to the POST response in a form that can be
1395   separately identified, bookmarked, and cached independent of the
1396
1397
1398
1399Fielding, et al.        Expires February 5, 2011               [Page 25]
1400
1401Internet-Draft              HTTP/1.1, Part 2                 August 2010
1402
1403
1404   original request.
1405
1406   A 303 response to a GET request indicates that the requested resource
1407   does not have a representation of its own that can be transferred by
1408   the server over HTTP.  The Location URI indicates a resource that is
1409   descriptive of the target resource, such that the follow-on
1410   representation might be useful to recipients without implying that it
1411   adequately represents the target resource.  Note that answers to the
1412   questions of what can be represented, what representations are
1413   adequate, and what might be a useful description are outside the
1414   scope of HTTP and thus entirely determined by the URI owner(s).
1415
1416   Except for responses to a HEAD request, the representation of a 303
1417   response SHOULD contain a short hypertext note with a hyperlink to
1418   the Location URI.
1419
14208.3.5.  304 Not Modified
1421
1422   The response to the request has not been modified since the
1423   conditions indicated by the client's conditional GET request, as
1424   defined in Section 3.1 of [Part4].
1425
14268.3.6.  305 Use Proxy
1427
1428   The 305 status code was defined in a previous version of this
1429   specification (see Appendix A), and is now deprecated.
1430
14318.3.7.  306 (Unused)
1432
1433   The 306 status code was used in a previous version of the
1434   specification, is no longer used, and the code is reserved.
1435
14368.3.8.  307 Temporary Redirect
1437
1438   The target resource resides temporarily under a different URI.  Since
1439   the redirection can change over time, the client SHOULD continue to
1440   use the effective request URI for future requests.
1441
1442   The temporary URI SHOULD be given by the Location field in the
1443   response.  Unless the request method was HEAD, the representation of
1444   the response SHOULD contain a short hypertext note with a hyperlink
1445   to the new URI(s) , since many pre-HTTP/1.1 user agents do not
1446   understand the 307 status code.  Therefore, the note SHOULD contain
1447   the information necessary for a user to repeat the original request
1448   on the new URI.
1449
1450   If the 307 status code is received in response to a request method
1451   that is known to be "safe", as defined in Section 7.1.1, then the
1452
1453
1454
1455Fielding, et al.        Expires February 5, 2011               [Page 26]
1456
1457Internet-Draft              HTTP/1.1, Part 2                 August 2010
1458
1459
1460   request MAY be automatically redirected by the user agent without
1461   confirmation.  Otherwise, the user agent MUST NOT automatically
1462   redirect the request unless it can be confirmed by the user, since
1463   this might change the conditions under which the request was issued.
1464
14658.4.  Client Error 4xx
1466
1467   The 4xx class of status code is intended for cases in which the
1468   client seems to have erred.  Except when responding to a HEAD
1469   request, the server SHOULD include a representation containing an
1470   explanation of the error situation, and whether it is a temporary or
1471   permanent condition.  These status codes are applicable to any
1472   request method.  User agents SHOULD display any included
1473   representation to the user.
1474
1475   If the client is sending data, a server implementation using TCP
1476   SHOULD be careful to ensure that the client acknowledges receipt of
1477   the packet(s) containing the response, before the server closes the
1478   input connection.  If the client continues sending data to the server
1479   after the close, the server's TCP stack will send a reset packet to
1480   the client, which might erase the client's unacknowledged input
1481   buffers before they can be read and interpreted by the HTTP
1482   application.
1483
14848.4.1.  400 Bad Request
1485
1486   The request could not be understood by the server due to malformed
1487   syntax.  The client SHOULD NOT repeat the request without
1488   modifications.
1489
14908.4.2.  401 Unauthorized
1491
1492   The request requires user authentication (see Section 2.1 of
1493   [Part7]).
1494
14958.4.3.  402 Payment Required
1496
1497   This code is reserved for future use.
1498
14998.4.4.  403 Forbidden
1500
1501   The server understood the request, but is refusing to fulfill it.
1502   Authorization will not help and the request SHOULD NOT be repeated.
1503   If the request method was not HEAD and the server wishes to make
1504   public why the request has not been fulfilled, it SHOULD describe the
1505   reason for the refusal in the representation.  If the server does not
1506   wish to make this information available to the client, the status
1507   code 404 (Not Found) can be used instead.
1508
1509
1510
1511Fielding, et al.        Expires February 5, 2011               [Page 27]
1512
1513Internet-Draft              HTTP/1.1, Part 2                 August 2010
1514
1515
15168.4.5.  404 Not Found
1517
1518   The server has not found anything matching the effective request URI.
1519   No indication is given of whether the condition is temporary or
1520   permanent.  The 410 (Gone) status code SHOULD be used if the server
1521   knows, through some internally configurable mechanism, that an old
1522   resource is permanently unavailable and has no forwarding address.
1523   This status code is commonly used when the server does not wish to
1524   reveal exactly why the request has been refused, or when no other
1525   response is applicable.
1526
15278.4.6.  405 Method Not Allowed
1528
1529   The method specified in the Request-Line is not allowed for the
1530   target resource.  The response MUST include an Allow header
1531   containing a list of valid methods for the requested resource.
1532
15338.4.7.  406 Not Acceptable
1534
1535   The resource identified by the request is only capable of generating
1536   response representations which have content characteristics not
1537   acceptable according to the accept headers sent in the request.
1538
1539   Unless it was a HEAD request, the response SHOULD include a
1540   representation containing a list of available representation
1541   characteristics and location(s) from which the user or user agent can
1542   choose the one most appropriate.  The data format is specified by the
1543   media type given in the Content-Type header field.  Depending upon
1544   the format and the capabilities of the user agent, selection of the
1545   most appropriate choice MAY be performed automatically.  However,
1546   this specification does not define any standard for such automatic
1547   selection.
1548
1549      Note: HTTP/1.1 servers are allowed to return responses which are
1550      not acceptable according to the accept headers sent in the
1551      request.  In some cases, this might even be preferable to sending
1552      a 406 response.  User agents are encouraged to inspect the headers
1553      of an incoming response to determine if it is acceptable.
1554
1555   If the response could be unacceptable, a user agent SHOULD
1556   temporarily stop receipt of more data and query the user for a
1557   decision on further actions.
1558
15598.4.8.  407 Proxy Authentication Required
1560
1561   This code is similar to 401 (Unauthorized), but indicates that the
1562   client must first authenticate itself with the proxy (see Section 2.2
1563   of [Part7]).
1564
1565
1566
1567Fielding, et al.        Expires February 5, 2011               [Page 28]
1568
1569Internet-Draft              HTTP/1.1, Part 2                 August 2010
1570
1571
15728.4.9.  408 Request Timeout
1573
1574   The client did not produce a request within the time that the server
1575   was prepared to wait.  The client MAY repeat the request without
1576   modifications at any later time.
1577
15788.4.10.  409 Conflict
1579
1580   The request could not be completed due to a conflict with the current
1581   state of the resource.  This code is only allowed in situations where
1582   it is expected that the user might be able to resolve the conflict
1583   and resubmit the request.  The response body SHOULD include enough
1584   information for the user to recognize the source of the conflict.
1585   Ideally, the response representation would include enough information
1586   for the user or user agent to fix the problem; however, that might
1587   not be possible and is not required.
1588
1589   Conflicts are most likely to occur in response to a PUT request.  For
1590   example, if versioning were being used and the representation being
1591   PUT included changes to a resource which conflict with those made by
1592   an earlier (third-party) request, the server might use the 409
1593   response to indicate that it can't complete the request.  In this
1594   case, the response representation would likely contain a list of the
1595   differences between the two versions in a format defined by the
1596   response Content-Type.
1597
15988.4.11.  410 Gone
1599
1600   The target resource is no longer available at the server and no
1601   forwarding address is known.  This condition is expected to be
1602   considered permanent.  Clients with link editing capabilities SHOULD
1603   delete references to the effective request URI after user approval.
1604   If the server does not know, or has no facility to determine, whether
1605   or not the condition is permanent, the status code 404 (Not Found)
1606   SHOULD be used instead.
1607
1608   The 410 response is primarily intended to assist the task of web
1609   maintenance by notifying the recipient that the resource is
1610   intentionally unavailable and that the server owners desire that
1611   remote links to that resource be removed.  Such an event is common
1612   for limited-time, promotional services and for resources belonging to
1613   individuals no longer working at the server's site.  It is not
1614   necessary to mark all permanently unavailable resources as "gone" or
1615   to keep the mark for any length of time -- that is left to the
1616   discretion of the server owner.
1617
1618   Caches MAY use a heuristic (see Section 2.3.1.1 of [Part6]) to
1619   determine freshness for 410 responses.
1620
1621
1622
1623Fielding, et al.        Expires February 5, 2011               [Page 29]
1624
1625Internet-Draft              HTTP/1.1, Part 2                 August 2010
1626
1627
16288.4.12.  411 Length Required
1629
1630   The server refuses to accept the request without a defined Content-
1631   Length.  The client MAY repeat the request if it adds a valid
1632   Content-Length header field containing the length of the message-body
1633   in the request message.
1634
16358.4.13.  412 Precondition Failed
1636
1637   The precondition given in one or more of the request-header fields
1638   evaluated to false when it was tested on the server, as defined in
1639   Section 3.2 of [Part4].
1640
16418.4.14.  413 Request Entity Too Large
1642
1643   The server is refusing to process a request because the request
1644   representation is larger than the server is willing or able to
1645   process.  The server MAY close the connection to prevent the client
1646   from continuing the request.
1647
1648   If the condition is temporary, the server SHOULD include a Retry-
1649   After header field to indicate that it is temporary and after what
1650   time the client MAY try again.
1651
16528.4.15.  414 URI Too Long
1653
1654   The server is refusing to service the request because the effective
1655   request URI is longer than the server is willing to interpret.  This
1656   rare condition is only likely to occur when a client has improperly
1657   converted a POST request to a GET request with long query
1658   information, when the client has descended into a URI "black hole" of
1659   redirection (e.g., a redirected URI prefix that points to a suffix of
1660   itself), or when the server is under attack by a client attempting to
1661   exploit security holes present in some servers using fixed-length
1662   buffers for reading or manipulating the effective request URI.
1663
16648.4.16.  415 Unsupported Media Type
1665
1666   The server is refusing to service the request because the
1667   representation of the request is in a format not supported by the
1668   target resource for the requested method.
1669
16708.4.17.  416 Requested Range Not Satisfiable
1671
1672   The request included a Range request-header field (Section 5.4 of
1673   [Part5]) and none of the range-specifier values in this field overlap
1674   the current extent of the selected resource.  See Section 3.2 of
1675   [Part5].
1676
1677
1678
1679Fielding, et al.        Expires February 5, 2011               [Page 30]
1680
1681Internet-Draft              HTTP/1.1, Part 2                 August 2010
1682
1683
16848.4.18.  417 Expectation Failed
1685
1686   The expectation given in an Expect request-header field (see
1687   Section 9.2) could not be met by this server, or, if the server is a
1688   proxy, the server has unambiguous evidence that the request could not
1689   be met by the next-hop server.
1690
16918.5.  Server Error 5xx
1692
1693   Response status codes beginning with the digit "5" indicate cases in
1694   which the server is aware that it has erred or is incapable of
1695   performing the request.  Except when responding to a HEAD request,
1696   the server SHOULD include a representation containing an explanation
1697   of the error situation, and whether it is a temporary or permanent
1698   condition.  User agents SHOULD display any included representation to
1699   the user.  These response codes are applicable to any request method.
1700
17018.5.1.  500 Internal Server Error
1702
1703   The server encountered an unexpected condition which prevented it
1704   from fulfilling the request.
1705
17068.5.2.  501 Not Implemented
1707
1708   The server does not support the functionality required to fulfill the
1709   request.  This is the appropriate response when the server does not
1710   recognize the request method and is not capable of supporting it for
1711   any resource.
1712
17138.5.3.  502 Bad Gateway
1714
1715   The server, while acting as a gateway or proxy, received an invalid
1716   response from the upstream server it accessed in attempting to
1717   fulfill the request.
1718
17198.5.4.  503 Service Unavailable
1720
1721   The server is currently unable to handle the request due to a
1722   temporary overloading or maintenance of the server.  The implication
1723   is that this is a temporary condition which will be alleviated after
1724   some delay.  If known, the length of the delay MAY be indicated in a
1725   Retry-After header.  If no Retry-After is given, the client SHOULD
1726   handle the response as it would for a 500 response.
1727
1728      Note: The existence of the 503 status code does not imply that a
1729      server must use it when becoming overloaded.  Some servers might
1730      wish to simply refuse the connection.
1731
1732
1733
1734
1735Fielding, et al.        Expires February 5, 2011               [Page 31]
1736
1737Internet-Draft              HTTP/1.1, Part 2                 August 2010
1738
1739
17408.5.5.  504 Gateway Timeout
1741
1742   The server, while acting as a gateway or proxy, did not receive a
1743   timely response from the upstream server specified by the URI (e.g.,
1744   HTTP, FTP, LDAP) or some other auxiliary server (e.g., DNS) it needed
1745   to access in attempting to complete the request.
1746
1747      Note to implementors: some deployed proxies are known to return
1748      400 or 500 when DNS lookups time out.
1749
17508.5.6.  505 HTTP Version Not Supported
1751
1752   The server does not support, or refuses to support, the protocol
1753   version that was used in the request message.  The server is
1754   indicating that it is unable or unwilling to complete the request
1755   using the same major version as the client, as described in Section
1756   2.5 of [Part1], other than with this error message.  The response
1757   SHOULD contain a representation describing why that version is not
1758   supported and what other protocols are supported by that server.
1759
17609.  Header Field Definitions
1761
1762   This section defines the syntax and semantics of HTTP/1.1 header
1763   fields related to request and response semantics.
1764
17659.1.  Allow
1766
1767   The "Allow" response-header field lists the set of methods advertised
1768   as supported by the target resource.  The purpose of this field is
1769   strictly to inform the recipient of valid methods associated with the
1770   resource.
1771
1772     Allow   = "Allow" ":" OWS Allow-v
1773     Allow-v = #Method
1774
1775   Example of use:
1776
1777     Allow: GET, HEAD, PUT
1778
1779   The actual set of allowed methods is defined by the origin server at
1780   the time of each request.
1781
1782   A proxy MUST NOT modify the Allow header field even if it does not
1783   understand all the methods specified, since the user agent might have
1784   other means of communicating with the origin server.
1785
1786
1787
1788
1789
1790
1791Fielding, et al.        Expires February 5, 2011               [Page 32]
1792
1793Internet-Draft              HTTP/1.1, Part 2                 August 2010
1794
1795
17969.2.  Expect
1797
1798   The "Expect" request-header field is used to indicate that particular
1799   server behaviors are required by the client.
1800
1801     Expect       = "Expect" ":" OWS Expect-v
1802     Expect-v     = 1#expectation
1803
1804     expectation  = "100-continue" / expectation-extension
1805     expectation-extension = token [ "=" ( token / quoted-string )
1806                              *expect-params ]
1807     expect-params = ";" token [ "=" ( token / quoted-string ) ]
1808
1809   A server that does not understand or is unable to comply with any of
1810   the expectation values in the Expect field of a request MUST respond
1811   with appropriate error status code.  The server MUST respond with a
1812   417 (Expectation Failed) status code if any of the expectations
1813   cannot be met or, if there are other problems with the request, some
1814   other 4xx status code.
1815
1816   This header field is defined with extensible syntax to allow for
1817   future extensions.  If a server receives a request containing an
1818   Expect field that includes an expectation-extension that it does not
1819   support, it MUST respond with a 417 (Expectation Failed) status code.
1820
1821   Comparison of expectation values is case-insensitive for unquoted
1822   tokens (including the 100-continue token), and is case-sensitive for
1823   quoted-string expectation-extensions.
1824
1825   The Expect mechanism is hop-by-hop: that is, an HTTP/1.1 proxy MUST
1826   return a 417 (Expectation Failed) status code if it receives a
1827   request with an expectation that it cannot meet.  However, the Expect
1828   request-header itself is end-to-end; it MUST be forwarded if the
1829   request is forwarded.
1830
1831   Many older HTTP/1.0 and HTTP/1.1 applications do not understand the
1832   Expect header.
1833
1834   See Section 7.2.3 of [Part1] for the use of the 100 (Continue) status
1835   code.
1836
18379.3.  From
1838
1839   The "From" request-header field, if given, SHOULD contain an Internet
1840   e-mail address for the human user who controls the requesting user
1841   agent.  The address SHOULD be machine-usable, as defined by "mailbox"
1842   in Section 3.4 of [RFC5322]:
1843
1844
1845
1846
1847Fielding, et al.        Expires February 5, 2011               [Page 33]
1848
1849Internet-Draft              HTTP/1.1, Part 2                 August 2010
1850
1851
1852     From    = "From" ":" OWS From-v
1853     From-v  = mailbox
1854
1855     mailbox = <mailbox, defined in [RFC5322], Section 3.4>
1856
1857   An example is:
1858
1859     From: webmaster@example.org
1860
1861   This header field MAY be used for logging purposes and as a means for
1862   identifying the source of invalid or unwanted requests.  It SHOULD
1863   NOT be used as an insecure form of access protection.  The
1864   interpretation of this field is that the request is being performed
1865   on behalf of the person given, who accepts responsibility for the
1866   method performed.  In particular, robot agents SHOULD include this
1867   header so that the person responsible for running the robot can be
1868   contacted if problems occur on the receiving end.
1869
1870   The Internet e-mail address in this field MAY be separate from the
1871   Internet host which issued the request.  For example, when a request
1872   is passed through a proxy the original issuer's address SHOULD be
1873   used.
1874
1875   The client SHOULD NOT send the From header field without the user's
1876   approval, as it might conflict with the user's privacy interests or
1877   their site's security policy.  It is strongly recommended that the
1878   user be able to disable, enable, and modify the value of this field
1879   at any time prior to a request.
1880
18819.4.  Location
1882
1883   The "Location" response-header field is used to identify a newly
1884   created resource, or to redirect the recipient to a different
1885   location for completion of the request.
1886
1887   For 201 (Created) responses, the Location is the URI of the new
1888   resource which was created by the request.  For 3xx responses, the
1889   location SHOULD indicate the server's preferred URI for automatic
1890   redirection to the resource.
1891
1892   The field value consists of a single URI-reference.  When it has the
1893   form of a relative reference ([RFC3986], Section 4.2), the final
1894   value is computed by resolving it against the effective request URI
1895   ([RFC3986], Section 5).
1896
1897     Location       = "Location" ":" OWS Location-v
1898     Location-v     = URI-reference
1899
1900
1901
1902
1903Fielding, et al.        Expires February 5, 2011               [Page 34]
1904
1905Internet-Draft              HTTP/1.1, Part 2                 August 2010
1906
1907
1908   Examples are:
1909
1910     Location: http://www.example.org/pub/WWW/People.html#tim
1911
1912     Location: /index.html
1913
1914   There are circumstances in which a fragment identifier in a Location
1915   URI would not be appropriate:
1916
1917   o  With a 201 Created response, because in this usage the Location
1918      header specifies the URI for the entire created resource.
1919
1920   o  With 305 Use Proxy.
1921
1922      Note: This specification does not define precedence rules for the
1923      case where the original URI, as navigated to by the user agent,
1924      and the Location header field value both contain fragment
1925      identifiers.
1926
1927      Note: The Content-Location header field (Section 6.7 of [Part3])
1928      differs from Location in that the Content-Location identifies the
1929      most specific resource corresponding to the enclosed
1930      representation.  It is therefore possible for a response to
1931      contain header fields for both Location and Content-Location.
1932
19339.5.  Max-Forwards
1934
1935   The "Max-Forwards" request-header field provides a mechanism with the
1936   TRACE (Section 7.8) and OPTIONS (Section 7.2) methods to limit the
1937   number of times that the request is forwarded by proxies or gateways.
1938   This can be useful when the client is attempting to trace a request
1939   which appears to be failing or looping in mid-chain.
1940
1941     Max-Forwards   = "Max-Forwards" ":" OWS Max-Forwards-v
1942     Max-Forwards-v = 1*DIGIT
1943
1944   The Max-Forwards value is a decimal integer indicating the remaining
1945   number of times this request message can be forwarded.
1946
1947   Each proxy or gateway recipient of a TRACE or OPTIONS request
1948   containing a Max-Forwards header field MUST check and update its
1949   value prior to forwarding the request.  If the received value is zero
1950   (0), the recipient MUST NOT forward the request; instead, it MUST
1951   respond as the final recipient.  If the received Max-Forwards value
1952   is greater than zero, then the forwarded message MUST contain an
1953   updated Max-Forwards field with a value decremented by one (1).
1954
1955   The Max-Forwards header field MAY be ignored for all other methods
1956
1957
1958
1959Fielding, et al.        Expires February 5, 2011               [Page 35]
1960
1961Internet-Draft              HTTP/1.1, Part 2                 August 2010
1962
1963
1964   defined by this specification and for any extension methods for which
1965   it is not explicitly referred to as part of that method definition.
1966
19679.6.  Referer
1968
1969   The "Referer" [sic] request-header field allows the client to specify
1970   the URI of the resource from which the effective request URI was
1971   obtained (the "referrer", although the header field is misspelled.).
1972
1973   The Referer header allows servers to generate lists of back-links to
1974   resources for interest, logging, optimized caching, etc.  It also
1975   allows obsolete or mistyped links to be traced for maintenance.  Some
1976   servers use Referer as a means of controlling where they allow links
1977   from (so-called "deep linking"), but legitimate requests do not
1978   always contain a Referer header field.
1979
1980   If the effective request URI was obtained from a source that does not
1981   have its own URI (e.g., input from the user keyboard), the Referer
1982   field MUST either be sent with the value "about:blank", or not be
1983   sent at all.  Note that this requirement does not apply to sources
1984   with non-HTTP URIs (e.g., FTP).
1985
1986     Referer        = "Referer" ":" OWS Referer-v
1987     Referer-v      = absolute-URI / partial-URI
1988
1989   Example:
1990
1991     Referer: http://www.example.org/hypertext/Overview.html
1992
1993   If the field value is a relative URI, it SHOULD be interpreted
1994   relative to the effective request URI.  The URI MUST NOT include a
1995   fragment.  See Section 11.2 for security considerations.
1996
19979.7.  Retry-After
1998
1999   The response-header "Retry-After" field can be used with a 503
2000   (Service Unavailable) response to indicate how long the service is
2001   expected to be unavailable to the requesting client.  This field MAY
2002   also be used with any 3xx (Redirection) response to indicate the
2003   minimum time the user-agent is asked wait before issuing the
2004   redirected request.
2005
2006   The value of this field can be either an HTTP-date or an integer
2007   number of seconds (in decimal) after the time of the response.
2008
2009     Retry-After   = "Retry-After" ":" OWS Retry-After-v
2010     Retry-After-v = HTTP-date / delta-seconds
2011
2012
2013
2014
2015Fielding, et al.        Expires February 5, 2011               [Page 36]
2016
2017Internet-Draft              HTTP/1.1, Part 2                 August 2010
2018
2019
2020   Time spans are non-negative decimal integers, representing time in
2021   seconds.
2022
2023     delta-seconds  = 1*DIGIT
2024
2025   Two examples of its use are
2026
2027     Retry-After: Fri, 31 Dec 1999 23:59:59 GMT
2028     Retry-After: 120
2029
2030   In the latter example, the delay is 2 minutes.
2031
20329.8.  Server
2033
2034   The "Server" response-header field contains information about the
2035   software used by the origin server to handle the request.
2036
2037   The field can contain multiple product tokens (Section 6.3 of
2038   [Part1]) and comments (Section 3.2 of [Part1]) identifying the server
2039   and any significant subproducts.  The product tokens are listed in
2040   order of their significance for identifying the application.
2041
2042     Server         = "Server" ":" OWS Server-v
2043     Server-v       = product
2044                      *( RWS ( product / comment ) )
2045
2046   Example:
2047
2048     Server: CERN/3.0 libwww/2.17
2049
2050   If the response is being forwarded through a proxy, the proxy
2051   application MUST NOT modify the Server response-header.  Instead, it
2052   MUST include a Via field (as described in Section 9.9 of [Part1]).
2053
2054      Note: Revealing the specific software version of the server might
2055      allow the server machine to become more vulnerable to attacks
2056      against software that is known to contain security holes.  Server
2057      implementors are encouraged to make this field a configurable
2058      option.
2059
20609.9.  User-Agent
2061
2062   The "User-Agent" request-header field contains information about the
2063   user agent originating the request.  This is for statistical
2064   purposes, the tracing of protocol violations, and automated
2065   recognition of user agents for the sake of tailoring responses to
2066   avoid particular user agent limitations.
2067
2068
2069
2070
2071Fielding, et al.        Expires February 5, 2011               [Page 37]
2072
2073Internet-Draft              HTTP/1.1, Part 2                 August 2010
2074
2075
2076   User agents SHOULD include this field with requests.  The field can
2077   contain multiple product tokens (Section 6.3 of [Part1]) and comments
2078   (Section 3.2 of [Part1]) identifying the agent and any subproducts
2079   which form a significant part of the user agent.  By convention, the
2080   product tokens are listed in order of their significance for
2081   identifying the application.
2082
2083     User-Agent     = "User-Agent" ":" OWS User-Agent-v
2084     User-Agent-v   = product
2085                      *( RWS ( product / comment ) )
2086
2087   Example:
2088
2089     User-Agent: CERN-LineMode/2.15 libwww/2.17b3
2090
209110.  IANA Considerations
2092
209310.1.  Method Registry
2094
2095   The registration procedure for HTTP Methods is defined by Section 2.1
2096   of this document.
2097
2098   The HTTP Method Registry shall be created at
2099   <http://www.iana.org/assignments/http-methods> and be populated with
2100   the registrations below:
2101
2102   +---------+------+-------------+
2103   | Method  | Safe | Reference   |
2104   +---------+------+-------------+
2105   | CONNECT | no   | Section 7.9 |
2106   | DELETE  | no   | Section 7.7 |
2107   | GET     | yes  | Section 7.3 |
2108   | HEAD    | yes  | Section 7.4 |
2109   | OPTIONS | yes  | Section 7.2 |
2110   | POST    | no   | Section 7.5 |
2111   | PUT     | no   | Section 7.6 |
2112   | TRACE   | yes  | Section 7.8 |
2113   +---------+------+-------------+
2114
211510.2.  Status Code Registry
2116
2117   The registration procedure for HTTP Status Codes -- previously
2118   defined in Section 7.1 of [RFC2817] -- is now defined by Section 4.1
2119   of this document.
2120
2121   The HTTP Status Code Registry located at
2122   <http://www.iana.org/assignments/http-status-codes> shall be updated
2123   with the registrations below:
2124
2125
2126
2127Fielding, et al.        Expires February 5, 2011               [Page 38]
2128
2129Internet-Draft              HTTP/1.1, Part 2                 August 2010
2130
2131
2132   +-------+-------------------------------+----------------+
2133   | Value | Description                   | Reference      |
2134   +-------+-------------------------------+----------------+
2135   | 100   | Continue                      | Section 8.1.1  |
2136   | 101   | Switching Protocols           | Section 8.1.2  |
2137   | 200   | OK                            | Section 8.2.1  |
2138   | 201   | Created                       | Section 8.2.2  |
2139   | 202   | Accepted                      | Section 8.2.3  |
2140   | 203   | Non-Authoritative Information | Section 8.2.4  |
2141   | 204   | No Content                    | Section 8.2.5  |
2142   | 205   | Reset Content                 | Section 8.2.6  |
2143   | 300   | Multiple Choices              | Section 8.3.1  |
2144   | 301   | Moved Permanently             | Section 8.3.2  |
2145   | 302   | Found                         | Section 8.3.3  |
2146   | 303   | See Other                     | Section 8.3.4  |
2147   | 305   | Use Proxy                     | Section 8.3.6  |
2148   | 306   | (Unused)                      | Section 8.3.7  |
2149   | 307   | Temporary Redirect            | Section 8.3.8  |
2150   | 400   | Bad Request                   | Section 8.4.1  |
2151   | 402   | Payment Required              | Section 8.4.3  |
2152   | 403   | Forbidden                     | Section 8.4.4  |
2153   | 404   | Not Found                     | Section 8.4.5  |
2154   | 405   | Method Not Allowed            | Section 8.4.6  |
2155   | 406   | Not Acceptable                | Section 8.4.7  |
2156   | 407   | Proxy Authentication Required | Section 8.4.8  |
2157   | 408   | Request Timeout               | Section 8.4.9  |
2158   | 409   | Conflict                      | Section 8.4.10 |
2159   | 410   | Gone                          | Section 8.4.11 |
2160   | 411   | Length Required               | Section 8.4.12 |
2161   | 413   | Request Entity Too Large      | Section 8.4.14 |
2162   | 414   | URI Too Long                  | Section 8.4.15 |
2163   | 415   | Unsupported Media Type        | Section 8.4.16 |
2164   | 417   | Expectation Failed            | Section 8.4.18 |
2165   | 500   | Internal Server Error         | Section 8.5.1  |
2166   | 501   | Not Implemented               | Section 8.5.2  |
2167   | 502   | Bad Gateway                   | Section 8.5.3  |
2168   | 503   | Service Unavailable           | Section 8.5.4  |
2169   | 504   | Gateway Timeout               | Section 8.5.5  |
2170   | 505   | HTTP Version Not Supported    | Section 8.5.6  |
2171   +-------+-------------------------------+----------------+
2172
217310.3.  Header Field Registration
2174
2175   The Message Header Field Registry located at <http://www.iana.org/
2176   assignments/message-headers/message-header-index.html> shall be
2177   updated with the permanent registrations below (see [RFC3864]):
2178
2179
2180
2181
2182
2183Fielding, et al.        Expires February 5, 2011               [Page 39]
2184
2185Internet-Draft              HTTP/1.1, Part 2                 August 2010
2186
2187
2188   +-------------------+----------+----------+-------------+
2189   | Header Field Name | Protocol | Status   | Reference   |
2190   +-------------------+----------+----------+-------------+
2191   | Allow             | http     | standard | Section 9.1 |
2192   | Expect            | http     | standard | Section 9.2 |
2193   | From              | http     | standard | Section 9.3 |
2194   | Location          | http     | standard | Section 9.4 |
2195   | Max-Forwards      | http     | standard | Section 9.5 |
2196   | Referer           | http     | standard | Section 9.6 |
2197   | Retry-After       | http     | standard | Section 9.7 |
2198   | Server            | http     | standard | Section 9.8 |
2199   | User-Agent        | http     | standard | Section 9.9 |
2200   +-------------------+----------+----------+-------------+
2201
2202   The change controller is: "IETF (iesg@ietf.org) - Internet
2203   Engineering Task Force".
2204
220511.  Security Considerations
2206
2207   This section is meant to inform application developers, information
2208   providers, and users of the security limitations in HTTP/1.1 as
2209   described by this document.  The discussion does not include
2210   definitive solutions to the problems revealed, though it does make
2211   some suggestions for reducing security risks.
2212
221311.1.  Transfer of Sensitive Information
2214
2215   Like any generic data transfer protocol, HTTP cannot regulate the
2216   content of the data that is transferred, nor is there any a priori
2217   method of determining the sensitivity of any particular piece of
2218   information within the context of any given request.  Therefore,
2219   applications SHOULD supply as much control over this information as
2220   possible to the provider of that information.  Four header fields are
2221   worth special mention in this context: Server, Via, Referer and From.
2222
2223   Revealing the specific software version of the server might allow the
2224   server machine to become more vulnerable to attacks against software
2225   that is known to contain security holes.  Implementors SHOULD make
2226   the Server header field a configurable option.
2227
2228   Proxies which serve as a portal through a network firewall SHOULD
2229   take special precautions regarding the transfer of header information
2230   that identifies the hosts behind the firewall.  In particular, they
2231   SHOULD remove, or replace with sanitized versions, any Via fields
2232   generated behind the firewall.
2233
2234   The Referer header allows reading patterns to be studied and reverse
2235   links drawn.  Although it can be very useful, its power can be abused
2236
2237
2238
2239Fielding, et al.        Expires February 5, 2011               [Page 40]
2240
2241Internet-Draft              HTTP/1.1, Part 2                 August 2010
2242
2243
2244   if user details are not separated from the information contained in
2245   the Referer.  Even when the personal information has been removed,
2246   the Referer header might indicate a private document's URI whose
2247   publication would be inappropriate.
2248
2249   The information sent in the From field might conflict with the user's
2250   privacy interests or their site's security policy, and hence it
2251   SHOULD NOT be transmitted without the user being able to disable,
2252   enable, and modify the contents of the field.  The user MUST be able
2253   to set the contents of this field within a user preference or
2254   application defaults configuration.
2255
2256   We suggest, though do not require, that a convenient toggle interface
2257   be provided for the user to enable or disable the sending of From and
2258   Referer information.
2259
2260   The User-Agent (Section 9.9) or Server (Section 9.8) header fields
2261   can sometimes be used to determine that a specific client or server
2262   have a particular security hole which might be exploited.
2263   Unfortunately, this same information is often used for other valuable
2264   purposes for which HTTP currently has no better mechanism.
2265
2266   Some methods, like TRACE (Section 7.8), expose information that was
2267   sent in request headers within the body of their response.  Clients
2268   SHOULD be careful with sensitive information, like Cookies,
2269   Authorization credentials and other headers that might be used to
2270   collect data from the client.
2271
227211.2.  Encoding Sensitive Information in URIs
2273
2274   Because the source of a link might be private information or might
2275   reveal an otherwise private information source, it is strongly
2276   recommended that the user be able to select whether or not the
2277   Referer field is sent.  For example, a browser client could have a
2278   toggle switch for browsing openly/anonymously, which would
2279   respectively enable/disable the sending of Referer and From
2280   information.
2281
2282   Clients SHOULD NOT include a Referer header field in a (non-secure)
2283   HTTP request if the referring page was transferred with a secure
2284   protocol.
2285
2286   Authors of services SHOULD NOT use GET-based forms for the submission
2287   of sensitive data because that data will be placed in the request-
2288   target.  Many existing servers, proxies, and user agents log or
2289   display the request-target in places where it might be visible to
2290   third parties.  Such services can use POST-based form submission
2291   instead.
2292
2293
2294
2295Fielding, et al.        Expires February 5, 2011               [Page 41]
2296
2297Internet-Draft              HTTP/1.1, Part 2                 August 2010
2298
2299
230011.3.  Location Headers and Spoofing
2301
2302   If a single server supports multiple organizations that do not trust
2303   one another, then it MUST check the values of Location and Content-
2304   Location headers in responses that are generated under control of
2305   said organizations to make sure that they do not attempt to
2306   invalidate resources over which they have no authority.
2307
230812.  Acknowledgments
2309
231013.  References
2311
231213.1.  Normative References
2313
2314   [Part1]    Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H.,
2315              Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed.,
2316              and J. Reschke, Ed., "HTTP/1.1, part 1: URIs, Connections,
2317              and Message Parsing", draft-ietf-httpbis-p1-messaging-11
2318              (work in progress), August 2010.
2319
2320   [Part3]    Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H.,
2321              Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed.,
2322              and J. Reschke, Ed., "HTTP/1.1, part 3: Message Payload
2323              and Content Negotiation", draft-ietf-httpbis-p3-payload-11
2324              (work in progress), August 2010.
2325
2326   [Part4]    Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H.,
2327              Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed.,
2328              and J. Reschke, Ed., "HTTP/1.1, part 4: Conditional
2329              Requests", draft-ietf-httpbis-p4-conditional-11 (work in
2330              progress), August 2010.
2331
2332   [Part5]    Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H.,
2333              Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed.,
2334              and J. Reschke, Ed., "HTTP/1.1, part 5: Range Requests and
2335              Partial Responses", draft-ietf-httpbis-p5-range-11 (work
2336              in progress), August 2010.
2337
2338   [Part6]    Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H.,
2339              Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed.,
2340              Nottingham, M., Ed., and J. Reschke, Ed., "HTTP/1.1, part
2341              6: Caching", draft-ietf-httpbis-p6-cache-11 (work in
2342              progress), August 2010.
2343
2344   [Part7]    Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H.,
2345              Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed.,
2346              and J. Reschke, Ed., "HTTP/1.1, part 7: Authentication",
2347              draft-ietf-httpbis-p7-auth-11 (work in progress),
2348
2349
2350
2351Fielding, et al.        Expires February 5, 2011               [Page 42]
2352
2353Internet-Draft              HTTP/1.1, Part 2                 August 2010
2354
2355
2356              August 2010.
2357
2358   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
2359              Requirement Levels", BCP 14, RFC 2119, March 1997.
2360
2361   [RFC3986]  Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
2362              Resource Identifier (URI): Generic Syntax", RFC 3986,
2363              STD 66, January 2005.
2364
2365   [RFC5234]  Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax
2366              Specifications: ABNF", STD 68, RFC 5234, January 2008.
2367
236813.2.  Informative References
2369
2370   [RFC1945]  Berners-Lee, T., Fielding, R., and H. Nielsen, "Hypertext
2371              Transfer Protocol -- HTTP/1.0", RFC 1945, May 1996.
2372
2373   [RFC2068]  Fielding, R., Gettys, J., Mogul, J., Nielsen, H., and T.
2374              Berners-Lee, "Hypertext Transfer Protocol -- HTTP/1.1",
2375              RFC 2068, January 1997.
2376
2377   [RFC2616]  Fielding, R., Gettys, J., Mogul, J., Frystyk, H.,
2378              Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext
2379              Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999.
2380
2381   [RFC2817]  Khare, R. and S. Lawrence, "Upgrading to TLS Within
2382              HTTP/1.1", RFC 2817, May 2000.
2383
2384   [RFC3864]  Klyne, G., Nottingham, M., and J. Mogul, "Registration
2385              Procedures for Message Header Fields", BCP 90, RFC 3864,
2386              September 2004.
2387
2388   [RFC5226]  Narten, T. and H. Alvestrand, "Guidelines for Writing an
2389              IANA Considerations Section in RFCs", BCP 26, RFC 5226,
2390              May 2008.
2391
2392   [RFC5322]  Resnick, P., "Internet Message Format", RFC 5322,
2393              October 2008.
2394
2395Appendix A.  Changes from RFC 2616
2396
2397   This document takes over the Status Code Registry, previously defined
2398   in Section 7.1 of [RFC2817].  (Section 4.1)
2399
2400   Clarify definition of POST.  (Section 7.5)
2401
2402   Failed to consider that there are many other request methods that are
2403   safe to automatically redirect, and further that the user agent is
2404
2405
2406
2407Fielding, et al.        Expires February 5, 2011               [Page 43]
2408
2409Internet-Draft              HTTP/1.1, Part 2                 August 2010
2410
2411
2412   able to make that determination based on the request method
2413   semantics.  (Sections 8.3.2, 8.3.3 and 8.3.8)
2414
2415   Deprecate 305 Use Proxy status code, because user agents did not
2416   implement it.  It used to indicate that the target resource must be
2417   accessed through the proxy given by the Location field.  The Location
2418   field gave the URI of the proxy.  The recipient was expected to
2419   repeat this single request via the proxy.  (Section 8.3.6)
2420
2421   Reclassify Allow header as response header, removing the option to
2422   specify it in a PUT request.  Relax the server requirement on the
2423   contents of the Allow header and remove requirement on clients to
2424   always trust the header value.  (Section 9.1)
2425
2426   Correct syntax of Location header to allow URI references (including
2427   relative references and fragments), as referred symbol "absoluteURI"
2428   wasn't what was expected, and add some clarifications as to when use
2429   of fragments would not be appropriate.  (Section 9.4)
2430
2431   Allow Referer value of "about:blank" as alternative to not specifying
2432   it.  (Section 9.6)
2433
2434   In the description of the Server header, the Via field was described
2435   as a SHOULD.  The requirement was and is stated correctly in the
2436   description of the Via header in Section 9.9 of [Part1].
2437   (Section 9.8)
2438
2439Appendix B.  Collected ABNF
2440
2441   Accept = <Accept, defined in [Part3], Section 6.1>
2442   Accept-Charset = <Accept-Charset, defined in [Part3], Section 6.2>
2443   Accept-Encoding = <Accept-Encoding, defined in [Part3], Section 6.3>
2444   Accept-Language = <Accept-Language, defined in [Part3], Section 6.4>
2445   Accept-Ranges = <Accept-Ranges, defined in [Part5], Section 5.1>
2446   Age = <Age, defined in [Part6], Section 3.1>
2447   Allow = "Allow:" OWS Allow-v
2448   Allow-v = [ ( "," / Method ) *( OWS "," [ OWS Method ] ) ]
2449   Authorization = <Authorization, defined in [Part7], Section 3.1>
2450
2451   ETag = <ETag, defined in [Part4], Section 6.1>
2452   Expect = "Expect:" OWS Expect-v
2453   Expect-v = *( "," OWS ) expectation *( OWS "," [ OWS expectation ] )
2454
2455   From = "From:" OWS From-v
2456   From-v = mailbox
2457
2458   HTTP-date = <HTTP-date, defined in [Part1], Section 6.1>
2459   Host = <Host, defined in [Part1], Section 2.6>
2460
2461
2462
2463Fielding, et al.        Expires February 5, 2011               [Page 44]
2464
2465Internet-Draft              HTTP/1.1, Part 2                 August 2010
2466
2467
2468   If-Match = <If-Match, defined in [Part4], Section 6.2>
2469   If-Modified-Since =
2470    <If-Modified-Since, defined in [Part4], Section 6.3>
2471   If-None-Match = <If-None-Match, defined in [Part4], Section 6.4>
2472   If-Range = <If-Range, defined in [Part5], Section 5.3>
2473   If-Unmodified-Since =
2474    <If-Unmodified-Since, defined in [Part4], Section 6.5>
2475
2476   Location = "Location:" OWS Location-v
2477   Location-v = URI-reference
2478
2479   Max-Forwards = "Max-Forwards:" OWS Max-Forwards-v
2480   Max-Forwards-v = 1*DIGIT
2481   Method = %x4F.50.54.49.4F.4E.53 ; OPTIONS
2482    / %x47.45.54 ; GET
2483    / %x48.45.41.44 ; HEAD
2484    / %x50.4F.53.54 ; POST
2485    / %x50.55.54 ; PUT
2486    / %x44.45.4C.45.54.45 ; DELETE
2487    / %x54.52.41.43.45 ; TRACE
2488    / %x43.4F.4E.4E.45.43.54 ; CONNECT
2489    / extension-method
2490
2491   OWS = <OWS, defined in [Part1], Section 1.2.2>
2492
2493   Proxy-Authenticate =
2494    <Proxy-Authenticate, defined in [Part7], Section 3.2>
2495   Proxy-Authorization =
2496    <Proxy-Authorization, defined in [Part7], Section 3.3>
2497
2498   RWS = <RWS, defined in [Part1], Section 1.2.2>
2499   Range = <Range, defined in [Part5], Section 5.4>
2500   Reason-Phrase = *( WSP / VCHAR / obs-text )
2501   Referer = "Referer:" OWS Referer-v
2502   Referer-v = absolute-URI / partial-URI
2503   Retry-After = "Retry-After:" OWS Retry-After-v
2504   Retry-After-v = HTTP-date / delta-seconds
2505
2506   Server = "Server:" OWS Server-v
2507   Server-v = product *( RWS ( product / comment ) )
2508   Status-Code = "100" / "101" / "200" / "201" / "202" / "203" / "204" /
2509    "205" / "206" / "300" / "301" / "302" / "303" / "304" / "305" /
2510    "307" / "400" / "401" / "402" / "403" / "404" / "405" / "406" /
2511    "407" / "408" / "409" / "410" / "411" / "412" / "413" / "414" /
2512    "415" / "416" / "417" / "500" / "501" / "502" / "503" / "504" /
2513    "505" / extension-code
2514
2515   TE = <TE, defined in [Part1], Section 9.5>
2516
2517
2518
2519Fielding, et al.        Expires February 5, 2011               [Page 45]
2520
2521Internet-Draft              HTTP/1.1, Part 2                 August 2010
2522
2523
2524   URI-reference = <URI-reference, defined in [Part1], Section 2.6>
2525   User-Agent = "User-Agent:" OWS User-Agent-v
2526   User-Agent-v = product *( RWS ( product / comment ) )
2527
2528   Vary = <Vary, defined in [Part6], Section 3.5>
2529
2530   WWW-Authenticate =
2531    <WWW-Authenticate, defined in [Part7], Section 3.4>
2532
2533   absolute-URI = <absolute-URI, defined in [Part1], Section 2.6>
2534
2535   comment = <comment, defined in [Part1], Section 3.2>
2536
2537   delta-seconds = 1*DIGIT
2538
2539   expect-params = ";" token [ "=" ( token / quoted-string ) ]
2540   expectation = "100-continue" / expectation-extension
2541   expectation-extension = token [ "=" ( token / quoted-string )
2542    *expect-params ]
2543   extension-code = 3DIGIT
2544   extension-method = token
2545
2546   mailbox = <mailbox, defined in [RFC5322], Section 3.4>
2547
2548   obs-text = <obs-text, defined in [Part1], Section 1.2.2>
2549
2550   partial-URI = <partial-URI, defined in [Part1], Section 2.6>
2551   product = <product, defined in [Part1], Section 6.3>
2552
2553   quoted-string = <quoted-string, defined in [Part1], Section 1.2.2>
2554
2555   request-header = Accept / Accept-Charset / Accept-Encoding /
2556    Accept-Language / Authorization / Expect / From / Host / If-Match /
2557    If-Modified-Since / If-None-Match / If-Range / If-Unmodified-Since /
2558    Max-Forwards / Proxy-Authorization / Range / Referer / TE /
2559    User-Agent
2560   response-header = Accept-Ranges / Age / Allow / ETag / Location /
2561    Proxy-Authenticate / Retry-After / Server / Vary / WWW-Authenticate
2562
2563   token = <token, defined in [Part1], Section 1.2.2>
2564
2565   ABNF diagnostics:
2566
2567   ; Reason-Phrase defined but not used
2568   ; Status-Code defined but not used
2569   ; request-header defined but not used
2570   ; response-header defined but not used
2571
2572
2573
2574
2575Fielding, et al.        Expires February 5, 2011               [Page 46]
2576
2577Internet-Draft              HTTP/1.1, Part 2                 August 2010
2578
2579
2580Appendix C.  Change Log (to be removed by RFC Editor before publication)
2581
2582C.1.  Since RFC2616
2583
2584   Extracted relevant partitions from [RFC2616].
2585
2586C.2.  Since draft-ietf-httpbis-p2-semantics-00
2587
2588   Closed issues:
2589
2590   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/5>: "Via is a MUST"
2591      (<http://purl.org/NET/http-errata#via-must>)
2592
2593   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/6>: "Fragments
2594      allowed in Location"
2595      (<http://purl.org/NET/http-errata#location-fragments>)
2596
2597   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/10>: "Safe Methods
2598      vs Redirection" (<http://purl.org/NET/http-errata#saferedirect>)
2599
2600   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/17>: "Revise
2601      description of the POST method"
2602      (<http://purl.org/NET/http-errata#post>)
2603
2604   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/35>: "Normative and
2605      Informative references"
2606
2607   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/42>: "RFC2606
2608      Compliance"
2609
2610   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/65>: "Informative
2611      references"
2612
2613   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/84>: "Redundant
2614      cross-references"
2615
2616   Other changes:
2617
2618   o  Move definitions of 304 and 412 condition codes to [Part4]
2619
2620C.3.  Since draft-ietf-httpbis-p2-semantics-01
2621
2622   Closed issues:
2623
2624   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/21>: "PUT side
2625      effects"
2626
2627
2628
2629
2630
2631Fielding, et al.        Expires February 5, 2011               [Page 47]
2632
2633Internet-Draft              HTTP/1.1, Part 2                 August 2010
2634
2635
2636   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/91>: "Duplicate Host
2637      header requirements"
2638
2639   Ongoing work on ABNF conversion
2640   (<http://tools.ietf.org/wg/httpbis/trac/ticket/36>):
2641
2642   o  Move "Product Tokens" section (back) into Part 1, as "token" is
2643      used in the definition of the Upgrade header.
2644
2645   o  Add explicit references to BNF syntax and rules imported from
2646      other parts of the specification.
2647
2648   o  Copy definition of delta-seconds from Part6 instead of referencing
2649      it.
2650
2651C.4.  Since draft-ietf-httpbis-p2-semantics-02
2652
2653   Closed issues:
2654
2655   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/24>: "Requiring
2656      Allow in 405 responses"
2657
2658   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/59>: "Status Code
2659      Registry"
2660
2661   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/61>: "Redirection
2662      vs. Location"
2663
2664   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/70>: "Cacheability
2665      of 303 response"
2666
2667   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/76>: "305 Use Proxy"
2668
2669   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/105>:
2670      "Classification for Allow header"
2671
2672   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/112>: "PUT - 'store
2673      under' vs 'store at'"
2674
2675   Ongoing work on IANA Message Header Registration
2676   (<http://tools.ietf.org/wg/httpbis/trac/ticket/40>):
2677
2678   o  Reference RFC 3984, and update header registrations for headers
2679      defined in this document.
2680
2681   Ongoing work on ABNF conversion
2682   (<http://tools.ietf.org/wg/httpbis/trac/ticket/36>):
2683
2684
2685
2686
2687Fielding, et al.        Expires February 5, 2011               [Page 48]
2688
2689Internet-Draft              HTTP/1.1, Part 2                 August 2010
2690
2691
2692   o  Replace string literals when the string really is case-sensitive
2693      (method).
2694
2695C.5.  Since draft-ietf-httpbis-p2-semantics-03
2696
2697   Closed issues:
2698
2699   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/98>: "OPTIONS
2700      request bodies"
2701
2702   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/119>: "Description
2703      of CONNECT should refer to RFC2817"
2704
2705   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/125>: "Location
2706      Content-Location reference request/response mixup"
2707
2708   Ongoing work on Method Registry
2709   (<http://tools.ietf.org/wg/httpbis/trac/ticket/72>):
2710
2711   o  Added initial proposal for registration process, plus initial
2712      content (non-HTTP/1.1 methods to be added by a separate
2713      specification).
2714
2715C.6.  Since draft-ietf-httpbis-p2-semantics-04
2716
2717   Closed issues:
2718
2719   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/103>: "Content-*"
2720
2721   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/132>: "RFC 2822 is
2722      updated by RFC 5322"
2723
2724   Ongoing work on ABNF conversion
2725   (<http://tools.ietf.org/wg/httpbis/trac/ticket/36>):
2726
2727   o  Use "/" instead of "|" for alternatives.
2728
2729   o  Introduce new ABNF rules for "bad" whitespace ("BWS"), optional
2730      whitespace ("OWS") and required whitespace ("RWS").
2731
2732   o  Rewrite ABNFs to spell out whitespace rules, factor out header
2733      value format definitions.
2734
2735C.7.  Since draft-ietf-httpbis-p2-semantics-05
2736
2737   Closed issues:
2738
2739
2740
2741
2742
2743Fielding, et al.        Expires February 5, 2011               [Page 49]
2744
2745Internet-Draft              HTTP/1.1, Part 2                 August 2010
2746
2747
2748   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/94>: "Reason-Phrase
2749      BNF"
2750
2751   Final work on ABNF conversion
2752   (<http://tools.ietf.org/wg/httpbis/trac/ticket/36>):
2753
2754   o  Add appendix containing collected and expanded ABNF, reorganize
2755      ABNF introduction.
2756
2757C.8.  Since draft-ietf-httpbis-p2-semantics-06
2758
2759   Closed issues:
2760
2761   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/144>: "Clarify when
2762      Referer is sent"
2763
2764   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/164>: "status codes
2765      vs methods"
2766
2767   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/170>: "Do not
2768      require "updates" relation for specs that register status codes or
2769      method names"
2770
2771C.9.  Since draft-ietf-httpbis-p2-semantics-07
2772
2773   Closed issues:
2774
2775   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/27>: "Idempotency"
2776
2777   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/33>: "TRACE security
2778      considerations"
2779
2780   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/110>: "Clarify rules
2781      for determining what entities a response carries"
2782
2783   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/140>: "update note
2784      citing RFC 1945 and 2068"
2785
2786   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/182>: "update note
2787      about redirect limit"
2788
2789   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/191>: "Location
2790      header ABNF should use 'URI'"
2791
2792   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/192>: "fragments in
2793      Location vs status 303"
2794
2795
2796
2797
2798
2799Fielding, et al.        Expires February 5, 2011               [Page 50]
2800
2801Internet-Draft              HTTP/1.1, Part 2                 August 2010
2802
2803
2804   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/198>: "move IANA
2805      registrations for optional status codes"
2806
2807   Partly resolved issues:
2808
2809   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/171>: "Are OPTIONS
2810      and TRACE safe?"
2811
2812C.10.  Since draft-ietf-httpbis-p2-semantics-08
2813
2814   Closed issues:
2815
2816   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/10>: "Safe Methods
2817      vs Redirection" (we missed the introduction to the 3xx status
2818      codes when fixing this previously)
2819
2820C.11.  Since draft-ietf-httpbis-p2-semantics-09
2821
2822   Closed issues:
2823
2824   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/43>: "Fragment
2825      combination / precedence during redirects"
2826
2827   Partly resolved issues:
2828
2829   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/185>: "Location
2830      header payload handling"
2831
2832   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/196>: "Term for the
2833      requested resource's URI"
2834
2835C.12.  Since draft-ietf-httpbis-p2-semantics-10
2836
2837   Closed issues:
2838
2839   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/69>: "Clarify
2840      'Requested Variant'"
2841
2842   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/109>: "Clarify
2843      entity / representation / variant terminology"
2844
2845   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/139>: "Methods and
2846      Caching"
2847
2848   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/190>: "OPTIONS vs
2849      Max-Forwards"
2850
2851
2852
2853
2854
2855Fielding, et al.        Expires February 5, 2011               [Page 51]
2856
2857Internet-Draft              HTTP/1.1, Part 2                 August 2010
2858
2859
2860   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/199>: "Status codes
2861      and caching"
2862
2863   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/220>: "consider
2864      removing the 'changes from 2068' sections"
2865
2866Index
2867
2868   1
2869      100 Continue (status code)  20
2870      101 Switching Protocols (status code)  21
2871
2872   2
2873      200 OK (status code)  21
2874      201 Created (status code)  21
2875      202 Accepted (status code)  22
2876      203 Non-Authoritative Information (status code)  22
2877      204 No Content (status code)  22
2878      205 Reset Content (status code)  23
2879      206 Partial Content (status code)  23
2880
2881   3
2882      300 Multiple Choices (status code)  24
2883      301 Moved Permanently (status code)  24
2884      302 Found (status code)  25
2885      303 See Other (status code)  25
2886      304 Not Modified (status code)  26
2887      305 Use Proxy (status code)  26
2888      306 (Unused) (status code)  26
2889      307 Temporary Redirect (status code)  26
2890
2891   4
2892      400 Bad Request (status code)  27
2893      401 Unauthorized (status code)  27
2894      402 Payment Required (status code)  27
2895      403 Forbidden (status code)  27
2896      404 Not Found (status code)  28
2897      405 Method Not Allowed (status code)  28
2898      406 Not Acceptable (status code)  28
2899      407 Proxy Authentication Required (status code)  28
2900      408 Request Timeout (status code)  29
2901      409 Conflict (status code)  29
2902      410 Gone (status code)  29
2903      411 Length Required (status code)  30
2904      412 Precondition Failed (status code)  30
2905      413 Request Entity Too Large (status code)  30
2906      414 URI Too Long (status code)  30
2907      415 Unsupported Media Type (status code)  30
2908
2909
2910
2911Fielding, et al.        Expires February 5, 2011               [Page 52]
2912
2913Internet-Draft              HTTP/1.1, Part 2                 August 2010
2914
2915
2916      416 Requested Range Not Satisfiable (status code)  30
2917      417 Expectation Failed (status code)  31
2918
2919   5
2920      500 Internal Server Error (status code)  31
2921      501 Not Implemented (status code)  31
2922      502 Bad Gateway (status code)  31
2923      503 Service Unavailable (status code)  31
2924      504 Gateway Timeout (status code)  32
2925      505 HTTP Version Not Supported (status code)  32
2926
2927   A
2928      Allow header  32
2929
2930   C
2931      CONNECT method  20
2932
2933   D
2934      DELETE method  19
2935
2936   E
2937      Expect header  33
2938
2939   F
2940      From header  33
2941
2942   G
2943      GET method  16
2944      Grammar
2945         Allow  32
2946         Allow-v  32
2947         delta-seconds  37
2948         Expect  33
2949         expect-params  33
2950         Expect-v  33
2951         expectation  33
2952         expectation-extension  33
2953         extension-code  11
2954         extension-method  8
2955         From  34
2956         From-v  34
2957         Location  34
2958         Location-v  34
2959         Max-Forwards  35
2960         Max-Forwards-v  35
2961         Method  8
2962         Reason-Phrase  11
2963         Referer  36
2964
2965
2966
2967Fielding, et al.        Expires February 5, 2011               [Page 53]
2968
2969Internet-Draft              HTTP/1.1, Part 2                 August 2010
2970
2971
2972         Referer-v  36
2973         request-header  9
2974         response-header  12
2975         Retry-After  36
2976         Retry-After-v  36
2977         Server  37
2978         Server-v  37
2979         Status-Code  11
2980         User-Agent  38
2981         User-Agent-v  38
2982
2983   H
2984      HEAD method  16
2985      Headers
2986         Allow  32
2987         Expect  33
2988         From  33
2989         Location  34
2990         Max-Forwards  35
2991         Referer  36
2992         Retry-After  36
2993         Server  37
2994         User-Agent  37
2995
2996   I
2997      Idempotent Methods  14
2998
2999   L
3000      Location header  34
3001
3002   M
3003      Max-Forwards header  35
3004      Methods
3005         CONNECT  20
3006         DELETE  19
3007         GET  16
3008         HEAD  16
3009         OPTIONS  15
3010         POST  17
3011         PUT  18
3012         TRACE  19
3013
3014   O
3015      OPTIONS method  15
3016
3017   P
3018      POST method  17
3019      PUT method  18
3020
3021
3022
3023Fielding, et al.        Expires February 5, 2011               [Page 54]
3024
3025Internet-Draft              HTTP/1.1, Part 2                 August 2010
3026
3027
3028   R
3029      Referer header  36
3030      Retry-After header  36
3031
3032   S
3033      Safe Methods  14
3034      Server header  37
3035      Status Codes
3036         100 Continue  20
3037         101 Switching Protocols  21
3038         200 OK  21
3039         201 Created  21
3040         202 Accepted  22
3041         203 Non-Authoritative Information  22
3042         204 No Content  22
3043         205 Reset Content  23
3044         206 Partial Content  23
3045         300 Multiple Choices  24
3046         301 Moved Permanently  24
3047         302 Found  25
3048         303 See Other  25
3049         304 Not Modified  26
3050         305 Use Proxy  26
3051         306 (Unused)  26
3052         307 Temporary Redirect  26
3053         400 Bad Request  27
3054         401 Unauthorized  27
3055         402 Payment Required  27
3056         403 Forbidden  27
3057         404 Not Found  28
3058         405 Method Not Allowed  28
3059         406 Not Acceptable  28
3060         407 Proxy Authentication Required  28
3061         408 Request Timeout  29
3062         409 Conflict  29
3063         410 Gone  29
3064         411 Length Required  30
3065         412 Precondition Failed  30
3066         413 Request Entity Too Large  30
3067         414 URI Too Long  30
3068         415 Unsupported Media Type  30
3069         416 Requested Range Not Satisfiable  30
3070         417 Expectation Failed  31
3071         500 Internal Server Error  31
3072         501 Not Implemented  31
3073         502 Bad Gateway  31
3074         503 Service Unavailable  31
3075         504 Gateway Timeout  32
3076
3077
3078
3079Fielding, et al.        Expires February 5, 2011               [Page 55]
3080
3081Internet-Draft              HTTP/1.1, Part 2                 August 2010
3082
3083
3084         505 HTTP Version Not Supported  32
3085
3086   T
3087      TRACE method  19
3088
3089   U
3090      User-Agent header  37
3091
3092Authors' Addresses
3093
3094   Roy T. Fielding (editor)
3095   Day Software
3096   23 Corporate Plaza DR, Suite 280
3097   Newport Beach, CA  92660
3098   USA
3099
3100   Phone: +1-949-706-5300
3101   Fax:   +1-949-706-5305
3102   EMail: fielding@gbiv.com
3103   URI:   http://roy.gbiv.com/
3104
3105
3106   Jim Gettys
3107   Alcatel-Lucent Bell Labs
3108   21 Oak Knoll Road
3109   Carlisle, MA  01741
3110   USA
3111
3112   EMail: jg@freedesktop.org
3113   URI:   http://gettys.wordpress.com/
3114
3115
3116   Jeffrey C. Mogul
3117   Hewlett-Packard Company
3118   HP Labs, Large Scale Systems Group
3119   1501 Page Mill Road, MS 1177
3120   Palo Alto, CA  94304
3121   USA
3122
3123   EMail: JeffMogul@acm.org
3124
3125
3126
3127
3128
3129
3130
3131
3132
3133
3134
3135Fielding, et al.        Expires February 5, 2011               [Page 56]
3136
3137Internet-Draft              HTTP/1.1, Part 2                 August 2010
3138
3139
3140   Henrik Frystyk Nielsen
3141   Microsoft Corporation
3142   1 Microsoft Way
3143   Redmond, WA  98052
3144   USA
3145
3146   EMail: henrikn@microsoft.com
3147
3148
3149   Larry Masinter
3150   Adobe Systems, Incorporated
3151   345 Park Ave
3152   San Jose, CA  95110
3153   USA
3154
3155   EMail: LMM@acm.org
3156   URI:   http://larry.masinter.net/
3157
3158
3159   Paul J. Leach
3160   Microsoft Corporation
3161   1 Microsoft Way
3162   Redmond, WA  98052
3163
3164   EMail: paulle@microsoft.com
3165
3166
3167   Tim Berners-Lee
3168   World Wide Web Consortium
3169   MIT Computer Science and Artificial Intelligence Laboratory
3170   The Stata Center, Building 32
3171   32 Vassar Street
3172   Cambridge, MA  02139
3173   USA
3174
3175   EMail: timbl@w3.org
3176   URI:   http://www.w3.org/People/Berners-Lee/
3177
3178
3179
3180
3181
3182
3183
3184
3185
3186
3187
3188
3189
3190
3191Fielding, et al.        Expires February 5, 2011               [Page 57]
3192
3193Internet-Draft              HTTP/1.1, Part 2                 August 2010
3194
3195
3196   Yves Lafon (editor)
3197   World Wide Web Consortium
3198   W3C / ERCIM
3199   2004, rte des Lucioles
3200   Sophia-Antipolis, AM  06902
3201   France
3202
3203   EMail: ylafon@w3.org
3204   URI:   http://www.raubacapeu.net/people/yves/
3205
3206
3207   Julian F. Reschke (editor)
3208   greenbytes GmbH
3209   Hafenweg 16
3210   Muenster, NW  48155
3211   Germany
3212
3213   Phone: +49 251 2807760
3214   Fax:   +49 251 2807761
3215   EMail: julian.reschke@greenbytes.de
3216   URI:   http://greenbytes.de/tech/webdav/
3217
3218
3219
3220
3221
3222
3223
3224
3225
3226
3227
3228
3229
3230
3231
3232
3233
3234
3235
3236
3237
3238
3239
3240
3241
3242
3243
3244
3245
3246
3247Fielding, et al.        Expires February 5, 2011               [Page 58]
3248
Note: See TracBrowser for help on using the repository browser.