source: draft-ietf-httpbis/18/draft-ietf-httpbis-p3-payload-18.txt @ 1499

Last change on this file since 1499 was 1499, checked in by julian.reschke@…, 8 years ago

prepare for publication of -18 on Jan 04.

  • Property svn:eol-style set to native
  • Property svn:executable set to *
File size: 91.8 KB
Line 
1
2
3
4HTTPbis Working Group                                   R. Fielding, Ed.
5Internet-Draft                                                     Adobe
6Obsoletes: 2616 (if approved)                                  J. Gettys
7Intended status: Standards Track                          Alcatel-Lucent
8Expires: July 7, 2012                                           J. Mogul
9                                                                      HP
10                                                              H. Frystyk
11                                                               Microsoft
12                                                             L. Masinter
13                                                                   Adobe
14                                                                P. Leach
15                                                               Microsoft
16                                                          T. Berners-Lee
17                                                                 W3C/MIT
18                                                           Y. Lafon, Ed.
19                                                                     W3C
20                                                         J. Reschke, Ed.
21                                                              greenbytes
22                                                         January 4, 2012
23
24
25       HTTP/1.1, part 3: Message Payload and Content Negotiation
26                    draft-ietf-httpbis-p3-payload-18
27
28Abstract
29
30   The Hypertext Transfer Protocol (HTTP) is an application-level
31   protocol for distributed, collaborative, hypertext information
32   systems.  HTTP has been in use by the World Wide Web global
33   information initiative since 1990.  This document is Part 3 of the
34   seven-part specification that defines the protocol referred to as
35   "HTTP/1.1" and, taken together, obsoletes RFC 2616.
36
37   Part 3 defines HTTP message content, metadata, and content
38   negotiation.
39
40Editorial Note (To be removed by RFC Editor)
41
42   Discussion of this draft should take place on the HTTPBIS working
43   group mailing list (ietf-http-wg@w3.org), which is archived at
44   <http://lists.w3.org/Archives/Public/ietf-http-wg/>.
45
46   The current issues list is at
47   <http://tools.ietf.org/wg/httpbis/trac/report/3> and related
48   documents (including fancy diffs) can be found at
49   <http://tools.ietf.org/wg/httpbis/>.
50
51   The changes in this draft are summarized in Appendix E.19.
52
53
54
55Fielding, et al.          Expires July 7, 2012                  [Page 1]
56
57Internet-Draft              HTTP/1.1, Part 3                January 2012
58
59
60Status of This Memo
61
62   This Internet-Draft is submitted in full conformance with the
63   provisions of BCP 78 and BCP 79.
64
65   Internet-Drafts are working documents of the Internet Engineering
66   Task Force (IETF).  Note that other groups may also distribute
67   working documents as Internet-Drafts.  The list of current Internet-
68   Drafts is at http://datatracker.ietf.org/drafts/current/.
69
70   Internet-Drafts are draft documents valid for a maximum of six months
71   and may be updated, replaced, or obsoleted by other documents at any
72   time.  It is inappropriate to use Internet-Drafts as reference
73   material or to cite them other than as "work in progress."
74
75   This Internet-Draft will expire on July 7, 2012.
76
77Copyright Notice
78
79   Copyright (c) 2012 IETF Trust and the persons identified as the
80   document authors.  All rights reserved.
81
82   This document is subject to BCP 78 and the IETF Trust's Legal
83   Provisions Relating to IETF Documents
84   (http://trustee.ietf.org/license-info) in effect on the date of
85   publication of this document.  Please review these documents
86   carefully, as they describe your rights and restrictions with respect
87   to this document.  Code Components extracted from this document must
88   include Simplified BSD License text as described in Section 4.e of
89   the Trust Legal Provisions and are provided without warranty as
90   described in the Simplified BSD License.
91
92   This document may contain material from IETF Documents or IETF
93   Contributions published or made publicly available before November
94   10, 2008.  The person(s) controlling the copyright in some of this
95   material may not have granted the IETF Trust the right to allow
96   modifications of such material outside the IETF Standards Process.
97   Without obtaining an adequate license from the person(s) controlling
98   the copyright in such materials, this document may not be modified
99   outside the IETF Standards Process, and derivative works of it may
100   not be created outside the IETF Standards Process, except to format
101   it for publication as an RFC or to translate it into languages other
102   than English.
103
104Table of Contents
105
106   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  5
107     1.1.  Terminology  . . . . . . . . . . . . . . . . . . . . . . .  5
108
109
110
111Fielding, et al.          Expires July 7, 2012                  [Page 2]
112
113Internet-Draft              HTTP/1.1, Part 3                January 2012
114
115
116     1.2.  Conformance and Error Handling . . . . . . . . . . . . . .  5
117     1.3.  Syntax Notation  . . . . . . . . . . . . . . . . . . . . .  6
118       1.3.1.  Core Rules . . . . . . . . . . . . . . . . . . . . . .  6
119       1.3.2.  ABNF Rules defined in other Parts of the
120               Specification  . . . . . . . . . . . . . . . . . . . .  6
121   2.  Protocol Parameters  . . . . . . . . . . . . . . . . . . . . .  6
122     2.1.  Character Encodings (charset)  . . . . . . . . . . . . . .  6
123     2.2.  Content Codings  . . . . . . . . . . . . . . . . . . . . .  7
124       2.2.1.  Content Coding Registry  . . . . . . . . . . . . . . .  8
125     2.3.  Media Types  . . . . . . . . . . . . . . . . . . . . . . .  8
126       2.3.1.  Canonicalization and Text Defaults . . . . . . . . . .  9
127       2.3.2.  Multipart Types  . . . . . . . . . . . . . . . . . . .  9
128     2.4.  Language Tags  . . . . . . . . . . . . . . . . . . . . . . 10
129   3.  Payload  . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
130     3.1.  Payload Header Fields  . . . . . . . . . . . . . . . . . . 11
131     3.2.  Payload Body . . . . . . . . . . . . . . . . . . . . . . . 11
132   4.  Representation . . . . . . . . . . . . . . . . . . . . . . . . 11
133     4.1.  Representation Header Fields . . . . . . . . . . . . . . . 12
134     4.2.  Representation Data  . . . . . . . . . . . . . . . . . . . 12
135   5.  Content Negotiation  . . . . . . . . . . . . . . . . . . . . . 13
136     5.1.  Server-driven Negotiation  . . . . . . . . . . . . . . . . 14
137     5.2.  Agent-driven Negotiation . . . . . . . . . . . . . . . . . 15
138   6.  Header Field Definitions . . . . . . . . . . . . . . . . . . . 16
139     6.1.  Accept . . . . . . . . . . . . . . . . . . . . . . . . . . 16
140     6.2.  Accept-Charset . . . . . . . . . . . . . . . . . . . . . . 18
141     6.3.  Accept-Encoding  . . . . . . . . . . . . . . . . . . . . . 19
142     6.4.  Accept-Language  . . . . . . . . . . . . . . . . . . . . . 20
143     6.5.  Content-Encoding . . . . . . . . . . . . . . . . . . . . . 21
144     6.6.  Content-Language . . . . . . . . . . . . . . . . . . . . . 22
145     6.7.  Content-Location . . . . . . . . . . . . . . . . . . . . . 23
146     6.8.  Content-Type . . . . . . . . . . . . . . . . . . . . . . . 25
147   7.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 25
148     7.1.  Header Field Registration  . . . . . . . . . . . . . . . . 25
149     7.2.  Content Coding Registry  . . . . . . . . . . . . . . . . . 25
150   8.  Security Considerations  . . . . . . . . . . . . . . . . . . . 26
151     8.1.  Privacy Issues Connected to Accept Header Fields . . . . . 26
152   9.  Acknowledgments  . . . . . . . . . . . . . . . . . . . . . . . 27
153   10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 27
154     10.1. Normative References . . . . . . . . . . . . . . . . . . . 27
155     10.2. Informative References . . . . . . . . . . . . . . . . . . 28
156   Appendix A.  Differences between HTTP and MIME . . . . . . . . . . 29
157     A.1.  MIME-Version . . . . . . . . . . . . . . . . . . . . . . . 30
158     A.2.  Conversion to Canonical Form . . . . . . . . . . . . . . . 30
159     A.3.  Conversion of Date Formats . . . . . . . . . . . . . . . . 31
160     A.4.  Introduction of Content-Encoding . . . . . . . . . . . . . 31
161     A.5.  No Content-Transfer-Encoding . . . . . . . . . . . . . . . 31
162     A.6.  Introduction of Transfer-Encoding  . . . . . . . . . . . . 32
163     A.7.  MHTML and Line Length Limitations  . . . . . . . . . . . . 32
164
165
166
167Fielding, et al.          Expires July 7, 2012                  [Page 3]
168
169Internet-Draft              HTTP/1.1, Part 3                January 2012
170
171
172   Appendix B.  Additional Features . . . . . . . . . . . . . . . . . 32
173   Appendix C.  Changes from RFC 2616 . . . . . . . . . . . . . . . . 32
174   Appendix D.  Collected ABNF  . . . . . . . . . . . . . . . . . . . 33
175   Appendix E.  Change Log (to be removed by RFC Editor before
176                publication)  . . . . . . . . . . . . . . . . . . . . 34
177     E.1.  Since RFC 2616 . . . . . . . . . . . . . . . . . . . . . . 34
178     E.2.  Since draft-ietf-httpbis-p3-payload-00 . . . . . . . . . . 34
179     E.3.  Since draft-ietf-httpbis-p3-payload-01 . . . . . . . . . . 35
180     E.4.  Since draft-ietf-httpbis-p3-payload-02 . . . . . . . . . . 35
181     E.5.  Since draft-ietf-httpbis-p3-payload-03 . . . . . . . . . . 36
182     E.6.  Since draft-ietf-httpbis-p3-payload-04 . . . . . . . . . . 36
183     E.7.  Since draft-ietf-httpbis-p3-payload-05 . . . . . . . . . . 36
184     E.8.  Since draft-ietf-httpbis-p3-payload-06 . . . . . . . . . . 37
185     E.9.  Since draft-ietf-httpbis-p3-payload-07 . . . . . . . . . . 37
186     E.10. Since draft-ietf-httpbis-p3-payload-08 . . . . . . . . . . 38
187     E.11. Since draft-ietf-httpbis-p3-payload-09 . . . . . . . . . . 38
188     E.12. Since draft-ietf-httpbis-p3-payload-10 . . . . . . . . . . 38
189     E.13. Since draft-ietf-httpbis-p3-payload-11 . . . . . . . . . . 39
190     E.14. Since draft-ietf-httpbis-p3-payload-12 . . . . . . . . . . 39
191     E.15. Since draft-ietf-httpbis-p3-payload-13 . . . . . . . . . . 39
192     E.16. Since draft-ietf-httpbis-p3-payload-14 . . . . . . . . . . 40
193     E.17. Since draft-ietf-httpbis-p3-payload-15 . . . . . . . . . . 40
194     E.18. Since draft-ietf-httpbis-p3-payload-16 . . . . . . . . . . 40
195     E.19. Since draft-ietf-httpbis-p3-payload-17 . . . . . . . . . . 40
196   Index  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223Fielding, et al.          Expires July 7, 2012                  [Page 4]
224
225Internet-Draft              HTTP/1.1, Part 3                January 2012
226
227
2281.  Introduction
229
230   This document defines HTTP/1.1 message payloads (a.k.a., content),
231   the associated metadata header fields that define how the payload is
232   intended to be interpreted by a recipient, the request header fields
233   that might influence content selection, and the various selection
234   algorithms that are collectively referred to as HTTP content
235   negotiation.
236
237   This document is currently disorganized in order to minimize the
238   changes between drafts and enable reviewers to see the smaller errata
239   changes.  A future draft will reorganize the sections to better
240   reflect the content.  In particular, the sections on entities will be
241   renamed payload and moved to the first half of the document, while
242   the sections on content negotiation and associated request header
243   fields will be moved to the second half.  The current mess reflects
244   how widely dispersed these topics and associated requirements had
245   become in [RFC2616].
246
2471.1.  Terminology
248
249   This specification uses a number of terms to refer to the roles
250   played by participants in, and objects of, the HTTP communication.
251
252   content negotiation
253
254      The mechanism for selecting the appropriate representation when
255      servicing a request.  The representation in any response can be
256      negotiated (including error responses).
257
2581.2.  Conformance and Error Handling
259
260   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
261   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
262   document are to be interpreted as described in [RFC2119].
263
264   This document defines conformance criteria for several roles in HTTP
265   communication, including Senders, Recipients, Clients, Servers, User-
266   Agents, Origin Servers, Intermediaries, Proxies and Gateways.  See
267   Section 2 of [Part1] for definitions of these terms.
268
269   An implementation is considered conformant if it complies with all of
270   the requirements associated with its role(s).  Note that SHOULD-level
271   requirements are relevant here, unless one of the documented
272   exceptions is applicable.
273
274   This document also uses ABNF to define valid protocol elements
275   (Section 1.3).  In addition to the prose requirements placed upon
276
277
278
279Fielding, et al.          Expires July 7, 2012                  [Page 5]
280
281Internet-Draft              HTTP/1.1, Part 3                January 2012
282
283
284   them, Senders MUST NOT generate protocol elements that are invalid.
285
286   Unless noted otherwise, Recipients MAY take steps to recover a usable
287   protocol element from an invalid construct.  However, HTTP does not
288   define specific error handling mechanisms, except in cases where it
289   has direct impact on security.  This is because different uses of the
290   protocol require different error handling strategies; for example, a
291   Web browser may wish to transparently recover from a response where
292   the Location header field doesn't parse according to the ABNF,
293   whereby in a systems control protocol using HTTP, this type of error
294   recovery could lead to dangerous consequences.
295
2961.3.  Syntax Notation
297
298   This specification uses the ABNF syntax defined in Section 1.2 of
299   [Part1] (which extends the syntax defined in [RFC5234] with a list
300   rule).  Appendix D shows the collected ABNF, with the list rule
301   expanded.
302
303   The following core rules are included by reference, as defined in
304   [RFC5234], Appendix B.1: ALPHA (letters), CR (carriage return), CRLF
305   (CR LF), CTL (controls), DIGIT (decimal 0-9), DQUOTE (double quote),
306   HEXDIG (hexadecimal 0-9/A-F/a-f), LF (line feed), OCTET (any 8-bit
307   sequence of data), SP (space), and VCHAR (any visible US-ASCII
308   character).
309
3101.3.1.  Core Rules
311
312   The core rules below are defined in [Part1]:
313
314     OWS            = <OWS, defined in [Part1], Section 1.2.2>
315     token          = <token, defined in [Part1], Section 3.2.3>
316     word           = <word, defined in [Part1], Section 3.2.3>
317
3181.3.2.  ABNF Rules defined in other Parts of the Specification
319
320   The ABNF rules below are defined in other parts:
321
322     absolute-URI   = <absolute-URI, defined in [Part1], Section 2.7>
323     partial-URI    = <partial-URI, defined in [Part1], Section 2.7>
324     qvalue         = <qvalue, defined in [Part1], Section 5.3>
325
3262.  Protocol Parameters
327
3282.1.  Character Encodings (charset)
329
330   HTTP uses charset names to indicate the character encoding of a
331   textual representation.
332
333
334
335Fielding, et al.          Expires July 7, 2012                  [Page 6]
336
337Internet-Draft              HTTP/1.1, Part 3                January 2012
338
339
340   A character encoding is identified by a case-insensitive token.  The
341   complete set of tokens is defined by the IANA Character Set registry
342   (<http://www.iana.org/assignments/character-sets>).
343
344     charset = token
345
346   Although HTTP allows an arbitrary token to be used as a charset
347   value, any token that has a predefined value within the IANA
348   Character Set registry MUST represent the character encoding defined
349   by that registry.  Applications SHOULD limit their use of character
350   encodings to those defined within the IANA registry.
351
352   HTTP uses charset in two contexts: within an Accept-Charset request
353   header field (in which the charset value is an unquoted token) and as
354   the value of a parameter in a Content-Type header field (within a
355   request or response), in which case the parameter value of the
356   charset parameter can be quoted.
357
358   Implementors need to be aware of IETF character set requirements
359   [RFC3629] [RFC2277].
360
3612.2.  Content Codings
362
363   Content coding values indicate an encoding transformation that has
364   been or can be applied to a representation.  Content codings are
365   primarily used to allow a representation to be compressed or
366   otherwise usefully transformed without losing the identity of its
367   underlying media type and without loss of information.  Frequently,
368   the representation is stored in coded form, transmitted directly, and
369   only decoded by the recipient.
370
371     content-coding   = token
372
373   All content-coding values are case-insensitive.  HTTP/1.1 uses
374   content-coding values in the Accept-Encoding (Section 6.3) and
375   Content-Encoding (Section 6.5) header fields.  Although the value
376   describes the content-coding, what is more important is that it
377   indicates what decoding mechanism will be required to remove the
378   encoding.
379
380   compress
381
382      See Section 5.1.2.1 of [Part1].
383
384   deflate
385
386      See Section 5.1.2.2 of [Part1].
387
388
389
390
391Fielding, et al.          Expires July 7, 2012                  [Page 7]
392
393Internet-Draft              HTTP/1.1, Part 3                January 2012
394
395
396   gzip
397
398      See Section 5.1.2.3 of [Part1].
399
4002.2.1.  Content Coding Registry
401
402   The HTTP Content Coding Registry defines the name space for the
403   content coding names.
404
405   Registrations MUST include the following fields:
406
407   o  Name
408
409   o  Description
410
411   o  Pointer to specification text
412
413   Names of content codings MUST NOT overlap with names of transfer
414   codings (Section 5.1 of [Part1]), unless the encoding transformation
415   is identical (as it is the case for the compression codings defined
416   in Section 5.1.2 of [Part1]).
417
418   Values to be added to this name space require a specification (see
419   "Specification Required" in Section 4.1 of [RFC5226]), and MUST
420   conform to the purpose of content coding defined in this section.
421
422   The registry itself is maintained at
423   <http://www.iana.org/assignments/http-parameters>.
424
4252.3.  Media Types
426
427   HTTP uses Internet Media Types [RFC2046] in the Content-Type
428   (Section 6.8) and Accept (Section 6.1) header fields in order to
429   provide open and extensible data typing and type negotiation.
430
431     media-type = type "/" subtype *( OWS ";" OWS parameter )
432     type       = token
433     subtype    = token
434
435   The type/subtype MAY be followed by parameters in the form of
436   attribute/value pairs.
437
438     parameter      = attribute "=" value
439     attribute      = token
440     value          = word
441
442   The type, subtype, and parameter attribute names are case-
443   insensitive.  Parameter values might or might not be case-sensitive,
444
445
446
447Fielding, et al.          Expires July 7, 2012                  [Page 8]
448
449Internet-Draft              HTTP/1.1, Part 3                January 2012
450
451
452   depending on the semantics of the parameter name.  The presence or
453   absence of a parameter might be significant to the processing of a
454   media-type, depending on its definition within the media type
455   registry.
456
457   A parameter value that matches the token production can be
458   transmitted as either a token or within a quoted-string.  The quoted
459   and unquoted values are equivalent.
460
461   Note that some older HTTP applications do not recognize media type
462   parameters.  When sending data to older HTTP applications,
463   implementations SHOULD only use media type parameters when they are
464   required by that type/subtype definition.
465
466   Media-type values are registered with the Internet Assigned Number
467   Authority (IANA).  The media type registration process is outlined in
468   [RFC4288].  Use of non-registered media types is discouraged.
469
4702.3.1.  Canonicalization and Text Defaults
471
472   Internet media types are registered with a canonical form.  A
473   representation transferred via HTTP messages MUST be in the
474   appropriate canonical form prior to its transmission except for
475   "text" types, as defined in the next paragraph.
476
477   When in canonical form, media subtypes of the "text" type use CRLF as
478   the text line break.  HTTP relaxes this requirement and allows the
479   transport of text media with plain CR or LF alone representing a line
480   break when it is done consistently for an entire representation.
481   HTTP applications MUST accept CRLF, bare CR, and bare LF as
482   indicating a line break in text media received via HTTP.  In
483   addition, if the text is in a character encoding that does not use
484   octets 13 and 10 for CR and LF respectively, as is the case for some
485   multi-byte character encodings, HTTP allows the use of whatever octet
486   sequences are defined by that character encoding to represent the
487   equivalent of CR and LF for line breaks.  This flexibility regarding
488   line breaks applies only to text media in the payload body; a bare CR
489   or LF MUST NOT be substituted for CRLF within any of the HTTP control
490   structures (such as header fields and multipart boundaries).
491
492   If a representation is encoded with a content-coding, the underlying
493   data MUST be in a form defined above prior to being encoded.
494
4952.3.2.  Multipart Types
496
497   MIME provides for a number of "multipart" types -- encapsulations of
498   one or more representations within a single message-body.  All
499   multipart types share a common syntax, as defined in Section 5.1.1 of
500
501
502
503Fielding, et al.          Expires July 7, 2012                  [Page 9]
504
505Internet-Draft              HTTP/1.1, Part 3                January 2012
506
507
508   [RFC2046], and MUST include a boundary parameter as part of the media
509   type value.  The message body is itself a protocol element and MUST
510   therefore use only CRLF to represent line breaks between body-parts.
511
512   In general, HTTP treats a multipart message-body no differently than
513   any other media type: strictly as payload.  HTTP does not use the
514   multipart boundary as an indicator of message-body length.  In all
515   other respects, an HTTP user agent SHOULD follow the same or similar
516   behavior as a MIME user agent would upon receipt of a multipart type.
517   The MIME header fields within each body-part of a multipart message-
518   body do not have any significance to HTTP beyond that defined by
519   their MIME semantics.
520
521   If an application receives an unrecognized multipart subtype, the
522   application MUST treat it as being equivalent to "multipart/mixed".
523
524      Note: The "multipart/form-data" type has been specifically defined
525      for carrying form data suitable for processing via the POST
526      request method, as described in [RFC2388].
527
5282.4.  Language Tags
529
530   A language tag, as defined in [RFC5646], identifies a natural
531   language spoken, written, or otherwise conveyed by human beings for
532   communication of information to other human beings.  Computer
533   languages are explicitly excluded.  HTTP uses language tags within
534   the Accept-Language and Content-Language fields.
535
536   In summary, a language tag is composed of one or more parts: A
537   primary language subtag followed by a possibly empty series of
538   subtags:
539
540     language-tag = <Language-Tag, defined in [RFC5646], Section 2.1>
541
542   White space is not allowed within the tag and all tags are case-
543   insensitive.  The name space of language subtags is administered by
544   the IANA (see
545   <http://www.iana.org/assignments/language-subtag-registry>).
546
547   Example tags include:
548
549     en, en-US, es-419, az-Arab, x-pig-latin, man-Nkoo-GN
550
551   See [RFC5646] for further information.
552
553
554
555
556
557
558
559Fielding, et al.          Expires July 7, 2012                 [Page 10]
560
561Internet-Draft              HTTP/1.1, Part 3                January 2012
562
563
5643.  Payload
565
566   HTTP messages MAY transfer a payload if not otherwise restricted by
567   the request method or response status code.  The payload consists of
568   metadata, in the form of header fields, and data, in the form of the
569   sequence of octets in the message-body after any transfer-coding has
570   been decoded.
571
572   A "payload" in HTTP is always a partial or complete representation of
573   some resource.  We use separate terms for payload and representation
574   because some messages contain only the associated representation's
575   header fields (e.g., responses to HEAD) or only some part(s) of the
576   representation (e.g., the 206 status code).
577
5783.1.  Payload Header Fields
579
580   HTTP header fields that specifically define the payload, rather than
581   the associated representation, are referred to as "payload header
582   fields".  The following payload header fields are defined by
583   HTTP/1.1:
584
585   +-------------------+------------------------+
586   | Header Field Name | Defined in...          |
587   +-------------------+------------------------+
588   | Content-Length    | Section 8.2 of [Part1] |
589   | Content-Range     | Section 5.2 of [Part5] |
590   +-------------------+------------------------+
591
5923.2.  Payload Body
593
594   A payload body is only present in a message when a message-body is
595   present, as described in Section 3.3 of [Part1].  The payload body is
596   obtained from the message-body by decoding any Transfer-Encoding that
597   might have been applied to ensure safe and proper transfer of the
598   message.
599
6004.  Representation
601
602   A "representation" is information in a format that can be readily
603   communicated from one party to another.  A resource representation is
604   information that reflects the state of that resource, as observed at
605   some point in the past (e.g., in a response to GET) or to be desired
606   at some point in the future (e.g., in a PUT request).
607
608   Most, but not all, representations transferred via HTTP are intended
609   to be a representation of the target resource (the resource
610   identified by the effective request URI).  The precise semantics of a
611   representation are determined by the type of message (request or
612
613
614
615Fielding, et al.          Expires July 7, 2012                 [Page 11]
616
617Internet-Draft              HTTP/1.1, Part 3                January 2012
618
619
620   response), the request method, the response status code, and the
621   representation metadata.  For example, the above semantic is true for
622   the representation in any 200 (OK) response to GET and for the
623   representation in any PUT request.  A 200 response to PUT, in
624   contrast, contains either a representation that describes the
625   successful action or a representation of the target resource, with
626   the latter indicated by a Content-Location header field with the same
627   value as the effective request URI.  Likewise, response messages with
628   an error status code usually contain a representation that describes
629   the error and what next steps are suggested for resolving it.
630
6314.1.  Representation Header Fields
632
633   Representation header fields define metadata about the representation
634   data enclosed in the message-body or, if no message-body is present,
635   about the representation that would have been transferred in a 200
636   response to a simultaneous GET request with the same effective
637   request URI.
638
639   The following header fields are defined as representation metadata:
640
641   +-------------------+------------------------+
642   | Header Field Name | Defined in...          |
643   +-------------------+------------------------+
644   | Content-Encoding  | Section 6.5            |
645   | Content-Language  | Section 6.6            |
646   | Content-Location  | Section 6.7            |
647   | Content-Type      | Section 6.8            |
648   | Expires           | Section 3.3 of [Part6] |
649   | Last-Modified     | Section 2.2 of [Part4] |
650   +-------------------+------------------------+
651
6524.2.  Representation Data
653
654   The representation body associated with an HTTP message is either
655   provided as the payload body of the message or referred to by the
656   message semantics and the effective request URI.  The representation
657   data is in a format and encoding defined by the representation
658   metadata header fields.
659
660   The data type of the representation data is determined via the header
661   fields Content-Type and Content-Encoding.  These define a two-layer,
662   ordered encoding model:
663
664     representation-data := Content-Encoding( Content-Type( bits ) )
665
666   Content-Type specifies the media type of the underlying data, which
667   defines both the data format and how that data SHOULD be processed by
668
669
670
671Fielding, et al.          Expires July 7, 2012                 [Page 12]
672
673Internet-Draft              HTTP/1.1, Part 3                January 2012
674
675
676   the recipient (within the scope of the request method semantics).
677   Any HTTP/1.1 message containing a payload body SHOULD include a
678   Content-Type header field defining the media type of the associated
679   representation unless that metadata is unknown to the sender.  If the
680   Content-Type header field is not present, it indicates that the
681   sender does not know the media type of the representation; recipients
682   MAY either assume that the media type is "application/octet-stream"
683   ([RFC2046], Section 4.5.1) or examine the content to determine its
684   type.
685
686   In practice, resource owners do not always properly configure their
687   origin server to provide the correct Content-Type for a given
688   representation, with the result that some clients will examine a
689   response body's content and override the specified type.  Clients
690   that do so risk drawing incorrect conclusions, which might expose
691   additional security risks (e.g., "privilege escalation").
692   Furthermore, it is impossible to determine the sender's intent by
693   examining the data format: many data formats match multiple media
694   types that differ only in processing semantics.  Implementers are
695   encouraged to provide a means of disabling such "content sniffing"
696   when it is used.
697
698   Content-Encoding is used to indicate any additional content codings
699   applied to the data, usually for the purpose of data compression,
700   that are a property of the representation.  If Content-Encoding is
701   not present, then there is no additional encoding beyond that defined
702   by the Content-Type.
703
7045.  Content Negotiation
705
706   HTTP responses include a representation which contains information
707   for interpretation, whether by a human user or for further
708   processing.  Often, the server has different ways of representing the
709   same information; for example, in different formats, languages, or
710   using different character encodings.
711
712   HTTP clients and their users might have different or variable
713   capabilities, characteristics or preferences which would influence
714   which representation, among those available from the server, would be
715   best for the server to deliver.  For this reason, HTTP provides
716   mechanisms for "content negotiation" -- a process of allowing
717   selection of a representation of a given resource, when more than one
718   is available.
719
720   This specification defines two patterns of content negotiation;
721   "server-driven", where the server selects the representation based
722   upon the client's stated preferences, and "agent-driven" negotiation,
723   where the server provides a list of representations for the client to
724
725
726
727Fielding, et al.          Expires July 7, 2012                 [Page 13]
728
729Internet-Draft              HTTP/1.1, Part 3                January 2012
730
731
732   choose from, based upon their metadata.  In addition, there are other
733   patterns: some applications use an "active content" pattern, where
734   the server returns active content which runs on the client and, based
735   on client available parameters, selects additional resources to
736   invoke.  "Transparent Content Negotiation" ([RFC2295]) has also been
737   proposed.
738
739   These patterns are all widely used, and have trade-offs in
740   applicability and practicality.  In particular, when the number of
741   preferences or capabilities to be expressed by a client are large
742   (such as when many different formats are supported by a user-agent),
743   server-driven negotiation becomes unwieldy, and might not be
744   appropriate.  Conversely, when the number of representations to
745   choose from is very large, agent-driven negotiation might not be
746   appropriate.
747
748   Note that in all cases, the supplier of representations has the
749   responsibility for determining which representations might be
750   considered to be the "same information".
751
7525.1.  Server-driven Negotiation
753
754   If the selection of the best representation for a response is made by
755   an algorithm located at the server, it is called server-driven
756   negotiation.  Selection is based on the available representations of
757   the response (the dimensions over which it can vary; e.g., language,
758   content-coding, etc.) and the contents of particular header fields in
759   the request message or on other information pertaining to the request
760   (such as the network address of the client).
761
762   Server-driven negotiation is advantageous when the algorithm for
763   selecting from among the available representations is difficult to
764   describe to the user agent, or when the server desires to send its
765   "best guess" to the client along with the first response (hoping to
766   avoid the round-trip delay of a subsequent request if the "best
767   guess" is good enough for the user).  In order to improve the
768   server's guess, the user agent MAY include request header fields
769   (Accept, Accept-Language, Accept-Encoding, etc.) which describe its
770   preferences for such a response.
771
772   Server-driven negotiation has disadvantages:
773
774   1.  It is impossible for the server to accurately determine what
775       might be "best" for any given user, since that would require
776       complete knowledge of both the capabilities of the user agent and
777       the intended use for the response (e.g., does the user want to
778       view it on screen or print it on paper?).
779
780
781
782
783Fielding, et al.          Expires July 7, 2012                 [Page 14]
784
785Internet-Draft              HTTP/1.1, Part 3                January 2012
786
787
788   2.  Having the user agent describe its capabilities in every request
789       can be both very inefficient (given that only a small percentage
790       of responses have multiple representations) and a potential
791       violation of the user's privacy.
792
793   3.  It complicates the implementation of an origin server and the
794       algorithms for generating responses to a request.
795
796   4.  It might limit a public cache's ability to use the same response
797       for multiple user's requests.
798
799   Server-driven negotiation allows the user agent to specify its
800   preferences, but it cannot expect responses to always honour them.
801   For example, the origin server might not implement server-driven
802   negotiation, or it might decide that sending a response that doesn't
803   conform to them is better than sending a 406 (Not Acceptable)
804   response.
805
806   Many of the mechanisms for expressing preferences use quality values
807   to declare relative preference.  See Section 5.3 of [Part1] for more
808   information.
809
810   HTTP/1.1 includes the following header fields for enabling server-
811   driven negotiation through description of user agent capabilities and
812   user preferences: Accept (Section 6.1), Accept-Charset (Section 6.2),
813   Accept-Encoding (Section 6.3), Accept-Language (Section 6.4), and
814   User-Agent (Section 9.10 of [Part2]).  However, an origin server is
815   not limited to these dimensions and MAY vary the response based on
816   any aspect of the request, including aspects of the connection (e.g.,
817   IP address) or information within extension header fields not defined
818   by this specification.
819
820      Note: In practice, User-Agent based negotiation is fragile,
821      because new clients might not be recognized.
822
823   The Vary header field (Section 3.5 of [Part6]) can be used to express
824   the parameters the server uses to select a representation that is
825   subject to server-driven negotiation.
826
8275.2.  Agent-driven Negotiation
828
829   With agent-driven negotiation, selection of the best representation
830   for a response is performed by the user agent after receiving an
831   initial response from the origin server.  Selection is based on a
832   list of the available representations of the response included within
833   the header fields or body of the initial response, with each
834   representation identified by its own URI.  Selection from among the
835   representations can be performed automatically (if the user agent is
836
837
838
839Fielding, et al.          Expires July 7, 2012                 [Page 15]
840
841Internet-Draft              HTTP/1.1, Part 3                January 2012
842
843
844   capable of doing so) or manually by the user selecting from a
845   generated (possibly hypertext) menu.
846
847   Agent-driven negotiation is advantageous when the response would vary
848   over commonly-used dimensions (such as type, language, or encoding),
849   when the origin server is unable to determine a user agent's
850   capabilities from examining the request, and generally when public
851   caches are used to distribute server load and reduce network usage.
852
853   Agent-driven negotiation suffers from the disadvantage of needing a
854   second request to obtain the best alternate representation.  This
855   second request is only efficient when caching is used.  In addition,
856   this specification does not define any mechanism for supporting
857   automatic selection, though it also does not prevent any such
858   mechanism from being developed as an extension and used within
859   HTTP/1.1.
860
861   This specification defines the 300 (Multiple Choices) and 406 (Not
862   Acceptable) status codes for enabling agent-driven negotiation when
863   the server is unwilling or unable to provide a varying response using
864   server-driven negotiation.
865
8666.  Header Field Definitions
867
868   This section defines the syntax and semantics of HTTP/1.1 header
869   fields related to the payload of messages.
870
8716.1.  Accept
872
873   The "Accept" header field can be used by user agents to specify
874   response media types that are acceptable.  Accept header fields can
875   be used to indicate that the request is specifically limited to a
876   small set of desired types, as in the case of a request for an in-
877   line image.
878
879     Accept = #( media-range [ accept-params ] )
880
881     media-range    = ( "*/*"
882                      / ( type "/" "*" )
883                      / ( type "/" subtype )
884                      ) *( OWS ";" OWS parameter )
885     accept-params  = OWS ";" OWS "q=" qvalue *( accept-ext )
886     accept-ext     = OWS ";" OWS token [ "=" word ]
887
888   The asterisk "*" character is used to group media types into ranges,
889   with "*/*" indicating all media types and "type/*" indicating all
890   subtypes of that type.  The media-range MAY include media type
891   parameters that are applicable to that range.
892
893
894
895Fielding, et al.          Expires July 7, 2012                 [Page 16]
896
897Internet-Draft              HTTP/1.1, Part 3                January 2012
898
899
900   Each media-range MAY be followed by one or more accept-params,
901   beginning with the "q" parameter for indicating a relative quality
902   factor.  The first "q" parameter (if any) separates the media-range
903   parameter(s) from the accept-params.  Quality factors allow the user
904   or user agent to indicate the relative degree of preference for that
905   media-range, using the qvalue scale from 0 to 1 (Section 5.3 of
906   [Part1]).  The default value is q=1.
907
908      Note: Use of the "q" parameter name to separate media type
909      parameters from Accept extension parameters is due to historical
910      practice.  Although this prevents any media type parameter named
911      "q" from being used with a media range, such an event is believed
912      to be unlikely given the lack of any "q" parameters in the IANA
913      media type registry and the rare usage of any media type
914      parameters in Accept.  Future media types are discouraged from
915      registering any parameter named "q".
916
917   The example
918
919     Accept: audio/*; q=0.2, audio/basic
920
921   SHOULD be interpreted as "I prefer audio/basic, but send me any audio
922   type if it is the best available after an 80% mark-down in quality".
923
924   A request without any Accept header field implies that the user agent
925   will accept any media type in response.  If an Accept header field is
926   present in a request and none of the available representations for
927   the response have a media type that is listed as acceptable, the
928   origin server MAY either honor the Accept header field by sending a
929   406 (Not Acceptable) response or disregard the Accept header field by
930   treating the response as if it is not subject to content negotiation.
931
932   A more elaborate example is
933
934     Accept: text/plain; q=0.5, text/html,
935             text/x-dvi; q=0.8, text/x-c
936
937   Verbally, this would be interpreted as "text/html and text/x-c are
938   the preferred media types, but if they do not exist, then send the
939   text/x-dvi representation, and if that does not exist, send the text/
940   plain representation".
941
942   Media ranges can be overridden by more specific media ranges or
943   specific media types.  If more than one media range applies to a
944   given type, the most specific reference has precedence.  For example,
945
946     Accept: text/*, text/plain, text/plain;format=flowed, */*
947
948
949
950
951Fielding, et al.          Expires July 7, 2012                 [Page 17]
952
953Internet-Draft              HTTP/1.1, Part 3                January 2012
954
955
956   have the following precedence:
957
958   1.  text/plain;format=flowed
959
960   2.  text/plain
961
962   3.  text/*
963
964   4.  */*
965
966   The media type quality factor associated with a given type is
967   determined by finding the media range with the highest precedence
968   which matches that type.  For example,
969
970     Accept: text/*;q=0.3, text/html;q=0.7, text/html;level=1,
971             text/html;level=2;q=0.4, */*;q=0.5
972
973   would cause the following values to be associated:
974
975   +-------------------+---------------+
976   | Media Type        | Quality Value |
977   +-------------------+---------------+
978   | text/html;level=1 | 1             |
979   | text/html         | 0.7           |
980   | text/plain        | 0.3           |
981   | image/jpeg        | 0.5           |
982   | text/html;level=2 | 0.4           |
983   | text/html;level=3 | 0.7           |
984   +-------------------+---------------+
985
986   Note: A user agent might be provided with a default set of quality
987   values for certain media ranges.  However, unless the user agent is a
988   closed system which cannot interact with other rendering agents, this
989   default set ought to be configurable by the user.
990
9916.2.  Accept-Charset
992
993   The "Accept-Charset" header field can be used by user agents to
994   indicate what character encodings are acceptable in a response
995   payload.  This field allows clients capable of understanding more
996   comprehensive or special-purpose character encodings to signal that
997   capability to a server which is capable of representing documents in
998   those character encodings.
999
1000     Accept-Charset = 1#( ( charset / "*" )
1001                            [ OWS ";" OWS "q=" qvalue ] )
1002
1003   Character encoding values (a.k.a., charsets) are described in
1004
1005
1006
1007Fielding, et al.          Expires July 7, 2012                 [Page 18]
1008
1009Internet-Draft              HTTP/1.1, Part 3                January 2012
1010
1011
1012   Section 2.1.  Each charset MAY be given an associated quality value
1013   which represents the user's preference for that charset.  The default
1014   value is q=1.  An example is
1015
1016     Accept-Charset: iso-8859-5, unicode-1-1;q=0.8
1017
1018   The special value "*", if present in the Accept-Charset field,
1019   matches every character encoding which is not mentioned elsewhere in
1020   the Accept-Charset field.  If no "*" is present in an Accept-Charset
1021   field, then all character encodings not explicitly mentioned get a
1022   quality value of 0.
1023
1024   A request without any Accept-Charset header field implies that the
1025   user agent will accept any character encoding in response.  If an
1026   Accept-Charset header field is present in a request and none of the
1027   available representations for the response have a character encoding
1028   that is listed as acceptable, the origin server MAY either honor the
1029   Accept-Charset header field by sending a 406 (Not Acceptable)
1030   response or disregard the Accept-Charset header field by treating the
1031   response as if it is not subject to content negotiation.
1032
10336.3.  Accept-Encoding
1034
1035   The "Accept-Encoding" header field can be used by user agents to
1036   indicate what response content-codings (Section 2.2) are acceptable
1037   in the response.  An "identity" token is used as a synonym for "no
1038   encoding" in order to communicate when no encoding is preferred.
1039
1040     Accept-Encoding  = #( codings [ OWS ";" OWS "q=" qvalue ] )
1041     codings          = content-coding / "identity" / "*"
1042
1043   Each codings value MAY be given an associated quality value which
1044   represents the preference for that encoding.  The default value is
1045   q=1.
1046
1047   For example,
1048
1049     Accept-Encoding: compress, gzip
1050     Accept-Encoding:
1051     Accept-Encoding: *
1052     Accept-Encoding: compress;q=0.5, gzip;q=1.0
1053     Accept-Encoding: gzip;q=1.0, identity; q=0.5, *;q=0
1054
1055   A server tests whether a content-coding for a given representation is
1056   acceptable, according to an Accept-Encoding field, using these rules:
1057
1058   1.  The special "*" symbol in an Accept-Encoding field matches any
1059       available content-coding not explicitly listed in the header
1060
1061
1062
1063Fielding, et al.          Expires July 7, 2012                 [Page 19]
1064
1065Internet-Draft              HTTP/1.1, Part 3                January 2012
1066
1067
1068       field.
1069
1070   2.  If the representation has no content-coding, then it is
1071       acceptable by default unless specifically excluded by the Accept-
1072       Encoding field stating either "identity;q=0" or "*;q=0" without a
1073       more specific entry for "identity".
1074
1075   3.  If the representation's content-coding is one of the content-
1076       codings listed in the Accept-Encoding field, then it is
1077       acceptable unless it is accompanied by a qvalue of 0.  (As
1078       defined in Section 5.3 of [Part1], a qvalue of 0 means "not
1079       acceptable".)
1080
1081   4.  If multiple content-codings are acceptable, then the acceptable
1082       content-coding with the highest non-zero qvalue is preferred.
1083
1084   An Accept-Encoding header field with a combined field-value that is
1085   empty implies that the user agent does not want any content-coding in
1086   response.  If an Accept-Encoding header field is present in a request
1087   and none of the available representations for the response have a
1088   content-coding that is listed as acceptable, the origin server SHOULD
1089   send a response without any content-coding.
1090
1091   A request without an Accept-Encoding header field implies that the
1092   user agent will accept any content-coding in response, but a
1093   representation without content-coding is preferred for compatibility
1094   with the widest variety of user agents.
1095
1096      Note: Most HTTP/1.0 applications do not recognize or obey qvalues
1097      associated with content-codings.  This means that qvalues will not
1098      work and are not permitted with x-gzip or x-compress.
1099
11006.4.  Accept-Language
1101
1102   The "Accept-Language" header field can be used by user agents to
1103   indicate the set of natural languages that are preferred in the
1104   response.  Language tags are defined in Section 2.4.
1105
1106     Accept-Language =
1107                       1#( language-range [ OWS ";" OWS "q=" qvalue ] )
1108     language-range  =
1109               <language-range, defined in [RFC4647], Section 2.1>
1110
1111   Each language-range can be given an associated quality value which
1112   represents an estimate of the user's preference for the languages
1113   specified by that range.  The quality value defaults to "q=1".  For
1114   example,
1115
1116
1117
1118
1119Fielding, et al.          Expires July 7, 2012                 [Page 20]
1120
1121Internet-Draft              HTTP/1.1, Part 3                January 2012
1122
1123
1124     Accept-Language: da, en-gb;q=0.8, en;q=0.7
1125
1126   would mean: "I prefer Danish, but will accept British English and
1127   other types of English". (see also Section 2.3 of [RFC4647])
1128
1129   For matching, Section 3 of [RFC4647] defines several matching
1130   schemes.  Implementations can offer the most appropriate matching
1131   scheme for their requirements.
1132
1133      Note: The "Basic Filtering" scheme ([RFC4647], Section 3.3.1) is
1134      identical to the matching scheme that was previously defined in
1135      Section 14.4 of [RFC2616].
1136
1137   It might be contrary to the privacy expectations of the user to send
1138   an Accept-Language header field with the complete linguistic
1139   preferences of the user in every request.  For a discussion of this
1140   issue, see Section 8.1.
1141
1142   As intelligibility is highly dependent on the individual user, it is
1143   recommended that client applications make the choice of linguistic
1144   preference available to the user.  If the choice is not made
1145   available, then the Accept-Language header field MUST NOT be given in
1146   the request.
1147
1148      Note: When making the choice of linguistic preference available to
1149      the user, we remind implementors of the fact that users are not
1150      familiar with the details of language matching as described above,
1151      and ought to be provided appropriate guidance.  As an example,
1152      users might assume that on selecting "en-gb", they will be served
1153      any kind of English document if British English is not available.
1154      A user agent might suggest in such a case to add "en" to get the
1155      best matching behavior.
1156
11576.5.  Content-Encoding
1158
1159   The "Content-Encoding" header field indicates what content-codings
1160   have been applied to the representation beyond those inherent in the
1161   media type, and thus what decoding mechanisms must be applied in
1162   order to obtain the media-type referenced by the Content-Type header
1163   field.  Content-Encoding is primarily used to allow a representation
1164   to be compressed without losing the identity of its underlying media
1165   type.
1166
1167     Content-Encoding = 1#content-coding
1168
1169   Content codings are defined in Section 2.2.  An example of its use is
1170
1171     Content-Encoding: gzip
1172
1173
1174
1175Fielding, et al.          Expires July 7, 2012                 [Page 21]
1176
1177Internet-Draft              HTTP/1.1, Part 3                January 2012
1178
1179
1180   The content-coding is a characteristic of the representation.
1181   Typically, the representation body is stored with this encoding and
1182   is only decoded before rendering or analogous usage.  However, a
1183   transforming proxy MAY modify the content-coding if the new coding is
1184   known to be acceptable to the recipient, unless the "no-transform"
1185   cache-control directive is present in the message.
1186
1187   If the media type includes an inherent encoding, such as a data
1188   format that is always compressed, then that encoding would not be
1189   restated as a Content-Encoding even if it happens to be the same
1190   algorithm as one of the content-codings.  Such a content-coding would
1191   only be listed if, for some bizarre reason, it is applied a second
1192   time to form the representation.  Likewise, an origin server might
1193   choose to publish the same payload data as multiple representations
1194   that differ only in whether the coding is defined as part of Content-
1195   Type or Content-Encoding, since some user agents will behave
1196   differently in their handling of each response (e.g., open a "Save as
1197   ..." dialog instead of automatic decompression and rendering of
1198   content).
1199
1200   A representation that has a content-coding applied to it MUST include
1201   a Content-Encoding header field (Section 6.5) that lists the content-
1202   coding(s) applied.
1203
1204   If multiple encodings have been applied to a representation, the
1205   content codings MUST be listed in the order in which they were
1206   applied.  Additional information about the encoding parameters MAY be
1207   provided by other header fields not defined by this specification.
1208
1209   If the content-coding of a representation in a request message is not
1210   acceptable to the origin server, the server SHOULD respond with a
1211   status code of 415 (Unsupported Media Type).
1212
12136.6.  Content-Language
1214
1215   The "Content-Language" header field describes the natural language(s)
1216   of the intended audience for the representation.  Note that this
1217   might not be equivalent to all the languages used within the
1218   representation.
1219
1220     Content-Language = 1#language-tag
1221
1222   Language tags are defined in Section 2.4.  The primary purpose of
1223   Content-Language is to allow a user to identify and differentiate
1224   representations according to the user's own preferred language.
1225   Thus, if the body content is intended only for a Danish-literate
1226   audience, the appropriate field is
1227
1228
1229
1230
1231Fielding, et al.          Expires July 7, 2012                 [Page 22]
1232
1233Internet-Draft              HTTP/1.1, Part 3                January 2012
1234
1235
1236     Content-Language: da
1237
1238   If no Content-Language is specified, the default is that the content
1239   is intended for all language audiences.  This might mean that the
1240   sender does not consider it to be specific to any natural language,
1241   or that the sender does not know for which language it is intended.
1242
1243   Multiple languages MAY be listed for content that is intended for
1244   multiple audiences.  For example, a rendition of the "Treaty of
1245   Waitangi", presented simultaneously in the original Maori and English
1246   versions, would call for
1247
1248     Content-Language: mi, en
1249
1250   However, just because multiple languages are present within a
1251   representation does not mean that it is intended for multiple
1252   linguistic audiences.  An example would be a beginner's language
1253   primer, such as "A First Lesson in Latin", which is clearly intended
1254   to be used by an English-literate audience.  In this case, the
1255   Content-Language would properly only include "en".
1256
1257   Content-Language MAY be applied to any media type -- it is not
1258   limited to textual documents.
1259
12606.7.  Content-Location
1261
1262   The "Content-Location" header field supplies a URI that can be used
1263   as a specific identifier for the representation in this message.  In
1264   other words, if one were to perform a GET on this URI at the time of
1265   this message's generation, then a 200 response would contain the same
1266   representation that is enclosed as payload in this message.
1267
1268     Content-Location = absolute-URI / partial-URI
1269
1270   The Content-Location value is not a replacement for the effective
1271   Request URI (Section 4.3 of [Part1]).  It is representation metadata.
1272   It has the same syntax and semantics as the header field of the same
1273   name defined for MIME body parts in Section 4 of [RFC2557].  However,
1274   its appearance in an HTTP message has some special implications for
1275   HTTP recipients.
1276
1277   If Content-Location is included in a response message and its value
1278   is the same as the effective request URI, then the response payload
1279   SHOULD be considered the current representation of that resource.
1280   For a GET or HEAD request, this is the same as the default semantics
1281   when no Content-Location is provided by the server.  For a state-
1282   changing request like PUT or POST, it implies that the server's
1283   response contains the new representation of that resource, thereby
1284
1285
1286
1287Fielding, et al.          Expires July 7, 2012                 [Page 23]
1288
1289Internet-Draft              HTTP/1.1, Part 3                January 2012
1290
1291
1292   distinguishing it from representations that might only report about
1293   the action (e.g., "It worked!").  This allows authoring applications
1294   to update their local copies without the need for a subsequent GET
1295   request.
1296
1297   If Content-Location is included in a response message and its value
1298   differs from the effective request URI, then the origin server is
1299   informing recipients that this representation has its own, presumably
1300   more specific, identifier.  For a GET or HEAD request, this is an
1301   indication that the effective request URI identifies a resource that
1302   is subject to content negotiation and the representation selected for
1303   this response can also be found at the identified URI.  For other
1304   methods, such a Content-Location indicates that this representation
1305   contains a report on the action's status and the same report is
1306   available (for future access with GET) at the given URI.  For
1307   example, a purchase transaction made via a POST request might include
1308   a receipt document as the payload of the 200 response; the Content-
1309   Location value provides an identifier for retrieving a copy of that
1310   same receipt in the future.
1311
1312   If Content-Location is included in a request message, then it MAY be
1313   interpreted by the origin server as an indication of where the user
1314   agent originally obtained the content of the enclosed representation
1315   (prior to any subsequent modification of the content by that user
1316   agent).  In other words, the user agent is providing the same
1317   representation metadata that it received with the original
1318   representation.  However, such interpretation MUST NOT be used to
1319   alter the semantics of the method requested by the client.  For
1320   example, if a client makes a PUT request on a negotiated resource and
1321   the origin server accepts that PUT (without redirection), then the
1322   new set of values for that resource is expected to be consistent with
1323   the one representation supplied in that PUT; the Content-Location
1324   cannot be used as a form of reverse content selection that identifies
1325   only one of the negotiated representations to be updated.  If the
1326   user agent had wanted the latter semantics, it would have applied the
1327   PUT directly to the Content-Location URI.
1328
1329   A Content-Location field received in a request message is transitory
1330   information that SHOULD NOT be saved with other representation
1331   metadata for use in later responses.  The Content-Location's value
1332   might be saved for use in other contexts, such as within source links
1333   or other metadata.
1334
1335   A cache cannot assume that a representation with a Content-Location
1336   different from the URI used to retrieve it can be used to respond to
1337   later requests on that Content-Location URI.
1338
1339   If the Content-Location value is a partial URI, the partial URI is
1340
1341
1342
1343Fielding, et al.          Expires July 7, 2012                 [Page 24]
1344
1345Internet-Draft              HTTP/1.1, Part 3                January 2012
1346
1347
1348   interpreted relative to the effective request URI.
1349
13506.8.  Content-Type
1351
1352   The "Content-Type" header field indicates the media type of the
1353   representation.  In the case of responses to the HEAD method, the
1354   media type is that which would have been sent had the request been a
1355   GET.
1356
1357     Content-Type = media-type
1358
1359   Media types are defined in Section 2.3.  An example of the field is
1360
1361     Content-Type: text/html; charset=ISO-8859-4
1362
1363   Further discussion of Content-Type is provided in Section 4.2.
1364
13657.  IANA Considerations
1366
13677.1.  Header Field Registration
1368
1369   The Message Header Field Registry located at <http://www.iana.org/
1370   assignments/message-headers/message-header-index.html> shall be
1371   updated with the permanent registrations below (see [RFC3864]):
1372
1373   +-------------------+----------+----------+--------------+
1374   | Header Field Name | Protocol | Status   | Reference    |
1375   +-------------------+----------+----------+--------------+
1376   | Accept            | http     | standard | Section 6.1  |
1377   | Accept-Charset    | http     | standard | Section 6.2  |
1378   | Accept-Encoding   | http     | standard | Section 6.3  |
1379   | Accept-Language   | http     | standard | Section 6.4  |
1380   | Content-Encoding  | http     | standard | Section 6.5  |
1381   | Content-Language  | http     | standard | Section 6.6  |
1382   | Content-Location  | http     | standard | Section 6.7  |
1383   | Content-Type      | http     | standard | Section 6.8  |
1384   | MIME-Version      | http     | standard | Appendix A.1 |
1385   +-------------------+----------+----------+--------------+
1386
1387   The change controller is: "IETF (iesg@ietf.org) - Internet
1388   Engineering Task Force".
1389
13907.2.  Content Coding Registry
1391
1392   The registration procedure for HTTP Content Codings is now defined by
1393   Section 2.2.1 of this document.
1394
1395   The HTTP Content Codings Registry located at
1396
1397
1398
1399Fielding, et al.          Expires July 7, 2012                 [Page 25]
1400
1401Internet-Draft              HTTP/1.1, Part 3                January 2012
1402
1403
1404   <http://www.iana.org/assignments/http-parameters> shall be updated
1405   with the registration below:
1406
1407   +----------+-----------------------------------------+--------------+
1408   | Name     | Description                             | Reference    |
1409   +----------+-----------------------------------------+--------------+
1410   | compress | UNIX "compress" program method          | Section      |
1411   |          |                                         | 5.1.2.1 of   |
1412   |          |                                         | [Part1]      |
1413   | deflate  | "deflate" compression mechanism         | Section      |
1414   |          | ([RFC1951]) used inside the "zlib" data | 5.1.2.2 of   |
1415   |          | format ([RFC1950])                      | [Part1]      |
1416   | gzip     | Same as GNU zip [RFC1952]               | Section      |
1417   |          |                                         | 5.1.2.3 of   |
1418   |          |                                         | [Part1]      |
1419   | identity | reserved (synonym for "no encoding" in  | Section 6.3  |
1420   |          | Accept-Encoding header field)           |              |
1421   +----------+-----------------------------------------+--------------+
1422
14238.  Security Considerations
1424
1425   This section is meant to inform application developers, information
1426   providers, and users of the security limitations in HTTP/1.1 as
1427   described by this document.  The discussion does not include
1428   definitive solutions to the problems revealed, though it does make
1429   some suggestions for reducing security risks.
1430
14318.1.  Privacy Issues Connected to Accept Header Fields
1432
1433   Accept headers fields can reveal information about the user to all
1434   servers which are accessed.  The Accept-Language header field in
1435   particular can reveal information the user would consider to be of a
1436   private nature, because the understanding of particular languages is
1437   often strongly correlated to the membership of a particular ethnic
1438   group.  User agents which offer the option to configure the contents
1439   of an Accept-Language header field to be sent in every request are
1440   strongly encouraged to let the configuration process include a
1441   message which makes the user aware of the loss of privacy involved.
1442
1443   An approach that limits the loss of privacy would be for a user agent
1444   to omit the sending of Accept-Language header fields by default, and
1445   to ask the user whether or not to start sending Accept-Language
1446   header fields to a server if it detects, by looking for any Vary
1447   header fields generated by the server, that such sending could
1448   improve the quality of service.
1449
1450   Elaborate user-customized accept header fields sent in every request,
1451   in particular if these include quality values, can be used by servers
1452
1453
1454
1455Fielding, et al.          Expires July 7, 2012                 [Page 26]
1456
1457Internet-Draft              HTTP/1.1, Part 3                January 2012
1458
1459
1460   as relatively reliable and long-lived user identifiers.  Such user
1461   identifiers would allow content providers to do click-trail tracking,
1462   and would allow collaborating content providers to match cross-server
1463   click-trails or form submissions of individual users.  Note that for
1464   many users not behind a proxy, the network address of the host
1465   running the user agent will also serve as a long-lived user
1466   identifier.  In environments where proxies are used to enhance
1467   privacy, user agents ought to be conservative in offering accept
1468   header configuration options to end users.  As an extreme privacy
1469   measure, proxies could filter the accept header fields in relayed
1470   requests.  General purpose user agents which provide a high degree of
1471   header configurability SHOULD warn users about the loss of privacy
1472   which can be involved.
1473
14749.  Acknowledgments
1475
1476   See Section 11 of [Part1].
1477
147810.  References
1479
148010.1.  Normative References
1481
1482   [Part1]    Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H.,
1483              Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed.,
1484              and J. Reschke, Ed., "HTTP/1.1, part 1: URIs, Connections,
1485              and Message Parsing", draft-ietf-httpbis-p1-messaging-18
1486              (work in progress), January 2012.
1487
1488   [Part2]    Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H.,
1489              Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed.,
1490              and J. Reschke, Ed., "HTTP/1.1, part 2: Message
1491              Semantics", draft-ietf-httpbis-p2-semantics-18 (work in
1492              progress), January 2012.
1493
1494   [Part4]    Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H.,
1495              Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed.,
1496              and J. Reschke, Ed., "HTTP/1.1, part 4: Conditional
1497              Requests", draft-ietf-httpbis-p4-conditional-18 (work in
1498              progress), January 2012.
1499
1500   [Part5]    Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H.,
1501              Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed.,
1502              and J. Reschke, Ed., "HTTP/1.1, part 5: Range Requests and
1503              Partial Responses", draft-ietf-httpbis-p5-range-18 (work
1504              in progress), January 2012.
1505
1506   [Part6]    Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H.,
1507              Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed.,
1508
1509
1510
1511Fielding, et al.          Expires July 7, 2012                 [Page 27]
1512
1513Internet-Draft              HTTP/1.1, Part 3                January 2012
1514
1515
1516              Nottingham, M., Ed., and J. Reschke, Ed., "HTTP/1.1, part
1517              6: Caching", draft-ietf-httpbis-p6-cache-18 (work in
1518              progress), January 2012.
1519
1520   [RFC1950]  Deutsch, L. and J-L. Gailly, "ZLIB Compressed Data Format
1521              Specification version 3.3", RFC 1950, May 1996.
1522
1523   [RFC1951]  Deutsch, P., "DEFLATE Compressed Data Format Specification
1524              version 1.3", RFC 1951, May 1996.
1525
1526   [RFC1952]  Deutsch, P., Gailly, J-L., Adler, M., Deutsch, L., and G.
1527              Randers-Pehrson, "GZIP file format specification version
1528              4.3", RFC 1952, May 1996.
1529
1530   [RFC2045]  Freed, N. and N. Borenstein, "Multipurpose Internet Mail
1531              Extensions (MIME) Part One: Format of Internet Message
1532              Bodies", RFC 2045, November 1996.
1533
1534   [RFC2046]  Freed, N. and N. Borenstein, "Multipurpose Internet Mail
1535              Extensions (MIME) Part Two: Media Types", RFC 2046,
1536              November 1996.
1537
1538   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
1539              Requirement Levels", BCP 14, RFC 2119, March 1997.
1540
1541   [RFC4647]  Phillips, A., Ed. and M. Davis, Ed., "Matching of Language
1542              Tags", BCP 47, RFC 4647, September 2006.
1543
1544   [RFC5234]  Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax
1545              Specifications: ABNF", STD 68, RFC 5234, January 2008.
1546
1547   [RFC5646]  Phillips, A., Ed. and M. Davis, Ed., "Tags for Identifying
1548              Languages", BCP 47, RFC 5646, September 2009.
1549
155010.2.  Informative References
1551
1552   [RFC1945]  Berners-Lee, T., Fielding, R., and H. Nielsen, "Hypertext
1553              Transfer Protocol -- HTTP/1.0", RFC 1945, May 1996.
1554
1555   [RFC2049]  Freed, N. and N. Borenstein, "Multipurpose Internet Mail
1556              Extensions (MIME) Part Five: Conformance Criteria and
1557              Examples", RFC 2049, November 1996.
1558
1559   [RFC2068]  Fielding, R., Gettys, J., Mogul, J., Nielsen, H., and T.
1560              Berners-Lee, "Hypertext Transfer Protocol -- HTTP/1.1",
1561              RFC 2068, January 1997.
1562
1563   [RFC2076]  Palme, J., "Common Internet Message Headers", RFC 2076,
1564
1565
1566
1567Fielding, et al.          Expires July 7, 2012                 [Page 28]
1568
1569Internet-Draft              HTTP/1.1, Part 3                January 2012
1570
1571
1572              February 1997.
1573
1574   [RFC2277]  Alvestrand, H., "IETF Policy on Character Sets and
1575              Languages", BCP 18, RFC 2277, January 1998.
1576
1577   [RFC2295]  Holtman, K. and A. Mutz, "Transparent Content Negotiation
1578              in HTTP", RFC 2295, March 1998.
1579
1580   [RFC2388]  Masinter, L., "Returning Values from Forms:  multipart/
1581              form-data", RFC 2388, August 1998.
1582
1583   [RFC2557]  Palme, F., Hopmann, A., Shelness, N., and E. Stefferud,
1584              "MIME Encapsulation of Aggregate Documents, such as HTML
1585              (MHTML)", RFC 2557, March 1999.
1586
1587   [RFC2616]  Fielding, R., Gettys, J., Mogul, J., Frystyk, H.,
1588              Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext
1589              Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999.
1590
1591   [RFC3629]  Yergeau, F., "UTF-8, a transformation format of ISO
1592              10646", STD 63, RFC 3629, November 2003.
1593
1594   [RFC3864]  Klyne, G., Nottingham, M., and J. Mogul, "Registration
1595              Procedures for Message Header Fields", BCP 90, RFC 3864,
1596              September 2004.
1597
1598   [RFC4288]  Freed, N. and J. Klensin, "Media Type Specifications and
1599              Registration Procedures", BCP 13, RFC 4288, December 2005.
1600
1601   [RFC5226]  Narten, T. and H. Alvestrand, "Guidelines for Writing an
1602              IANA Considerations Section in RFCs", BCP 26, RFC 5226,
1603              May 2008.
1604
1605   [RFC5322]  Resnick, P., "Internet Message Format", RFC 5322,
1606              October 2008.
1607
1608   [RFC6151]  Turner, S. and L. Chen, "Updated Security Considerations
1609              for the MD5 Message-Digest and the HMAC-MD5 Algorithms",
1610              RFC 6151, March 2011.
1611
1612   [RFC6266]  Reschke, J., "Use of the Content-Disposition Header Field
1613              in the Hypertext Transfer Protocol (HTTP)", RFC 6266,
1614              June 2011.
1615
1616Appendix A.  Differences between HTTP and MIME
1617
1618   HTTP/1.1 uses many of the constructs defined for Internet Mail
1619   ([RFC5322]) and the Multipurpose Internet Mail Extensions (MIME
1620
1621
1622
1623Fielding, et al.          Expires July 7, 2012                 [Page 29]
1624
1625Internet-Draft              HTTP/1.1, Part 3                January 2012
1626
1627
1628   [RFC2045]) to allow a message-body to be transmitted in an open
1629   variety of representations and with extensible mechanisms.  However,
1630   RFC 2045 discusses mail, and HTTP has a few features that are
1631   different from those described in MIME.  These differences were
1632   carefully chosen to optimize performance over binary connections, to
1633   allow greater freedom in the use of new media types, to make date
1634   comparisons easier, and to acknowledge the practice of some early
1635   HTTP servers and clients.
1636
1637   This appendix describes specific areas where HTTP differs from MIME.
1638   Proxies and gateways to strict MIME environments SHOULD be aware of
1639   these differences and provide the appropriate conversions where
1640   necessary.  Proxies and gateways from MIME environments to HTTP also
1641   need to be aware of the differences because some conversions might be
1642   required.
1643
1644A.1.  MIME-Version
1645
1646   HTTP is not a MIME-compliant protocol.  However, HTTP/1.1 messages
1647   MAY include a single MIME-Version header field to indicate what
1648   version of the MIME protocol was used to construct the message.  Use
1649   of the MIME-Version header field indicates that the message is in
1650   full compliance with the MIME protocol (as defined in [RFC2045]).
1651   Proxies/gateways are responsible for ensuring full compliance (where
1652   possible) when exporting HTTP messages to strict MIME environments.
1653
1654     MIME-Version = 1*DIGIT "." 1*DIGIT
1655
1656   MIME version "1.0" is the default for use in HTTP/1.1.  However,
1657   HTTP/1.1 message parsing and semantics are defined by this document
1658   and not the MIME specification.
1659
1660A.2.  Conversion to Canonical Form
1661
1662   MIME requires that an Internet mail body-part be converted to
1663   canonical form prior to being transferred, as described in Section 4
1664   of [RFC2049].  Section 2.3.1 of this document describes the forms
1665   allowed for subtypes of the "text" media type when transmitted over
1666   HTTP.  [RFC2046] requires that content with a type of "text"
1667   represent line breaks as CRLF and forbids the use of CR or LF outside
1668   of line break sequences.  HTTP allows CRLF, bare CR, and bare LF to
1669   indicate a line break within text content when a message is
1670   transmitted over HTTP.
1671
1672   Where it is possible, a proxy or gateway from HTTP to a strict MIME
1673   environment SHOULD translate all line breaks within the text media
1674   types described in Section 2.3.1 of this document to the RFC 2049
1675   canonical form of CRLF.  Note, however, that this might be
1676
1677
1678
1679Fielding, et al.          Expires July 7, 2012                 [Page 30]
1680
1681Internet-Draft              HTTP/1.1, Part 3                January 2012
1682
1683
1684   complicated by the presence of a Content-Encoding and by the fact
1685   that HTTP allows the use of some character encodings which do not use
1686   octets 13 and 10 to represent CR and LF, respectively, as is the case
1687   for some multi-byte character encodings.
1688
1689   Conversion will break any cryptographic checksums applied to the
1690   original content unless the original content is already in canonical
1691   form.  Therefore, the canonical form is recommended for any content
1692   that uses such checksums in HTTP.
1693
1694A.3.  Conversion of Date Formats
1695
1696   HTTP/1.1 uses a restricted set of date formats (Section 8 of [Part2])
1697   to simplify the process of date comparison.  Proxies and gateways
1698   from other protocols SHOULD ensure that any Date header field present
1699   in a message conforms to one of the HTTP/1.1 formats and rewrite the
1700   date if necessary.
1701
1702A.4.  Introduction of Content-Encoding
1703
1704   MIME does not include any concept equivalent to HTTP/1.1's Content-
1705   Encoding header field.  Since this acts as a modifier on the media
1706   type, proxies and gateways from HTTP to MIME-compliant protocols MUST
1707   either change the value of the Content-Type header field or decode
1708   the representation before forwarding the message.  (Some experimental
1709   applications of Content-Type for Internet mail have used a media-type
1710   parameter of ";conversions=<content-coding>" to perform a function
1711   equivalent to Content-Encoding.  However, this parameter is not part
1712   of the MIME standards).
1713
1714A.5.  No Content-Transfer-Encoding
1715
1716   HTTP does not use the Content-Transfer-Encoding field of MIME.
1717   Proxies and gateways from MIME-compliant protocols to HTTP MUST
1718   remove any Content-Transfer-Encoding prior to delivering the response
1719   message to an HTTP client.
1720
1721   Proxies and gateways from HTTP to MIME-compliant protocols are
1722   responsible for ensuring that the message is in the correct format
1723   and encoding for safe transport on that protocol, where "safe
1724   transport" is defined by the limitations of the protocol being used.
1725   Such a proxy or gateway SHOULD label the data with an appropriate
1726   Content-Transfer-Encoding if doing so will improve the likelihood of
1727   safe transport over the destination protocol.
1728
1729
1730
1731
1732
1733
1734
1735Fielding, et al.          Expires July 7, 2012                 [Page 31]
1736
1737Internet-Draft              HTTP/1.1, Part 3                January 2012
1738
1739
1740A.6.  Introduction of Transfer-Encoding
1741
1742   HTTP/1.1 introduces the Transfer-Encoding header field (Section 8.6
1743   of [Part1]).  Proxies/gateways MUST remove any transfer-coding prior
1744   to forwarding a message via a MIME-compliant protocol.
1745
1746A.7.  MHTML and Line Length Limitations
1747
1748   HTTP implementations which share code with MHTML [RFC2557]
1749   implementations need to be aware of MIME line length limitations.
1750   Since HTTP does not have this limitation, HTTP does not fold long
1751   lines.  MHTML messages being transported by HTTP follow all
1752   conventions of MHTML, including line length limitations and folding,
1753   canonicalization, etc., since HTTP transports all message-bodies as
1754   payload (see Section 2.3.2) and does not interpret the content or any
1755   MIME header lines that might be contained therein.
1756
1757Appendix B.  Additional Features
1758
1759   [RFC1945] and [RFC2068] document protocol elements used by some
1760   existing HTTP implementations, but not consistently and correctly
1761   across most HTTP/1.1 applications.  Implementors are advised to be
1762   aware of these features, but cannot rely upon their presence in, or
1763   interoperability with, other HTTP/1.1 applications.  Some of these
1764   describe proposed experimental features, and some describe features
1765   that experimental deployment found lacking that are now addressed in
1766   the base HTTP/1.1 specification.
1767
1768   A number of other header fields, such as Content-Disposition and
1769   Title, from SMTP and MIME are also often implemented (see [RFC6266]
1770   and [RFC2076]).
1771
1772Appendix C.  Changes from RFC 2616
1773
1774   Clarify contexts that charset is used in.  (Section 2.1)
1775
1776   Remove the default character encoding for text media types; the
1777   default now is whatever the media type definition says.
1778   (Section 2.3.1)
1779
1780   Change ABNF productions for header fields to only define the field
1781   value.  (Section 6)
1782
1783   Remove definition of Content-MD5 header field because it was
1784   inconsistently implemented with respect to partial responses, and
1785   also because of known deficiencies in the hash algorithm itself (see
1786   [RFC6151] for details).  (Section 6)
1787
1788
1789
1790
1791Fielding, et al.          Expires July 7, 2012                 [Page 32]
1792
1793Internet-Draft              HTTP/1.1, Part 3                January 2012
1794
1795
1796   Remove ISO-8859-1 special-casing in Accept-Charset.  (Section 6.2)
1797
1798   Remove base URI setting semantics for Content-Location due to poor
1799   implementation support, which was caused by too many broken servers
1800   emitting bogus Content-Location header fields, and also the
1801   potentially undesirable effect of potentially breaking relative links
1802   in content-negotiated resources.  (Section 6.7)
1803
1804   Remove discussion of Content-Disposition header field, it is now
1805   defined by [RFC6266].  (Appendix B)
1806
1807   Remove reference to non-existant identity transfer-coding value
1808   tokens.  (Appendix A.5)
1809
1810Appendix D.  Collected ABNF
1811
1812   Accept = [ ( "," / ( media-range [ accept-params ] ) ) *( OWS "," [
1813    OWS media-range [ accept-params ] ] ) ]
1814   Accept-Charset = *( "," OWS ) ( charset / "*" ) [ OWS ";" OWS "q="
1815    qvalue ] *( OWS "," [ OWS ( charset / "*" ) [ OWS ";" OWS "q="
1816    qvalue ] ] )
1817   Accept-Encoding = [ ( "," / ( codings [ OWS ";" OWS "q=" qvalue ] ) )
1818    *( OWS "," [ OWS codings [ OWS ";" OWS "q=" qvalue ] ] ) ]
1819   Accept-Language = *( "," OWS ) language-range [ OWS ";" OWS "q="
1820    qvalue ] *( OWS "," [ OWS language-range [ OWS ";" OWS "q=" qvalue ]
1821    ] )
1822
1823   Content-Encoding = *( "," OWS ) content-coding *( OWS "," [ OWS
1824    content-coding ] )
1825   Content-Language = *( "," OWS ) language-tag *( OWS "," [ OWS
1826    language-tag ] )
1827   Content-Location = absolute-URI / partial-URI
1828   Content-Type = media-type
1829
1830   MIME-Version = 1*DIGIT "." 1*DIGIT
1831
1832   OWS = <OWS, defined in [Part1], Section 1.2.2>
1833
1834   absolute-URI = <absolute-URI, defined in [Part1], Section 2.7>
1835   accept-ext = OWS ";" OWS token [ "=" word ]
1836   accept-params = OWS ";" OWS "q=" qvalue *accept-ext
1837   attribute = token
1838
1839   charset = token
1840   codings = content-coding / "identity" / "*"
1841   content-coding = token
1842
1843   language-range = <language-range, defined in [RFC4647], Section 2.1>
1844
1845
1846
1847Fielding, et al.          Expires July 7, 2012                 [Page 33]
1848
1849Internet-Draft              HTTP/1.1, Part 3                January 2012
1850
1851
1852   language-tag = <Language-Tag, defined in [RFC5646], Section 2.1>
1853
1854   media-range = ( "*/*" / ( type "/*" ) / ( type "/" subtype ) ) *( OWS
1855    ";" OWS parameter )
1856   media-type = type "/" subtype *( OWS ";" OWS parameter )
1857
1858   parameter = attribute "=" value
1859   partial-URI = <partial-URI, defined in [Part1], Section 2.7>
1860
1861   qvalue = <qvalue, defined in [Part1], Section 5.3>
1862
1863   subtype = token
1864
1865   token = <token, defined in [Part1], Section 3.2.3>
1866   type = token
1867
1868   value = word
1869
1870   word = <word, defined in [Part1], Section 3.2.3>
1871
1872   ABNF diagnostics:
1873
1874   ; Accept defined but not used
1875   ; Accept-Charset defined but not used
1876   ; Accept-Encoding defined but not used
1877   ; Accept-Language defined but not used
1878   ; Content-Encoding defined but not used
1879   ; Content-Language defined but not used
1880   ; Content-Location defined but not used
1881   ; Content-Type defined but not used
1882   ; MIME-Version defined but not used
1883
1884Appendix E.  Change Log (to be removed by RFC Editor before publication)
1885
1886E.1.  Since RFC 2616
1887
1888   Extracted relevant partitions from [RFC2616].
1889
1890E.2.  Since draft-ietf-httpbis-p3-payload-00
1891
1892   Closed issues:
1893
1894   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/8>: "Media Type
1895      Registrations" (<http://purl.org/NET/http-errata#media-reg>)
1896
1897   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/14>: "Clarification
1898      regarding quoting of charset values"
1899      (<http://purl.org/NET/http-errata#charactersets>)
1900
1901
1902
1903Fielding, et al.          Expires July 7, 2012                 [Page 34]
1904
1905Internet-Draft              HTTP/1.1, Part 3                January 2012
1906
1907
1908   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/16>: "Remove
1909      'identity' token references"
1910      (<http://purl.org/NET/http-errata#identity>)
1911
1912   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/25>: "Accept-
1913      Encoding BNF"
1914
1915   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/35>: "Normative and
1916      Informative references"
1917
1918   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/46>: "RFC1700
1919      references"
1920
1921   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/55>: "Updating to
1922      RFC4288"
1923
1924   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/65>: "Informative
1925      references"
1926
1927   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/66>: "ISO-8859-1
1928      Reference"
1929
1930   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/68>: "Encoding
1931      References Normative"
1932
1933   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/86>: "Normative up-
1934      to-date references"
1935
1936E.3.  Since draft-ietf-httpbis-p3-payload-01
1937
1938   Ongoing work on ABNF conversion
1939   (<http://tools.ietf.org/wg/httpbis/trac/ticket/36>):
1940
1941   o  Add explicit references to BNF syntax and rules imported from
1942      other parts of the specification.
1943
1944E.4.  Since draft-ietf-httpbis-p3-payload-02
1945
1946   Closed issues:
1947
1948   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/67>: "Quoting
1949      Charsets"
1950
1951   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/105>:
1952      "Classification for Allow header"
1953
1954   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/115>: "missing
1955      default for qvalue in description of Accept-Encoding"
1956
1957
1958
1959Fielding, et al.          Expires July 7, 2012                 [Page 35]
1960
1961Internet-Draft              HTTP/1.1, Part 3                January 2012
1962
1963
1964   Ongoing work on IANA Message Header Field Registration
1965   (<http://tools.ietf.org/wg/httpbis/trac/ticket/40>):
1966
1967   o  Reference RFC 3984, and update header field registrations for
1968      headers defined in this document.
1969
1970E.5.  Since draft-ietf-httpbis-p3-payload-03
1971
1972   Closed issues:
1973
1974   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/67>: "Quoting
1975      Charsets"
1976
1977   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/113>: "language tag
1978      matching (Accept-Language) vs RFC4647"
1979
1980   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/121>: "RFC 1806 has
1981      been replaced by RFC2183"
1982
1983   Other changes:
1984
1985   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/68>: "Encoding
1986      References Normative" -- rephrase the annotation and reference
1987      BCP97.
1988
1989E.6.  Since draft-ietf-httpbis-p3-payload-04
1990
1991   Closed issues:
1992
1993   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/132>: "RFC 2822 is
1994      updated by RFC 5322"
1995
1996   Ongoing work on ABNF conversion
1997   (<http://tools.ietf.org/wg/httpbis/trac/ticket/36>):
1998
1999   o  Use "/" instead of "|" for alternatives.
2000
2001   o  Introduce new ABNF rules for "bad" whitespace ("BWS"), optional
2002      whitespace ("OWS") and required whitespace ("RWS").
2003
2004   o  Rewrite ABNFs to spell out whitespace rules, factor out header
2005      field value format definitions.
2006
2007E.7.  Since draft-ietf-httpbis-p3-payload-05
2008
2009   Closed issues:
2010
2011
2012
2013
2014
2015Fielding, et al.          Expires July 7, 2012                 [Page 36]
2016
2017Internet-Draft              HTTP/1.1, Part 3                January 2012
2018
2019
2020   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/118>: "Join
2021      "Differences Between HTTP Entities and RFC 2045 Entities"?"
2022
2023   Final work on ABNF conversion
2024   (<http://tools.ietf.org/wg/httpbis/trac/ticket/36>):
2025
2026   o  Add appendix containing collected and expanded ABNF, reorganize
2027      ABNF introduction.
2028
2029   Other changes:
2030
2031   o  Move definition of quality values into Part 1.
2032
2033E.8.  Since draft-ietf-httpbis-p3-payload-06
2034
2035   Closed issues:
2036
2037   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/80>: "Content-
2038      Location isn't special"
2039
2040   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/155>: "Content
2041      Sniffing"
2042
2043E.9.  Since draft-ietf-httpbis-p3-payload-07
2044
2045   Closed issues:
2046
2047   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/13>: "Updated
2048      reference for language tags"
2049
2050   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/110>: "Clarify rules
2051      for determining what entities a response carries"
2052
2053   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/154>: "Content-
2054      Location base-setting problems"
2055
2056   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/155>: "Content
2057      Sniffing"
2058
2059   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/188>: "pick IANA
2060      policy (RFC5226) for Transfer Coding / Content Coding"
2061
2062   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/189>: "move
2063      definitions of gzip/deflate/compress to part 1"
2064
2065   Partly resolved issues:
2066
2067
2068
2069
2070
2071Fielding, et al.          Expires July 7, 2012                 [Page 37]
2072
2073Internet-Draft              HTTP/1.1, Part 3                January 2012
2074
2075
2076   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/148>: "update IANA
2077      requirements wrt Transfer-Coding values" (add the IANA
2078      Considerations subsection)
2079
2080   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/149>: "update IANA
2081      requirements wrt Content-Coding values" (add the IANA
2082      Considerations subsection)
2083
2084E.10.  Since draft-ietf-httpbis-p3-payload-08
2085
2086   Closed issues:
2087
2088   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/81>: "Content
2089      Negotiation for media types"
2090
2091   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/181>: "Accept-
2092      Language: which RFC4647 filtering?"
2093
2094E.11.  Since draft-ietf-httpbis-p3-payload-09
2095
2096   Closed issues:
2097
2098   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/122>: "MIME-Version
2099      not listed in P1, general header fields"
2100
2101   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/143>: "IANA registry
2102      for content/transfer encodings"
2103
2104   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/155>: "Content
2105      Sniffing"
2106
2107   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/200>: "use of term
2108      "word" when talking about header structure"
2109
2110   Partly resolved issues:
2111
2112   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/196>: "Term for the
2113      requested resource's URI"
2114
2115E.12.  Since draft-ietf-httpbis-p3-payload-10
2116
2117   Closed issues:
2118
2119   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/69>: "Clarify
2120      'Requested Variant'"
2121
2122   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/80>: "Content-
2123      Location isn't special"
2124
2125
2126
2127Fielding, et al.          Expires July 7, 2012                 [Page 38]
2128
2129Internet-Draft              HTTP/1.1, Part 3                January 2012
2130
2131
2132   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/90>: "Delimiting
2133      messages with multipart/byteranges"
2134
2135   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/109>: "Clarify
2136      entity / representation / variant terminology"
2137
2138   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/136>: "confusing
2139      req. language for Content-Location"
2140
2141   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/167>: "Content-
2142      Location on 304 responses"
2143
2144   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/183>: "'requested
2145      resource' in content-encoding definition"
2146
2147   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/220>: "consider
2148      removing the 'changes from 2068' sections"
2149
2150   Partly resolved issues:
2151
2152   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/178>: "Content-MD5
2153      and partial responses"
2154
2155E.13.  Since draft-ietf-httpbis-p3-payload-11
2156
2157   Closed issues:
2158
2159   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/123>: "Factor out
2160      Content-Disposition"
2161
2162E.14.  Since draft-ietf-httpbis-p3-payload-12
2163
2164   Closed issues:
2165
2166   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/224>: "Header
2167      Classification"
2168
2169   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/276>: "untangle
2170      ABNFs for header fields"
2171
2172   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/277>: "potentially
2173      misleading MAY in media-type def"
2174
2175E.15.  Since draft-ietf-httpbis-p3-payload-13
2176
2177   Closed issues:
2178
2179
2180
2181
2182
2183Fielding, et al.          Expires July 7, 2012                 [Page 39]
2184
2185Internet-Draft              HTTP/1.1, Part 3                January 2012
2186
2187
2188   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/20>: "Default
2189      charsets for text media types"
2190
2191   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/178>: "Content-MD5
2192      and partial responses"
2193
2194   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/276>: "untangle
2195      ABNFs for header fields"
2196
2197   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/281>: "confusing
2198      undefined parameter in media range example"
2199
2200E.16.  Since draft-ietf-httpbis-p3-payload-14
2201
2202   None.
2203
2204E.17.  Since draft-ietf-httpbis-p3-payload-15
2205
2206   Closed issues:
2207
2208   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/285>: "Strength of
2209      requirements on Accept re: 406"
2210
2211E.18.  Since draft-ietf-httpbis-p3-payload-16
2212
2213   Closed issues:
2214
2215   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/186>: "Document
2216      HTTP's error-handling philosophy"
2217
2218E.19.  Since draft-ietf-httpbis-p3-payload-17
2219
2220   Closed issues:
2221
2222   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/323>: "intended
2223      maturity level vs normative references"
2224
2225Index
2226
2227   A
2228      Accept header field  16
2229      Accept-Charset header field  18
2230      Accept-Encoding header field  19
2231      Accept-Language header field  20
2232
2233   C
2234      Coding Format
2235         compress  7
2236
2237
2238
2239Fielding, et al.          Expires July 7, 2012                 [Page 40]
2240
2241Internet-Draft              HTTP/1.1, Part 3                January 2012
2242
2243
2244         deflate  7
2245         gzip  8
2246      compress (Coding Format)  7
2247      content negotiation  5
2248      Content-Encoding header field  21
2249      Content-Language header field  22
2250      Content-Location header field  23
2251      Content-Type header field  25
2252
2253   D
2254      deflate (Coding Format)  7
2255
2256   G
2257      Grammar
2258         Accept  16
2259         Accept-Charset  18
2260         Accept-Encoding  19
2261         accept-ext  16
2262         Accept-Language  20
2263         accept-params  16
2264         attribute  8
2265         charset  7
2266         codings  19
2267         content-coding  7
2268         Content-Encoding  21
2269         Content-Language  22
2270         Content-Location  23
2271         Content-Type  25
2272         language-range  20
2273         language-tag  10
2274         media-range  16
2275         media-type  8
2276         MIME-Version  30
2277         parameter  8
2278         subtype  8
2279         type  8
2280         value  8
2281      gzip (Coding Format)  8
2282
2283   H
2284      Header Fields
2285         Accept  16
2286         Accept-Charset  18
2287         Accept-Encoding  19
2288         Accept-Language  20
2289         Content-Encoding  21
2290         Content-Language  22
2291         Content-Location  23
2292
2293
2294
2295Fielding, et al.          Expires July 7, 2012                 [Page 41]
2296
2297Internet-Draft              HTTP/1.1, Part 3                January 2012
2298
2299
2300         Content-Type  25
2301         MIME-Version  30
2302
2303   M
2304      MIME-Version header field  30
2305
2306   P
2307      payload  11
2308
2309   R
2310      representation  11
2311
2312Authors' Addresses
2313
2314   Roy T. Fielding (editor)
2315   Adobe Systems Incorporated
2316   345 Park Ave
2317   San Jose, CA  95110
2318   USA
2319
2320   EMail: fielding@gbiv.com
2321   URI:   http://roy.gbiv.com/
2322
2323
2324   Jim Gettys
2325   Alcatel-Lucent Bell Labs
2326   21 Oak Knoll Road
2327   Carlisle, MA  01741
2328   USA
2329
2330   EMail: jg@freedesktop.org
2331   URI:   http://gettys.wordpress.com/
2332
2333
2334   Jeffrey C. Mogul
2335   Hewlett-Packard Company
2336   HP Labs, Large Scale Systems Group
2337   1501 Page Mill Road, MS 1177
2338   Palo Alto, CA  94304
2339   USA
2340
2341   EMail: JeffMogul@acm.org
2342
2343
2344
2345
2346
2347
2348
2349
2350
2351Fielding, et al.          Expires July 7, 2012                 [Page 42]
2352
2353Internet-Draft              HTTP/1.1, Part 3                January 2012
2354
2355
2356   Henrik Frystyk Nielsen
2357   Microsoft Corporation
2358   1 Microsoft Way
2359   Redmond, WA  98052
2360   USA
2361
2362   EMail: henrikn@microsoft.com
2363
2364
2365   Larry Masinter
2366   Adobe Systems Incorporated
2367   345 Park Ave
2368   San Jose, CA  95110
2369   USA
2370
2371   EMail: LMM@acm.org
2372   URI:   http://larry.masinter.net/
2373
2374
2375   Paul J. Leach
2376   Microsoft Corporation
2377   1 Microsoft Way
2378   Redmond, WA  98052
2379
2380   EMail: paulle@microsoft.com
2381
2382
2383   Tim Berners-Lee
2384   World Wide Web Consortium
2385   MIT Computer Science and Artificial Intelligence Laboratory
2386   The Stata Center, Building 32
2387   32 Vassar Street
2388   Cambridge, MA  02139
2389   USA
2390
2391   EMail: timbl@w3.org
2392   URI:   http://www.w3.org/People/Berners-Lee/
2393
2394
2395
2396
2397
2398
2399
2400
2401
2402
2403
2404
2405
2406
2407Fielding, et al.          Expires July 7, 2012                 [Page 43]
2408
2409Internet-Draft              HTTP/1.1, Part 3                January 2012
2410
2411
2412   Yves Lafon (editor)
2413   World Wide Web Consortium
2414   W3C / ERCIM
2415   2004, rte des Lucioles
2416   Sophia-Antipolis, AM  06902
2417   France
2418
2419   EMail: ylafon@w3.org
2420   URI:   http://www.raubacapeu.net/people/yves/
2421
2422
2423   Julian F. Reschke (editor)
2424   greenbytes GmbH
2425   Hafenweg 16
2426   Muenster, NW  48155
2427   Germany
2428
2429   Phone: +49 251 2807760
2430   Fax:   +49 251 2807761
2431   EMail: julian.reschke@greenbytes.de
2432   URI:   http://greenbytes.de/tech/webdav/
2433
2434
2435
2436
2437
2438
2439
2440
2441
2442
2443
2444
2445
2446
2447
2448
2449
2450
2451
2452
2453
2454
2455
2456
2457
2458
2459
2460
2461
2462
2463Fielding, et al.          Expires July 7, 2012                 [Page 44]
2464
Note: See TracBrowser for help on using the repository browser.