source: draft-ietf-httpbis/latest/auth48/rfc7231.abdiff.txt @ 2680

Last change on this file since 2680 was 2680, checked in by julian.reschke@…, 6 years ago

hyphenation (#553)

  • Property svn:eol-style set to native
File size: 39.7 KB
Line 
1
2INTRODUCTION, paragraph 1:
3OLD:
4
5 HTTPbis Working Group                                   R. Fielding, Ed.
6 Internet-Draft                                                     Adobe
7 Obsoletes: 2616 (if approved)                            J. Reschke, Ed.
8 Updates: 2817 (if approved)                                   greenbytes
9 Intended status: Standards Track                            May 16, 2014
10 Expires: November 17, 2014
11
12NEW:
13
14 Internet Engineering Task Force (IETF)                  R. Fielding, Ed.
15 Request for Comments: 7231                                         Adobe
16 Obsoletes: 2616                                          J. Reschke, Ed.
17 Updates: 2817                                                 greenbytes
18 Category: Standards Track                                       May 2014
19 ISSN: 2070-1721
20
21
22INTRODUCTION, paragraph 2:
23OLD:
24
25      Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content
26                  draft-ietf-httpbis-p2-semantics-latest
27
28NEW:
29
30      Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content
31
32
33INTRODUCTION, paragraph 5:
34OLD:
35
36 Editorial Note (To be removed by RFC Editor)
37 
38    Discussion of this draft takes place on the HTTPBIS working group
39    mailing list (ietf-http-wg@w3.org), which is archived at
40    <http://lists.w3.org/Archives/Public/ietf-http-wg/>.
41 
42    The current issues list is at
43    <http://tools.ietf.org/wg/httpbis/trac/report/3> and related
44    documents (including fancy diffs) can be found at
45    <http://tools.ietf.org/wg/httpbis/>.
46 
47    _This is a temporary document for the purpose of tracking the
48    editorial changes made during the AUTH48 (RFC publication) phase._
49 
50 Status of This Memo
51
52NEW:
53
54 Status of This Memo
55
56
57INTRODUCTION, paragraph 6:
58OLD:
59
60    This Internet-Draft is submitted in full conformance with the
61    provisions of BCP 78 and BCP 79.
62 
63    Internet-Drafts are working documents of the Internet Engineering
64    Task Force (IETF).  Note that other groups may also distribute
65    working documents as Internet-Drafts.  The list of current Internet-
66    Drafts is at http://datatracker.ietf.org/drafts/current/.
67
68NEW:
69
70    This is an Internet Standards Track document.
71
72
73INTRODUCTION, paragraph 7:
74OLD:
75
76    Internet-Drafts are draft documents valid for a maximum of six months
77    and may be updated, replaced, or obsoleted by other documents at any
78    time.  It is inappropriate to use Internet-Drafts as reference
79    material or to cite them other than as "work in progress."
80
81NEW:
82
83    This document is a product of the Internet Engineering Task Force
84    (IETF).  It represents the consensus of the IETF community.  It has
85    received public review and has been approved for publication by the
86    Internet Engineering Steering Group (IESG).  Further information on
87    Internet Standards is available in Section 2 of RFC 5741.
88
89
90INTRODUCTION, paragraph 8:
91OLD:
92
93    This Internet-Draft will expire on November 17, 2014.
94
95NEW:
96
97    Information about the current status of this document, any errata,
98    and how to provide feedback on it may be obtained at
99    http://www.rfc-editor.org/info/rfc7231.
100
101
102Section 11., paragraph 0:
103OLD:
104
105    1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  6
106      1.1.  Conformance and Error Handling . . . . . . . . . . . . . .  6
107      1.2.  Syntax Notation  . . . . . . . . . . . . . . . . . . . . .  6
108    2.  Resources  . . . . . . . . . . . . . . . . . . . . . . . . . .  7
109    3.  Representations  . . . . . . . . . . . . . . . . . . . . . . .  7
110      3.1.  Representation Metadata  . . . . . . . . . . . . . . . . .  8
111        3.1.1.  Processing Representation Data . . . . . . . . . . . .  8
112        3.1.2.  Encoding for Compression or Integrity  . . . . . . . . 11
113        3.1.3.  Audience Language  . . . . . . . . . . . . . . . . . . 13
114        3.1.4.  Identification . . . . . . . . . . . . . . . . . . . . 14
115      3.2.  Representation Data  . . . . . . . . . . . . . . . . . . . 17
116      3.3.  Payload Semantics  . . . . . . . . . . . . . . . . . . . . 17
117      3.4.  Content Negotiation  . . . . . . . . . . . . . . . . . . . 18
118        3.4.1.  Proactive Negotiation  . . . . . . . . . . . . . . . . 19
119        3.4.2.  Reactive Negotiation . . . . . . . . . . . . . . . . . 20
120 
121    4.  Request Methods  . . . . . . . . . . . . . . . . . . . . . . . 21
122      4.1.  Overview . . . . . . . . . . . . . . . . . . . . . . . . . 21
123      4.2.  Common Method Properties . . . . . . . . . . . . . . . . . 22
124        4.2.1.  Safe Methods . . . . . . . . . . . . . . . . . . . . . 22
125        4.2.2.  Idempotent Methods . . . . . . . . . . . . . . . . . . 23
126        4.2.3.  Cacheable Methods  . . . . . . . . . . . . . . . . . . 24
127      4.3.  Method Definitions . . . . . . . . . . . . . . . . . . . . 24
128        4.3.1.  GET  . . . . . . . . . . . . . . . . . . . . . . . . . 24
129        4.3.2.  HEAD . . . . . . . . . . . . . . . . . . . . . . . . . 25
130        4.3.3.  POST . . . . . . . . . . . . . . . . . . . . . . . . . 25
131        4.3.4.  PUT  . . . . . . . . . . . . . . . . . . . . . . . . . 26
132        4.3.5.  DELETE . . . . . . . . . . . . . . . . . . . . . . . . 29
133        4.3.6.  CONNECT  . . . . . . . . . . . . . . . . . . . . . . . 30
134        4.3.7.  OPTIONS  . . . . . . . . . . . . . . . . . . . . . . . 31
135        4.3.8.  TRACE  . . . . . . . . . . . . . . . . . . . . . . . . 32
136    5.  Request Header Fields  . . . . . . . . . . . . . . . . . . . . 33
137      5.1.  Controls . . . . . . . . . . . . . . . . . . . . . . . . . 33
138        5.1.1.  Expect . . . . . . . . . . . . . . . . . . . . . . . . 34
139        5.1.2.  Max-Forwards . . . . . . . . . . . . . . . . . . . . . 36
140      5.2.  Conditionals . . . . . . . . . . . . . . . . . . . . . . . 36
141      5.3.  Content Negotiation  . . . . . . . . . . . . . . . . . . . 37
142        5.3.1.  Quality Values . . . . . . . . . . . . . . . . . . . . 37
143        5.3.2.  Accept . . . . . . . . . . . . . . . . . . . . . . . . 38
144        5.3.3.  Accept-Charset . . . . . . . . . . . . . . . . . . . . 40
145        5.3.4.  Accept-Encoding  . . . . . . . . . . . . . . . . . . . 41
146        5.3.5.  Accept-Language  . . . . . . . . . . . . . . . . . . . 42
147      5.4.  Authentication Credentials . . . . . . . . . . . . . . . . 43
148      5.5.  Request Context  . . . . . . . . . . . . . . . . . . . . . 44
149        5.5.1.  From . . . . . . . . . . . . . . . . . . . . . . . . . 44
150        5.5.2.  Referer  . . . . . . . . . . . . . . . . . . . . . . . 45
151        5.5.3.  User-Agent . . . . . . . . . . . . . . . . . . . . . . 46
152    6.  Response Status Codes  . . . . . . . . . . . . . . . . . . . . 47
153      6.1.  Overview of Status Codes . . . . . . . . . . . . . . . . . 48
154      6.2.  Informational 1xx  . . . . . . . . . . . . . . . . . . . . 50
155        6.2.1.  100 Continue . . . . . . . . . . . . . . . . . . . . . 50
156        6.2.2.  101 Switching Protocols  . . . . . . . . . . . . . . . 50
157      6.3.  Successful 2xx . . . . . . . . . . . . . . . . . . . . . . 51
158        6.3.1.  200 OK . . . . . . . . . . . . . . . . . . . . . . . . 51
159        6.3.2.  201 Created  . . . . . . . . . . . . . . . . . . . . . 51
160        6.3.3.  202 Accepted . . . . . . . . . . . . . . . . . . . . . 52
161        6.3.4.  203 Non-Authoritative Information  . . . . . . . . . . 52
162        6.3.5.  204 No Content . . . . . . . . . . . . . . . . . . . . 53
163        6.3.6.  205 Reset Content  . . . . . . . . . . . . . . . . . . 53
164      6.4.  Redirection 3xx  . . . . . . . . . . . . . . . . . . . . . 54
165        6.4.1.  300 Multiple Choices . . . . . . . . . . . . . . . . . 55
166        6.4.2.  301 Moved Permanently  . . . . . . . . . . . . . . . . 56
167        6.4.3.  302 Found  . . . . . . . . . . . . . . . . . . . . . . 56
168        6.4.4.  303 See Other  . . . . . . . . . . . . . . . . . . . . 57
169        6.4.5.  305 Use Proxy  . . . . . . . . . . . . . . . . . . . . 57
170        6.4.6.  306 (Unused) . . . . . . . . . . . . . . . . . . . . . 57
171        6.4.7.  307 Temporary Redirect . . . . . . . . . . . . . . . . 58
172      6.5.  Client Error 4xx . . . . . . . . . . . . . . . . . . . . . 58
173        6.5.1.  400 Bad Request  . . . . . . . . . . . . . . . . . . . 58
174        6.5.2.  402 Payment Required . . . . . . . . . . . . . . . . . 58
175        6.5.3.  403 Forbidden  . . . . . . . . . . . . . . . . . . . . 58
176        6.5.4.  404 Not Found  . . . . . . . . . . . . . . . . . . . . 59
177        6.5.5.  405 Method Not Allowed . . . . . . . . . . . . . . . . 59
178        6.5.6.  406 Not Acceptable . . . . . . . . . . . . . . . . . . 59
179        6.5.7.  408 Request Timeout  . . . . . . . . . . . . . . . . . 60
180        6.5.8.  409 Conflict . . . . . . . . . . . . . . . . . . . . . 60
181        6.5.9.  410 Gone . . . . . . . . . . . . . . . . . . . . . . . 60
182        6.5.10. 411 Length Required  . . . . . . . . . . . . . . . . . 61
183        6.5.11. 413 Payload Too Large  . . . . . . . . . . . . . . . . 61
184        6.5.12. 414 URI Too Long . . . . . . . . . . . . . . . . . . . 61
185        6.5.13. 415 Unsupported Media Type . . . . . . . . . . . . . . 61
186        6.5.14. 417 Expectation Failed . . . . . . . . . . . . . . . . 62
187        6.5.15. 426 Upgrade Required . . . . . . . . . . . . . . . . . 62
188      6.6.  Server Error 5xx . . . . . . . . . . . . . . . . . . . . . 62
189        6.6.1.  500 Internal Server Error  . . . . . . . . . . . . . . 62
190        6.6.2.  501 Not Implemented  . . . . . . . . . . . . . . . . . 63
191        6.6.3.  502 Bad Gateway  . . . . . . . . . . . . . . . . . . . 63
192        6.6.4.  503 Service Unavailable  . . . . . . . . . . . . . . . 63
193        6.6.5.  504 Gateway Timeout  . . . . . . . . . . . . . . . . . 63
194        6.6.6.  505 HTTP Version Not Supported . . . . . . . . . . . . 63
195    7.  Response Header Fields . . . . . . . . . . . . . . . . . . . . 64
196      7.1.  Control Data . . . . . . . . . . . . . . . . . . . . . . . 64
197        7.1.1.  Origination Date . . . . . . . . . . . . . . . . . . . 64
198        7.1.2.  Location . . . . . . . . . . . . . . . . . . . . . . . 68
199        7.1.3.  Retry-After  . . . . . . . . . . . . . . . . . . . . . 69
200        7.1.4.  Vary . . . . . . . . . . . . . . . . . . . . . . . . . 70
201      7.2.  Validator Header Fields  . . . . . . . . . . . . . . . . . 71
202      7.3.  Authentication Challenges  . . . . . . . . . . . . . . . . 72
203      7.4.  Response Context . . . . . . . . . . . . . . . . . . . . . 72
204        7.4.1.  Allow  . . . . . . . . . . . . . . . . . . . . . . . . 72
205        7.4.2.  Server . . . . . . . . . . . . . . . . . . . . . . . . 73
206    8.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 73
207      8.1.  Method Registry  . . . . . . . . . . . . . . . . . . . . . 74
208        8.1.1.  Procedure  . . . . . . . . . . . . . . . . . . . . . . 74
209        8.1.2.  Considerations for New Methods . . . . . . . . . . . . 74
210        8.1.3.  Registrations  . . . . . . . . . . . . . . . . . . . . 75
211      8.2.  Status Code Registry . . . . . . . . . . . . . . . . . . . 75
212        8.2.1.  Procedure  . . . . . . . . . . . . . . . . . . . . . . 75
213        8.2.2.  Considerations for New Status Codes  . . . . . . . . . 76
214        8.2.3.  Registrations  . . . . . . . . . . . . . . . . . . . . 76
215      8.3.  Header Field Registry  . . . . . . . . . . . . . . . . . . 77
216        8.3.1.  Considerations for New Header Fields . . . . . . . . . 78
217        8.3.2.  Registrations  . . . . . . . . . . . . . . . . . . . . 80
218      8.4.  Content Coding Registry  . . . . . . . . . . . . . . . . . 80
219        8.4.1.  Procedure  . . . . . . . . . . . . . . . . . . . . . . 81
220        8.4.2.  Registrations  . . . . . . . . . . . . . . . . . . . . 81
221    9.  Security Considerations  . . . . . . . . . . . . . . . . . . . 81
222      9.1.  Attacks Based on File and Path Names . . . . . . . . . . . 82
223      9.2.  Attacks Based on Command, Code, or Query Injection . . . . 82
224      9.3.  Disclosure of Personal Information . . . . . . . . . . . . 83
225      9.4.  Disclosure of Sensitive Information in URIs  . . . . . . . 83
226      9.5.  Disclosure of Fragment after Redirects . . . . . . . . . . 83
227      9.6.  Disclosure of Product Information  . . . . . . . . . . . . 84
228      9.7.  Browser Fingerprinting . . . . . . . . . . . . . . . . . . 84
229    10. Acknowledgments  . . . . . . . . . . . . . . . . . . . . . . . 85
230    11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 85
231      11.1. Normative References . . . . . . . . . . . . . . . . . . . 85
232      11.2. Informative References . . . . . . . . . . . . . . . . . . 86
233    Appendix A.  Differences between HTTP and MIME . . . . . . . . . . 88
234      A.1.  MIME-Version . . . . . . . . . . . . . . . . . . . . . . . 89
235      A.2.  Conversion to Canonical Form . . . . . . . . . . . . . . . 89
236      A.3.  Conversion of Date Formats . . . . . . . . . . . . . . . . 89
237      A.4.  Conversion of Content-Encoding . . . . . . . . . . . . . . 89
238      A.5.  Conversion of Content-Transfer-Encoding  . . . . . . . . . 90
239      A.6.  MHTML and Line Length Limitations  . . . . . . . . . . . . 90
240    Appendix B.  Changes from RFC 2616 . . . . . . . . . . . . . . . . 90
241    Appendix C.  Imported ABNF . . . . . . . . . . . . . . . . . . . . 93
242    Appendix D.  Collected ABNF  . . . . . . . . . . . . . . . . . . . 93
243    Index  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
244
245NEW:
246
247    1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  6
248      1.1.  Conformance and Error Handling . . . . . . . . . . . . . .  6
249      1.2.  Syntax Notation  . . . . . . . . . . . . . . . . . . . . .  6
250    2.  Resources  . . . . . . . . . . . . . . . . . . . . . . . . . .  7
251    3.  Representations  . . . . . . . . . . . . . . . . . . . . . . .  7
252      3.1.  Representation Metadata  . . . . . . . . . . . . . . . . .  8
253        3.1.1.  Processing Representation Data . . . . . . . . . . . .  8
254        3.1.2.  Encoding for Compression or Integrity  . . . . . . . . 11
255        3.1.3.  Audience Language  . . . . . . . . . . . . . . . . . . 13
256        3.1.4.  Identification . . . . . . . . . . . . . . . . . . . . 14
257      3.2.  Representation Data  . . . . . . . . . . . . . . . . . . . 17
258      3.3.  Payload Semantics  . . . . . . . . . . . . . . . . . . . . 17
259      3.4.  Content Negotiation  . . . . . . . . . . . . . . . . . . . 18
260        3.4.1.  Proactive Negotiation  . . . . . . . . . . . . . . . . 19
261        3.4.2.  Reactive Negotiation . . . . . . . . . . . . . . . . . 20
262    4.  Request Methods  . . . . . . . . . . . . . . . . . . . . . . . 21
263      4.1.  Overview . . . . . . . . . . . . . . . . . . . . . . . . . 21
264      4.2.  Common Method Properties . . . . . . . . . . . . . . . . . 22
265        4.2.1.  Safe Methods . . . . . . . . . . . . . . . . . . . . . 22
266        4.2.2.  Idempotent Methods . . . . . . . . . . . . . . . . . . 23
267        4.2.3.  Cacheable Methods  . . . . . . . . . . . . . . . . . . 24
268      4.3.  Method Definitions . . . . . . . . . . . . . . . . . . . . 24
269        4.3.1.  GET  . . . . . . . . . . . . . . . . . . . . . . . . . 24
270        4.3.2.  HEAD . . . . . . . . . . . . . . . . . . . . . . . . . 25
271        4.3.3.  POST . . . . . . . . . . . . . . . . . . . . . . . . . 25
272        4.3.4.  PUT  . . . . . . . . . . . . . . . . . . . . . . . . . 26
273        4.3.5.  DELETE . . . . . . . . . . . . . . . . . . . . . . . . 29
274        4.3.6.  CONNECT  . . . . . . . . . . . . . . . . . . . . . . . 30
275        4.3.7.  OPTIONS  . . . . . . . . . . . . . . . . . . . . . . . 31
276        4.3.8.  TRACE  . . . . . . . . . . . . . . . . . . . . . . . . 32
277    5.  Request Header Fields  . . . . . . . . . . . . . . . . . . . . 33
278      5.1.  Controls . . . . . . . . . . . . . . . . . . . . . . . . . 33
279        5.1.1.  Expect . . . . . . . . . . . . . . . . . . . . . . . . 34
280        5.1.2.  Max-Forwards . . . . . . . . . . . . . . . . . . . . . 36
281 
282      5.2.  Conditionals . . . . . . . . . . . . . . . . . . . . . . . 36
283      5.3.  Content Negotiation  . . . . . . . . . . . . . . . . . . . 37
284        5.3.1.  Quality Values . . . . . . . . . . . . . . . . . . . . 37
285        5.3.2.  Accept . . . . . . . . . . . . . . . . . . . . . . . . 38
286        5.3.3.  Accept-Charset . . . . . . . . . . . . . . . . . . . . 40
287        5.3.4.  Accept-Encoding  . . . . . . . . . . . . . . . . . . . 41
288        5.3.5.  Accept-Language  . . . . . . . . . . . . . . . . . . . 42
289      5.4.  Authentication Credentials . . . . . . . . . . . . . . . . 43
290      5.5.  Request Context  . . . . . . . . . . . . . . . . . . . . . 44
291        5.5.1.  From . . . . . . . . . . . . . . . . . . . . . . . . . 44
292        5.5.2.  Referer  . . . . . . . . . . . . . . . . . . . . . . . 45
293        5.5.3.  User-Agent . . . . . . . . . . . . . . . . . . . . . . 46
294    6.  Response Status Codes  . . . . . . . . . . . . . . . . . . . . 47
295      6.1.  Overview of Status Codes . . . . . . . . . . . . . . . . . 48
296      6.2.  Informational 1xx  . . . . . . . . . . . . . . . . . . . . 50
297        6.2.1.  100 Continue . . . . . . . . . . . . . . . . . . . . . 50
298        6.2.2.  101 Switching Protocols  . . . . . . . . . . . . . . . 50
299      6.3.  Successful 2xx . . . . . . . . . . . . . . . . . . . . . . 51
300        6.3.1.  200 OK . . . . . . . . . . . . . . . . . . . . . . . . 51
301        6.3.2.  201 Created  . . . . . . . . . . . . . . . . . . . . . 52
302        6.3.3.  202 Accepted . . . . . . . . . . . . . . . . . . . . . 52
303        6.3.4.  203 Non-Authoritative Information  . . . . . . . . . . 52
304        6.3.5.  204 No Content . . . . . . . . . . . . . . . . . . . . 53
305        6.3.6.  205 Reset Content  . . . . . . . . . . . . . . . . . . 53
306      6.4.  Redirection 3xx  . . . . . . . . . . . . . . . . . . . . . 54
307        6.4.1.  300 Multiple Choices . . . . . . . . . . . . . . . . . 55
308        6.4.2.  301 Moved Permanently  . . . . . . . . . . . . . . . . 56
309        6.4.3.  302 Found  . . . . . . . . . . . . . . . . . . . . . . 56
310        6.4.4.  303 See Other  . . . . . . . . . . . . . . . . . . . . 57
311        6.4.5.  305 Use Proxy  . . . . . . . . . . . . . . . . . . . . 57
312        6.4.6.  306 (Unused) . . . . . . . . . . . . . . . . . . . . . 57
313        6.4.7.  307 Temporary Redirect . . . . . . . . . . . . . . . . 58
314      6.5.  Client Error 4xx . . . . . . . . . . . . . . . . . . . . . 58
315        6.5.1.  400 Bad Request  . . . . . . . . . . . . . . . . . . . 58
316        6.5.2.  402 Payment Required . . . . . . . . . . . . . . . . . 58
317        6.5.3.  403 Forbidden  . . . . . . . . . . . . . . . . . . . . 58
318        6.5.4.  404 Not Found  . . . . . . . . . . . . . . . . . . . . 59
319        6.5.5.  405 Method Not Allowed . . . . . . . . . . . . . . . . 59
320        6.5.6.  406 Not Acceptable . . . . . . . . . . . . . . . . . . 59
321        6.5.7.  408 Request Timeout  . . . . . . . . . . . . . . . . . 60
322        6.5.8.  409 Conflict . . . . . . . . . . . . . . . . . . . . . 60
323        6.5.9.  410 Gone . . . . . . . . . . . . . . . . . . . . . . . 60
324        6.5.10. 411 Length Required  . . . . . . . . . . . . . . . . . 61
325        6.5.11. 413 Payload Too Large  . . . . . . . . . . . . . . . . 61
326        6.5.12. 414 URI Too Long . . . . . . . . . . . . . . . . . . . 61
327        6.5.13. 415 Unsupported Media Type . . . . . . . . . . . . . . 61
328        6.5.14. 417 Expectation Failed . . . . . . . . . . . . . . . . 62
329        6.5.15. 426 Upgrade Required . . . . . . . . . . . . . . . . . 62
330 
331      6.6.  Server Error 5xx . . . . . . . . . . . . . . . . . . . . . 62
332        6.6.1.  500 Internal Server Error  . . . . . . . . . . . . . . 62
333        6.6.2.  501 Not Implemented  . . . . . . . . . . . . . . . . . 63
334        6.6.3.  502 Bad Gateway  . . . . . . . . . . . . . . . . . . . 63
335        6.6.4.  503 Service Unavailable  . . . . . . . . . . . . . . . 63
336        6.6.5.  504 Gateway Timeout  . . . . . . . . . . . . . . . . . 63
337        6.6.6.  505 HTTP Version Not Supported . . . . . . . . . . . . 63
338    7.  Response Header Fields . . . . . . . . . . . . . . . . . . . . 64
339      7.1.  Control Data . . . . . . . . . . . . . . . . . . . . . . . 64
340        7.1.1.  Origination Date . . . . . . . . . . . . . . . . . . . 64
341        7.1.2.  Location . . . . . . . . . . . . . . . . . . . . . . . 68
342        7.1.3.  Retry-After  . . . . . . . . . . . . . . . . . . . . . 69
343        7.1.4.  Vary . . . . . . . . . . . . . . . . . . . . . . . . . 70
344      7.2.  Validator Header Fields  . . . . . . . . . . . . . . . . . 71
345      7.3.  Authentication Challenges  . . . . . . . . . . . . . . . . 72
346      7.4.  Response Context . . . . . . . . . . . . . . . . . . . . . 72
347        7.4.1.  Allow  . . . . . . . . . . . . . . . . . . . . . . . . 72
348        7.4.2.  Server . . . . . . . . . . . . . . . . . . . . . . . . 73
349    8.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 73
350      8.1.  Method Registry  . . . . . . . . . . . . . . . . . . . . . 74
351        8.1.1.  Procedure  . . . . . . . . . . . . . . . . . . . . . . 74
352        8.1.2.  Considerations for New Methods . . . . . . . . . . . . 74
353        8.1.3.  Registrations  . . . . . . . . . . . . . . . . . . . . 75
354      8.2.  Status Code Registry . . . . . . . . . . . . . . . . . . . 75
355        8.2.1.  Procedure  . . . . . . . . . . . . . . . . . . . . . . 75
356        8.2.2.  Considerations for New Status Codes  . . . . . . . . . 76
357        8.2.3.  Registrations  . . . . . . . . . . . . . . . . . . . . 76
358      8.3.  Header Field Registry  . . . . . . . . . . . . . . . . . . 77
359        8.3.1.  Considerations for New Header Fields . . . . . . . . . 78
360        8.3.2.  Registrations  . . . . . . . . . . . . . . . . . . . . 80
361      8.4.  Content Coding Registry  . . . . . . . . . . . . . . . . . 80
362        8.4.1.  Procedure  . . . . . . . . . . . . . . . . . . . . . . 81
363        8.4.2.  Registrations  . . . . . . . . . . . . . . . . . . . . 81
364    9.  Security Considerations  . . . . . . . . . . . . . . . . . . . 81
365      9.1.  Attacks Based on File and Path Names . . . . . . . . . . . 82
366      9.2.  Attacks Based on Command, Code, or Query Injection . . . . 82
367      9.3.  Disclosure of Personal Information . . . . . . . . . . . . 83
368      9.4.  Disclosure of Sensitive Information in URIs  . . . . . . . 83
369      9.5.  Disclosure of Fragment after Redirects . . . . . . . . . . 83
370      9.6.  Disclosure of Product Information  . . . . . . . . . . . . 84
371      9.7.  Browser Fingerprinting . . . . . . . . . . . . . . . . . . 84
372    10. Acknowledgments  . . . . . . . . . . . . . . . . . . . . . . . 85
373    11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 85
374      11.1. Normative References . . . . . . . . . . . . . . . . . . . 85
375      11.2. Informative References . . . . . . . . . . . . . . . . . . 86
376    Appendix A.  Differences between HTTP and MIME . . . . . . . . . . 88
377      A.1.  MIME-Version . . . . . . . . . . . . . . . . . . . . . . . 88
378      A.2.  Conversion to Canonical Form . . . . . . . . . . . . . . . 89
379      A.3.  Conversion of Date Formats . . . . . . . . . . . . . . . . 89
380      A.4.  Conversion of Content-Encoding . . . . . . . . . . . . . . 89
381      A.5.  Conversion of Content-Transfer-Encoding  . . . . . . . . . 90
382      A.6.  MHTML and Line Length Limitations  . . . . . . . . . . . . 90
383    Appendix B.  Changes from RFC 2616 . . . . . . . . . . . . . . . . 90
384    Appendix C.  Imported ABNF . . . . . . . . . . . . . . . . . . . . 93
385    Appendix D.  Collected ABNF  . . . . . . . . . . . . . . . . . . . 93
386    Index  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
387
388
389Section 5.3.5., paragraph 2:
390OLD:
391
392      Accept-Language = 1#( language-range [ weight ] )
393      language-range  =
394                <language-range, see [RFC4647], Section 2.1>
395
396NEW:
397
398      Accept-Language = 1#( language-range [ weight ] )
399      language-range  =
400                <language-range, defined in [RFC4647], Section 2.1>
401
402
403Section 5.5.1., paragraph 3:
404OLD:
405
406      mailbox = <mailbox, see [RFC5322], Section 3.4>
407
408NEW:
409
410      mailbox = <mailbox, defined in [RFC5322], Section 3.4>
411
412
413Section 5.5.3., paragraph 5:
414OLD:
415
416    A sender SHOULD limit generated product identifiers to what is
417    necessary to identify the product; a sender MUST NOT generate
418    advertising or other nonessential information within the product
419    identifier.  A sender SHOULD NOT generate information in product-
420    version that is not a version identifier (i.e., successive versions
421    of the same product name only to differ only in the product-version
422    portion of the product identifier).
423
424NEW:
425
426    A sender SHOULD limit generated product identifiers to what is
427    necessary to identify the product; a sender MUST NOT generate
428    advertising or other nonessential information within the product
429    identifier.  A sender SHOULD NOT generate information in product-
430    version that is not a version identifier (i.e., successive versions
431    of the same product name ought only to differ in the product-version
432    portion of the product identifier).
433
434
435Section 6.2., paragraph 1:
436OLD:
437
438    The 1xx (Informational) class of status code indicates an interim
439    response for communicating connection status or request progress
440    prior to completing the requested action and sending a final
441    response. 1xx responses are terminated by the first empty line after
442    the status-line (the empty line signaling the end of the header
443    section).  Since HTTP/1.0 did not define any 1xx status codes, a
444    server MUST NOT send a 1xx response to an HTTP/1.0 client.
445
446NEW:
447
448    The 1xx (Informational) class of status code indicates an interim
449    response for communicating connection status or request progress
450    prior to completing the requested action and sending a final
451    response.  All 1xx responses consist of only the status-line and
452    optional header fields and, thus, are terminated by the empty line at
453    the end of the header section.  Since HTTP/1.0 did not define any 1xx
454    status codes, a server MUST NOT send a 1xx response to an HTTP/1.0
455    client.
456
457
458Section 7.1.1.1., paragraph 10:
459OLD:
460
461      IMF-fixdate  = day-name "," SP date1 SP time-of-day SP GMT
462      ; fixed length/zone/capitalization subset of the format
463      ; see Section 3.3 of [RFC5322]
464
465NEW:
466
467      IMF-fixdate  = day-name "," SP date1 SP time-of-day SP GMT
468      ; fixed length/zone/capitalization subset of the format
469      ; defined in Section 3.3 of [RFC5322]
470
471
472Section 9.1., paragraph 1:
473OLD:
474
475    Origin servers frequently make use of their local file system to
476    manage the mapping from effective request URI to resource
477    representations.  Most file systems are not designed to protect
478    against malicious file or path names.  Therefore, an origin server
479    needs to avoid accessing names that have a special significance to
480    the system when mapping the request target to files, folders, or
481    directories.
482
483NEW:
484
485    Origin servers frequently make use of their local file system to
486    manage the mapping from effective request URI to resource
487    representations.  Implementers need to be aware that most file
488    systems are not designed to protect against malicious file or path
489    names and, thus, depend on the origin server to avoid mapping to file
490    names, folders, or directories that have special significance to the
491    system.
492
493
494Section 11.1., paragraph 9:
495OLD:
496
497    [RFC7230]  Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer
498               Protocol (HTTP/1.1): Message Syntax and Routing",
499               draft-ietf-httpbis-p1-messaging-latest (work in progress),
500               May 2014.
501
502NEW:
503
504    [RFC7230]  Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer
505               Protocol (HTTP/1.1): Message Syntax and Routing",
506               RFC 7230, May 2014.
507
508
509Section 11.1., paragraph 10:
510OLD:
511
512    [RFC7232]  Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer
513               Protocol (HTTP/1.1): Conditional Requests",
514               draft-ietf-httpbis-p4-conditional-latest (work in
515               progress), May 2014.
516
517NEW:
518
519    [RFC7232]  Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer
520               Protocol (HTTP/1.1): Conditional Requests", RFC 7232,
521               May 2014.
522
523
524Section 11.1., paragraph 11:
525OLD:
526
527    [RFC7233]  Fielding, R., Ed., Lafon, Y., Ed., and J. Reschke, Ed.,
528               "Hypertext Transfer Protocol (HTTP/1.1): Range Requests",
529               draft-ietf-httpbis-p5-range-latest (work in progress),
530               May 2014.
531
532NEW:
533
534    [RFC7233]  Fielding, R., Ed., Lafon, Y., Ed., and J. Reschke, Ed.,
535               "Hypertext Transfer Protocol (HTTP/1.1): Range Requests",
536               RFC 7233, May 2014.
537
538
539Section 11.1., paragraph 12:
540OLD:
541
542    [RFC7234]  Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke,
543               Ed., "Hypertext Transfer Protocol (HTTP/1.1): Caching",
544               draft-ietf-httpbis-p6-cache-latest (work in progress),
545               May 2014.
546
547NEW:
548
549    [RFC7234]  Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke,
550               Ed., "Hypertext Transfer Protocol (HTTP/1.1): Caching",
551               RFC 7234, May 2014.
552
553
554Section 11.1., paragraph 13:
555OLD:
556
557    [RFC7235]  Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer
558               Protocol (HTTP/1.1): Authentication",
559               draft-ietf-httpbis-p7-auth-latest (work in progress),
560               May 2014.
561
562NEW:
563
564    [RFC7235]  Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer
565               Protocol (HTTP/1.1): Authentication", RFC 7235, May 2014.
566
567
568Section 11.2., paragraph 25:
569OLD:
570
571    [RFC7238]  Reschke, J., "The Hypertext Transfer Protocol (HTTP)
572               Status Code 308 (Permanent Redirect)",
573               draft-reschke-http-status-308-07 (work in progress),
574               March 2012.
575
576NEW:
577
578    [RFC7238]  Reschke, J., "The Hypertext Transfer Protocol (HTTP)
579               Status Code 308 (Permanent Redirect)", RFC 7238, May 2014.
580
581
582Appendix B., paragraph 2:
583OLD:
584
585    A new requirement has been added that semantics embedded in a URI be
586    disabled when those semantics are inconsistent with the request
587    method, since this is a common cause of interoperability failure.
588 
589    (Section 2)
590
591NEW:
592
593    A new requirement has been added that semantics embedded in a URI be
594    disabled when those semantics are inconsistent with the request
595    method, since this is a common cause of interoperability failure.
596    (Section 2)
597
598
599Appendix B., paragraph 26:
600OLD:
601
602    The Status Code Registry has been redefined by this specification;
603    previously, it was defined in Section 7.1 of [RFC2817].
604 
605    (Section 8.2)
606
607NEW:
608
609    The Status Code Registry has been redefined by this specification;
610    previously, it was defined in Section 7.1 of [RFC2817].
611    (Section 8.2)
612
613
614Appendix C., paragraph 3:
615OLD:
616
617      BWS           = <BWS, see [RFC7230], Section 3.2.3>
618      OWS           = <OWS, see [RFC7230], Section 3.2.3>
619      RWS           = <RWS, see [RFC7230], Section 3.2.3>
620      URI-reference = <URI-reference, see [RFC7230], Section 2.7>
621      absolute-URI  = <absolute-URI, see [RFC7230], Section 2.7>
622      comment       = <comment, see [RFC7230], Section 3.2.6>
623      field-name    = <comment, see [RFC7230], Section 3.2>
624      partial-URI   = <partial-URI, see [RFC7230], Section 2.7>
625      quoted-string = <quoted-string, see [RFC7230], Section 3.2.6>
626      token         = <token, see [RFC7230], Section 3.2.6>
627
628NEW:
629
630     BWS           = <BWS, defined in [RFC7230], Section 3.2.3>
631     OWS           = <OWS, defined in [RFC7230], Section 3.2.3>
632     RWS           = <RWS, defined in [RFC7230], Section 3.2.3>
633     URI-reference = <URI-reference, defined in [RFC7230], Section 2.7>
634     absolute-URI  = <absolute-URI, defined in [RFC7230], Section 2.7>
635     comment       = <comment, defined in [RFC7230], Section 3.2.6>
636     field-name    = <comment, defined in [RFC7230], Section 3.2>
637     partial-URI   = <partial-URI, defined in [RFC7230], Section 2.7>
638     quoted-string = <quoted-string, defined in [RFC7230], Section 3.2.6>
639     token         = <token, defined in [RFC7230], Section 3.2.6>
640
641
642Section 1.2, paragraph 1:
643OLD:
644
645    Accept = [ ( "," / ( media-range [ accept-params ] ) ) *( OWS "," [
646     OWS ( media-range [ accept-params ] ) ] ) ]
647    Accept-Charset = *( "," OWS ) ( ( charset / "*" ) [ weight ] ) *( OWS
648     "," [ OWS ( ( charset / "*" ) [ weight ] ) ] )
649    Accept-Encoding = [ ( "," / ( codings [ weight ] ) ) *( OWS "," [ OWS
650     ( codings [ weight ] ) ] ) ]
651    Accept-Language = *( "," OWS ) ( language-range [ weight ] ) *( OWS
652     "," [ OWS ( language-range [ weight ] ) ] )
653    Allow = [ ( "," / method ) *( OWS "," [ OWS method ] ) ]
654    BWS = <BWS, see [RFC7230], Section 3.2.3>
655
656NEW:
657
658    Accept = [ ( "," / ( media-range [ accept-params ] ) ) *( OWS "," [
659     OWS ( media-range [ accept-params ] ) ] ) ]
660    Accept-Charset = *( "," OWS ) ( ( charset / "*" ) [ weight ] ) *( OWS
661     "," [ OWS ( ( charset / "*" ) [ weight ] ) ] )
662    Accept-Encoding = [ ( "," / ( codings [ weight ] ) ) *( OWS "," [ OWS
663     ( codings [ weight ] ) ] ) ]
664    Accept-Language = *( "," OWS ) ( language-range [ weight ] ) *( OWS
665     "," [ OWS ( language-range [ weight ] ) ] )
666    Allow = [ ( "," / method ) *( OWS "," [ OWS method ] ) ]
667 
668    BWS = <BWS, defined in [RFC7230], Section 3.2.3>
669
670
671Section 1.2, paragraph 2:
672OLD:
673
674    Content-Encoding = *( "," OWS ) content-coding *( OWS "," [ OWS
675     content-coding ] )
676    Content-Language = *( "," OWS ) language-tag *( OWS "," [ OWS
677     language-tag ] )
678    Content-Location = absolute-URI / partial-URI
679    Content-Type = media-type
680 
681    Date = HTTP-date
682
683NEW:
684
685    Content-Encoding = *( "," OWS ) content-coding *( OWS "," [ OWS
686     content-coding ] )
687    Content-Language = *( "," OWS ) language-tag *( OWS "," [ OWS
688     language-tag ] )
689    Content-Location = absolute-URI / partial-URI
690    Content-Type = media-type
691    Date = HTTP-date
692
693
694Section 1.2, paragraph 10:
695OLD:
696
697    OWS = <OWS, see [RFC7230], Section 3.2.3>
698
699NEW:
700
701    OWS = <OWS, defined in [RFC7230], Section 3.2.3>
702
703
704Section 1.2, paragraph 11:
705OLD:
706
707    RWS = <RWS, see [RFC7230], Section 3.2.3>
708    Referer = absolute-URI / partial-URI
709    Retry-After = HTTP-date / delay-seconds
710
711NEW:
712
713    RWS = <RWS, defined in [RFC7230], Section 3.2.3>
714    Referer = absolute-URI / partial-URI
715    Retry-After = HTTP-date / delay-seconds
716
717
718Section 1.2, paragraph 13:
719OLD:
720
721    URI-reference = <URI-reference, see [RFC7230], Section 2.7>
722    User-Agent = product *( RWS ( product / comment ) )
723
724NEW:
725
726    URI-reference = <URI-reference, defined in [RFC7230], Section 2.7>
727    User-Agent = product *( RWS ( product / comment ) )
728
729
730Section 1.2, paragraph 15:
731OLD:
732
733    absolute-URI = <absolute-URI, see [RFC7230], Section 2.7>
734    accept-ext = OWS ";" OWS token [ "=" ( token / quoted-string ) ]
735    accept-params = weight *accept-ext
736    asctime-date = day-name SP date3 SP time-of-day SP year
737
738NEW:
739
740    absolute-URI = <absolute-URI, defined in [RFC7230], Section 2.7>
741    accept-ext = OWS ";" OWS token [ "=" ( token / quoted-string ) ]
742    accept-params = weight *accept-ext
743    asctime-date = day-name SP date3 SP time-of-day SP year
744
745
746Section 1.2, paragraph 16:
747OLD:
748
749    charset = token
750    codings = content-coding / "identity" / "*"
751    comment = <comment, see [RFC7230], Section 3.2.6>
752    content-coding = token
753    date1 = day SP month SP year
754    date2 = day "-" month "-" 2DIGIT
755    date3 = month SP ( 2DIGIT / ( SP DIGIT ) )
756    day = 2DIGIT
757    day-name = %x4D.6F.6E ; Mon
758     / %x54.75.65 ; Tue
759     / %x57.65.64 ; Wed
760     / %x54.68.75 ; Thu
761     / %x46.72.69 ; Fri
762     / %x53.61.74 ; Sat
763     / %x53.75.6E ; Sun
764    day-name-l = %x4D.6F.6E.64.61.79 ; Monday
765     / %x54.75.65.73.64.61.79 ; Tuesday
766     / %x57.65.64.6E.65.73.64.61.79 ; Wednesday
767     / %x54.68.75.72.73.64.61.79 ; Thursday
768     / %x46.72.69.64.61.79 ; Friday
769     / %x53.61.74.75.72.64.61.79 ; Saturday
770     / %x53.75.6E.64.61.79 ; Sunday
771    delay-seconds = 1*DIGIT
772
773NEW:
774
775    charset = token
776    codings = content-coding / "identity" / "*"
777    comment = <comment, defined in [RFC7230], Section 3.2.6>
778    content-coding = token
779 
780    date1 = day SP month SP year
781    date2 = day "-" month "-" 2DIGIT
782    date3 = month SP ( 2DIGIT / ( SP DIGIT ) )
783    day = 2DIGIT
784    day-name = %x4D.6F.6E ; Mon
785     / %x54.75.65 ; Tue
786     / %x57.65.64 ; Wed
787     / %x54.68.75 ; Thu
788     / %x46.72.69 ; Fri
789     / %x53.61.74 ; Sat
790     / %x53.75.6E ; Sun
791    day-name-l = %x4D.6F.6E.64.61.79 ; Monday
792     / %x54.75.65.73.64.61.79 ; Tuesday
793     / %x57.65.64.6E.65.73.64.61.79 ; Wednesday
794     / %x54.68.75.72.73.64.61.79 ; Thursday
795     / %x46.72.69.64.61.79 ; Friday
796     / %x53.61.74.75.72.64.61.79 ; Saturday
797     / %x53.75.6E.64.61.79 ; Sunday
798    delay-seconds = 1*DIGIT
799
800
801Section 1.2, paragraph 17:
802OLD:
803
804    field-name = <comment, see [RFC7230], Section 3.2>
805
806NEW:
807
808    field-name = <comment, defined in [RFC7230], Section 3.2>
809
810
811Section 1.2, paragraph 19:
812OLD:
813
814    language-range = <language-range, see [RFC4647], Section 2.1>
815    language-tag = <Language-Tag, defined in [RFC5646], Section 2.1>
816
817NEW:
818
819    language-range = <language-range, defined in [RFC4647], Section 2.1>
820    language-tag = <Language-Tag, defined in [RFC5646], Section 2.1>
821
822
823Section 1.2, paragraph 20:
824OLD:
825
826    mailbox = <mailbox, see [RFC5322], Section 3.4>
827    media-range = ( "*/*" / ( type "/*" ) / ( type "/" subtype ) ) *( OWS
828     ";" OWS parameter )
829    media-type = type "/" subtype *( OWS ";" OWS parameter )
830    method = token
831    minute = 2DIGIT
832    month = %x4A.61.6E ; Jan
833     / %x46.65.62 ; Feb
834     / %x4D.61.72 ; Mar
835     / %x41.70.72 ; Apr
836     / %x4D.61.79 ; May
837     / %x4A.75.6E ; Jun
838     / %x4A.75.6C ; Jul
839     / %x41.75.67 ; Aug
840     / %x53.65.70 ; Sep
841     / %x4F.63.74 ; Oct
842     / %x4E.6F.76 ; Nov
843     / %x44.65.63 ; Dec
844
845NEW:
846
847    mailbox = <mailbox, defined in [RFC5322], Section 3.4>
848    media-range = ( "*/*" / ( type "/*" ) / ( type "/" subtype ) ) *( OWS
849     ";" OWS parameter )
850    media-type = type "/" subtype *( OWS ";" OWS parameter )
851    method = token
852    minute = 2DIGIT
853    month = %x4A.61.6E ; Jan
854     / %x46.65.62 ; Feb
855     / %x4D.61.72 ; Mar
856     / %x41.70.72 ; Apr
857     / %x4D.61.79 ; May
858     / %x4A.75.6E ; Jun
859     / %x4A.75.6C ; Jul
860     / %x41.75.67 ; Aug
861     / %x53.65.70 ; Sep
862     / %x4F.63.74 ; Oct
863     / %x4E.6F.76 ; Nov
864     / %x44.65.63 ; Dec
865
866
867Section 1.2, paragraph 21:
868OLD:
869
870    obs-date = rfc850-date / asctime-date
871    parameter = token "=" ( token / quoted-string )
872    partial-URI = <partial-URI, see [RFC7230], Section 2.7>
873    product = token [ "/" product-version ]
874    product-version = token
875 
876    quoted-string = <quoted-string, see [RFC7230], Section 3.2.6>
877    qvalue = ( "0" [ "." *3DIGIT ] ) / ( "1" [ "." *3"0" ] )
878
879NEW:
880
881    obs-date = rfc850-date / asctime-date
882 
883    parameter = token "=" ( token / quoted-string )
884    partial-URI = <partial-URI, defined in [RFC7230], Section 2.7>
885    product = token [ "/" product-version ]
886    product-version = token
887    quoted-string = <quoted-string, defined in [RFC7230], Section 3.2.6>
888    qvalue = ( "0" [ "." *3DIGIT ] ) / ( "1" [ "." *3"0" ] )
889
890
891Section 1.2, paragraph 24:
892OLD:
893
894    time-of-day = hour ":" minute ":" second
895    token = <token, see [RFC7230], Section 3.2.6>
896    type = token
897
898NEW:
899
900    time-of-day = hour ":" minute ":" second
901    token = <token, defined in [RFC7230], Section 3.2.6>
902    type = token
903
904
905Section 1.2, paragraph 34:
906OLD:
907
908    2
909       200 OK (status code)  51
910       201 Created (status code)  51
911       202 Accepted (status code)  52
912       203 Non-Authoritative Information (status code)  52
913       204 No Content (status code)  53
914       205 Reset Content (status code)  53
915
916NEW:
917
918    2
919       200 OK (status code)  51
920       201 Created (status code)  52
921       202 Accepted (status code)  52
922       203 Non-Authoritative Information (status code)  52
923       204 No Content (status code)  53
924       205 Reset Content (status code)  53
925
926
927Section 1.2, paragraph 47:
928OLD:
929
930    M
931       Max-Forwards header field  36
932       MIME-Version header field  89
933
934NEW:
935
936    M
937       Max-Forwards header field  36
938       MIME-Version header field  88
939
940
941Section 345, paragraph 1:
942OLD:
943
944    EMail: fielding@gbiv.com
945    URI:   http://roy.gbiv.com/
946    Julian F. Reschke (editor)
947    greenbytes GmbH
948    Hafenweg 16
949    Muenster, NW  48155
950    Germany
951
952NEW:
953
954    EMail: fielding@gbiv.com
955    URI:   http://roy.gbiv.com/
956 
957    Julian F. Reschke (editor)
958    greenbytes GmbH
959    Hafenweg 16
960    Muenster, NW  48155
961    Germany
962
Note: See TracBrowser for help on using the repository browser.