Context Navigation

source: draft-ietf-httpbis/latest/auth48/rfc7231.abdiff.txt @ 2682

Last change on this file since 2682 was 2682, checked in by julian.reschke@…, 9 years ago
updated AUTH48 version of RFC7231 (#553)
Property svn:eol-style set to `native`
File size: 37.3 KB

Line
1
2	INTRODUCTION, paragraph 1:
3	OLD:
4
5	HTTPbis Working Group R. Fielding, Ed.
6	Internet-Draft Adobe
7	Obsoletes: 2616 (if approved) J. Reschke, Ed.
8	Updates: 2817 (if approved) greenbytes
9	Intended status: Standards Track May 19, 2014
10	Expires: November 20, 2014
11
12	NEW:
13
14	Internet Engineering Task Force (IETF) R. Fielding, Ed.
15	Request for Comments: 7231 Adobe
16	Obsoletes: 2616 J. Reschke, Ed.
17	Updates: 2817 greenbytes
18	Category: Standards Track May 2014
19	ISSN: 2070-1721
20
21
22	INTRODUCTION, paragraph 2:
23	OLD:
24
25	Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content
26	draft-ietf-httpbis-p2-semantics-latest
27
28	NEW:
29
30	Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content
31
32
33	INTRODUCTION, paragraph 5:
34	OLD:
35
36	Editorial Note (To be removed by RFC Editor)
37
38	Discussion of this draft takes place on the HTTPBIS working group
39	mailing list (ietf-http-wg@w3.org), which is archived at
40	<http://lists.w3.org/Archives/Public/ietf-http-wg/>.
41
42	The current issues list is at
43	<http://tools.ietf.org/wg/httpbis/trac/report/3> and related
44	documents (including fancy diffs) can be found at
45	<http://tools.ietf.org/wg/httpbis/>.
46
47	_This is a temporary document for the purpose of tracking the
48	editorial changes made during the AUTH48 (RFC publication) phase._
49
50	Status of This Memo
51
52	NEW:
53
54	Status of This Memo
55
56
57	INTRODUCTION, paragraph 6:
58	OLD:
59
60	This Internet-Draft is submitted in full conformance with the
61	provisions of BCP 78 and BCP 79.
62
63	Internet-Drafts are working documents of the Internet Engineering
64	Task Force (IETF). Note that other groups may also distribute
65	working documents as Internet-Drafts. The list of current Internet-
66	Drafts is at http://datatracker.ietf.org/drafts/current/.
67
68	NEW:
69
70	This is an Internet Standards Track document.
71
72
73	INTRODUCTION, paragraph 7:
74	OLD:
75
76	Internet-Drafts are draft documents valid for a maximum of six months
77	and may be updated, replaced, or obsoleted by other documents at any
78	time. It is inappropriate to use Internet-Drafts as reference
79	material or to cite them other than as "work in progress."
80
81	NEW:
82
83	This document is a product of the Internet Engineering Task Force
84	(IETF). It represents the consensus of the IETF community. It has
85	received public review and has been approved for publication by the
86	Internet Engineering Steering Group (IESG). Further information on
87	Internet Standards is available in Section 2 of RFC 5741.
88
89
90	INTRODUCTION, paragraph 8:
91	OLD:
92
93	This Internet-Draft will expire on November 20, 2014.
94
95	NEW:
96
97	Information about the current status of this document, any errata,
98	and how to provide feedback on it may be obtained at
99	http://www.rfc-editor.org/info/rfc7231.
100
101
102	Section 11., paragraph 0:
103	OLD:
104
105	1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 6
106	1.1. Conformance and Error Handling . . . . . . . . . . . . . . 6
107	1.2. Syntax Notation . . . . . . . . . . . . . . . . . . . . . 6
108	2. Resources . . . . . . . . . . . . . . . . . . . . . . . . . . 7
109	3. Representations . . . . . . . . . . . . . . . . . . . . . . . 7
110	3.1. Representation Metadata . . . . . . . . . . . . . . . . . 8
111	3.1.1. Processing Representation Data . . . . . . . . . . . . 8
112	3.1.2. Encoding for Compression or Integrity . . . . . . . . 11
113	3.1.3. Audience Language . . . . . . . . . . . . . . . . . . 13
114	3.1.4. Identification . . . . . . . . . . . . . . . . . . . . 14
115	3.2. Representation Data . . . . . . . . . . . . . . . . . . . 17
116	3.3. Payload Semantics . . . . . . . . . . . . . . . . . . . . 17
117	3.4. Content Negotiation . . . . . . . . . . . . . . . . . . . 18
118	3.4.1. Proactive Negotiation . . . . . . . . . . . . . . . . 19
119	3.4.2. Reactive Negotiation . . . . . . . . . . . . . . . . . 20
120
121	4. Request Methods . . . . . . . . . . . . . . . . . . . . . . . 21
122	4.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . . 21
123	4.2. Common Method Properties . . . . . . . . . . . . . . . . . 22
124	4.2.1. Safe Methods . . . . . . . . . . . . . . . . . . . . . 22
125	4.2.2. Idempotent Methods . . . . . . . . . . . . . . . . . . 23
126	4.2.3. Cacheable Methods . . . . . . . . . . . . . . . . . . 24
127	4.3. Method Definitions . . . . . . . . . . . . . . . . . . . . 24
128	4.3.1. GET . . . . . . . . . . . . . . . . . . . . . . . . . 24
129	4.3.2. HEAD . . . . . . . . . . . . . . . . . . . . . . . . . 25
130	4.3.3. POST . . . . . . . . . . . . . . . . . . . . . . . . . 25
131	4.3.4. PUT . . . . . . . . . . . . . . . . . . . . . . . . . 26
132	4.3.5. DELETE . . . . . . . . . . . . . . . . . . . . . . . . 29
133	4.3.6. CONNECT . . . . . . . . . . . . . . . . . . . . . . . 30
134	4.3.7. OPTIONS . . . . . . . . . . . . . . . . . . . . . . . 31
135	4.3.8. TRACE . . . . . . . . . . . . . . . . . . . . . . . . 32
136	5. Request Header Fields . . . . . . . . . . . . . . . . . . . . 33
137	5.1. Controls . . . . . . . . . . . . . . . . . . . . . . . . . 33
138	5.1.1. Expect . . . . . . . . . . . . . . . . . . . . . . . . 34
139	5.1.2. Max-Forwards . . . . . . . . . . . . . . . . . . . . . 36
140	5.2. Conditionals . . . . . . . . . . . . . . . . . . . . . . . 36
141	5.3. Content Negotiation . . . . . . . . . . . . . . . . . . . 37
142	5.3.1. Quality Values . . . . . . . . . . . . . . . . . . . . 37
143	5.3.2. Accept . . . . . . . . . . . . . . . . . . . . . . . . 38
144	5.3.3. Accept-Charset . . . . . . . . . . . . . . . . . . . . 40
145	5.3.4. Accept-Encoding . . . . . . . . . . . . . . . . . . . 41
146	5.3.5. Accept-Language . . . . . . . . . . . . . . . . . . . 42
147	5.4. Authentication Credentials . . . . . . . . . . . . . . . . 43
148	5.5. Request Context . . . . . . . . . . . . . . . . . . . . . 44
149	5.5.1. From . . . . . . . . . . . . . . . . . . . . . . . . . 44
150	5.5.2. Referer . . . . . . . . . . . . . . . . . . . . . . . 45
151	5.5.3. User-Agent . . . . . . . . . . . . . . . . . . . . . . 46
152	6. Response Status Codes . . . . . . . . . . . . . . . . . . . . 47
153	6.1. Overview of Status Codes . . . . . . . . . . . . . . . . . 48
154	6.2. Informational 1xx . . . . . . . . . . . . . . . . . . . . 50
155	6.2.1. 100 Continue . . . . . . . . . . . . . . . . . . . . . 50
156	6.2.2. 101 Switching Protocols . . . . . . . . . . . . . . . 50
157	6.3. Successful 2xx . . . . . . . . . . . . . . . . . . . . . . 51
158	6.3.1. 200 OK . . . . . . . . . . . . . . . . . . . . . . . . 51
159	6.3.2. 201 Created . . . . . . . . . . . . . . . . . . . . . 51
160	6.3.3. 202 Accepted . . . . . . . . . . . . . . . . . . . . . 52
161	6.3.4. 203 Non-Authoritative Information . . . . . . . . . . 52
162	6.3.5. 204 No Content . . . . . . . . . . . . . . . . . . . . 53
163	6.3.6. 205 Reset Content . . . . . . . . . . . . . . . . . . 53
164	6.4. Redirection 3xx . . . . . . . . . . . . . . . . . . . . . 54
165	6.4.1. 300 Multiple Choices . . . . . . . . . . . . . . . . . 55
166	6.4.2. 301 Moved Permanently . . . . . . . . . . . . . . . . 56
167	6.4.3. 302 Found . . . . . . . . . . . . . . . . . . . . . . 56
168	6.4.4. 303 See Other . . . . . . . . . . . . . . . . . . . . 57
169	6.4.5. 305 Use Proxy . . . . . . . . . . . . . . . . . . . . 57
170	6.4.6. 306 (Unused) . . . . . . . . . . . . . . . . . . . . . 57
171	6.4.7. 307 Temporary Redirect . . . . . . . . . . . . . . . . 58
172	6.5. Client Error 4xx . . . . . . . . . . . . . . . . . . . . . 58
173	6.5.1. 400 Bad Request . . . . . . . . . . . . . . . . . . . 58
174	6.5.2. 402 Payment Required . . . . . . . . . . . . . . . . . 58
175	6.5.3. 403 Forbidden . . . . . . . . . . . . . . . . . . . . 58
176	6.5.4. 404 Not Found . . . . . . . . . . . . . . . . . . . . 59
177	6.5.5. 405 Method Not Allowed . . . . . . . . . . . . . . . . 59
178	6.5.6. 406 Not Acceptable . . . . . . . . . . . . . . . . . . 59
179	6.5.7. 408 Request Timeout . . . . . . . . . . . . . . . . . 60
180	6.5.8. 409 Conflict . . . . . . . . . . . . . . . . . . . . . 60
181	6.5.9. 410 Gone . . . . . . . . . . . . . . . . . . . . . . . 60
182	6.5.10. 411 Length Required . . . . . . . . . . . . . . . . . 61
183	6.5.11. 413 Payload Too Large . . . . . . . . . . . . . . . . 61
184	6.5.12. 414 URI Too Long . . . . . . . . . . . . . . . . . . . 61
185	6.5.13. 415 Unsupported Media Type . . . . . . . . . . . . . . 61
186	6.5.14. 417 Expectation Failed . . . . . . . . . . . . . . . . 62
187	6.5.15. 426 Upgrade Required . . . . . . . . . . . . . . . . . 62
188	6.6. Server Error 5xx . . . . . . . . . . . . . . . . . . . . . 62
189	6.6.1. 500 Internal Server Error . . . . . . . . . . . . . . 62
190	6.6.2. 501 Not Implemented . . . . . . . . . . . . . . . . . 63
191	6.6.3. 502 Bad Gateway . . . . . . . . . . . . . . . . . . . 63
192	6.6.4. 503 Service Unavailable . . . . . . . . . . . . . . . 63
193	6.6.5. 504 Gateway Timeout . . . . . . . . . . . . . . . . . 63
194	6.6.6. 505 HTTP Version Not Supported . . . . . . . . . . . . 63
195	7. Response Header Fields . . . . . . . . . . . . . . . . . . . . 64
196	7.1. Control Data . . . . . . . . . . . . . . . . . . . . . . . 64
197	7.1.1. Origination Date . . . . . . . . . . . . . . . . . . . 64
198	7.1.2. Location . . . . . . . . . . . . . . . . . . . . . . . 68
199	7.1.3. Retry-After . . . . . . . . . . . . . . . . . . . . . 69
200	7.1.4. Vary . . . . . . . . . . . . . . . . . . . . . . . . . 70
201	7.2. Validator Header Fields . . . . . . . . . . . . . . . . . 71
202	7.3. Authentication Challenges . . . . . . . . . . . . . . . . 72
203	7.4. Response Context . . . . . . . . . . . . . . . . . . . . . 72
204	7.4.1. Allow . . . . . . . . . . . . . . . . . . . . . . . . 72
205	7.4.2. Server . . . . . . . . . . . . . . . . . . . . . . . . 73
206	8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 73
207	8.1. Method Registry . . . . . . . . . . . . . . . . . . . . . 74
208	8.1.1. Procedure . . . . . . . . . . . . . . . . . . . . . . 74
209	8.1.2. Considerations for New Methods . . . . . . . . . . . . 74
210	8.1.3. Registrations . . . . . . . . . . . . . . . . . . . . 75
211	8.2. Status Code Registry . . . . . . . . . . . . . . . . . . . 75
212	8.2.1. Procedure . . . . . . . . . . . . . . . . . . . . . . 75
213	8.2.2. Considerations for New Status Codes . . . . . . . . . 76
214	8.2.3. Registrations . . . . . . . . . . . . . . . . . . . . 76
215	8.3. Header Field Registry . . . . . . . . . . . . . . . . . . 77
216	8.3.1. Considerations for New Header Fields . . . . . . . . . 78
217	8.3.2. Registrations . . . . . . . . . . . . . . . . . . . . 80
218	8.4. Content Coding Registry . . . . . . . . . . . . . . . . . 80
219	8.4.1. Procedure . . . . . . . . . . . . . . . . . . . . . . 81
220	8.4.2. Registrations . . . . . . . . . . . . . . . . . . . . 81
221	9. Security Considerations . . . . . . . . . . . . . . . . . . . 81
222	9.1. Attacks Based on File and Path Names . . . . . . . . . . . 82
223	9.2. Attacks Based on Command, Code, or Query Injection . . . . 82
224	9.3. Disclosure of Personal Information . . . . . . . . . . . . 83
225	9.4. Disclosure of Sensitive Information in URIs . . . . . . . 83
226	9.5. Disclosure of Fragment after Redirects . . . . . . . . . . 83
227	9.6. Disclosure of Product Information . . . . . . . . . . . . 84
228	9.7. Browser Fingerprinting . . . . . . . . . . . . . . . . . . 84
229	10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 85
230	11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 85
231	11.1. Normative References . . . . . . . . . . . . . . . . . . . 85
232	11.2. Informative References . . . . . . . . . . . . . . . . . . 86
233	Appendix A. Differences between HTTP and MIME . . . . . . . . . . 88
234	A.1. MIME-Version . . . . . . . . . . . . . . . . . . . . . . . 89
235	A.2. Conversion to Canonical Form . . . . . . . . . . . . . . . 89
236	A.3. Conversion of Date Formats . . . . . . . . . . . . . . . . 89
237	A.4. Conversion of Content-Encoding . . . . . . . . . . . . . . 89
238	A.5. Conversion of Content-Transfer-Encoding . . . . . . . . . 90
239	A.6. MHTML and Line Length Limitations . . . . . . . . . . . . 90
240	Appendix B. Changes from RFC 2616 . . . . . . . . . . . . . . . . 90
241	Appendix C. Imported ABNF . . . . . . . . . . . . . . . . . . . . 93
242	Appendix D. Collected ABNF . . . . . . . . . . . . . . . . . . . 93
243	Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
244
245	NEW:
246
247	1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 6
248	1.1. Conformance and Error Handling . . . . . . . . . . . . . . 6
249	1.2. Syntax Notation . . . . . . . . . . . . . . . . . . . . . 6
250	2. Resources . . . . . . . . . . . . . . . . . . . . . . . . . . 7
251	3. Representations . . . . . . . . . . . . . . . . . . . . . . . 7
252	3.1. Representation Metadata . . . . . . . . . . . . . . . . . 8
253	3.1.1. Processing Representation Data . . . . . . . . . . . . 8
254	3.1.2. Encoding for Compression or Integrity . . . . . . . . 11
255	3.1.3. Audience Language . . . . . . . . . . . . . . . . . . 13
256	3.1.4. Identification . . . . . . . . . . . . . . . . . . . . 14
257	3.2. Representation Data . . . . . . . . . . . . . . . . . . . 17
258	3.3. Payload Semantics . . . . . . . . . . . . . . . . . . . . 17
259	3.4. Content Negotiation . . . . . . . . . . . . . . . . . . . 18
260	3.4.1. Proactive Negotiation . . . . . . . . . . . . . . . . 19
261	3.4.2. Reactive Negotiation . . . . . . . . . . . . . . . . . 20
262	4. Request Methods . . . . . . . . . . . . . . . . . . . . . . . 21
263	4.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . . 21
264	4.2. Common Method Properties . . . . . . . . . . . . . . . . . 22
265	4.2.1. Safe Methods . . . . . . . . . . . . . . . . . . . . . 22
266	4.2.2. Idempotent Methods . . . . . . . . . . . . . . . . . . 23
267	4.2.3. Cacheable Methods . . . . . . . . . . . . . . . . . . 24
268	4.3. Method Definitions . . . . . . . . . . . . . . . . . . . . 24
269	4.3.1. GET . . . . . . . . . . . . . . . . . . . . . . . . . 24
270	4.3.2. HEAD . . . . . . . . . . . . . . . . . . . . . . . . . 25
271	4.3.3. POST . . . . . . . . . . . . . . . . . . . . . . . . . 25
272	4.3.4. PUT . . . . . . . . . . . . . . . . . . . . . . . . . 26
273	4.3.5. DELETE . . . . . . . . . . . . . . . . . . . . . . . . 29
274	4.3.6. CONNECT . . . . . . . . . . . . . . . . . . . . . . . 30
275	4.3.7. OPTIONS . . . . . . . . . . . . . . . . . . . . . . . 31
276	4.3.8. TRACE . . . . . . . . . . . . . . . . . . . . . . . . 32
277	5. Request Header Fields . . . . . . . . . . . . . . . . . . . . 33
278	5.1. Controls . . . . . . . . . . . . . . . . . . . . . . . . . 33
279	5.1.1. Expect . . . . . . . . . . . . . . . . . . . . . . . . 34
280	5.1.2. Max-Forwards . . . . . . . . . . . . . . . . . . . . . 36
281
282	5.2. Conditionals . . . . . . . . . . . . . . . . . . . . . . . 36
283	5.3. Content Negotiation . . . . . . . . . . . . . . . . . . . 37
284	5.3.1. Quality Values . . . . . . . . . . . . . . . . . . . . 37
285	5.3.2. Accept . . . . . . . . . . . . . . . . . . . . . . . . 38
286	5.3.3. Accept-Charset . . . . . . . . . . . . . . . . . . . . 40
287	5.3.4. Accept-Encoding . . . . . . . . . . . . . . . . . . . 41
288	5.3.5. Accept-Language . . . . . . . . . . . . . . . . . . . 42
289	5.4. Authentication Credentials . . . . . . . . . . . . . . . . 43
290	5.5. Request Context . . . . . . . . . . . . . . . . . . . . . 44
291	5.5.1. From . . . . . . . . . . . . . . . . . . . . . . . . . 44
292	5.5.2. Referer . . . . . . . . . . . . . . . . . . . . . . . 45
293	5.5.3. User-Agent . . . . . . . . . . . . . . . . . . . . . . 46
294	6. Response Status Codes . . . . . . . . . . . . . . . . . . . . 47
295	6.1. Overview of Status Codes . . . . . . . . . . . . . . . . . 48
296	6.2. Informational 1xx . . . . . . . . . . . . . . . . . . . . 50
297	6.2.1. 100 Continue . . . . . . . . . . . . . . . . . . . . . 50
298	6.2.2. 101 Switching Protocols . . . . . . . . . . . . . . . 50
299	6.3. Successful 2xx . . . . . . . . . . . . . . . . . . . . . . 51
300	6.3.1. 200 OK . . . . . . . . . . . . . . . . . . . . . . . . 51
301	6.3.2. 201 Created . . . . . . . . . . . . . . . . . . . . . 51
302	6.3.3. 202 Accepted . . . . . . . . . . . . . . . . . . . . . 52
303	6.3.4. 203 Non-Authoritative Information . . . . . . . . . . 52
304	6.3.5. 204 No Content . . . . . . . . . . . . . . . . . . . . 53
305	6.3.6. 205 Reset Content . . . . . . . . . . . . . . . . . . 53
306	6.4. Redirection 3xx . . . . . . . . . . . . . . . . . . . . . 54
307	6.4.1. 300 Multiple Choices . . . . . . . . . . . . . . . . . 55
308	6.4.2. 301 Moved Permanently . . . . . . . . . . . . . . . . 56
309	6.4.3. 302 Found . . . . . . . . . . . . . . . . . . . . . . 56
310	6.4.4. 303 See Other . . . . . . . . . . . . . . . . . . . . 57
311	6.4.5. 305 Use Proxy . . . . . . . . . . . . . . . . . . . . 57
312	6.4.6. 306 (Unused) . . . . . . . . . . . . . . . . . . . . . 57
313	6.4.7. 307 Temporary Redirect . . . . . . . . . . . . . . . . 58
314	6.5. Client Error 4xx . . . . . . . . . . . . . . . . . . . . . 58
315	6.5.1. 400 Bad Request . . . . . . . . . . . . . . . . . . . 58
316	6.5.2. 402 Payment Required . . . . . . . . . . . . . . . . . 58
317	6.5.3. 403 Forbidden . . . . . . . . . . . . . . . . . . . . 58
318	6.5.4. 404 Not Found . . . . . . . . . . . . . . . . . . . . 59
319	6.5.5. 405 Method Not Allowed . . . . . . . . . . . . . . . . 59
320	6.5.6. 406 Not Acceptable . . . . . . . . . . . . . . . . . . 59
321	6.5.7. 408 Request Timeout . . . . . . . . . . . . . . . . . 60
322	6.5.8. 409 Conflict . . . . . . . . . . . . . . . . . . . . . 60
323	6.5.9. 410 Gone . . . . . . . . . . . . . . . . . . . . . . . 60
324	6.5.10. 411 Length Required . . . . . . . . . . . . . . . . . 61
325	6.5.11. 413 Payload Too Large . . . . . . . . . . . . . . . . 61
326	6.5.12. 414 URI Too Long . . . . . . . . . . . . . . . . . . . 61
327	6.5.13. 415 Unsupported Media Type . . . . . . . . . . . . . . 61
328	6.5.14. 417 Expectation Failed . . . . . . . . . . . . . . . . 62
329	6.5.15. 426 Upgrade Required . . . . . . . . . . . . . . . . . 62
330
331	6.6. Server Error 5xx . . . . . . . . . . . . . . . . . . . . . 62
332	6.6.1. 500 Internal Server Error . . . . . . . . . . . . . . 62
333	6.6.2. 501 Not Implemented . . . . . . . . . . . . . . . . . 63
334	6.6.3. 502 Bad Gateway . . . . . . . . . . . . . . . . . . . 63
335	6.6.4. 503 Service Unavailable . . . . . . . . . . . . . . . 63
336	6.6.5. 504 Gateway Timeout . . . . . . . . . . . . . . . . . 63
337	6.6.6. 505 HTTP Version Not Supported . . . . . . . . . . . . 63
338	7. Response Header Fields . . . . . . . . . . . . . . . . . . . . 64
339	7.1. Control Data . . . . . . . . . . . . . . . . . . . . . . . 64
340	7.1.1. Origination Date . . . . . . . . . . . . . . . . . . . 64
341	7.1.2. Location . . . . . . . . . . . . . . . . . . . . . . . 68
342	7.1.3. Retry-After . . . . . . . . . . . . . . . . . . . . . 69
343	7.1.4. Vary . . . . . . . . . . . . . . . . . . . . . . . . . 70
344	7.2. Validator Header Fields . . . . . . . . . . . . . . . . . 71
345	7.3. Authentication Challenges . . . . . . . . . . . . . . . . 72
346	7.4. Response Context . . . . . . . . . . . . . . . . . . . . . 72
347	7.4.1. Allow . . . . . . . . . . . . . . . . . . . . . . . . 72
348	7.4.2. Server . . . . . . . . . . . . . . . . . . . . . . . . 73
349	8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 73
350	8.1. Method Registry . . . . . . . . . . . . . . . . . . . . . 74
351	8.1.1. Procedure . . . . . . . . . . . . . . . . . . . . . . 74
352	8.1.2. Considerations for New Methods . . . . . . . . . . . . 74
353	8.1.3. Registrations . . . . . . . . . . . . . . . . . . . . 75
354	8.2. Status Code Registry . . . . . . . . . . . . . . . . . . . 75
355	8.2.1. Procedure . . . . . . . . . . . . . . . . . . . . . . 75
356	8.2.2. Considerations for New Status Codes . . . . . . . . . 76
357	8.2.3. Registrations . . . . . . . . . . . . . . . . . . . . 76
358	8.3. Header Field Registry . . . . . . . . . . . . . . . . . . 77
359	8.3.1. Considerations for New Header Fields . . . . . . . . . 78
360	8.3.2. Registrations . . . . . . . . . . . . . . . . . . . . 80
361	8.4. Content Coding Registry . . . . . . . . . . . . . . . . . 80
362	8.4.1. Procedure . . . . . . . . . . . . . . . . . . . . . . 81
363	8.4.2. Registrations . . . . . . . . . . . . . . . . . . . . 81
364	9. Security Considerations . . . . . . . . . . . . . . . . . . . 81
365	9.1. Attacks Based on File and Path Names . . . . . . . . . . . 82
366	9.2. Attacks Based on Command, Code, or Query Injection . . . . 82
367	9.3. Disclosure of Personal Information . . . . . . . . . . . . 83
368	9.4. Disclosure of Sensitive Information in URIs . . . . . . . 83
369	9.5. Disclosure of Fragment after Redirects . . . . . . . . . . 83
370	9.6. Disclosure of Product Information . . . . . . . . . . . . 84
371	9.7. Browser Fingerprinting . . . . . . . . . . . . . . . . . . 84
372	10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 85
373	11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 85
374	11.1. Normative References . . . . . . . . . . . . . . . . . . . 85
375	11.2. Informative References . . . . . . . . . . . . . . . . . . 86
376	Appendix A. Differences between HTTP and MIME . . . . . . . . . . 88
377	A.1. MIME-Version . . . . . . . . . . . . . . . . . . . . . . . 88
378	A.2. Conversion to Canonical Form . . . . . . . . . . . . . . . 89
379	A.3. Conversion of Date Formats . . . . . . . . . . . . . . . . 89
380	A.4. Conversion of Content-Encoding . . . . . . . . . . . . . . 89
381	A.5. Conversion of Content-Transfer-Encoding . . . . . . . . . 90
382	A.6. MHTML and Line Length Limitations . . . . . . . . . . . . 90
383	Appendix B. Changes from RFC 2616 . . . . . . . . . . . . . . . . 90
384	Appendix C. Imported ABNF . . . . . . . . . . . . . . . . . . . . 93
385	Appendix D. Collected ABNF . . . . . . . . . . . . . . . . . . . 93
386	Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
387
388
389	Section 5.3.5., paragraph 2:
390	OLD:
391
392	Accept-Language = 1#( language-range [ weight ] )
393	language-range =
394	<language-range, see [RFC4647], Section 2.1>
395
396	NEW:
397
398	Accept-Language = 1#( language-range [ weight ] )
399	language-range =
400	<language-range, defined in [RFC4647], Section 2.1>
401
402
403	Section 5.5.1., paragraph 3:
404	OLD:
405
406	mailbox = <mailbox, see [RFC5322], Section 3.4>
407
408	NEW:
409
410	mailbox = <mailbox, defined in [RFC5322], Section 3.4>
411
412
413	Section 5.5.3., paragraph 5:
414	OLD:
415
416	A sender SHOULD limit generated product identifiers to what is
417	necessary to identify the product; a sender MUST NOT generate
418	advertising or other nonessential information within the product
419	identifier. A sender SHOULD NOT generate information in product-
420	version that is not a version identifier (i.e., successive versions
421	of the same product name only to differ only in the product-version
422	portion of the product identifier).
423
424	NEW:
425
426	A sender SHOULD limit generated product identifiers to what is
427	necessary to identify the product; a sender MUST NOT generate
428	advertising or other nonessential information within the product
429	identifier. A sender SHOULD NOT generate information in product-
430	version that is not a version identifier (i.e., successive versions
431	of the same product name ought to differ only in the product-version
432	portion of the product identifier).
433
434
435	Section 7.1.1.1., paragraph 10:
436	OLD:
437
438	IMF-fixdate = day-name "," SP date1 SP time-of-day SP GMT
439	; fixed length/zone/capitalization subset of the format
440	; see Section 3.3 of [RFC5322]
441
442	NEW:
443
444	IMF-fixdate = day-name "," SP date1 SP time-of-day SP GMT
445	; fixed length/zone/capitalization subset of the format
446	; defined in Section 3.3 of [RFC5322]
447
448
449	Section 11.1., paragraph 9:
450	OLD:
451
452	[RFC7230] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer
453	Protocol (HTTP/1.1): Message Syntax and Routing",
454	draft-ietf-httpbis-p1-messaging-latest (work in progress),
455	May 2014.
456
457	NEW:
458
459	[RFC7230] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer
460	Protocol (HTTP/1.1): Message Syntax and Routing",
461	RFC 7230, May 2014.
462
463
464	Section 11.1., paragraph 10:
465	OLD:
466
467	[RFC7232] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer
468	Protocol (HTTP/1.1): Conditional Requests",
469	draft-ietf-httpbis-p4-conditional-latest (work in
470	progress), May 2014.
471
472	NEW:
473
474	[RFC7232] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer
475	Protocol (HTTP/1.1): Conditional Requests", RFC 7232,
476	May 2014.
477
478
479	Section 11.1., paragraph 11:
480	OLD:
481
482	[RFC7233] Fielding, R., Ed., Lafon, Y., Ed., and J. Reschke, Ed.,
483	"Hypertext Transfer Protocol (HTTP/1.1): Range Requests",
484	draft-ietf-httpbis-p5-range-latest (work in progress),
485	May 2014.
486
487	NEW:
488
489	[RFC7233] Fielding, R., Ed., Lafon, Y., Ed., and J. Reschke, Ed.,
490	"Hypertext Transfer Protocol (HTTP/1.1): Range Requests",
491	RFC 7233, May 2014.
492
493
494	Section 11.1., paragraph 12:
495	OLD:
496
497	[RFC7234] Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke,
498	Ed., "Hypertext Transfer Protocol (HTTP/1.1): Caching",
499	draft-ietf-httpbis-p6-cache-latest (work in progress),
500	May 2014.
501
502	NEW:
503
504	[RFC7234] Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke,
505	Ed., "Hypertext Transfer Protocol (HTTP/1.1): Caching",
506	RFC 7234, May 2014.
507
508
509	Section 11.1., paragraph 13:
510	OLD:
511
512	[RFC7235] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer
513	Protocol (HTTP/1.1): Authentication",
514	draft-ietf-httpbis-p7-auth-latest (work in progress),
515	May 2014.
516
517	NEW:
518
519	[RFC7235] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer
520	Protocol (HTTP/1.1): Authentication", RFC 7235, May 2014.
521
522
523	Section 11.2., paragraph 25:
524	OLD:
525
526	[RFC7238] Reschke, J., "The Hypertext Transfer Protocol (HTTP)
527	Status Code 308 (Permanent Redirect)",
528	draft-reschke-http-status-308-07 (work in progress),
529	March 2012.
530
531	NEW:
532
533	[RFC7238] Reschke, J., "The Hypertext Transfer Protocol (HTTP)
534	Status Code 308 (Permanent Redirect)", RFC 7238, May 2014.
535
536
537	Appendix B., paragraph 2:
538	OLD:
539
540	A new requirement has been added that semantics embedded in a URI be
541	disabled when those semantics are inconsistent with the request
542	method, since this is a common cause of interoperability failure.
543
544	(Section 2)
545
546	NEW:
547
548	A new requirement has been added that semantics embedded in a URI be
549	disabled when those semantics are inconsistent with the request
550	method, since this is a common cause of interoperability failure.
551	(Section 2)
552
553
554	Appendix B., paragraph 26:
555	OLD:
556
557	The Status Code Registry has been redefined by this specification;
558	previously, it was defined in Section 7.1 of [RFC2817].
559
560	(Section 8.2)
561
562	NEW:
563
564	The Status Code Registry has been redefined by this specification;
565	previously, it was defined in Section 7.1 of [RFC2817].
566	(Section 8.2)
567
568
569	Appendix C., paragraph 3:
570	OLD:
571
572	BWS = <BWS, see [RFC7230], Section 3.2.3>
573	OWS = <OWS, see [RFC7230], Section 3.2.3>
574	RWS = <RWS, see [RFC7230], Section 3.2.3>
575	URI-reference = <URI-reference, see [RFC7230], Section 2.7>
576	absolute-URI = <absolute-URI, see [RFC7230], Section 2.7>
577	comment = <comment, see [RFC7230], Section 3.2.6>
578	field-name = <comment, see [RFC7230], Section 3.2>
579	partial-URI = <partial-URI, see [RFC7230], Section 2.7>
580	quoted-string = <quoted-string, see [RFC7230], Section 3.2.6>
581	token = <token, see [RFC7230], Section 3.2.6>
582
583	NEW:
584
585	BWS = <BWS, defined in [RFC7230], Section 3.2.3>
586	OWS = <OWS, defined in [RFC7230], Section 3.2.3>
587	RWS = <RWS, defined in [RFC7230], Section 3.2.3>
588	URI-reference = <URI-reference, defined in [RFC7230], Section 2.7>
589	absolute-URI = <absolute-URI, defined in [RFC7230], Section 2.7>
590	comment = <comment, defined in [RFC7230], Section 3.2.6>
591	field-name = <comment, defined in [RFC7230], Section 3.2>
592	partial-URI = <partial-URI, defined in [RFC7230], Section 2.7>
593	quoted-string = <quoted-string, defined in [RFC7230], Section 3.2.6>
594	token = <token, defined in [RFC7230], Section 3.2.6>
595
596
597	Section 1.2, paragraph 1:
598	OLD:
599
600	Accept = [ ( "," / ( media-range [ accept-params ] ) ) *( OWS "," [
601	OWS ( media-range [ accept-params ] ) ] ) ]
602	Accept-Charset = ( "," OWS ) ( ( charset / "" ) [ weight ] ) *( OWS
603	"," [ OWS ( ( charset / "*" ) [ weight ] ) ] )
604	Accept-Encoding = [ ( "," / ( codings [ weight ] ) ) *( OWS "," [ OWS
605	( codings [ weight ] ) ] ) ]
606	Accept-Language = ( "," OWS ) ( language-range [ weight ] ) ( OWS
607	"," [ OWS ( language-range [ weight ] ) ] )
608	Allow = [ ( "," / method ) *( OWS "," [ OWS method ] ) ]
609	BWS = <BWS, see [RFC7230], Section 3.2.3>
610
611	NEW:
612
613	Accept = [ ( "," / ( media-range [ accept-params ] ) ) *( OWS "," [
614	OWS ( media-range [ accept-params ] ) ] ) ]
615	Accept-Charset = ( "," OWS ) ( ( charset / "" ) [ weight ] ) *( OWS
616	"," [ OWS ( ( charset / "*" ) [ weight ] ) ] )
617	Accept-Encoding = [ ( "," / ( codings [ weight ] ) ) *( OWS "," [ OWS
618	( codings [ weight ] ) ] ) ]
619	Accept-Language = ( "," OWS ) ( language-range [ weight ] ) ( OWS
620	"," [ OWS ( language-range [ weight ] ) ] )
621	Allow = [ ( "," / method ) *( OWS "," [ OWS method ] ) ]
622
623	BWS = <BWS, defined in [RFC7230], Section 3.2.3>
624
625
626	Section 1.2, paragraph 2:
627	OLD:
628
629	Content-Encoding = ( "," OWS ) content-coding ( OWS "," [ OWS
630	content-coding ] )
631	Content-Language = ( "," OWS ) language-tag ( OWS "," [ OWS
632	language-tag ] )
633	Content-Location = absolute-URI / partial-URI
634	Content-Type = media-type
635
636	Date = HTTP-date
637
638	NEW:
639
640	Content-Encoding = ( "," OWS ) content-coding ( OWS "," [ OWS
641	content-coding ] )
642	Content-Language = ( "," OWS ) language-tag ( OWS "," [ OWS
643	language-tag ] )
644	Content-Location = absolute-URI / partial-URI
645	Content-Type = media-type
646	Date = HTTP-date
647
648
649	Section 1.2, paragraph 10:
650	OLD:
651
652	OWS = <OWS, see [RFC7230], Section 3.2.3>
653
654	NEW:
655
656	OWS = <OWS, defined in [RFC7230], Section 3.2.3>
657
658
659	Section 1.2, paragraph 11:
660	OLD:
661
662	RWS = <RWS, see [RFC7230], Section 3.2.3>
663	Referer = absolute-URI / partial-URI
664	Retry-After = HTTP-date / delay-seconds
665
666	NEW:
667
668	RWS = <RWS, defined in [RFC7230], Section 3.2.3>
669	Referer = absolute-URI / partial-URI
670	Retry-After = HTTP-date / delay-seconds
671
672
673	Section 1.2, paragraph 13:
674	OLD:
675
676	URI-reference = <URI-reference, see [RFC7230], Section 2.7>
677	User-Agent = product *( RWS ( product / comment ) )
678
679	NEW:
680
681	URI-reference = <URI-reference, defined in [RFC7230], Section 2.7>
682	User-Agent = product *( RWS ( product / comment ) )
683
684
685	Section 1.2, paragraph 15:
686	OLD:
687
688	absolute-URI = <absolute-URI, see [RFC7230], Section 2.7>
689	accept-ext = OWS ";" OWS token [ "=" ( token / quoted-string ) ]
690	accept-params = weight *accept-ext
691	asctime-date = day-name SP date3 SP time-of-day SP year
692
693	NEW:
694
695	absolute-URI = <absolute-URI, defined in [RFC7230], Section 2.7>
696	accept-ext = OWS ";" OWS token [ "=" ( token / quoted-string ) ]
697	accept-params = weight *accept-ext
698	asctime-date = day-name SP date3 SP time-of-day SP year
699
700
701	Section 1.2, paragraph 16:
702	OLD:
703
704	charset = token
705	codings = content-coding / "identity" / "*"
706	comment = <comment, see [RFC7230], Section 3.2.6>
707	content-coding = token
708	date1 = day SP month SP year
709	date2 = day "-" month "-" 2DIGIT
710	date3 = month SP ( 2DIGIT / ( SP DIGIT ) )
711	day = 2DIGIT
712	day-name = %x4D.6F.6E ; Mon
713	/ %x54.75.65 ; Tue
714	/ %x57.65.64 ; Wed
715	/ %x54.68.75 ; Thu
716	/ %x46.72.69 ; Fri
717	/ %x53.61.74 ; Sat
718	/ %x53.75.6E ; Sun
719	day-name-l = %x4D.6F.6E.64.61.79 ; Monday
720	/ %x54.75.65.73.64.61.79 ; Tuesday
721	/ %x57.65.64.6E.65.73.64.61.79 ; Wednesday
722	/ %x54.68.75.72.73.64.61.79 ; Thursday
723	/ %x46.72.69.64.61.79 ; Friday
724	/ %x53.61.74.75.72.64.61.79 ; Saturday
725	/ %x53.75.6E.64.61.79 ; Sunday
726	delay-seconds = 1*DIGIT
727
728	NEW:
729
730	charset = token
731	codings = content-coding / "identity" / "*"
732	comment = <comment, defined in [RFC7230], Section 3.2.6>
733	content-coding = token
734
735	date1 = day SP month SP year
736	date2 = day "-" month "-" 2DIGIT
737	date3 = month SP ( 2DIGIT / ( SP DIGIT ) )
738	day = 2DIGIT
739	day-name = %x4D.6F.6E ; Mon
740	/ %x54.75.65 ; Tue
741	/ %x57.65.64 ; Wed
742	/ %x54.68.75 ; Thu
743	/ %x46.72.69 ; Fri
744	/ %x53.61.74 ; Sat
745	/ %x53.75.6E ; Sun
746	day-name-l = %x4D.6F.6E.64.61.79 ; Monday
747	/ %x54.75.65.73.64.61.79 ; Tuesday
748	/ %x57.65.64.6E.65.73.64.61.79 ; Wednesday
749	/ %x54.68.75.72.73.64.61.79 ; Thursday
750	/ %x46.72.69.64.61.79 ; Friday
751	/ %x53.61.74.75.72.64.61.79 ; Saturday
752	/ %x53.75.6E.64.61.79 ; Sunday
753	delay-seconds = 1*DIGIT
754
755
756	Section 1.2, paragraph 17:
757	OLD:
758
759	field-name = <comment, see [RFC7230], Section 3.2>
760
761	NEW:
762
763	field-name = <comment, defined in [RFC7230], Section 3.2>
764
765
766	Section 1.2, paragraph 19:
767	OLD:
768
769	language-range = <language-range, see [RFC4647], Section 2.1>
770	language-tag = <Language-Tag, defined in [RFC5646], Section 2.1>
771
772	NEW:
773
774	language-range = <language-range, defined in [RFC4647], Section 2.1>
775	language-tag = <Language-Tag, defined in [RFC5646], Section 2.1>
776
777
778	Section 1.2, paragraph 20:
779	OLD:
780
781	mailbox = <mailbox, see [RFC5322], Section 3.4>
782	media-range = ( "/" / ( type "/" ) / ( type "/" subtype ) ) ( OWS
783	";" OWS parameter )
784	media-type = type "/" subtype *( OWS ";" OWS parameter )
785	method = token
786	minute = 2DIGIT
787	month = %x4A.61.6E ; Jan
788	/ %x46.65.62 ; Feb
789	/ %x4D.61.72 ; Mar
790	/ %x41.70.72 ; Apr
791	/ %x4D.61.79 ; May
792	/ %x4A.75.6E ; Jun
793	/ %x4A.75.6C ; Jul
794	/ %x41.75.67 ; Aug
795	/ %x53.65.70 ; Sep
796	/ %x4F.63.74 ; Oct
797	/ %x4E.6F.76 ; Nov
798	/ %x44.65.63 ; Dec
799
800	NEW:
801
802	mailbox = <mailbox, defined in [RFC5322], Section 3.4>
803	media-range = ( "/" / ( type "/" ) / ( type "/" subtype ) ) ( OWS
804	";" OWS parameter )
805	media-type = type "/" subtype *( OWS ";" OWS parameter )
806	method = token
807	minute = 2DIGIT
808	month = %x4A.61.6E ; Jan
809	/ %x46.65.62 ; Feb
810	/ %x4D.61.72 ; Mar
811	/ %x41.70.72 ; Apr
812	/ %x4D.61.79 ; May
813	/ %x4A.75.6E ; Jun
814	/ %x4A.75.6C ; Jul
815	/ %x41.75.67 ; Aug
816	/ %x53.65.70 ; Sep
817	/ %x4F.63.74 ; Oct
818	/ %x4E.6F.76 ; Nov
819	/ %x44.65.63 ; Dec
820
821
822	Section 1.2, paragraph 21:
823	OLD:
824
825	obs-date = rfc850-date / asctime-date
826	parameter = token "=" ( token / quoted-string )
827	partial-URI = <partial-URI, see [RFC7230], Section 2.7>
828	product = token [ "/" product-version ]
829	product-version = token
830
831	quoted-string = <quoted-string, see [RFC7230], Section 3.2.6>
832	qvalue = ( "0" [ "." 3DIGIT ] ) / ( "1" [ "." 3"0" ] )
833
834	NEW:
835
836	obs-date = rfc850-date / asctime-date
837
838	parameter = token "=" ( token / quoted-string )
839	partial-URI = <partial-URI, defined in [RFC7230], Section 2.7>
840	product = token [ "/" product-version ]
841	product-version = token
842	quoted-string = <quoted-string, defined in [RFC7230], Section 3.2.6>
843	qvalue = ( "0" [ "." 3DIGIT ] ) / ( "1" [ "." 3"0" ] )
844
845
846	Section 1.2, paragraph 24:
847	OLD:
848
849	time-of-day = hour ":" minute ":" second
850	token = <token, see [RFC7230], Section 3.2.6>
851	type = token
852
853	NEW:
854
855	time-of-day = hour ":" minute ":" second
856	token = <token, defined in [RFC7230], Section 3.2.6>
857	type = token
858
859
860	Section 1.2, paragraph 47:
861	OLD:
862
863	M
864	Max-Forwards header field 36
865	MIME-Version header field 89
866
867	NEW:
868
869	M
870	Max-Forwards header field 36
871	MIME-Version header field 88
872
873
874	Section 345, paragraph 1:
875	OLD:
876
877	EMail: fielding@gbiv.com
878	URI: http://roy.gbiv.com/
879	Julian F. Reschke (editor)
880	greenbytes GmbH
881	Hafenweg 16
882	Muenster, NW 48155
883	Germany
884
885	NEW:
886
887	EMail: fielding@gbiv.com
888	URI: http://roy.gbiv.com/
889
890	Julian F. Reschke (editor)
891	greenbytes GmbH
892	Hafenweg 16
893	Muenster, NW 48155
894	Germany
895

Note: See TracBrowser for help on using the repository browser.

Download in other formats: