source: draft-ietf-httpbis/latest/auth48/rfc7231.abdiff.txt @ 2682

Last change on this file since 2682 was 2682, checked in by julian.reschke@…, 6 years ago

updated AUTH48 version of RFC7231 (#553)

  • Property svn:eol-style set to native
File size: 37.3 KB
Line 
1
2INTRODUCTION, paragraph 1:
3OLD:
4
5 HTTPbis Working Group                                   R. Fielding, Ed.
6 Internet-Draft                                                     Adobe
7 Obsoletes: 2616 (if approved)                            J. Reschke, Ed.
8 Updates: 2817 (if approved)                                   greenbytes
9 Intended status: Standards Track                            May 19, 2014
10 Expires: November 20, 2014
11
12NEW:
13
14 Internet Engineering Task Force (IETF)                  R. Fielding, Ed.
15 Request for Comments: 7231                                         Adobe
16 Obsoletes: 2616                                          J. Reschke, Ed.
17 Updates: 2817                                                 greenbytes
18 Category: Standards Track                                       May 2014
19 ISSN: 2070-1721
20
21
22INTRODUCTION, paragraph 2:
23OLD:
24
25      Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content
26                  draft-ietf-httpbis-p2-semantics-latest
27
28NEW:
29
30      Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content
31
32
33INTRODUCTION, paragraph 5:
34OLD:
35
36 Editorial Note (To be removed by RFC Editor)
37 
38    Discussion of this draft takes place on the HTTPBIS working group
39    mailing list (ietf-http-wg@w3.org), which is archived at
40    <http://lists.w3.org/Archives/Public/ietf-http-wg/>.
41 
42    The current issues list is at
43    <http://tools.ietf.org/wg/httpbis/trac/report/3> and related
44    documents (including fancy diffs) can be found at
45    <http://tools.ietf.org/wg/httpbis/>.
46 
47    _This is a temporary document for the purpose of tracking the
48    editorial changes made during the AUTH48 (RFC publication) phase._
49 
50 Status of This Memo
51
52NEW:
53
54 Status of This Memo
55
56
57INTRODUCTION, paragraph 6:
58OLD:
59
60    This Internet-Draft is submitted in full conformance with the
61    provisions of BCP 78 and BCP 79.
62 
63    Internet-Drafts are working documents of the Internet Engineering
64    Task Force (IETF).  Note that other groups may also distribute
65    working documents as Internet-Drafts.  The list of current Internet-
66    Drafts is at http://datatracker.ietf.org/drafts/current/.
67
68NEW:
69
70    This is an Internet Standards Track document.
71
72
73INTRODUCTION, paragraph 7:
74OLD:
75
76    Internet-Drafts are draft documents valid for a maximum of six months
77    and may be updated, replaced, or obsoleted by other documents at any
78    time.  It is inappropriate to use Internet-Drafts as reference
79    material or to cite them other than as "work in progress."
80
81NEW:
82
83    This document is a product of the Internet Engineering Task Force
84    (IETF).  It represents the consensus of the IETF community.  It has
85    received public review and has been approved for publication by the
86    Internet Engineering Steering Group (IESG).  Further information on
87    Internet Standards is available in Section 2 of RFC 5741.
88
89
90INTRODUCTION, paragraph 8:
91OLD:
92
93    This Internet-Draft will expire on November 20, 2014.
94
95NEW:
96
97    Information about the current status of this document, any errata,
98    and how to provide feedback on it may be obtained at
99    http://www.rfc-editor.org/info/rfc7231.
100
101
102Section 11., paragraph 0:
103OLD:
104
105    1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  6
106      1.1.  Conformance and Error Handling . . . . . . . . . . . . . .  6
107      1.2.  Syntax Notation  . . . . . . . . . . . . . . . . . . . . .  6
108    2.  Resources  . . . . . . . . . . . . . . . . . . . . . . . . . .  7
109    3.  Representations  . . . . . . . . . . . . . . . . . . . . . . .  7
110      3.1.  Representation Metadata  . . . . . . . . . . . . . . . . .  8
111        3.1.1.  Processing Representation Data . . . . . . . . . . . .  8
112        3.1.2.  Encoding for Compression or Integrity  . . . . . . . . 11
113        3.1.3.  Audience Language  . . . . . . . . . . . . . . . . . . 13
114        3.1.4.  Identification . . . . . . . . . . . . . . . . . . . . 14
115      3.2.  Representation Data  . . . . . . . . . . . . . . . . . . . 17
116      3.3.  Payload Semantics  . . . . . . . . . . . . . . . . . . . . 17
117      3.4.  Content Negotiation  . . . . . . . . . . . . . . . . . . . 18
118        3.4.1.  Proactive Negotiation  . . . . . . . . . . . . . . . . 19
119        3.4.2.  Reactive Negotiation . . . . . . . . . . . . . . . . . 20
120 
121    4.  Request Methods  . . . . . . . . . . . . . . . . . . . . . . . 21
122      4.1.  Overview . . . . . . . . . . . . . . . . . . . . . . . . . 21
123      4.2.  Common Method Properties . . . . . . . . . . . . . . . . . 22
124        4.2.1.  Safe Methods . . . . . . . . . . . . . . . . . . . . . 22
125        4.2.2.  Idempotent Methods . . . . . . . . . . . . . . . . . . 23
126        4.2.3.  Cacheable Methods  . . . . . . . . . . . . . . . . . . 24
127      4.3.  Method Definitions . . . . . . . . . . . . . . . . . . . . 24
128        4.3.1.  GET  . . . . . . . . . . . . . . . . . . . . . . . . . 24
129        4.3.2.  HEAD . . . . . . . . . . . . . . . . . . . . . . . . . 25
130        4.3.3.  POST . . . . . . . . . . . . . . . . . . . . . . . . . 25
131        4.3.4.  PUT  . . . . . . . . . . . . . . . . . . . . . . . . . 26
132        4.3.5.  DELETE . . . . . . . . . . . . . . . . . . . . . . . . 29
133        4.3.6.  CONNECT  . . . . . . . . . . . . . . . . . . . . . . . 30
134        4.3.7.  OPTIONS  . . . . . . . . . . . . . . . . . . . . . . . 31
135        4.3.8.  TRACE  . . . . . . . . . . . . . . . . . . . . . . . . 32
136    5.  Request Header Fields  . . . . . . . . . . . . . . . . . . . . 33
137      5.1.  Controls . . . . . . . . . . . . . . . . . . . . . . . . . 33
138        5.1.1.  Expect . . . . . . . . . . . . . . . . . . . . . . . . 34
139        5.1.2.  Max-Forwards . . . . . . . . . . . . . . . . . . . . . 36
140      5.2.  Conditionals . . . . . . . . . . . . . . . . . . . . . . . 36
141      5.3.  Content Negotiation  . . . . . . . . . . . . . . . . . . . 37
142        5.3.1.  Quality Values . . . . . . . . . . . . . . . . . . . . 37
143        5.3.2.  Accept . . . . . . . . . . . . . . . . . . . . . . . . 38
144        5.3.3.  Accept-Charset . . . . . . . . . . . . . . . . . . . . 40
145        5.3.4.  Accept-Encoding  . . . . . . . . . . . . . . . . . . . 41
146        5.3.5.  Accept-Language  . . . . . . . . . . . . . . . . . . . 42
147      5.4.  Authentication Credentials . . . . . . . . . . . . . . . . 43
148      5.5.  Request Context  . . . . . . . . . . . . . . . . . . . . . 44
149        5.5.1.  From . . . . . . . . . . . . . . . . . . . . . . . . . 44
150        5.5.2.  Referer  . . . . . . . . . . . . . . . . . . . . . . . 45
151        5.5.3.  User-Agent . . . . . . . . . . . . . . . . . . . . . . 46
152    6.  Response Status Codes  . . . . . . . . . . . . . . . . . . . . 47
153      6.1.  Overview of Status Codes . . . . . . . . . . . . . . . . . 48
154      6.2.  Informational 1xx  . . . . . . . . . . . . . . . . . . . . 50
155        6.2.1.  100 Continue . . . . . . . . . . . . . . . . . . . . . 50
156        6.2.2.  101 Switching Protocols  . . . . . . . . . . . . . . . 50
157      6.3.  Successful 2xx . . . . . . . . . . . . . . . . . . . . . . 51
158        6.3.1.  200 OK . . . . . . . . . . . . . . . . . . . . . . . . 51
159        6.3.2.  201 Created  . . . . . . . . . . . . . . . . . . . . . 51
160        6.3.3.  202 Accepted . . . . . . . . . . . . . . . . . . . . . 52
161        6.3.4.  203 Non-Authoritative Information  . . . . . . . . . . 52
162        6.3.5.  204 No Content . . . . . . . . . . . . . . . . . . . . 53
163        6.3.6.  205 Reset Content  . . . . . . . . . . . . . . . . . . 53
164      6.4.  Redirection 3xx  . . . . . . . . . . . . . . . . . . . . . 54
165        6.4.1.  300 Multiple Choices . . . . . . . . . . . . . . . . . 55
166        6.4.2.  301 Moved Permanently  . . . . . . . . . . . . . . . . 56
167        6.4.3.  302 Found  . . . . . . . . . . . . . . . . . . . . . . 56
168        6.4.4.  303 See Other  . . . . . . . . . . . . . . . . . . . . 57
169        6.4.5.  305 Use Proxy  . . . . . . . . . . . . . . . . . . . . 57
170        6.4.6.  306 (Unused) . . . . . . . . . . . . . . . . . . . . . 57
171        6.4.7.  307 Temporary Redirect . . . . . . . . . . . . . . . . 58
172      6.5.  Client Error 4xx . . . . . . . . . . . . . . . . . . . . . 58
173        6.5.1.  400 Bad Request  . . . . . . . . . . . . . . . . . . . 58
174        6.5.2.  402 Payment Required . . . . . . . . . . . . . . . . . 58
175        6.5.3.  403 Forbidden  . . . . . . . . . . . . . . . . . . . . 58
176        6.5.4.  404 Not Found  . . . . . . . . . . . . . . . . . . . . 59
177        6.5.5.  405 Method Not Allowed . . . . . . . . . . . . . . . . 59
178        6.5.6.  406 Not Acceptable . . . . . . . . . . . . . . . . . . 59
179        6.5.7.  408 Request Timeout  . . . . . . . . . . . . . . . . . 60
180        6.5.8.  409 Conflict . . . . . . . . . . . . . . . . . . . . . 60
181        6.5.9.  410 Gone . . . . . . . . . . . . . . . . . . . . . . . 60
182        6.5.10. 411 Length Required  . . . . . . . . . . . . . . . . . 61
183        6.5.11. 413 Payload Too Large  . . . . . . . . . . . . . . . . 61
184        6.5.12. 414 URI Too Long . . . . . . . . . . . . . . . . . . . 61
185        6.5.13. 415 Unsupported Media Type . . . . . . . . . . . . . . 61
186        6.5.14. 417 Expectation Failed . . . . . . . . . . . . . . . . 62
187        6.5.15. 426 Upgrade Required . . . . . . . . . . . . . . . . . 62
188      6.6.  Server Error 5xx . . . . . . . . . . . . . . . . . . . . . 62
189        6.6.1.  500 Internal Server Error  . . . . . . . . . . . . . . 62
190        6.6.2.  501 Not Implemented  . . . . . . . . . . . . . . . . . 63
191        6.6.3.  502 Bad Gateway  . . . . . . . . . . . . . . . . . . . 63
192        6.6.4.  503 Service Unavailable  . . . . . . . . . . . . . . . 63
193        6.6.5.  504 Gateway Timeout  . . . . . . . . . . . . . . . . . 63
194        6.6.6.  505 HTTP Version Not Supported . . . . . . . . . . . . 63
195    7.  Response Header Fields . . . . . . . . . . . . . . . . . . . . 64
196      7.1.  Control Data . . . . . . . . . . . . . . . . . . . . . . . 64
197        7.1.1.  Origination Date . . . . . . . . . . . . . . . . . . . 64
198        7.1.2.  Location . . . . . . . . . . . . . . . . . . . . . . . 68
199        7.1.3.  Retry-After  . . . . . . . . . . . . . . . . . . . . . 69
200        7.1.4.  Vary . . . . . . . . . . . . . . . . . . . . . . . . . 70
201      7.2.  Validator Header Fields  . . . . . . . . . . . . . . . . . 71
202      7.3.  Authentication Challenges  . . . . . . . . . . . . . . . . 72
203      7.4.  Response Context . . . . . . . . . . . . . . . . . . . . . 72
204        7.4.1.  Allow  . . . . . . . . . . . . . . . . . . . . . . . . 72
205        7.4.2.  Server . . . . . . . . . . . . . . . . . . . . . . . . 73
206    8.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 73
207      8.1.  Method Registry  . . . . . . . . . . . . . . . . . . . . . 74
208        8.1.1.  Procedure  . . . . . . . . . . . . . . . . . . . . . . 74
209        8.1.2.  Considerations for New Methods . . . . . . . . . . . . 74
210        8.1.3.  Registrations  . . . . . . . . . . . . . . . . . . . . 75
211      8.2.  Status Code Registry . . . . . . . . . . . . . . . . . . . 75
212        8.2.1.  Procedure  . . . . . . . . . . . . . . . . . . . . . . 75
213        8.2.2.  Considerations for New Status Codes  . . . . . . . . . 76
214        8.2.3.  Registrations  . . . . . . . . . . . . . . . . . . . . 76
215      8.3.  Header Field Registry  . . . . . . . . . . . . . . . . . . 77
216        8.3.1.  Considerations for New Header Fields . . . . . . . . . 78
217        8.3.2.  Registrations  . . . . . . . . . . . . . . . . . . . . 80
218      8.4.  Content Coding Registry  . . . . . . . . . . . . . . . . . 80
219        8.4.1.  Procedure  . . . . . . . . . . . . . . . . . . . . . . 81
220        8.4.2.  Registrations  . . . . . . . . . . . . . . . . . . . . 81
221    9.  Security Considerations  . . . . . . . . . . . . . . . . . . . 81
222      9.1.  Attacks Based on File and Path Names . . . . . . . . . . . 82
223      9.2.  Attacks Based on Command, Code, or Query Injection . . . . 82
224      9.3.  Disclosure of Personal Information . . . . . . . . . . . . 83
225      9.4.  Disclosure of Sensitive Information in URIs  . . . . . . . 83
226      9.5.  Disclosure of Fragment after Redirects . . . . . . . . . . 83
227      9.6.  Disclosure of Product Information  . . . . . . . . . . . . 84
228      9.7.  Browser Fingerprinting . . . . . . . . . . . . . . . . . . 84
229    10. Acknowledgments  . . . . . . . . . . . . . . . . . . . . . . . 85
230    11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 85
231      11.1. Normative References . . . . . . . . . . . . . . . . . . . 85
232      11.2. Informative References . . . . . . . . . . . . . . . . . . 86
233    Appendix A.  Differences between HTTP and MIME . . . . . . . . . . 88
234      A.1.  MIME-Version . . . . . . . . . . . . . . . . . . . . . . . 89
235      A.2.  Conversion to Canonical Form . . . . . . . . . . . . . . . 89
236      A.3.  Conversion of Date Formats . . . . . . . . . . . . . . . . 89
237      A.4.  Conversion of Content-Encoding . . . . . . . . . . . . . . 89
238      A.5.  Conversion of Content-Transfer-Encoding  . . . . . . . . . 90
239      A.6.  MHTML and Line Length Limitations  . . . . . . . . . . . . 90
240    Appendix B.  Changes from RFC 2616 . . . . . . . . . . . . . . . . 90
241    Appendix C.  Imported ABNF . . . . . . . . . . . . . . . . . . . . 93
242    Appendix D.  Collected ABNF  . . . . . . . . . . . . . . . . . . . 93
243    Index  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
244
245NEW:
246
247    1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  6
248      1.1.  Conformance and Error Handling . . . . . . . . . . . . . .  6
249      1.2.  Syntax Notation  . . . . . . . . . . . . . . . . . . . . .  6
250    2.  Resources  . . . . . . . . . . . . . . . . . . . . . . . . . .  7
251    3.  Representations  . . . . . . . . . . . . . . . . . . . . . . .  7
252      3.1.  Representation Metadata  . . . . . . . . . . . . . . . . .  8
253        3.1.1.  Processing Representation Data . . . . . . . . . . . .  8
254        3.1.2.  Encoding for Compression or Integrity  . . . . . . . . 11
255        3.1.3.  Audience Language  . . . . . . . . . . . . . . . . . . 13
256        3.1.4.  Identification . . . . . . . . . . . . . . . . . . . . 14
257      3.2.  Representation Data  . . . . . . . . . . . . . . . . . . . 17
258      3.3.  Payload Semantics  . . . . . . . . . . . . . . . . . . . . 17
259      3.4.  Content Negotiation  . . . . . . . . . . . . . . . . . . . 18
260        3.4.1.  Proactive Negotiation  . . . . . . . . . . . . . . . . 19
261        3.4.2.  Reactive Negotiation . . . . . . . . . . . . . . . . . 20
262    4.  Request Methods  . . . . . . . . . . . . . . . . . . . . . . . 21
263      4.1.  Overview . . . . . . . . . . . . . . . . . . . . . . . . . 21
264      4.2.  Common Method Properties . . . . . . . . . . . . . . . . . 22
265        4.2.1.  Safe Methods . . . . . . . . . . . . . . . . . . . . . 22
266        4.2.2.  Idempotent Methods . . . . . . . . . . . . . . . . . . 23
267        4.2.3.  Cacheable Methods  . . . . . . . . . . . . . . . . . . 24
268      4.3.  Method Definitions . . . . . . . . . . . . . . . . . . . . 24
269        4.3.1.  GET  . . . . . . . . . . . . . . . . . . . . . . . . . 24
270        4.3.2.  HEAD . . . . . . . . . . . . . . . . . . . . . . . . . 25
271        4.3.3.  POST . . . . . . . . . . . . . . . . . . . . . . . . . 25
272        4.3.4.  PUT  . . . . . . . . . . . . . . . . . . . . . . . . . 26
273        4.3.5.  DELETE . . . . . . . . . . . . . . . . . . . . . . . . 29
274        4.3.6.  CONNECT  . . . . . . . . . . . . . . . . . . . . . . . 30
275        4.3.7.  OPTIONS  . . . . . . . . . . . . . . . . . . . . . . . 31
276        4.3.8.  TRACE  . . . . . . . . . . . . . . . . . . . . . . . . 32
277    5.  Request Header Fields  . . . . . . . . . . . . . . . . . . . . 33
278      5.1.  Controls . . . . . . . . . . . . . . . . . . . . . . . . . 33
279        5.1.1.  Expect . . . . . . . . . . . . . . . . . . . . . . . . 34
280        5.1.2.  Max-Forwards . . . . . . . . . . . . . . . . . . . . . 36
281 
282      5.2.  Conditionals . . . . . . . . . . . . . . . . . . . . . . . 36
283      5.3.  Content Negotiation  . . . . . . . . . . . . . . . . . . . 37
284        5.3.1.  Quality Values . . . . . . . . . . . . . . . . . . . . 37
285        5.3.2.  Accept . . . . . . . . . . . . . . . . . . . . . . . . 38
286        5.3.3.  Accept-Charset . . . . . . . . . . . . . . . . . . . . 40
287        5.3.4.  Accept-Encoding  . . . . . . . . . . . . . . . . . . . 41
288        5.3.5.  Accept-Language  . . . . . . . . . . . . . . . . . . . 42
289      5.4.  Authentication Credentials . . . . . . . . . . . . . . . . 43
290      5.5.  Request Context  . . . . . . . . . . . . . . . . . . . . . 44
291        5.5.1.  From . . . . . . . . . . . . . . . . . . . . . . . . . 44
292        5.5.2.  Referer  . . . . . . . . . . . . . . . . . . . . . . . 45
293        5.5.3.  User-Agent . . . . . . . . . . . . . . . . . . . . . . 46
294    6.  Response Status Codes  . . . . . . . . . . . . . . . . . . . . 47
295      6.1.  Overview of Status Codes . . . . . . . . . . . . . . . . . 48
296      6.2.  Informational 1xx  . . . . . . . . . . . . . . . . . . . . 50
297        6.2.1.  100 Continue . . . . . . . . . . . . . . . . . . . . . 50
298        6.2.2.  101 Switching Protocols  . . . . . . . . . . . . . . . 50
299      6.3.  Successful 2xx . . . . . . . . . . . . . . . . . . . . . . 51
300        6.3.1.  200 OK . . . . . . . . . . . . . . . . . . . . . . . . 51
301        6.3.2.  201 Created  . . . . . . . . . . . . . . . . . . . . . 51
302        6.3.3.  202 Accepted . . . . . . . . . . . . . . . . . . . . . 52
303        6.3.4.  203 Non-Authoritative Information  . . . . . . . . . . 52
304        6.3.5.  204 No Content . . . . . . . . . . . . . . . . . . . . 53
305        6.3.6.  205 Reset Content  . . . . . . . . . . . . . . . . . . 53
306      6.4.  Redirection 3xx  . . . . . . . . . . . . . . . . . . . . . 54
307        6.4.1.  300 Multiple Choices . . . . . . . . . . . . . . . . . 55
308        6.4.2.  301 Moved Permanently  . . . . . . . . . . . . . . . . 56
309        6.4.3.  302 Found  . . . . . . . . . . . . . . . . . . . . . . 56
310        6.4.4.  303 See Other  . . . . . . . . . . . . . . . . . . . . 57
311        6.4.5.  305 Use Proxy  . . . . . . . . . . . . . . . . . . . . 57
312        6.4.6.  306 (Unused) . . . . . . . . . . . . . . . . . . . . . 57
313        6.4.7.  307 Temporary Redirect . . . . . . . . . . . . . . . . 58
314      6.5.  Client Error 4xx . . . . . . . . . . . . . . . . . . . . . 58
315        6.5.1.  400 Bad Request  . . . . . . . . . . . . . . . . . . . 58
316        6.5.2.  402 Payment Required . . . . . . . . . . . . . . . . . 58
317        6.5.3.  403 Forbidden  . . . . . . . . . . . . . . . . . . . . 58
318        6.5.4.  404 Not Found  . . . . . . . . . . . . . . . . . . . . 59
319        6.5.5.  405 Method Not Allowed . . . . . . . . . . . . . . . . 59
320        6.5.6.  406 Not Acceptable . . . . . . . . . . . . . . . . . . 59
321        6.5.7.  408 Request Timeout  . . . . . . . . . . . . . . . . . 60
322        6.5.8.  409 Conflict . . . . . . . . . . . . . . . . . . . . . 60
323        6.5.9.  410 Gone . . . . . . . . . . . . . . . . . . . . . . . 60
324        6.5.10. 411 Length Required  . . . . . . . . . . . . . . . . . 61
325        6.5.11. 413 Payload Too Large  . . . . . . . . . . . . . . . . 61
326        6.5.12. 414 URI Too Long . . . . . . . . . . . . . . . . . . . 61
327        6.5.13. 415 Unsupported Media Type . . . . . . . . . . . . . . 61
328        6.5.14. 417 Expectation Failed . . . . . . . . . . . . . . . . 62
329        6.5.15. 426 Upgrade Required . . . . . . . . . . . . . . . . . 62
330 
331      6.6.  Server Error 5xx . . . . . . . . . . . . . . . . . . . . . 62
332        6.6.1.  500 Internal Server Error  . . . . . . . . . . . . . . 62
333        6.6.2.  501 Not Implemented  . . . . . . . . . . . . . . . . . 63
334        6.6.3.  502 Bad Gateway  . . . . . . . . . . . . . . . . . . . 63
335        6.6.4.  503 Service Unavailable  . . . . . . . . . . . . . . . 63
336        6.6.5.  504 Gateway Timeout  . . . . . . . . . . . . . . . . . 63
337        6.6.6.  505 HTTP Version Not Supported . . . . . . . . . . . . 63
338    7.  Response Header Fields . . . . . . . . . . . . . . . . . . . . 64
339      7.1.  Control Data . . . . . . . . . . . . . . . . . . . . . . . 64
340        7.1.1.  Origination Date . . . . . . . . . . . . . . . . . . . 64
341        7.1.2.  Location . . . . . . . . . . . . . . . . . . . . . . . 68
342        7.1.3.  Retry-After  . . . . . . . . . . . . . . . . . . . . . 69
343        7.1.4.  Vary . . . . . . . . . . . . . . . . . . . . . . . . . 70
344      7.2.  Validator Header Fields  . . . . . . . . . . . . . . . . . 71
345      7.3.  Authentication Challenges  . . . . . . . . . . . . . . . . 72
346      7.4.  Response Context . . . . . . . . . . . . . . . . . . . . . 72
347        7.4.1.  Allow  . . . . . . . . . . . . . . . . . . . . . . . . 72
348        7.4.2.  Server . . . . . . . . . . . . . . . . . . . . . . . . 73
349    8.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 73
350      8.1.  Method Registry  . . . . . . . . . . . . . . . . . . . . . 74
351        8.1.1.  Procedure  . . . . . . . . . . . . . . . . . . . . . . 74
352        8.1.2.  Considerations for New Methods . . . . . . . . . . . . 74
353        8.1.3.  Registrations  . . . . . . . . . . . . . . . . . . . . 75
354      8.2.  Status Code Registry . . . . . . . . . . . . . . . . . . . 75
355        8.2.1.  Procedure  . . . . . . . . . . . . . . . . . . . . . . 75
356        8.2.2.  Considerations for New Status Codes  . . . . . . . . . 76
357        8.2.3.  Registrations  . . . . . . . . . . . . . . . . . . . . 76
358      8.3.  Header Field Registry  . . . . . . . . . . . . . . . . . . 77
359        8.3.1.  Considerations for New Header Fields . . . . . . . . . 78
360        8.3.2.  Registrations  . . . . . . . . . . . . . . . . . . . . 80
361      8.4.  Content Coding Registry  . . . . . . . . . . . . . . . . . 80
362        8.4.1.  Procedure  . . . . . . . . . . . . . . . . . . . . . . 81
363        8.4.2.  Registrations  . . . . . . . . . . . . . . . . . . . . 81
364    9.  Security Considerations  . . . . . . . . . . . . . . . . . . . 81
365      9.1.  Attacks Based on File and Path Names . . . . . . . . . . . 82
366      9.2.  Attacks Based on Command, Code, or Query Injection . . . . 82
367      9.3.  Disclosure of Personal Information . . . . . . . . . . . . 83
368      9.4.  Disclosure of Sensitive Information in URIs  . . . . . . . 83
369      9.5.  Disclosure of Fragment after Redirects . . . . . . . . . . 83
370      9.6.  Disclosure of Product Information  . . . . . . . . . . . . 84
371      9.7.  Browser Fingerprinting . . . . . . . . . . . . . . . . . . 84
372    10. Acknowledgments  . . . . . . . . . . . . . . . . . . . . . . . 85
373    11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 85
374      11.1. Normative References . . . . . . . . . . . . . . . . . . . 85
375      11.2. Informative References . . . . . . . . . . . . . . . . . . 86
376    Appendix A.  Differences between HTTP and MIME . . . . . . . . . . 88
377      A.1.  MIME-Version . . . . . . . . . . . . . . . . . . . . . . . 88
378      A.2.  Conversion to Canonical Form . . . . . . . . . . . . . . . 89
379      A.3.  Conversion of Date Formats . . . . . . . . . . . . . . . . 89
380      A.4.  Conversion of Content-Encoding . . . . . . . . . . . . . . 89
381      A.5.  Conversion of Content-Transfer-Encoding  . . . . . . . . . 90
382      A.6.  MHTML and Line Length Limitations  . . . . . . . . . . . . 90
383    Appendix B.  Changes from RFC 2616 . . . . . . . . . . . . . . . . 90
384    Appendix C.  Imported ABNF . . . . . . . . . . . . . . . . . . . . 93
385    Appendix D.  Collected ABNF  . . . . . . . . . . . . . . . . . . . 93
386    Index  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
387
388
389Section 5.3.5., paragraph 2:
390OLD:
391
392      Accept-Language = 1#( language-range [ weight ] )
393      language-range  =
394                <language-range, see [RFC4647], Section 2.1>
395
396NEW:
397
398      Accept-Language = 1#( language-range [ weight ] )
399      language-range  =
400                <language-range, defined in [RFC4647], Section 2.1>
401
402
403Section 5.5.1., paragraph 3:
404OLD:
405
406      mailbox = <mailbox, see [RFC5322], Section 3.4>
407
408NEW:
409
410      mailbox = <mailbox, defined in [RFC5322], Section 3.4>
411
412
413Section 5.5.3., paragraph 5:
414OLD:
415
416    A sender SHOULD limit generated product identifiers to what is
417    necessary to identify the product; a sender MUST NOT generate
418    advertising or other nonessential information within the product
419    identifier.  A sender SHOULD NOT generate information in product-
420    version that is not a version identifier (i.e., successive versions
421    of the same product name only to differ only in the product-version
422    portion of the product identifier).
423
424NEW:
425
426    A sender SHOULD limit generated product identifiers to what is
427    necessary to identify the product; a sender MUST NOT generate
428    advertising or other nonessential information within the product
429    identifier.  A sender SHOULD NOT generate information in product-
430    version that is not a version identifier (i.e., successive versions
431    of the same product name ought to differ only in the product-version
432    portion of the product identifier).
433
434
435Section 7.1.1.1., paragraph 10:
436OLD:
437
438      IMF-fixdate  = day-name "," SP date1 SP time-of-day SP GMT
439      ; fixed length/zone/capitalization subset of the format
440      ; see Section 3.3 of [RFC5322]
441
442NEW:
443
444      IMF-fixdate  = day-name "," SP date1 SP time-of-day SP GMT
445      ; fixed length/zone/capitalization subset of the format
446      ; defined in Section 3.3 of [RFC5322]
447
448
449Section 11.1., paragraph 9:
450OLD:
451
452    [RFC7230]  Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer
453               Protocol (HTTP/1.1): Message Syntax and Routing",
454               draft-ietf-httpbis-p1-messaging-latest (work in progress),
455               May 2014.
456
457NEW:
458
459    [RFC7230]  Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer
460               Protocol (HTTP/1.1): Message Syntax and Routing",
461               RFC 7230, May 2014.
462
463
464Section 11.1., paragraph 10:
465OLD:
466
467    [RFC7232]  Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer
468               Protocol (HTTP/1.1): Conditional Requests",
469               draft-ietf-httpbis-p4-conditional-latest (work in
470               progress), May 2014.
471
472NEW:
473
474    [RFC7232]  Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer
475               Protocol (HTTP/1.1): Conditional Requests", RFC 7232,
476               May 2014.
477
478
479Section 11.1., paragraph 11:
480OLD:
481
482    [RFC7233]  Fielding, R., Ed., Lafon, Y., Ed., and J. Reschke, Ed.,
483               "Hypertext Transfer Protocol (HTTP/1.1): Range Requests",
484               draft-ietf-httpbis-p5-range-latest (work in progress),
485               May 2014.
486
487NEW:
488
489    [RFC7233]  Fielding, R., Ed., Lafon, Y., Ed., and J. Reschke, Ed.,
490               "Hypertext Transfer Protocol (HTTP/1.1): Range Requests",
491               RFC 7233, May 2014.
492
493
494Section 11.1., paragraph 12:
495OLD:
496
497    [RFC7234]  Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke,
498               Ed., "Hypertext Transfer Protocol (HTTP/1.1): Caching",
499               draft-ietf-httpbis-p6-cache-latest (work in progress),
500               May 2014.
501
502NEW:
503
504    [RFC7234]  Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke,
505               Ed., "Hypertext Transfer Protocol (HTTP/1.1): Caching",
506               RFC 7234, May 2014.
507
508
509Section 11.1., paragraph 13:
510OLD:
511
512    [RFC7235]  Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer
513               Protocol (HTTP/1.1): Authentication",
514               draft-ietf-httpbis-p7-auth-latest (work in progress),
515               May 2014.
516
517NEW:
518
519    [RFC7235]  Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer
520               Protocol (HTTP/1.1): Authentication", RFC 7235, May 2014.
521
522
523Section 11.2., paragraph 25:
524OLD:
525
526    [RFC7238]  Reschke, J., "The Hypertext Transfer Protocol (HTTP)
527               Status Code 308 (Permanent Redirect)",
528               draft-reschke-http-status-308-07 (work in progress),
529               March 2012.
530
531NEW:
532
533    [RFC7238]  Reschke, J., "The Hypertext Transfer Protocol (HTTP)
534               Status Code 308 (Permanent Redirect)", RFC 7238, May 2014.
535
536
537Appendix B., paragraph 2:
538OLD:
539
540    A new requirement has been added that semantics embedded in a URI be
541    disabled when those semantics are inconsistent with the request
542    method, since this is a common cause of interoperability failure.
543 
544    (Section 2)
545
546NEW:
547
548    A new requirement has been added that semantics embedded in a URI be
549    disabled when those semantics are inconsistent with the request
550    method, since this is a common cause of interoperability failure.
551    (Section 2)
552
553
554Appendix B., paragraph 26:
555OLD:
556
557    The Status Code Registry has been redefined by this specification;
558    previously, it was defined in Section 7.1 of [RFC2817].
559 
560    (Section 8.2)
561
562NEW:
563
564    The Status Code Registry has been redefined by this specification;
565    previously, it was defined in Section 7.1 of [RFC2817].
566    (Section 8.2)
567
568
569Appendix C., paragraph 3:
570OLD:
571
572      BWS           = <BWS, see [RFC7230], Section 3.2.3>
573      OWS           = <OWS, see [RFC7230], Section 3.2.3>
574      RWS           = <RWS, see [RFC7230], Section 3.2.3>
575      URI-reference = <URI-reference, see [RFC7230], Section 2.7>
576      absolute-URI  = <absolute-URI, see [RFC7230], Section 2.7>
577      comment       = <comment, see [RFC7230], Section 3.2.6>
578      field-name    = <comment, see [RFC7230], Section 3.2>
579      partial-URI   = <partial-URI, see [RFC7230], Section 2.7>
580      quoted-string = <quoted-string, see [RFC7230], Section 3.2.6>
581      token         = <token, see [RFC7230], Section 3.2.6>
582
583NEW:
584
585     BWS           = <BWS, defined in [RFC7230], Section 3.2.3>
586     OWS           = <OWS, defined in [RFC7230], Section 3.2.3>
587     RWS           = <RWS, defined in [RFC7230], Section 3.2.3>
588     URI-reference = <URI-reference, defined in [RFC7230], Section 2.7>
589     absolute-URI  = <absolute-URI, defined in [RFC7230], Section 2.7>
590     comment       = <comment, defined in [RFC7230], Section 3.2.6>
591     field-name    = <comment, defined in [RFC7230], Section 3.2>
592     partial-URI   = <partial-URI, defined in [RFC7230], Section 2.7>
593     quoted-string = <quoted-string, defined in [RFC7230], Section 3.2.6>
594     token         = <token, defined in [RFC7230], Section 3.2.6>
595
596
597Section 1.2, paragraph 1:
598OLD:
599
600    Accept = [ ( "," / ( media-range [ accept-params ] ) ) *( OWS "," [
601     OWS ( media-range [ accept-params ] ) ] ) ]
602    Accept-Charset = *( "," OWS ) ( ( charset / "*" ) [ weight ] ) *( OWS
603     "," [ OWS ( ( charset / "*" ) [ weight ] ) ] )
604    Accept-Encoding = [ ( "," / ( codings [ weight ] ) ) *( OWS "," [ OWS
605     ( codings [ weight ] ) ] ) ]
606    Accept-Language = *( "," OWS ) ( language-range [ weight ] ) *( OWS
607     "," [ OWS ( language-range [ weight ] ) ] )
608    Allow = [ ( "," / method ) *( OWS "," [ OWS method ] ) ]
609    BWS = <BWS, see [RFC7230], Section 3.2.3>
610
611NEW:
612
613    Accept = [ ( "," / ( media-range [ accept-params ] ) ) *( OWS "," [
614     OWS ( media-range [ accept-params ] ) ] ) ]
615    Accept-Charset = *( "," OWS ) ( ( charset / "*" ) [ weight ] ) *( OWS
616     "," [ OWS ( ( charset / "*" ) [ weight ] ) ] )
617    Accept-Encoding = [ ( "," / ( codings [ weight ] ) ) *( OWS "," [ OWS
618     ( codings [ weight ] ) ] ) ]
619    Accept-Language = *( "," OWS ) ( language-range [ weight ] ) *( OWS
620     "," [ OWS ( language-range [ weight ] ) ] )
621    Allow = [ ( "," / method ) *( OWS "," [ OWS method ] ) ]
622 
623    BWS = <BWS, defined in [RFC7230], Section 3.2.3>
624
625
626Section 1.2, paragraph 2:
627OLD:
628
629    Content-Encoding = *( "," OWS ) content-coding *( OWS "," [ OWS
630     content-coding ] )
631    Content-Language = *( "," OWS ) language-tag *( OWS "," [ OWS
632     language-tag ] )
633    Content-Location = absolute-URI / partial-URI
634    Content-Type = media-type
635 
636    Date = HTTP-date
637
638NEW:
639
640    Content-Encoding = *( "," OWS ) content-coding *( OWS "," [ OWS
641     content-coding ] )
642    Content-Language = *( "," OWS ) language-tag *( OWS "," [ OWS
643     language-tag ] )
644    Content-Location = absolute-URI / partial-URI
645    Content-Type = media-type
646    Date = HTTP-date
647
648
649Section 1.2, paragraph 10:
650OLD:
651
652    OWS = <OWS, see [RFC7230], Section 3.2.3>
653
654NEW:
655
656    OWS = <OWS, defined in [RFC7230], Section 3.2.3>
657
658
659Section 1.2, paragraph 11:
660OLD:
661
662    RWS = <RWS, see [RFC7230], Section 3.2.3>
663    Referer = absolute-URI / partial-URI
664    Retry-After = HTTP-date / delay-seconds
665
666NEW:
667
668    RWS = <RWS, defined in [RFC7230], Section 3.2.3>
669    Referer = absolute-URI / partial-URI
670    Retry-After = HTTP-date / delay-seconds
671
672
673Section 1.2, paragraph 13:
674OLD:
675
676    URI-reference = <URI-reference, see [RFC7230], Section 2.7>
677    User-Agent = product *( RWS ( product / comment ) )
678
679NEW:
680
681    URI-reference = <URI-reference, defined in [RFC7230], Section 2.7>
682    User-Agent = product *( RWS ( product / comment ) )
683
684
685Section 1.2, paragraph 15:
686OLD:
687
688    absolute-URI = <absolute-URI, see [RFC7230], Section 2.7>
689    accept-ext = OWS ";" OWS token [ "=" ( token / quoted-string ) ]
690    accept-params = weight *accept-ext
691    asctime-date = day-name SP date3 SP time-of-day SP year
692
693NEW:
694
695    absolute-URI = <absolute-URI, defined in [RFC7230], Section 2.7>
696    accept-ext = OWS ";" OWS token [ "=" ( token / quoted-string ) ]
697    accept-params = weight *accept-ext
698    asctime-date = day-name SP date3 SP time-of-day SP year
699
700
701Section 1.2, paragraph 16:
702OLD:
703
704    charset = token
705    codings = content-coding / "identity" / "*"
706    comment = <comment, see [RFC7230], Section 3.2.6>
707    content-coding = token
708    date1 = day SP month SP year
709    date2 = day "-" month "-" 2DIGIT
710    date3 = month SP ( 2DIGIT / ( SP DIGIT ) )
711    day = 2DIGIT
712    day-name = %x4D.6F.6E ; Mon
713     / %x54.75.65 ; Tue
714     / %x57.65.64 ; Wed
715     / %x54.68.75 ; Thu
716     / %x46.72.69 ; Fri
717     / %x53.61.74 ; Sat
718     / %x53.75.6E ; Sun
719    day-name-l = %x4D.6F.6E.64.61.79 ; Monday
720     / %x54.75.65.73.64.61.79 ; Tuesday
721     / %x57.65.64.6E.65.73.64.61.79 ; Wednesday
722     / %x54.68.75.72.73.64.61.79 ; Thursday
723     / %x46.72.69.64.61.79 ; Friday
724     / %x53.61.74.75.72.64.61.79 ; Saturday
725     / %x53.75.6E.64.61.79 ; Sunday
726    delay-seconds = 1*DIGIT
727
728NEW:
729
730    charset = token
731    codings = content-coding / "identity" / "*"
732    comment = <comment, defined in [RFC7230], Section 3.2.6>
733    content-coding = token
734 
735    date1 = day SP month SP year
736    date2 = day "-" month "-" 2DIGIT
737    date3 = month SP ( 2DIGIT / ( SP DIGIT ) )
738    day = 2DIGIT
739    day-name = %x4D.6F.6E ; Mon
740     / %x54.75.65 ; Tue
741     / %x57.65.64 ; Wed
742     / %x54.68.75 ; Thu
743     / %x46.72.69 ; Fri
744     / %x53.61.74 ; Sat
745     / %x53.75.6E ; Sun
746    day-name-l = %x4D.6F.6E.64.61.79 ; Monday
747     / %x54.75.65.73.64.61.79 ; Tuesday
748     / %x57.65.64.6E.65.73.64.61.79 ; Wednesday
749     / %x54.68.75.72.73.64.61.79 ; Thursday
750     / %x46.72.69.64.61.79 ; Friday
751     / %x53.61.74.75.72.64.61.79 ; Saturday
752     / %x53.75.6E.64.61.79 ; Sunday
753    delay-seconds = 1*DIGIT
754
755
756Section 1.2, paragraph 17:
757OLD:
758
759    field-name = <comment, see [RFC7230], Section 3.2>
760
761NEW:
762
763    field-name = <comment, defined in [RFC7230], Section 3.2>
764
765
766Section 1.2, paragraph 19:
767OLD:
768
769    language-range = <language-range, see [RFC4647], Section 2.1>
770    language-tag = <Language-Tag, defined in [RFC5646], Section 2.1>
771
772NEW:
773
774    language-range = <language-range, defined in [RFC4647], Section 2.1>
775    language-tag = <Language-Tag, defined in [RFC5646], Section 2.1>
776
777
778Section 1.2, paragraph 20:
779OLD:
780
781    mailbox = <mailbox, see [RFC5322], Section 3.4>
782    media-range = ( "*/*" / ( type "/*" ) / ( type "/" subtype ) ) *( OWS
783     ";" OWS parameter )
784    media-type = type "/" subtype *( OWS ";" OWS parameter )
785    method = token
786    minute = 2DIGIT
787    month = %x4A.61.6E ; Jan
788     / %x46.65.62 ; Feb
789     / %x4D.61.72 ; Mar
790     / %x41.70.72 ; Apr
791     / %x4D.61.79 ; May
792     / %x4A.75.6E ; Jun
793     / %x4A.75.6C ; Jul
794     / %x41.75.67 ; Aug
795     / %x53.65.70 ; Sep
796     / %x4F.63.74 ; Oct
797     / %x4E.6F.76 ; Nov
798     / %x44.65.63 ; Dec
799
800NEW:
801
802    mailbox = <mailbox, defined in [RFC5322], Section 3.4>
803    media-range = ( "*/*" / ( type "/*" ) / ( type "/" subtype ) ) *( OWS
804     ";" OWS parameter )
805    media-type = type "/" subtype *( OWS ";" OWS parameter )
806    method = token
807    minute = 2DIGIT
808    month = %x4A.61.6E ; Jan
809     / %x46.65.62 ; Feb
810     / %x4D.61.72 ; Mar
811     / %x41.70.72 ; Apr
812     / %x4D.61.79 ; May
813     / %x4A.75.6E ; Jun
814     / %x4A.75.6C ; Jul
815     / %x41.75.67 ; Aug
816     / %x53.65.70 ; Sep
817     / %x4F.63.74 ; Oct
818     / %x4E.6F.76 ; Nov
819     / %x44.65.63 ; Dec
820
821
822Section 1.2, paragraph 21:
823OLD:
824
825    obs-date = rfc850-date / asctime-date
826    parameter = token "=" ( token / quoted-string )
827    partial-URI = <partial-URI, see [RFC7230], Section 2.7>
828    product = token [ "/" product-version ]
829    product-version = token
830 
831    quoted-string = <quoted-string, see [RFC7230], Section 3.2.6>
832    qvalue = ( "0" [ "." *3DIGIT ] ) / ( "1" [ "." *3"0" ] )
833
834NEW:
835
836    obs-date = rfc850-date / asctime-date
837 
838    parameter = token "=" ( token / quoted-string )
839    partial-URI = <partial-URI, defined in [RFC7230], Section 2.7>
840    product = token [ "/" product-version ]
841    product-version = token
842    quoted-string = <quoted-string, defined in [RFC7230], Section 3.2.6>
843    qvalue = ( "0" [ "." *3DIGIT ] ) / ( "1" [ "." *3"0" ] )
844
845
846Section 1.2, paragraph 24:
847OLD:
848
849    time-of-day = hour ":" minute ":" second
850    token = <token, see [RFC7230], Section 3.2.6>
851    type = token
852
853NEW:
854
855    time-of-day = hour ":" minute ":" second
856    token = <token, defined in [RFC7230], Section 3.2.6>
857    type = token
858
859
860Section 1.2, paragraph 47:
861OLD:
862
863    M
864       Max-Forwards header field  36
865       MIME-Version header field  89
866
867NEW:
868
869    M
870       Max-Forwards header field  36
871       MIME-Version header field  88
872
873
874Section 345, paragraph 1:
875OLD:
876
877    EMail: fielding@gbiv.com
878    URI:   http://roy.gbiv.com/
879    Julian F. Reschke (editor)
880    greenbytes GmbH
881    Hafenweg 16
882    Muenster, NW  48155
883    Germany
884
885NEW:
886
887    EMail: fielding@gbiv.com
888    URI:   http://roy.gbiv.com/
889 
890    Julian F. Reschke (editor)
891    greenbytes GmbH
892    Hafenweg 16
893    Muenster, NW  48155
894    Germany
895
Note: See TracBrowser for help on using the repository browser.