source: draft-ietf-httpbis/latest/auth48/rfc7231.abdiff.txt @ 2684

Last change on this file since 2684 was 2684, checked in by julian.reschke@…, 6 years ago

fix [2679] (#553)

  • Property svn:eol-style set to native
File size: 36.3 KB
Line 
1
2INTRODUCTION, paragraph 1:
3OLD:
4
5 HTTPbis Working Group                                   R. Fielding, Ed.
6 Internet-Draft                                                     Adobe
7 Obsoletes: 2616 (if approved)                            J. Reschke, Ed.
8 Updates: 2817 (if approved)                                   greenbytes
9 Intended status: Standards Track                            May 19, 2014
10 Expires: November 20, 2014
11
12NEW:
13
14 Internet Engineering Task Force (IETF)                  R. Fielding, Ed.
15 Request for Comments: 7231                                         Adobe
16 Obsoletes: 2616                                          J. Reschke, Ed.
17 Updates: 2817                                                 greenbytes
18 Category: Standards Track                                       May 2014
19 ISSN: 2070-1721
20
21
22INTRODUCTION, paragraph 2:
23OLD:
24
25      Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content
26                  draft-ietf-httpbis-p2-semantics-latest
27
28NEW:
29
30      Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content
31
32
33INTRODUCTION, paragraph 5:
34OLD:
35
36 Editorial Note (To be removed by RFC Editor)
37 
38    Discussion of this draft takes place on the HTTPBIS working group
39    mailing list (ietf-http-wg@w3.org), which is archived at
40    <http://lists.w3.org/Archives/Public/ietf-http-wg/>.
41 
42    The current issues list is at
43    <http://tools.ietf.org/wg/httpbis/trac/report/3> and related
44    documents (including fancy diffs) can be found at
45    <http://tools.ietf.org/wg/httpbis/>.
46 
47    _This is a temporary document for the purpose of tracking the
48    editorial changes made during the AUTH48 (RFC publication) phase._
49 
50 Status of This Memo
51
52NEW:
53
54 Status of This Memo
55
56
57INTRODUCTION, paragraph 6:
58OLD:
59
60    This Internet-Draft is submitted in full conformance with the
61    provisions of BCP 78 and BCP 79.
62 
63    Internet-Drafts are working documents of the Internet Engineering
64    Task Force (IETF).  Note that other groups may also distribute
65    working documents as Internet-Drafts.  The list of current Internet-
66    Drafts is at http://datatracker.ietf.org/drafts/current/.
67
68NEW:
69
70    This is an Internet Standards Track document.
71
72
73INTRODUCTION, paragraph 7:
74OLD:
75
76    Internet-Drafts are draft documents valid for a maximum of six months
77    and may be updated, replaced, or obsoleted by other documents at any
78    time.  It is inappropriate to use Internet-Drafts as reference
79    material or to cite them other than as "work in progress."
80
81NEW:
82
83    This document is a product of the Internet Engineering Task Force
84    (IETF).  It represents the consensus of the IETF community.  It has
85    received public review and has been approved for publication by the
86    Internet Engineering Steering Group (IESG).  Further information on
87    Internet Standards is available in Section 2 of RFC 5741.
88
89
90INTRODUCTION, paragraph 8:
91OLD:
92
93    This Internet-Draft will expire on November 20, 2014.
94
95NEW:
96
97    Information about the current status of this document, any errata,
98    and how to provide feedback on it may be obtained at
99    http://www.rfc-editor.org/info/rfc7231.
100
101
102Section 11., paragraph 0:
103OLD:
104
105    1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  6
106      1.1.  Conformance and Error Handling . . . . . . . . . . . . . .  6
107      1.2.  Syntax Notation  . . . . . . . . . . . . . . . . . . . . .  6
108    2.  Resources  . . . . . . . . . . . . . . . . . . . . . . . . . .  7
109    3.  Representations  . . . . . . . . . . . . . . . . . . . . . . .  7
110      3.1.  Representation Metadata  . . . . . . . . . . . . . . . . .  8
111        3.1.1.  Processing Representation Data . . . . . . . . . . . .  8
112        3.1.2.  Encoding for Compression or Integrity  . . . . . . . . 11
113        3.1.3.  Audience Language  . . . . . . . . . . . . . . . . . . 13
114        3.1.4.  Identification . . . . . . . . . . . . . . . . . . . . 14
115      3.2.  Representation Data  . . . . . . . . . . . . . . . . . . . 17
116      3.3.  Payload Semantics  . . . . . . . . . . . . . . . . . . . . 17
117      3.4.  Content Negotiation  . . . . . . . . . . . . . . . . . . . 18
118        3.4.1.  Proactive Negotiation  . . . . . . . . . . . . . . . . 19
119        3.4.2.  Reactive Negotiation . . . . . . . . . . . . . . . . . 20
120 
121    4.  Request Methods  . . . . . . . . . . . . . . . . . . . . . . . 21
122      4.1.  Overview . . . . . . . . . . . . . . . . . . . . . . . . . 21
123      4.2.  Common Method Properties . . . . . . . . . . . . . . . . . 22
124        4.2.1.  Safe Methods . . . . . . . . . . . . . . . . . . . . . 22
125        4.2.2.  Idempotent Methods . . . . . . . . . . . . . . . . . . 23
126        4.2.3.  Cacheable Methods  . . . . . . . . . . . . . . . . . . 24
127      4.3.  Method Definitions . . . . . . . . . . . . . . . . . . . . 24
128        4.3.1.  GET  . . . . . . . . . . . . . . . . . . . . . . . . . 24
129        4.3.2.  HEAD . . . . . . . . . . . . . . . . . . . . . . . . . 25
130        4.3.3.  POST . . . . . . . . . . . . . . . . . . . . . . . . . 25
131        4.3.4.  PUT  . . . . . . . . . . . . . . . . . . . . . . . . . 26
132        4.3.5.  DELETE . . . . . . . . . . . . . . . . . . . . . . . . 29
133        4.3.6.  CONNECT  . . . . . . . . . . . . . . . . . . . . . . . 30
134        4.3.7.  OPTIONS  . . . . . . . . . . . . . . . . . . . . . . . 31
135        4.3.8.  TRACE  . . . . . . . . . . . . . . . . . . . . . . . . 32
136    5.  Request Header Fields  . . . . . . . . . . . . . . . . . . . . 33
137      5.1.  Controls . . . . . . . . . . . . . . . . . . . . . . . . . 33
138        5.1.1.  Expect . . . . . . . . . . . . . . . . . . . . . . . . 34
139        5.1.2.  Max-Forwards . . . . . . . . . . . . . . . . . . . . . 36
140      5.2.  Conditionals . . . . . . . . . . . . . . . . . . . . . . . 36
141      5.3.  Content Negotiation  . . . . . . . . . . . . . . . . . . . 37
142        5.3.1.  Quality Values . . . . . . . . . . . . . . . . . . . . 37
143        5.3.2.  Accept . . . . . . . . . . . . . . . . . . . . . . . . 38
144        5.3.3.  Accept-Charset . . . . . . . . . . . . . . . . . . . . 40
145        5.3.4.  Accept-Encoding  . . . . . . . . . . . . . . . . . . . 41
146        5.3.5.  Accept-Language  . . . . . . . . . . . . . . . . . . . 42
147      5.4.  Authentication Credentials . . . . . . . . . . . . . . . . 43
148      5.5.  Request Context  . . . . . . . . . . . . . . . . . . . . . 44
149        5.5.1.  From . . . . . . . . . . . . . . . . . . . . . . . . . 44
150        5.5.2.  Referer  . . . . . . . . . . . . . . . . . . . . . . . 45
151        5.5.3.  User-Agent . . . . . . . . . . . . . . . . . . . . . . 46
152    6.  Response Status Codes  . . . . . . . . . . . . . . . . . . . . 47
153      6.1.  Overview of Status Codes . . . . . . . . . . . . . . . . . 48
154      6.2.  Informational 1xx  . . . . . . . . . . . . . . . . . . . . 50
155        6.2.1.  100 Continue . . . . . . . . . . . . . . . . . . . . . 50
156        6.2.2.  101 Switching Protocols  . . . . . . . . . . . . . . . 50
157      6.3.  Successful 2xx . . . . . . . . . . . . . . . . . . . . . . 51
158        6.3.1.  200 OK . . . . . . . . . . . . . . . . . . . . . . . . 51
159        6.3.2.  201 Created  . . . . . . . . . . . . . . . . . . . . . 51
160        6.3.3.  202 Accepted . . . . . . . . . . . . . . . . . . . . . 52
161        6.3.4.  203 Non-Authoritative Information  . . . . . . . . . . 52
162        6.3.5.  204 No Content . . . . . . . . . . . . . . . . . . . . 53
163        6.3.6.  205 Reset Content  . . . . . . . . . . . . . . . . . . 53
164      6.4.  Redirection 3xx  . . . . . . . . . . . . . . . . . . . . . 54
165        6.4.1.  300 Multiple Choices . . . . . . . . . . . . . . . . . 55
166        6.4.2.  301 Moved Permanently  . . . . . . . . . . . . . . . . 56
167        6.4.3.  302 Found  . . . . . . . . . . . . . . . . . . . . . . 56
168        6.4.4.  303 See Other  . . . . . . . . . . . . . . . . . . . . 57
169        6.4.5.  305 Use Proxy  . . . . . . . . . . . . . . . . . . . . 57
170        6.4.6.  306 (Unused) . . . . . . . . . . . . . . . . . . . . . 57
171        6.4.7.  307 Temporary Redirect . . . . . . . . . . . . . . . . 58
172      6.5.  Client Error 4xx . . . . . . . . . . . . . . . . . . . . . 58
173        6.5.1.  400 Bad Request  . . . . . . . . . . . . . . . . . . . 58
174        6.5.2.  402 Payment Required . . . . . . . . . . . . . . . . . 58
175        6.5.3.  403 Forbidden  . . . . . . . . . . . . . . . . . . . . 58
176        6.5.4.  404 Not Found  . . . . . . . . . . . . . . . . . . . . 59
177        6.5.5.  405 Method Not Allowed . . . . . . . . . . . . . . . . 59
178        6.5.6.  406 Not Acceptable . . . . . . . . . . . . . . . . . . 59
179        6.5.7.  408 Request Timeout  . . . . . . . . . . . . . . . . . 60
180        6.5.8.  409 Conflict . . . . . . . . . . . . . . . . . . . . . 60
181        6.5.9.  410 Gone . . . . . . . . . . . . . . . . . . . . . . . 60
182        6.5.10. 411 Length Required  . . . . . . . . . . . . . . . . . 61
183        6.5.11. 413 Payload Too Large  . . . . . . . . . . . . . . . . 61
184        6.5.12. 414 URI Too Long . . . . . . . . . . . . . . . . . . . 61
185        6.5.13. 415 Unsupported Media Type . . . . . . . . . . . . . . 61
186        6.5.14. 417 Expectation Failed . . . . . . . . . . . . . . . . 62
187        6.5.15. 426 Upgrade Required . . . . . . . . . . . . . . . . . 62
188      6.6.  Server Error 5xx . . . . . . . . . . . . . . . . . . . . . 62
189        6.6.1.  500 Internal Server Error  . . . . . . . . . . . . . . 62
190        6.6.2.  501 Not Implemented  . . . . . . . . . . . . . . . . . 63
191        6.6.3.  502 Bad Gateway  . . . . . . . . . . . . . . . . . . . 63
192        6.6.4.  503 Service Unavailable  . . . . . . . . . . . . . . . 63
193        6.6.5.  504 Gateway Timeout  . . . . . . . . . . . . . . . . . 63
194        6.6.6.  505 HTTP Version Not Supported . . . . . . . . . . . . 63
195    7.  Response Header Fields . . . . . . . . . . . . . . . . . . . . 64
196      7.1.  Control Data . . . . . . . . . . . . . . . . . . . . . . . 64
197        7.1.1.  Origination Date . . . . . . . . . . . . . . . . . . . 64
198        7.1.2.  Location . . . . . . . . . . . . . . . . . . . . . . . 68
199        7.1.3.  Retry-After  . . . . . . . . . . . . . . . . . . . . . 69
200        7.1.4.  Vary . . . . . . . . . . . . . . . . . . . . . . . . . 70
201      7.2.  Validator Header Fields  . . . . . . . . . . . . . . . . . 71
202      7.3.  Authentication Challenges  . . . . . . . . . . . . . . . . 72
203      7.4.  Response Context . . . . . . . . . . . . . . . . . . . . . 72
204        7.4.1.  Allow  . . . . . . . . . . . . . . . . . . . . . . . . 72
205        7.4.2.  Server . . . . . . . . . . . . . . . . . . . . . . . . 73
206    8.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 73
207      8.1.  Method Registry  . . . . . . . . . . . . . . . . . . . . . 74
208        8.1.1.  Procedure  . . . . . . . . . . . . . . . . . . . . . . 74
209        8.1.2.  Considerations for New Methods . . . . . . . . . . . . 74
210        8.1.3.  Registrations  . . . . . . . . . . . . . . . . . . . . 75
211      8.2.  Status Code Registry . . . . . . . . . . . . . . . . . . . 75
212        8.2.1.  Procedure  . . . . . . . . . . . . . . . . . . . . . . 75
213        8.2.2.  Considerations for New Status Codes  . . . . . . . . . 76
214        8.2.3.  Registrations  . . . . . . . . . . . . . . . . . . . . 76
215      8.3.  Header Field Registry  . . . . . . . . . . . . . . . . . . 77
216        8.3.1.  Considerations for New Header Fields . . . . . . . . . 78
217        8.3.2.  Registrations  . . . . . . . . . . . . . . . . . . . . 80
218      8.4.  Content Coding Registry  . . . . . . . . . . . . . . . . . 80
219        8.4.1.  Procedure  . . . . . . . . . . . . . . . . . . . . . . 81
220        8.4.2.  Registrations  . . . . . . . . . . . . . . . . . . . . 81
221    9.  Security Considerations  . . . . . . . . . . . . . . . . . . . 81
222      9.1.  Attacks Based on File and Path Names . . . . . . . . . . . 82
223      9.2.  Attacks Based on Command, Code, or Query Injection . . . . 82
224      9.3.  Disclosure of Personal Information . . . . . . . . . . . . 83
225      9.4.  Disclosure of Sensitive Information in URIs  . . . . . . . 83
226      9.5.  Disclosure of Fragment after Redirects . . . . . . . . . . 83
227      9.6.  Disclosure of Product Information  . . . . . . . . . . . . 84
228      9.7.  Browser Fingerprinting . . . . . . . . . . . . . . . . . . 84
229    10. Acknowledgments  . . . . . . . . . . . . . . . . . . . . . . . 85
230    11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 85
231      11.1. Normative References . . . . . . . . . . . . . . . . . . . 85
232      11.2. Informative References . . . . . . . . . . . . . . . . . . 86
233    Appendix A.  Differences between HTTP and MIME . . . . . . . . . . 88
234      A.1.  MIME-Version . . . . . . . . . . . . . . . . . . . . . . . 89
235      A.2.  Conversion to Canonical Form . . . . . . . . . . . . . . . 89
236      A.3.  Conversion of Date Formats . . . . . . . . . . . . . . . . 89
237      A.4.  Conversion of Content-Encoding . . . . . . . . . . . . . . 89
238      A.5.  Conversion of Content-Transfer-Encoding  . . . . . . . . . 90
239      A.6.  MHTML and Line Length Limitations  . . . . . . . . . . . . 90
240    Appendix B.  Changes from RFC 2616 . . . . . . . . . . . . . . . . 90
241    Appendix C.  Imported ABNF . . . . . . . . . . . . . . . . . . . . 93
242    Appendix D.  Collected ABNF  . . . . . . . . . . . . . . . . . . . 93
243    Index  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
244
245NEW:
246
247    1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  6
248      1.1.  Conformance and Error Handling . . . . . . . . . . . . . .  6
249      1.2.  Syntax Notation  . . . . . . . . . . . . . . . . . . . . .  6
250    2.  Resources  . . . . . . . . . . . . . . . . . . . . . . . . . .  7
251    3.  Representations  . . . . . . . . . . . . . . . . . . . . . . .  7
252      3.1.  Representation Metadata  . . . . . . . . . . . . . . . . .  8
253        3.1.1.  Processing Representation Data . . . . . . . . . . . .  8
254        3.1.2.  Encoding for Compression or Integrity  . . . . . . . . 11
255        3.1.3.  Audience Language  . . . . . . . . . . . . . . . . . . 13
256        3.1.4.  Identification . . . . . . . . . . . . . . . . . . . . 14
257      3.2.  Representation Data  . . . . . . . . . . . . . . . . . . . 17
258      3.3.  Payload Semantics  . . . . . . . . . . . . . . . . . . . . 17
259      3.4.  Content Negotiation  . . . . . . . . . . . . . . . . . . . 18
260        3.4.1.  Proactive Negotiation  . . . . . . . . . . . . . . . . 19
261        3.4.2.  Reactive Negotiation . . . . . . . . . . . . . . . . . 20
262    4.  Request Methods  . . . . . . . . . . . . . . . . . . . . . . . 21
263      4.1.  Overview . . . . . . . . . . . . . . . . . . . . . . . . . 21
264      4.2.  Common Method Properties . . . . . . . . . . . . . . . . . 22
265        4.2.1.  Safe Methods . . . . . . . . . . . . . . . . . . . . . 22
266        4.2.2.  Idempotent Methods . . . . . . . . . . . . . . . . . . 23
267        4.2.3.  Cacheable Methods  . . . . . . . . . . . . . . . . . . 24
268      4.3.  Method Definitions . . . . . . . . . . . . . . . . . . . . 24
269        4.3.1.  GET  . . . . . . . . . . . . . . . . . . . . . . . . . 24
270        4.3.2.  HEAD . . . . . . . . . . . . . . . . . . . . . . . . . 25
271        4.3.3.  POST . . . . . . . . . . . . . . . . . . . . . . . . . 25
272        4.3.4.  PUT  . . . . . . . . . . . . . . . . . . . . . . . . . 26
273        4.3.5.  DELETE . . . . . . . . . . . . . . . . . . . . . . . . 29
274        4.3.6.  CONNECT  . . . . . . . . . . . . . . . . . . . . . . . 30
275        4.3.7.  OPTIONS  . . . . . . . . . . . . . . . . . . . . . . . 31
276        4.3.8.  TRACE  . . . . . . . . . . . . . . . . . . . . . . . . 32
277    5.  Request Header Fields  . . . . . . . . . . . . . . . . . . . . 33
278      5.1.  Controls . . . . . . . . . . . . . . . . . . . . . . . . . 33
279        5.1.1.  Expect . . . . . . . . . . . . . . . . . . . . . . . . 34
280        5.1.2.  Max-Forwards . . . . . . . . . . . . . . . . . . . . . 36
281 
282      5.2.  Conditionals . . . . . . . . . . . . . . . . . . . . . . . 36
283      5.3.  Content Negotiation  . . . . . . . . . . . . . . . . . . . 37
284        5.3.1.  Quality Values . . . . . . . . . . . . . . . . . . . . 37
285        5.3.2.  Accept . . . . . . . . . . . . . . . . . . . . . . . . 38
286        5.3.3.  Accept-Charset . . . . . . . . . . . . . . . . . . . . 40
287        5.3.4.  Accept-Encoding  . . . . . . . . . . . . . . . . . . . 41
288        5.3.5.  Accept-Language  . . . . . . . . . . . . . . . . . . . 42
289      5.4.  Authentication Credentials . . . . . . . . . . . . . . . . 43
290      5.5.  Request Context  . . . . . . . . . . . . . . . . . . . . . 44
291        5.5.1.  From . . . . . . . . . . . . . . . . . . . . . . . . . 44
292        5.5.2.  Referer  . . . . . . . . . . . . . . . . . . . . . . . 45
293        5.5.3.  User-Agent . . . . . . . . . . . . . . . . . . . . . . 46
294    6.  Response Status Codes  . . . . . . . . . . . . . . . . . . . . 47
295      6.1.  Overview of Status Codes . . . . . . . . . . . . . . . . . 48
296      6.2.  Informational 1xx  . . . . . . . . . . . . . . . . . . . . 50
297        6.2.1.  100 Continue . . . . . . . . . . . . . . . . . . . . . 50
298        6.2.2.  101 Switching Protocols  . . . . . . . . . . . . . . . 50
299      6.3.  Successful 2xx . . . . . . . . . . . . . . . . . . . . . . 51
300        6.3.1.  200 OK . . . . . . . . . . . . . . . . . . . . . . . . 51
301        6.3.2.  201 Created  . . . . . . . . . . . . . . . . . . . . . 51
302        6.3.3.  202 Accepted . . . . . . . . . . . . . . . . . . . . . 52
303        6.3.4.  203 Non-Authoritative Information  . . . . . . . . . . 52
304        6.3.5.  204 No Content . . . . . . . . . . . . . . . . . . . . 53
305        6.3.6.  205 Reset Content  . . . . . . . . . . . . . . . . . . 53
306      6.4.  Redirection 3xx  . . . . . . . . . . . . . . . . . . . . . 54
307        6.4.1.  300 Multiple Choices . . . . . . . . . . . . . . . . . 55
308        6.4.2.  301 Moved Permanently  . . . . . . . . . . . . . . . . 56
309        6.4.3.  302 Found  . . . . . . . . . . . . . . . . . . . . . . 56
310        6.4.4.  303 See Other  . . . . . . . . . . . . . . . . . . . . 57
311        6.4.5.  305 Use Proxy  . . . . . . . . . . . . . . . . . . . . 57
312        6.4.6.  306 (Unused) . . . . . . . . . . . . . . . . . . . . . 57
313        6.4.7.  307 Temporary Redirect . . . . . . . . . . . . . . . . 58
314      6.5.  Client Error 4xx . . . . . . . . . . . . . . . . . . . . . 58
315        6.5.1.  400 Bad Request  . . . . . . . . . . . . . . . . . . . 58
316        6.5.2.  402 Payment Required . . . . . . . . . . . . . . . . . 58
317        6.5.3.  403 Forbidden  . . . . . . . . . . . . . . . . . . . . 58
318        6.5.4.  404 Not Found  . . . . . . . . . . . . . . . . . . . . 59
319        6.5.5.  405 Method Not Allowed . . . . . . . . . . . . . . . . 59
320        6.5.6.  406 Not Acceptable . . . . . . . . . . . . . . . . . . 59
321        6.5.7.  408 Request Timeout  . . . . . . . . . . . . . . . . . 60
322        6.5.8.  409 Conflict . . . . . . . . . . . . . . . . . . . . . 60
323        6.5.9.  410 Gone . . . . . . . . . . . . . . . . . . . . . . . 60
324        6.5.10. 411 Length Required  . . . . . . . . . . . . . . . . . 61
325        6.5.11. 413 Payload Too Large  . . . . . . . . . . . . . . . . 61
326        6.5.12. 414 URI Too Long . . . . . . . . . . . . . . . . . . . 61
327        6.5.13. 415 Unsupported Media Type . . . . . . . . . . . . . . 61
328        6.5.14. 417 Expectation Failed . . . . . . . . . . . . . . . . 62
329        6.5.15. 426 Upgrade Required . . . . . . . . . . . . . . . . . 62
330 
331      6.6.  Server Error 5xx . . . . . . . . . . . . . . . . . . . . . 62
332        6.6.1.  500 Internal Server Error  . . . . . . . . . . . . . . 62
333        6.6.2.  501 Not Implemented  . . . . . . . . . . . . . . . . . 63
334        6.6.3.  502 Bad Gateway  . . . . . . . . . . . . . . . . . . . 63
335        6.6.4.  503 Service Unavailable  . . . . . . . . . . . . . . . 63
336        6.6.5.  504 Gateway Timeout  . . . . . . . . . . . . . . . . . 63
337        6.6.6.  505 HTTP Version Not Supported . . . . . . . . . . . . 63
338    7.  Response Header Fields . . . . . . . . . . . . . . . . . . . . 64
339      7.1.  Control Data . . . . . . . . . . . . . . . . . . . . . . . 64
340        7.1.1.  Origination Date . . . . . . . . . . . . . . . . . . . 64
341        7.1.2.  Location . . . . . . . . . . . . . . . . . . . . . . . 68
342        7.1.3.  Retry-After  . . . . . . . . . . . . . . . . . . . . . 69
343        7.1.4.  Vary . . . . . . . . . . . . . . . . . . . . . . . . . 70
344      7.2.  Validator Header Fields  . . . . . . . . . . . . . . . . . 71
345      7.3.  Authentication Challenges  . . . . . . . . . . . . . . . . 72
346      7.4.  Response Context . . . . . . . . . . . . . . . . . . . . . 72
347        7.4.1.  Allow  . . . . . . . . . . . . . . . . . . . . . . . . 72
348        7.4.2.  Server . . . . . . . . . . . . . . . . . . . . . . . . 73
349    8.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 73
350      8.1.  Method Registry  . . . . . . . . . . . . . . . . . . . . . 74
351        8.1.1.  Procedure  . . . . . . . . . . . . . . . . . . . . . . 74
352        8.1.2.  Considerations for New Methods . . . . . . . . . . . . 74
353        8.1.3.  Registrations  . . . . . . . . . . . . . . . . . . . . 75
354      8.2.  Status Code Registry . . . . . . . . . . . . . . . . . . . 75
355        8.2.1.  Procedure  . . . . . . . . . . . . . . . . . . . . . . 75
356        8.2.2.  Considerations for New Status Codes  . . . . . . . . . 76
357        8.2.3.  Registrations  . . . . . . . . . . . . . . . . . . . . 76
358      8.3.  Header Field Registry  . . . . . . . . . . . . . . . . . . 77
359        8.3.1.  Considerations for New Header Fields . . . . . . . . . 78
360        8.3.2.  Registrations  . . . . . . . . . . . . . . . . . . . . 80
361      8.4.  Content Coding Registry  . . . . . . . . . . . . . . . . . 80
362        8.4.1.  Procedure  . . . . . . . . . . . . . . . . . . . . . . 81
363        8.4.2.  Registrations  . . . . . . . . . . . . . . . . . . . . 81
364    9.  Security Considerations  . . . . . . . . . . . . . . . . . . . 81
365      9.1.  Attacks Based on File and Path Names . . . . . . . . . . . 82
366      9.2.  Attacks Based on Command, Code, or Query Injection . . . . 82
367      9.3.  Disclosure of Personal Information . . . . . . . . . . . . 83
368      9.4.  Disclosure of Sensitive Information in URIs  . . . . . . . 83
369      9.5.  Disclosure of Fragment after Redirects . . . . . . . . . . 83
370      9.6.  Disclosure of Product Information  . . . . . . . . . . . . 84
371      9.7.  Browser Fingerprinting . . . . . . . . . . . . . . . . . . 84
372    10. Acknowledgments  . . . . . . . . . . . . . . . . . . . . . . . 85
373    11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 85
374      11.1. Normative References . . . . . . . . . . . . . . . . . . . 85
375      11.2. Informative References . . . . . . . . . . . . . . . . . . 86
376    Appendix A.  Differences between HTTP and MIME . . . . . . . . . . 88
377      A.1.  MIME-Version . . . . . . . . . . . . . . . . . . . . . . . 88
378      A.2.  Conversion to Canonical Form . . . . . . . . . . . . . . . 89
379      A.3.  Conversion of Date Formats . . . . . . . . . . . . . . . . 89
380      A.4.  Conversion of Content-Encoding . . . . . . . . . . . . . . 89
381      A.5.  Conversion of Content-Transfer-Encoding  . . . . . . . . . 90
382      A.6.  MHTML and Line Length Limitations  . . . . . . . . . . . . 90
383    Appendix B.  Changes from RFC 2616 . . . . . . . . . . . . . . . . 90
384    Appendix C.  Imported ABNF . . . . . . . . . . . . . . . . . . . . 93
385    Appendix D.  Collected ABNF  . . . . . . . . . . . . . . . . . . . 93
386    Index  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
387
388
389Section 5.3.5., paragraph 2:
390OLD:
391
392      Accept-Language = 1#( language-range [ weight ] )
393      language-range  =
394                <language-range, see [RFC4647], Section 2.1>
395
396NEW:
397
398      Accept-Language = 1#( language-range [ weight ] )
399      language-range  =
400                <language-range, defined in [RFC4647], Section 2.1>
401
402
403Section 5.5.1., paragraph 3:
404OLD:
405
406      mailbox = <mailbox, see [RFC5322], Section 3.4>
407
408NEW:
409
410      mailbox = <mailbox, defined in [RFC5322], Section 3.4>
411
412
413Section 7.1.1.1., paragraph 10:
414OLD:
415
416      IMF-fixdate  = day-name "," SP date1 SP time-of-day SP GMT
417      ; fixed length/zone/capitalization subset of the format
418      ; see Section 3.3 of [RFC5322]
419
420NEW:
421
422      IMF-fixdate  = day-name "," SP date1 SP time-of-day SP GMT
423      ; fixed length/zone/capitalization subset of the format
424      ; defined in Section 3.3 of [RFC5322]
425
426
427Section 11.1., paragraph 9:
428OLD:
429
430    [RFC7230]  Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer
431               Protocol (HTTP/1.1): Message Syntax and Routing",
432               draft-ietf-httpbis-p1-messaging-latest (work in progress),
433               May 2014.
434
435NEW:
436
437    [RFC7230]  Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer
438               Protocol (HTTP/1.1): Message Syntax and Routing",
439               RFC 7230, May 2014.
440
441
442Section 11.1., paragraph 10:
443OLD:
444
445    [RFC7232]  Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer
446               Protocol (HTTP/1.1): Conditional Requests",
447               draft-ietf-httpbis-p4-conditional-latest (work in
448               progress), May 2014.
449
450NEW:
451
452    [RFC7232]  Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer
453               Protocol (HTTP/1.1): Conditional Requests", RFC 7232,
454               May 2014.
455
456
457Section 11.1., paragraph 11:
458OLD:
459
460    [RFC7233]  Fielding, R., Ed., Lafon, Y., Ed., and J. Reschke, Ed.,
461               "Hypertext Transfer Protocol (HTTP/1.1): Range Requests",
462               draft-ietf-httpbis-p5-range-latest (work in progress),
463               May 2014.
464
465NEW:
466
467    [RFC7233]  Fielding, R., Ed., Lafon, Y., Ed., and J. Reschke, Ed.,
468               "Hypertext Transfer Protocol (HTTP/1.1): Range Requests",
469               RFC 7233, May 2014.
470
471
472Section 11.1., paragraph 12:
473OLD:
474
475    [RFC7234]  Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke,
476               Ed., "Hypertext Transfer Protocol (HTTP/1.1): Caching",
477               draft-ietf-httpbis-p6-cache-latest (work in progress),
478               May 2014.
479
480NEW:
481
482    [RFC7234]  Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke,
483               Ed., "Hypertext Transfer Protocol (HTTP/1.1): Caching",
484               RFC 7234, May 2014.
485
486
487Section 11.1., paragraph 13:
488OLD:
489
490    [RFC7235]  Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer
491               Protocol (HTTP/1.1): Authentication",
492               draft-ietf-httpbis-p7-auth-latest (work in progress),
493               May 2014.
494
495NEW:
496
497    [RFC7235]  Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer
498               Protocol (HTTP/1.1): Authentication", RFC 7235, May 2014.
499
500
501Section 11.2., paragraph 25:
502OLD:
503
504    [RFC7238]  Reschke, J., "The Hypertext Transfer Protocol (HTTP)
505               Status Code 308 (Permanent Redirect)",
506               draft-reschke-http-status-308-07 (work in progress),
507               March 2012.
508
509NEW:
510
511    [RFC7238]  Reschke, J., "The Hypertext Transfer Protocol (HTTP)
512               Status Code 308 (Permanent Redirect)", RFC 7238, May 2014.
513
514
515Appendix B., paragraph 2:
516OLD:
517
518    A new requirement has been added that semantics embedded in a URI be
519    disabled when those semantics are inconsistent with the request
520    method, since this is a common cause of interoperability failure.
521 
522    (Section 2)
523
524NEW:
525
526    A new requirement has been added that semantics embedded in a URI be
527    disabled when those semantics are inconsistent with the request
528    method, since this is a common cause of interoperability failure.
529    (Section 2)
530
531
532Appendix B., paragraph 26:
533OLD:
534
535    The Status Code Registry has been redefined by this specification;
536    previously, it was defined in Section 7.1 of [RFC2817].
537 
538    (Section 8.2)
539
540NEW:
541
542    The Status Code Registry has been redefined by this specification;
543    previously, it was defined in Section 7.1 of [RFC2817].
544    (Section 8.2)
545
546
547Appendix C., paragraph 3:
548OLD:
549
550      BWS           = <BWS, see [RFC7230], Section 3.2.3>
551      OWS           = <OWS, see [RFC7230], Section 3.2.3>
552      RWS           = <RWS, see [RFC7230], Section 3.2.3>
553      URI-reference = <URI-reference, see [RFC7230], Section 2.7>
554      absolute-URI  = <absolute-URI, see [RFC7230], Section 2.7>
555      comment       = <comment, see [RFC7230], Section 3.2.6>
556      field-name    = <comment, see [RFC7230], Section 3.2>
557      partial-URI   = <partial-URI, see [RFC7230], Section 2.7>
558      quoted-string = <quoted-string, see [RFC7230], Section 3.2.6>
559      token         = <token, see [RFC7230], Section 3.2.6>
560
561NEW:
562
563     BWS           = <BWS, defined in [RFC7230], Section 3.2.3>
564     OWS           = <OWS, defined in [RFC7230], Section 3.2.3>
565     RWS           = <RWS, defined in [RFC7230], Section 3.2.3>
566     URI-reference = <URI-reference, defined in [RFC7230], Section 2.7>
567     absolute-URI  = <absolute-URI, defined in [RFC7230], Section 2.7>
568     comment       = <comment, defined in [RFC7230], Section 3.2.6>
569     field-name    = <comment, defined in [RFC7230], Section 3.2>
570     partial-URI   = <partial-URI, defined in [RFC7230], Section 2.7>
571     quoted-string = <quoted-string, defined in [RFC7230], Section 3.2.6>
572     token         = <token, defined in [RFC7230], Section 3.2.6>
573
574
575Section 1.2, paragraph 1:
576OLD:
577
578    Accept = [ ( "," / ( media-range [ accept-params ] ) ) *( OWS "," [
579     OWS ( media-range [ accept-params ] ) ] ) ]
580    Accept-Charset = *( "," OWS ) ( ( charset / "*" ) [ weight ] ) *( OWS
581     "," [ OWS ( ( charset / "*" ) [ weight ] ) ] )
582    Accept-Encoding = [ ( "," / ( codings [ weight ] ) ) *( OWS "," [ OWS
583     ( codings [ weight ] ) ] ) ]
584    Accept-Language = *( "," OWS ) ( language-range [ weight ] ) *( OWS
585     "," [ OWS ( language-range [ weight ] ) ] )
586    Allow = [ ( "," / method ) *( OWS "," [ OWS method ] ) ]
587    BWS = <BWS, see [RFC7230], Section 3.2.3>
588
589NEW:
590
591    Accept = [ ( "," / ( media-range [ accept-params ] ) ) *( OWS "," [
592     OWS ( media-range [ accept-params ] ) ] ) ]
593    Accept-Charset = *( "," OWS ) ( ( charset / "*" ) [ weight ] ) *( OWS
594     "," [ OWS ( ( charset / "*" ) [ weight ] ) ] )
595    Accept-Encoding = [ ( "," / ( codings [ weight ] ) ) *( OWS "," [ OWS
596     ( codings [ weight ] ) ] ) ]
597    Accept-Language = *( "," OWS ) ( language-range [ weight ] ) *( OWS
598     "," [ OWS ( language-range [ weight ] ) ] )
599    Allow = [ ( "," / method ) *( OWS "," [ OWS method ] ) ]
600 
601    BWS = <BWS, defined in [RFC7230], Section 3.2.3>
602
603
604Section 1.2, paragraph 2:
605OLD:
606
607    Content-Encoding = *( "," OWS ) content-coding *( OWS "," [ OWS
608     content-coding ] )
609    Content-Language = *( "," OWS ) language-tag *( OWS "," [ OWS
610     language-tag ] )
611    Content-Location = absolute-URI / partial-URI
612    Content-Type = media-type
613 
614    Date = HTTP-date
615
616NEW:
617
618    Content-Encoding = *( "," OWS ) content-coding *( OWS "," [ OWS
619     content-coding ] )
620    Content-Language = *( "," OWS ) language-tag *( OWS "," [ OWS
621     language-tag ] )
622    Content-Location = absolute-URI / partial-URI
623    Content-Type = media-type
624    Date = HTTP-date
625
626
627Section 1.2, paragraph 10:
628OLD:
629
630    OWS = <OWS, see [RFC7230], Section 3.2.3>
631
632NEW:
633
634    OWS = <OWS, defined in [RFC7230], Section 3.2.3>
635
636
637Section 1.2, paragraph 11:
638OLD:
639
640    RWS = <RWS, see [RFC7230], Section 3.2.3>
641    Referer = absolute-URI / partial-URI
642    Retry-After = HTTP-date / delay-seconds
643
644NEW:
645
646    RWS = <RWS, defined in [RFC7230], Section 3.2.3>
647    Referer = absolute-URI / partial-URI
648    Retry-After = HTTP-date / delay-seconds
649
650
651Section 1.2, paragraph 13:
652OLD:
653
654    URI-reference = <URI-reference, see [RFC7230], Section 2.7>
655    User-Agent = product *( RWS ( product / comment ) )
656
657NEW:
658
659    URI-reference = <URI-reference, defined in [RFC7230], Section 2.7>
660    User-Agent = product *( RWS ( product / comment ) )
661
662
663Section 1.2, paragraph 15:
664OLD:
665
666    absolute-URI = <absolute-URI, see [RFC7230], Section 2.7>
667    accept-ext = OWS ";" OWS token [ "=" ( token / quoted-string ) ]
668    accept-params = weight *accept-ext
669    asctime-date = day-name SP date3 SP time-of-day SP year
670
671NEW:
672
673    absolute-URI = <absolute-URI, defined in [RFC7230], Section 2.7>
674    accept-ext = OWS ";" OWS token [ "=" ( token / quoted-string ) ]
675    accept-params = weight *accept-ext
676    asctime-date = day-name SP date3 SP time-of-day SP year
677
678
679Section 1.2, paragraph 16:
680OLD:
681
682    charset = token
683    codings = content-coding / "identity" / "*"
684    comment = <comment, see [RFC7230], Section 3.2.6>
685    content-coding = token
686    date1 = day SP month SP year
687    date2 = day "-" month "-" 2DIGIT
688    date3 = month SP ( 2DIGIT / ( SP DIGIT ) )
689    day = 2DIGIT
690    day-name = %x4D.6F.6E ; Mon
691     / %x54.75.65 ; Tue
692     / %x57.65.64 ; Wed
693     / %x54.68.75 ; Thu
694     / %x46.72.69 ; Fri
695     / %x53.61.74 ; Sat
696     / %x53.75.6E ; Sun
697    day-name-l = %x4D.6F.6E.64.61.79 ; Monday
698     / %x54.75.65.73.64.61.79 ; Tuesday
699     / %x57.65.64.6E.65.73.64.61.79 ; Wednesday
700     / %x54.68.75.72.73.64.61.79 ; Thursday
701     / %x46.72.69.64.61.79 ; Friday
702     / %x53.61.74.75.72.64.61.79 ; Saturday
703     / %x53.75.6E.64.61.79 ; Sunday
704    delay-seconds = 1*DIGIT
705
706NEW:
707
708    charset = token
709    codings = content-coding / "identity" / "*"
710    comment = <comment, defined in [RFC7230], Section 3.2.6>
711    content-coding = token
712 
713    date1 = day SP month SP year
714    date2 = day "-" month "-" 2DIGIT
715    date3 = month SP ( 2DIGIT / ( SP DIGIT ) )
716    day = 2DIGIT
717    day-name = %x4D.6F.6E ; Mon
718     / %x54.75.65 ; Tue
719     / %x57.65.64 ; Wed
720     / %x54.68.75 ; Thu
721     / %x46.72.69 ; Fri
722     / %x53.61.74 ; Sat
723     / %x53.75.6E ; Sun
724    day-name-l = %x4D.6F.6E.64.61.79 ; Monday
725     / %x54.75.65.73.64.61.79 ; Tuesday
726     / %x57.65.64.6E.65.73.64.61.79 ; Wednesday
727     / %x54.68.75.72.73.64.61.79 ; Thursday
728     / %x46.72.69.64.61.79 ; Friday
729     / %x53.61.74.75.72.64.61.79 ; Saturday
730     / %x53.75.6E.64.61.79 ; Sunday
731    delay-seconds = 1*DIGIT
732
733
734Section 1.2, paragraph 17:
735OLD:
736
737    field-name = <comment, see [RFC7230], Section 3.2>
738
739NEW:
740
741    field-name = <comment, defined in [RFC7230], Section 3.2>
742
743
744Section 1.2, paragraph 19:
745OLD:
746
747    language-range = <language-range, see [RFC4647], Section 2.1>
748    language-tag = <Language-Tag, defined in [RFC5646], Section 2.1>
749
750NEW:
751
752    language-range = <language-range, defined in [RFC4647], Section 2.1>
753    language-tag = <Language-Tag, defined in [RFC5646], Section 2.1>
754
755
756Section 1.2, paragraph 20:
757OLD:
758
759    mailbox = <mailbox, see [RFC5322], Section 3.4>
760    media-range = ( "*/*" / ( type "/*" ) / ( type "/" subtype ) ) *( OWS
761     ";" OWS parameter )
762    media-type = type "/" subtype *( OWS ";" OWS parameter )
763    method = token
764    minute = 2DIGIT
765    month = %x4A.61.6E ; Jan
766     / %x46.65.62 ; Feb
767     / %x4D.61.72 ; Mar
768     / %x41.70.72 ; Apr
769     / %x4D.61.79 ; May
770     / %x4A.75.6E ; Jun
771     / %x4A.75.6C ; Jul
772     / %x41.75.67 ; Aug
773     / %x53.65.70 ; Sep
774     / %x4F.63.74 ; Oct
775     / %x4E.6F.76 ; Nov
776     / %x44.65.63 ; Dec
777
778NEW:
779
780    mailbox = <mailbox, defined in [RFC5322], Section 3.4>
781    media-range = ( "*/*" / ( type "/*" ) / ( type "/" subtype ) ) *( OWS
782     ";" OWS parameter )
783    media-type = type "/" subtype *( OWS ";" OWS parameter )
784    method = token
785    minute = 2DIGIT
786    month = %x4A.61.6E ; Jan
787     / %x46.65.62 ; Feb
788     / %x4D.61.72 ; Mar
789     / %x41.70.72 ; Apr
790     / %x4D.61.79 ; May
791     / %x4A.75.6E ; Jun
792     / %x4A.75.6C ; Jul
793     / %x41.75.67 ; Aug
794     / %x53.65.70 ; Sep
795     / %x4F.63.74 ; Oct
796     / %x4E.6F.76 ; Nov
797     / %x44.65.63 ; Dec
798
799
800Section 1.2, paragraph 21:
801OLD:
802
803    obs-date = rfc850-date / asctime-date
804    parameter = token "=" ( token / quoted-string )
805    partial-URI = <partial-URI, see [RFC7230], Section 2.7>
806    product = token [ "/" product-version ]
807    product-version = token
808 
809    quoted-string = <quoted-string, see [RFC7230], Section 3.2.6>
810    qvalue = ( "0" [ "." *3DIGIT ] ) / ( "1" [ "." *3"0" ] )
811
812NEW:
813
814    obs-date = rfc850-date / asctime-date
815 
816    parameter = token "=" ( token / quoted-string )
817    partial-URI = <partial-URI, defined in [RFC7230], Section 2.7>
818    product = token [ "/" product-version ]
819    product-version = token
820    quoted-string = <quoted-string, defined in [RFC7230], Section 3.2.6>
821    qvalue = ( "0" [ "." *3DIGIT ] ) / ( "1" [ "." *3"0" ] )
822
823
824Section 1.2, paragraph 24:
825OLD:
826
827    time-of-day = hour ":" minute ":" second
828    token = <token, see [RFC7230], Section 3.2.6>
829    type = token
830
831NEW:
832
833    time-of-day = hour ":" minute ":" second
834    token = <token, defined in [RFC7230], Section 3.2.6>
835    type = token
836
837
838Section 1.2, paragraph 47:
839OLD:
840
841    M
842       Max-Forwards header field  36
843       MIME-Version header field  89
844
845NEW:
846
847    M
848       Max-Forwards header field  36
849       MIME-Version header field  88
850
851
852Section 345, paragraph 1:
853OLD:
854
855    EMail: fielding@gbiv.com
856    URI:   http://roy.gbiv.com/
857    Julian F. Reschke (editor)
858    greenbytes GmbH
859    Hafenweg 16
860    Muenster, NW  48155
861    Germany
862
863NEW:
864
865    EMail: fielding@gbiv.com
866    URI:   http://roy.gbiv.com/
867 
868    Julian F. Reschke (editor)
869    greenbytes GmbH
870    Hafenweg 16
871    Muenster, NW  48155
872    Germany
873
Note: See TracBrowser for help on using the repository browser.