source: draft-ietf-httpbis/latest/auth48/rfc7232-to-be.xml @ 2705

Last change on this file since 2705 was 2704, checked in by julian.reschke@…, 6 years ago

updated AUTH48 versions of RFC7231 and RFC7232 (#553)

  • Property svn:eol-style set to native
  • Property svn:mime-type set to text/xml
File size: 62.7 KB
Line 
1<?xml version="1.0" encoding="US-ASCII"?>
2<!--
3    This XML document is the output of clean-for-DTD.xslt; a tool that strips
4    extensions to RFC2629(bis) from documents for processing with xml2rfc.
5-->
6<?xml-stylesheet type='text/xsl' href='../myxml2rfc.xslt'?>
7<?rfc toc="yes" ?>
8<?rfc symrefs="yes" ?>
9<?rfc sortrefs="yes" ?>
10<?rfc compact="yes"?>
11<?rfc subcompact="no" ?>
12<?rfc linkmailto="no" ?>
13<?rfc editing="no" ?>
14<?rfc comments="yes"?>
15<?rfc inline="yes"?>
16<?rfc rfcedstyle="yes"?>
17<!DOCTYPE rfc
18  PUBLIC "" "rfc2629.dtd">
19<rfc submissionType="IETF" obsoletes="2616" category="std" consensus="yes" ipr="pre5378Trust200902" number="7232">
20
21
22
23<front>
24
25  <title abbrev="HTTP/1.1 Conditional Requests">Hypertext Transfer Protocol (HTTP/1.1): Conditional Requests</title>
26
27  <author initials="R." surname="Fielding" fullname="Roy T. Fielding" role="editor">
28    <organization abbrev="Adobe">Adobe Systems Incorporated</organization>
29    <address>
30      <postal>
31        <street>345 Park Ave</street>
32        <city>San Jose</city>
33        <region>CA</region>
34        <code>95110</code>
35        <country>USA</country>
36      </postal>
37      <email>fielding@gbiv.com</email>
38      <uri>http://roy.gbiv.com/</uri>
39    </address>
40  </author>
41
42  <author initials="J. F." surname="Reschke" fullname="Julian F. Reschke" role="editor">
43    <organization abbrev="greenbytes">greenbytes GmbH</organization>
44    <address>
45      <postal>
46        <street>Hafenweg 16</street>
47        <city>Muenster</city><region>NW</region><code>48155</code>
48        <country>Germany</country>
49      </postal>
50      <email>julian.reschke@greenbytes.de</email>
51      <uri>http://greenbytes.de/tech/webdav/</uri>
52    </address>
53  </author>
54
55  <date month="May" year="2014"/>
56
57  <area>Applications</area>
58  <workgroup>HTTPbis Working Group</workgroup>
59
60  <keyword>Hypertext Transfer Protocol</keyword>
61  <keyword>HTTP</keyword>
62  <keyword>HTTP conditional requests</keyword>
63
64<abstract>
65<t>
66   The Hypertext Transfer Protocol (HTTP) is a stateless application-level protocol for
67   distributed, collaborative, hypertext information systems. This document
68   defines HTTP/1.1 conditional requests, including metadata header fields
69   for indicating state changes, request header fields for making
70   preconditions on such state, and rules for constructing the responses to a
71   conditional request when one or more preconditions evaluate to false.
72</t>
73</abstract>
74
75</front>
76
77<middle>
78<section title="Introduction" anchor="introduction">
79<t>
80   Conditional requests are HTTP requests <xref target="RFC7231"/> that include
81   one or more header fields indicating a precondition to be tested before
82   applying the method semantics to the target resource.
83   This document defines the HTTP/1.1 conditional request mechanisms in terms
84   of the architecture, syntax notation, and conformance criteria defined in
85   <xref target="RFC7230"/>.
86</t>
87<t>
88   Conditional GET requests are the most efficient mechanism for HTTP
89   cache updates <xref target="RFC7234"/>.  Conditionals can also be
90   applied to state-changing methods, such as PUT and DELETE, to prevent
91   the "lost update" problem: one client accidentally overwriting
92   the work of another client that has been acting in parallel.
93</t>
94<t><iref primary="true" item="selected representation"/>
95   Conditional request preconditions are based on the state of the target
96   resource as a whole (its current value set) or the state as observed
97   in a previously obtained representation (one value in that set).
98   A resource might have multiple current representations, each with its
99   own observable state.  The conditional request mechanisms assume that
100   the mapping of requests to a "selected representation" (Section 3 of <xref target="RFC7231"/>)
101   will be consistent over time if the server intends to take advantage of
102   conditionals. Regardless, if the mapping is inconsistent and the server is
103   unable to select the appropriate representation, then no harm will result
104   when the precondition evaluates to false.
105</t>
106<t>
107   The conditional request preconditions defined by this specification
108   (<xref target="preconditions"/>) are evaluated when applicable to the
109   recipient (<xref target="evaluation"/>) according to their order of
110   precedence (<xref target="precedence"/>).
111</t>
112
113<section title="Conformance and Error Handling" anchor="conformance">
114<t>
115   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
116   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
117   document are to be interpreted as described in <xref target="RFC2119"/>.
118</t>
119<t>
120   Conformance criteria and considerations regarding error handling
121   are defined in Section 2.5 of <xref target="RFC7230"/>.
122</t>
123</section>
124
125<section title="Syntax Notation" anchor="notation">
126<t>
127   This specification uses the Augmented Backus-Naur Form (ABNF) notation of
128   <xref target="RFC5234"/> with a list extension, defined in
129   Section 7 of <xref target="RFC7230"/>, that allows for compact definition of
130   comma-separated lists using a '#' operator (similar to how the '*' operator
131   indicates repetition).
132   <xref target="imported.abnf"/> describes rules imported from
133   other documents.
134   <xref target="collected.abnf"/> shows the collected grammar with all list
135   operators expanded to standard ABNF notation.
136</t>
137</section>
138</section>
139
140<section title="Validators" anchor="validators">
141   <iref primary="true" item="metadata"/>
142   <iref primary="true" item="validator"/>
143<t>
144   This specification defines two forms of metadata that are commonly used
145   to observe resource state and test for preconditions: modification dates
146   (<xref target="header.last-modified"/>) and opaque entity tags
147   (<xref target="header.etag"/>).  Additional metadata that reflects resource state
148   has been defined by various extensions of HTTP, such as Web Distributed
149   Authoring and Versioning (WebDAV, <xref target="RFC4918"/>), that are beyond the scope of this specification.
150   A resource metadata value is referred to as a "validator"
151   when it is used within a precondition.
152</t>
153
154<section title="Weak versus Strong" anchor="weak.and.strong.validators">
155   <iref primary="true" item="validator" subitem="weak"/>
156   <iref primary="true" item="validator" subitem="strong"/>
157<t>
158   Validators come in two flavors: strong or weak.  Weak validators are easy
159   to generate but are far less useful for comparisons.  Strong validators
160   are ideal for comparisons but can be very difficult (and occasionally
161   impossible) to generate efficiently.  Rather than impose that all forms
162   of resource adhere to the same strength of validator, HTTP exposes the
163   type of validator in use and imposes restrictions on when weak validators
164   can be used as preconditions.
165</t>
166<t>
167   A "strong validator" is representation metadata that changes value whenever
168   a change occurs to the representation data that would be observable in the
169   payload body of a 200 (OK) response to GET.
170</t>
171<t>  
172   A strong validator might change for reasons other than a change to the
173   representation data, such as when a
174   semantically significant part of the representation metadata is changed
175   (e.g., Content-Type), but it is in the best interests of the
176   origin server to only change the value when it is necessary to invalidate
177   the stored responses held by remote caches and authoring tools.
178</t>
179<t>
180   Cache entries might persist for arbitrarily long periods, regardless
181   of expiration times.  Thus, a cache might attempt to validate an
182   entry using a validator that it obtained in the distant past.
183   A strong validator is unique across all versions of all
184   representations associated with a particular resource over time.
185   However, there is no implication of uniqueness across representations
186   of different resources (i.e., the same strong validator might be
187   in use for representations of multiple resources at the same time
188   and does not imply that those representations are equivalent).
189</t>
190<t>
191   There are a variety of strong validators used in practice.  The best are
192   based on strict revision control, wherein each change to a representation
193   always results in a unique node name and revision identifier being assigned
194   before the representation is made accessible to GET.  A collision-resistant hash
195   function applied to the representation data is also sufficient if the data
196   is available prior to the response header fields being sent and the digest
197   does not need to be recalculated every time a validation request is
198   received.  However, if a resource has distinct representations that differ
199   only in their metadata, such as might occur with content negotiation over
200   media types that happen to share the same data format, then the origin
201   server needs to incorporate additional information in the validator to
202   distinguish those representations.
203</t>
204<t>
205   In contrast, a "weak validator" is representation metadata that
206   might not change for every change to the representation data.  This
207   weakness might be due to limitations in how the value is calculated, such
208   as clock resolution, an inability to ensure uniqueness for all possible
209   representations of the resource, or a desire of the resource owner
210   to group representations by some self-determined set of equivalency
211   rather than unique sequences of data.  An origin server SHOULD change a
212   weak entity-tag whenever it considers prior representations to be
213   unacceptable as a substitute for the current representation. In other words,
214   a weak entity-tag ought to change whenever the origin server wants caches to
215   invalidate old responses.
216</t>
217<t>
218   For example, the representation of a weather report that changes in
219   content every second, based on dynamic measurements, might be grouped
220   into sets of equivalent representations (from the origin server's
221   perspective) with the same weak validator in order to allow cached
222   representations to be valid for a reasonable period of time (perhaps
223   adjusted dynamically based on server load or weather quality).
224   Likewise, a representation's modification time, if defined with only
225   one-second resolution, might be a weak validator if it is possible
226   for the representation to be modified twice during a single second and
227   retrieved between those modifications.
228</t>
229<t>
230   Likewise, a validator is weak if it is shared by two or more
231   representations of a given resource at the same time, unless those
232   representations have identical representation data. For example, if the
233   origin server sends the same validator for a representation with a gzip
234   content coding applied as it does for a representation with no content
235   coding, then that validator is weak. However, two simultaneous
236   representations might share the same strong validator if they differ only
237   in the representation metadata, such as when two different media types are
238   available for the same representation data.
239</t>
240<t>
241   Strong validators are usable for all conditional requests, including cache
242   validation, partial content ranges, and "lost update" avoidance.
243   Weak validators are only usable when the client does not require exact
244   equality with previously obtained representation data, such as when
245   validating a cache entry or limiting a web traversal to recent changes.
246</t>
247</section>
248
249<section title="Last-Modified" anchor="header.last-modified">
250  <iref primary="true" item="Last-Modified header field"/>
251 
252<t>
253   The "Last-Modified" header field in a response provides a timestamp
254   indicating the date and time at which the origin server believes the
255   selected representation was last modified, as determined at the conclusion
256   of handling the request.
257</t>
258<figure><iref primary="true" item="Grammar" subitem="Last-Modified"/><artwork type="abnf2616"><![CDATA[
259  Last-Modified = HTTP-date
260]]></artwork></figure>
261<t>
262   An example of its use is
263</t>
264<figure><artwork type="example"><![CDATA[
265  Last-Modified: Tue, 15 Nov 1994 12:45:26 GMT
266]]></artwork></figure>
267
268<section title="Generation" anchor="lastmod.generation">
269<t>
270   An origin server SHOULD send Last-Modified for any selected
271   representation for which a last modification date can be reasonably
272   and consistently determined, since its use in conditional requests
273   and evaluating cache freshness (<xref target="RFC7234"/>) results in a substantial
274   reduction of HTTP traffic on the Internet and can be a significant
275   factor in improving service scalability and reliability.
276</t>
277<t>
278   A representation is typically the sum of many parts behind the
279   resource interface.  The last-modified time would usually be
280   the most recent time that any of those parts were changed.
281   How that value is determined for any given resource is an
282   implementation detail beyond the scope of this specification.
283   What matters to HTTP is how recipients of the Last-Modified
284   header field can use its value to make conditional requests
285   and test the validity of locally cached responses.
286</t>
287<t>
288   An origin server SHOULD obtain the Last-Modified value of the
289   representation as close as possible to the time that it generates the
290   Date field value for its response. This allows a recipient to
291   make an accurate assessment of the representation's modification time,
292   especially if the representation changes near the time that the
293   response is generated.
294</t>
295<t>
296   An origin server with a clock MUST NOT send a Last-Modified date
297   that is later than the server's time of message origination (Date).
298   If the last modification time is derived from implementation-specific
299   metadata that evaluates to some time in the future, according to the
300   origin server's clock, then the origin server MUST replace that
301   value with the message origination date. This prevents a future
302   modification date from having an adverse impact on cache validation.
303</t>
304<t>
305   An origin server without a clock MUST NOT assign Last-Modified
306   values to a response unless these values were associated
307   with the resource by some other system or user with a reliable clock.
308</t>
309</section>
310
311<section title="Comparison" anchor="lastmod.comparison">
312<t>
313   A Last-Modified time, when used as a validator in a request, is
314   implicitly weak unless it is possible to deduce that it is strong,
315   using the following rules:
316  <list style="symbols">
317     <t>The validator is being compared by an origin server to the
318        actual current validator for the representation and,</t>
319     <t>That origin server reliably knows that the associated representation did
320        not change twice during the second covered by the presented
321        validator.</t>
322  </list>
323</t>
324<t>
325   or
326  <list style="symbols">
327     <t>The validator is about to be used by a client in an <xref target="header.if-modified-since" format="none">If-Modified-Since</xref>,
328        <xref target="header.if-unmodified-since" format="none">If-Unmodified-Since</xref>, or If-Range header
329        field, because the client has a cache entry for the associated
330        representation, and</t>
331     <t>That cache entry includes a Date value, which gives the
332        time when the origin server sent the original response, and</t>
333     <t>The presented Last-Modified time is at least 60 seconds before
334        the Date value.</t>
335  </list>
336</t>
337<t>
338   or
339  <list style="symbols">
340     <t>The validator is being compared by an intermediate cache to the
341        validator stored in its cache entry for the representation, and</t>
342     <t>That cache entry includes a Date value, which gives the
343        time when the origin server sent the original response, and</t>
344     <t>The presented Last-Modified time is at least 60 seconds before
345        the Date value.</t>
346  </list>
347</t>
348<t>
349   This method relies on the fact that if two different responses were
350   sent by the origin server during the same second, but both had the
351   same Last-Modified time, then at least one of those responses would
352   have a Date value equal to its Last-Modified time. The
353   arbitrary 60-second limit guards against the possibility that the Date and
354   Last-Modified values are generated from different clocks or at somewhat
355   different times during the preparation of the response. An
356   implementation MAY use a value larger than 60 seconds, if it is
357   believed that 60 seconds is too short.
358</t>
359</section>
360</section>
361
362<section title="ETag" anchor="header.etag">
363  <iref primary="true" item="ETag header field"/>
364 
365 
366 
367 
368 
369<t>
370   The "ETag" header field in a response provides the current entity-tag for
371   the selected representation, as determined at the conclusion of handling
372   the request.
373   An entity-tag is an opaque validator for differentiating between
374   multiple representations of the same resource, regardless of whether
375   those multiple representations are due to resource state changes over
376   time, content negotiation resulting in multiple representations being
377   valid at the same time, or both. An entity-tag consists of an opaque
378   quoted string, possibly prefixed by a weakness indicator.
379</t>
380<figure><iref primary="true" item="Grammar" subitem="ETag"/><iref primary="true" item="Grammar" subitem="entity-tag"/><iref primary="true" item="Grammar" subitem="weak"/><iref primary="true" item="Grammar" subitem="opaque-tag"/><iref primary="true" item="Grammar" subitem="etagc"/><artwork type="abnf2616"><![CDATA[
381  ETag       = entity-tag
382
383  entity-tag = [ weak ] opaque-tag
384  weak       = %x57.2F ; "W/", case-sensitive
385  opaque-tag = DQUOTE *etagc DQUOTE
386  etagc      = %x21 / %x23-7E / obs-text
387             ; VCHAR except double quotes, plus obs-text
388]]></artwork></figure>
389<t><list>
390  <t>
391    Note: Previously, opaque-tag was defined to be a quoted-string
392    (<xref target="RFC2616"/>, Section 3.11); thus, some recipients
393    might perform backslash unescaping. Servers therefore ought to avoid
394    backslash characters in entity tags.
395  </t>
396</list></t>
397<t>
398   An entity-tag can be more reliable for validation than a modification
399   date in situations where it is inconvenient to store modification
400   dates, where the one-second resolution of HTTP date values is not
401   sufficient, or where modification dates are not consistently maintained.
402</t>
403<figure><preamble>
404  Examples:
405</preamble>
406<artwork type="example"><![CDATA[
407  ETag: "xyzzy"
408  ETag: W/"xyzzy"
409  ETag: ""
410]]></artwork></figure>
411<t>
412   An entity-tag can be either a weak or strong validator, with
413   strong being the default.  If an origin server provides an entity-tag
414   for a representation and the generation of that entity-tag does not satisfy
415   all of the characteristics of a strong validator
416   (<xref target="weak.and.strong.validators"/>), then the origin server
417   MUST mark the entity-tag as weak by prefixing its opaque value
418   with "W/" (case-sensitive).
419</t>
420
421<section title="Generation" anchor="entity.tag.generation">
422<t>
423   The principle behind entity-tags is that only the service author
424   knows the implementation of a resource well enough to select the
425   most accurate and efficient validation mechanism for that resource,
426   and that any such mechanism can be mapped to a simple sequence of
427   octets for easy comparison.  Since the value is opaque, there is no
428   need for the client to be aware of how each entity-tag is constructed.
429</t>
430<t>
431   For example, a resource that has implementation-specific versioning
432   applied to all changes might use an internal revision number, perhaps
433   combined with a variance identifier for content negotiation, to
434   accurately differentiate between representations.
435   Other implementations might use a collision-resistant hash of
436   representation content, a combination of various file attributes, or
437   a modification timestamp that has sub-second resolution.
438</t>
439<t>
440   An origin server SHOULD send an ETag for any selected representation
441   for which detection of changes can be reasonably and consistently
442   determined, since the entity-tag's use in conditional requests and
443   evaluating cache freshness (<xref target="RFC7234"/>) can result in a substantial
444   reduction of HTTP network traffic and can be a significant factor in
445   improving service scalability and reliability.
446</t>
447</section>
448
449<section title="Comparison" anchor="entity.tag.comparison">
450 
451 
452 
453<t>
454   There are two entity-tag comparison functions, depending on whether or not
455   the comparison context allows the use of weak validators:
456  <list style="symbols">
457     <t>Strong comparison: two entity-tags are equivalent if both
458        are not weak and their opaque-tags match character-by-character.</t>
459     <t>Weak comparison: two entity-tags are equivalent if their opaque-tags
460        match character-by-character, regardless of either or both
461        being tagged as "weak".</t>
462  </list>
463</t>
464<t>
465   The example below shows the results for a set of entity-tag pairs and both
466   the weak and strong comparison function results:
467</t>
468<texttable align="left">
469  <ttcol>ETag 1</ttcol>
470  <ttcol>ETag 2</ttcol>
471  <ttcol>Strong Comparison</ttcol>
472  <ttcol>Weak Comparison</ttcol>
473
474  <c>W/"1"</c>
475  <c>W/"1"</c>
476  <c>no match</c>
477  <c>match</c>
478 
479  <c>W/"1"</c>
480  <c>W/"2"</c>
481  <c>no match</c>
482  <c>no match</c>
483
484  <c>W/"1"</c>
485  <c>"1"</c>
486  <c>no match</c>
487  <c>match</c>
488
489  <c>"1"</c>
490  <c>"1"</c>
491  <c>match</c>
492  <c>match</c>
493</texttable>
494</section>
495
496<section title="Example: Entity-Tags Varying on Content-Negotiated Resources" anchor="example.entity.tag.vs.conneg">
497<t>
498   Consider a resource that is subject to content negotiation
499   (Section 3.4 of <xref target="RFC7231"/>), and where the representations sent in response to
500   a GET request vary based on the Accept-Encoding request
501   header field (Section 5.3.4 of <xref target="RFC7231"/>):
502</t>
503<figure><preamble>&gt;&gt; Request:</preamble><artwork type="message/http; msgtype=&#34;request&#34;"><![CDATA[
504  GET /index HTTP/1.1
505  Host: www.example.com
506  Accept-Encoding: gzip
507 
508  ]]></artwork></figure>
509<t>
510   In this case, the response might or might not use the gzip content coding.
511   If it does not, the response might look like:
512</t>
513<figure><preamble>&gt;&gt; Response:</preamble><artwork type="message/http; msgtype=&#34;response&#34;"><![CDATA[
514  HTTP/1.1 200 OK
515  Date: Fri, 26 Mar 2010 00:05:00 GMT
516  ETag: "123-a"
517  Content-Length: 70
518  Vary: Accept-Encoding
519  Content-Type: text/plain
520 
521  Hello World!
522  Hello World!
523  Hello World!
524  Hello World!
525  Hello World!
526  ]]></artwork></figure>
527<t>
528   An alternative representation that does use gzip content coding would be:
529</t>
530<figure><preamble>&gt;&gt; Response:</preamble><artwork type="message/http; msgtype=&#34;response&#34;"><![CDATA[
531  HTTP/1.1 200 OK
532  Date: Fri, 26 Mar 2010 00:05:00 GMT
533  ETag: "123-b"
534  Content-Length: 43
535  Vary: Accept-Encoding
536  Content-Type: text/plain
537  Content-Encoding: gzip
538 
539  ...binary data...]]></artwork></figure>
540<t><list>
541  <t>
542    Note: Content codings are a property of the representation data,
543    so a strong entity-tag for a content-encoded representation has to be
544    distinct from the entity tag of an unencoded representation to prevent
545    potential conflicts during cache updates and range requests. In contrast,
546    transfer codings (Section 4 of <xref target="RFC7230"/>) apply only during message transfer
547    and do not result in distinct entity-tags.
548  </t>
549</list></t>
550</section>
551</section>
552
553<section title="When to Use Entity-Tags and Last-Modified Dates" anchor="when.to.use.entity.tags.and.last-modified.dates">
554<t>
555   In 200 (OK) responses to GET or HEAD, an origin server:
556  <list style="symbols">
557     <t>SHOULD send an entity-tag validator unless it is not feasible to
558        generate one.</t>
559
560     <t>MAY send a weak entity-tag instead of a strong entity-tag, if
561        performance considerations support the use of weak entity-tags,
562        or if it is unfeasible to send a strong entity-tag.</t>
563
564     <t>SHOULD send a <xref target="header.last-modified" format="none">Last-Modified</xref> value if it is feasible to
565        send one.</t>
566  </list>
567</t>
568<t>
569   In other words, the preferred behavior for an origin server
570   is to send both a strong entity-tag and a <xref target="header.last-modified" format="none">Last-Modified</xref>
571   value in successful responses to a retrieval request.
572</t>
573<t>
574   A client:
575  <list style="symbols">
576     <t>MUST send that entity-tag in any cache validation request (using
577        <xref target="header.if-match" format="none">If-Match</xref> or <xref target="header.if-none-match" format="none">If-None-Match</xref>) if an
578        entity-tag has been provided by the origin server.</t>
579
580     <t>SHOULD send the <xref target="header.last-modified" format="none">Last-Modified</xref> value in non-subrange
581        cache validation requests (using <xref target="header.if-modified-since" format="none">If-Modified-Since</xref>)
582        if only a Last-Modified value has been provided by the origin server.</t>
583
584     <t>MAY send the <xref target="header.last-modified" format="none">Last-Modified</xref> value in subrange
585        cache validation requests (using <xref target="header.if-unmodified-since" format="none">If-Unmodified-Since</xref>)
586        if only a Last-Modified value has been provided by an HTTP/1.0 origin
587        server. The user agent SHOULD provide a way to disable this, in case
588        of difficulty.</t>
589
590     <t>SHOULD send both validators in cache validation requests if both an
591        entity-tag and a <xref target="header.last-modified" format="none">Last-Modified</xref> value have been provided
592        by the origin server. This allows both HTTP/1.0 and HTTP/1.1 caches to
593        respond appropriately.</t>
594  </list>
595</t>
596</section>
597</section>
598
599<section title="Precondition Header Fields" anchor="preconditions">
600<t>
601   This section defines the syntax and semantics of HTTP/1.1 header fields
602   for applying preconditions on requests.
603   <xref target="evaluation"/> defines when the preconditions are applied.
604   <xref target="precedence"/> defines the order of evaluation when more than
605   one precondition is present.
606</t>
607
608<section title="If-Match" anchor="header.if-match">
609  <iref primary="true" item="If-Match header field"/>
610 
611<t>
612   The "If-Match" header field makes the request method conditional on the
613   recipient origin server either having at least one current
614   representation of the target resource, when the field-value is "*", or
615   having a current representation of the target resource that has an
616   entity-tag matching a member of the list of entity-tags provided in the
617   field-value.
618</t>
619<t>
620   An origin server MUST use the strong comparison function when comparing
621   entity-tags for If-Match (<xref target="entity.tag.comparison"/>), since
622   the client intends this precondition to prevent the method from being
623   applied if there have been any changes to the representation data.
624</t>
625<figure><iref primary="true" item="Grammar" subitem="If-Match"/><artwork type="abnf2616"><![CDATA[
626  If-Match = "*" / 1#entity-tag
627]]></artwork></figure>
628<t>
629   Examples:
630</t>
631<figure><artwork type="example"><![CDATA[
632  If-Match: "xyzzy"
633  If-Match: "xyzzy", "r2d2xxxx", "c3piozzzz"
634  If-Match: *
635]]></artwork></figure>
636<t>
637   If-Match is most often used with state-changing methods (e.g., POST, PUT,
638   DELETE) to prevent accidental overwrites when multiple user agents might be
639   acting in parallel on the same resource (i.e., to prevent the "lost update"
640   problem). It can also be used with safe methods to abort a request if the
641   selected representation does not match one already stored
642   (or partially stored) from a prior request.
643</t>
644<t>
645   An origin server that receives an If-Match header field MUST evaluate the
646   condition prior to performing the method (<xref target="evaluation"/>).
647   If the field-value is "*", the condition is false if the origin server
648   does not have a current representation for the target resource.
649   If the field-value is a list of entity-tags, the condition is false if
650   none of the listed tags match the entity-tag of the selected representation.
651
652<!-- [rfced] May we update this text as follows for the ease of the
653reader?  We note that similar text exists elsewhere in the document.
654
655Original:
656If the field-value is "*", the condition is false if the origin server
657does not have a current representation for the target resource.  If
658the field-value is a list of entity-tags, the condition is false if
659none of the listed tags match the entity-tag of the selected
660representation.
661
662Perhaps:
663If the field-value is "*" and the origin server does not have a
664current representation for the target resource, the condition is
665false.  If the field-value is a list of entity-tags and none of the
666listed tags match the entity-tag of the selected representation, the
667condition is false.
668 
669-->
670</t>
671<t>
672   An origin server MUST NOT perform the requested method if a received
673   If-Match condition evaluates to false; instead, the origin server MUST
674   respond with either
675   a) the <xref target="status.412" format="none">412 (Precondition Failed)</xref> status code or
676   b) one of the 2xx (Successful) status codes if the origin
677   server has verified that a state change is being requested and the final
678   state is already reflected in the current state of the target resource
679   (i.e., the change requested by the user agent has already succeeded, but
680   the user agent might not be aware of it, perhaps because the prior response
681   was lost or a compatible change was made by some other user agent).
682   In the latter case, the origin server MUST NOT send a validator header
683   field in the response unless it can verify that the request is a duplicate
684   of an immediately prior change made by the same user agent.
685</t>
686<t>
687   The If-Match header field can be ignored by caches and intermediaries
688   because it is not applicable to a stored response.
689</t>
690</section>
691
692<section title="If-None-Match" anchor="header.if-none-match">
693  <iref primary="true" item="If-None-Match header field"/>
694 
695<t>
696   The "If-None-Match" header field makes the request method conditional on
697   a recipient cache or origin server either not having any current
698   representation of the target resource, when the field-value is "*", or
699   having a selected representation with an entity-tag that does not match any
700   of those listed in the field-value.
701
702<!-- [rfced] This sentence is a bit tough to parse.  May we update as follows?
703
704Original:
705   The "If-None-Match" header field makes the request method conditional
706   on a recipient cache or origin server either not having any current
707   representation of the target resource, when the field-value is "*",
708   or having a selected representation with an entity-tag that does not
709   match any of those listed in the field-value.
710
711Perhaps:
712   The "If-None-Match" header field makes the request method conditional
713   on a recipient cache or origin server that either does not have any current
714   representation of the target resource, when the field-value is "*",
715   or that does not have a selected representation with an entity-tag that does not
716   match any of those listed in the field-value.
717
718-->
719</t>
720<t>
721   A recipient MUST use the weak comparison function when comparing
722   entity-tags for If-None-Match (<xref target="entity.tag.comparison"/>),
723   since weak entity-tags can be used for cache validation even if there have
724   been changes to the representation data.
725</t>
726<figure><iref primary="true" item="Grammar" subitem="If-None-Match"/><artwork type="abnf2616"><![CDATA[
727  If-None-Match = "*" / 1#entity-tag
728]]></artwork></figure>
729<t>
730   Examples:
731</t>
732<figure><artwork type="example"><![CDATA[
733  If-None-Match: "xyzzy"
734  If-None-Match: W/"xyzzy"
735  If-None-Match: "xyzzy", "r2d2xxxx", "c3piozzzz"
736  If-None-Match: W/"xyzzy", W/"r2d2xxxx", W/"c3piozzzz"
737  If-None-Match: *
738]]></artwork></figure>
739<t>
740   If-None-Match is primarily used in conditional GET requests to enable
741   efficient updates of cached information with a minimum amount of
742   transaction overhead. When a client desires to update one or more stored
743   responses that have entity-tags, the client SHOULD generate an
744   If-None-Match header field containing a list of those entity-tags when
745   making a GET request; this allows recipient servers to send a
746   <xref target="status.304" format="none">304 (Not Modified)</xref> response to indicate when one of those
747   stored responses matches the selected representation.
748</t>
749<t>
750   If-None-Match can also be used with a value of "*" to prevent an unsafe
751   request method (e.g., PUT) from inadvertently modifying an existing
752   representation of the target resource when the client believes that
753   the resource does not have a current representation (Section 4.2.1 of <xref target="RFC7231"/>).
754   This is a variation on the "lost update" problem that might arise if more
755   than one client attempts to create an initial representation for the target
756   resource.
757</t>
758<t>
759   An origin server that receives an If-None-Match header field MUST
760   evaluate the condition prior to performing the method
761   (<xref target="evaluation"/>).
762   If the field-value is "*", the condition is false if the origin server
763   has a current representation for the target resource.
764   If the field-value is a list of entity-tags, the condition is false if
765   one of the listed tags match the entity-tag of the selected representation.
766</t>
767<t>
768   An origin server MUST NOT perform the requested method if the condition
769   evaluates to false; instead, the origin server MUST respond with either
770   a) the <xref target="status.304" format="none">304 (Not Modified)</xref> status code if the request method
771   is GET or HEAD or b) the <xref target="status.412" format="none">412 (Precondition Failed)</xref> status
772   code for all other request methods.
773</t>
774<t>
775   Requirements on cache handling of a received If-None-Match header field
776   are defined in Section 4.3.2 of <xref target="RFC7234"/>.
777</t>
778</section>
779
780<section title="If-Modified-Since" anchor="header.if-modified-since">
781  <iref primary="true" item="If-Modified-Since header field"/>
782 
783<t>
784   The "If-Modified-Since" header field makes a GET or HEAD request method
785   conditional on the selected representation's modification date being more
786   recent than the date provided in the field-value. Transfer of the selected
787   representation's data is avoided if that data has not changed.
788</t>
789<figure><iref primary="true" item="Grammar" subitem="If-Modified-Since"/><artwork type="abnf2616"><![CDATA[
790  If-Modified-Since = HTTP-date
791]]></artwork></figure>
792<t>
793   An example of the field is:
794</t>
795<figure><artwork type="example"><![CDATA[
796  If-Modified-Since: Sat, 29 Oct 1994 19:43:31 GMT
797]]></artwork></figure>
798<t>
799   A recipient MUST ignore If-Modified-Since if the request contains an
800   <xref target="header.if-none-match" format="none">If-None-Match</xref> header field; the condition in
801   <xref target="header.if-none-match" format="none">If-None-Match</xref> is considered to be a more accurate
802   replacement for the condition in If-Modified-Since, and the two are only
803   combined for the sake of interoperating with older intermediaries that
804   might not implement <xref target="header.if-none-match" format="none">If-None-Match</xref>.
805</t>
806<t>
807   A recipient MUST ignore the If-Modified-Since header field if the
808   received field-value is not a valid HTTP-date, or if the request method
809   is neither GET nor HEAD.
810</t>
811<t>
812   A recipient MUST interpret an If-Modified-Since field-value's timestamp
813   in terms of the origin server's clock.
814</t>
815<t>
816   If-Modified-Since is typically used for two distinct purposes:
817   1) to allow efficient updates of a cached representation that does not
818   have an entity-tag and 2) to limit the scope of a web traversal to resources
819   that have recently changed.
820</t>
821<t>
822   When used for cache updates, a cache will typically use the value of the
823   cached message's <xref target="header.last-modified" format="none">Last-Modified</xref> field to generate the field
824   value of If-Modified-Since. This behavior is most interoperable for cases
825   where clocks are poorly synchronized or when the server has chosen to only
826   honor exact timestamp matches (due to a problem with Last-Modified dates
827   that appear to go "back in time" when the origin server's clock is
828   corrected or a representation is restored from an archived backup).
829   However, caches occasionally generate the field value based on other data,
830   such as the Date header field of the cached message or the
831   local clock time that the message was received, particularly when the
832   cached message does not contain a <xref target="header.last-modified" format="none">Last-Modified</xref> field.
833</t>
834<t>
835   When used for limiting the scope of retrieval to a recent time window, a
836   user agent will generate an If-Modified-Since field value based on either
837   its own local clock or a Date header field received from the
838   server in a prior response. Origin servers that choose an exact timestamp
839   match based on the selected representation's <xref target="header.last-modified" format="none">Last-Modified</xref>
840   field will not be able to help the user agent limit its data transfers to
841   only those changed during the specified window.
842</t>
843<t>
844   An origin server that receives an If-Modified-Since header field SHOULD
845   evaluate the condition prior to performing the method
846   (<xref target="evaluation"/>).
847   The origin server SHOULD NOT perform the requested method if the selected
848   representation's last modification date is earlier than or equal to the
849   date provided in the field-value; instead, the origin server SHOULD
850   generate a <xref target="status.304" format="none">304 (Not Modified)</xref> response, including only those
851   metadata that are useful for identifying or updating a previously cached
852   response.
853</t>
854<t>
855   Requirements on cache handling of a received If-Modified-Since header field
856   are defined in Section 4.3.2 of <xref target="RFC7234"/>.
857</t>
858</section>
859
860<section title="If-Unmodified-Since" anchor="header.if-unmodified-since">
861  <iref primary="true" item="If-Unmodified-Since header field"/>
862 
863<t>
864   The "If-Unmodified-Since" header field makes the request method conditional
865   on the selected representation's last modification date being earlier than or
866   equal to the date provided in the field-value. This field accomplishes the
867   same purpose as <xref target="header.if-match" format="none">If-Match</xref> for cases where the user agent does
868   not have an entity-tag for the representation.
869</t>
870<figure><iref primary="true" item="Grammar" subitem="If-Unmodified-Since"/><artwork type="abnf2616"><![CDATA[
871  If-Unmodified-Since = HTTP-date
872]]></artwork></figure>
873<t>
874   An example of the field is:
875</t>
876<figure><artwork type="example"><![CDATA[
877  If-Unmodified-Since: Sat, 29 Oct 1994 19:43:31 GMT
878]]></artwork></figure>
879<t>
880   A recipient MUST ignore If-Unmodified-Since if the request contains an
881   <xref target="header.if-match" format="none">If-Match</xref> header field; the condition in
882   <xref target="header.if-match" format="none">If-Match</xref> is considered to be a more accurate replacement for
883   the condition in If-Unmodified-Since, and the two are only combined for the
884   sake of interoperating with older intermediaries that might not implement
885   <xref target="header.if-match" format="none">If-Match</xref>.
886</t>
887<t>
888   A recipient MUST ignore the If-Unmodified-Since header field if the
889   received field-value is not a valid HTTP-date.
890</t>
891<t>
892   A recipient MUST interpret an If-Unmodified-Since field-value's timestamp
893   in terms of the origin server's clock.
894</t>
895<t>
896   If-Unmodified-Since is most often used with state-changing methods
897   (e.g., POST, PUT, DELETE) to prevent accidental overwrites when multiple
898   user agents might be acting in parallel on a resource that does
899   not supply entity-tags with its representations (i.e., to prevent the
900   "lost update" problem). It can also be used with safe methods to abort a
901   request if the selected representation does not match one
902   already stored (or partially stored) from a prior request.
903</t>
904<t>
905   An origin server that receives an If-Unmodified-Since header field MUST
906   evaluate the condition prior to performing the method
907   (<xref target="evaluation"/>).
908   The origin server MUST NOT perform the requested method if the selected
909   representation's last modification date is more recent than the date
910   provided in the field-value; instead the origin server MUST respond with either
911   a) the <xref target="status.412" format="none">412 (Precondition Failed)</xref> status code or
912   b) one of the 2xx (Successful) status codes if the origin
913   server has verified that a state change is being requested and the final
914   state is already reflected in the current state of the target resource
915   (i.e., the change requested by the user agent has already succeeded, but
916   the user agent might not be aware of that because the prior response message
917   was lost or a compatible change was made by some other user agent).
918   In the latter case, the origin server MUST NOT send a validator header
919   field in the response unless it can verify that the request is a duplicate
920   of an immediately prior change made by the same user agent.
921</t>
922<t>
923   The If-Unmodified-Since header field can be ignored by caches and
924   intermediaries because it is not applicable to a stored response.
925</t>
926</section>
927
928<section title="If-Range" anchor="header.if-range">
929<t>
930   The "If-Range" header field provides a special conditional request
931   mechanism that is similar to the <xref target="header.if-match" format="none">If-Match</xref> and
932   <xref target="header.if-unmodified-since" format="none">If-Unmodified-Since</xref> header fields but that instructs the
933   recipient to ignore the Range header field if the validator
934   doesn't match, resulting in transfer of the new selected representation
935   instead of a <xref target="status.412" format="none">412 (Precondition Failed)</xref> response. If-Range is
936   defined in Section 3.2 of <xref target="RFC7233"/>.
937</t>
938</section>
939</section>
940
941<section title="Status Code Definitions" anchor="status.code.definitions">
942<section title="304 Not Modified" anchor="status.304">
943  <iref primary="true" item="304 Not Modified (status code)"/>
944 
945 
946<t>
947   The 304 (Not Modified) status code indicates that a
948   conditional GET or HEAD request has been
949   received and would have resulted in a 200 (OK) response
950   if it were not for the fact that the condition evaluated to false.
951   In other words, there is no need for the server to transfer a
952   representation of the target resource because the request indicates that
953   the client, which made the request conditional, already has a valid
954   representation; the server is therefore redirecting the client to make
955   use of that stored representation as if it were the payload of a
956   200 (OK) response.
957</t>
958<t>
959   The server generating a 304 response MUST generate any of the following
960   header fields that would have been sent in a 200 (OK)
961   response to the same request:
962   Cache-Control,
963   Content-Location,
964   Date,
965   <xref target="header.etag" format="none">ETag</xref>,
966   Expires, and
967   Vary.
968</t>
969<t>
970   Since the goal of a 304 response is to minimize information transfer
971   when the recipient already has one or more cached representations,
972   a sender SHOULD NOT generate representation metadata other
973   than the above listed fields unless said metadata exists for the
974   purpose of guiding cache updates (e.g., <xref target="header.last-modified" format="none">Last-Modified</xref> might
975   be useful if the response does not have an <xref target="header.etag" format="none">ETag</xref> field).
976</t>
977<t>
978   Requirements on a cache that receives a 304 response are defined in
979   Section 4.3.4 of <xref target="RFC7234"/>. If the conditional request originated with an
980   outbound client, such as a user agent with its own cache sending a
981   conditional GET to a shared proxy, then the proxy SHOULD forward the
982   304 response to that client.
983</t>
984<t>
985   A 304 response cannot contain a message-body; it is always
986   terminated by the first empty line after the header fields.
987</t>
988</section>
989
990<section title="412 Precondition Failed" anchor="status.412">
991  <iref primary="true" item="412 Precondition Failed (status code)"/>
992 
993<t>
994   The 412 (Precondition Failed) status code indicates that one
995   or more conditions given in the request header fields evaluated to false
996   when tested on the server. This response code allows the client to place
997   preconditions on the current resource state (its current representations
998   and metadata) and, thus, prevent the request method from being applied if the
999   target resource is in an unexpected state.
1000</t>
1001</section>
1002</section>
1003
1004<section title="Evaluation" anchor="evaluation">
1005<t>
1006   Except when excluded below, a recipient cache or origin server MUST
1007   evaluate received request preconditions after it has successfully performed
1008   its normal request checks and just before it would perform the action
1009   associated with the request method.
1010   A server MUST ignore all received preconditions if its response to the
1011   same request without those conditions would have been a status code other
1012   than a 2xx (Successful) or <xref target="status.412" format="none">412 (Precondition Failed)</xref>.
1013   In other words, redirects and failures take precedence over the evaluation
1014   of preconditions in conditional requests.
1015</t>
1016<t>
1017   A server that is not the origin server for the target resource and cannot
1018   act as a cache for requests on the target resource MUST NOT evaluate the
1019   conditional request header fields defined by this specification, and it
1020   MUST forward them if the request is forwarded, since the generating
1021   client intends that they be evaluated by a server that can provide a
1022   current representation.
1023   Likewise, a server MUST ignore the conditional request header fields
1024   defined by this specification when received with a request method that does
1025   not involve the selection or modification of a
1026   selected representation, such as CONNECT, OPTIONS, or TRACE.
1027</t>
1028<t>
1029   Conditional request header fields that are defined by extensions to HTTP
1030   might place conditions on all recipients, on the state of the target
1031   resource in general, or on a group of resources. For instance, the "If"
1032   header field in WebDAV can make a request conditional on various aspects
1033   of multiple resources, such as locks, if the recipient understands and
1034   implements that field (<xref target="RFC4918"/>, Section 10.4).
1035</t>
1036<t>
1037   Although conditional request header fields are defined as being usable with
1038   the HEAD method (to keep HEAD's semantics consistent with those of GET),
1039   there is no point in sending a conditional HEAD because a successful
1040   response is around the same size as a <xref target="status.304" format="none">304 (Not Modified)</xref>
1041   response and more useful than a <xref target="status.412" format="none">412 (Precondition Failed)</xref>
1042   response.
1043</t>
1044</section>
1045
1046<section title="Precedence" anchor="precedence">
1047<t>
1048   When more than one conditional request header field is present in a request,
1049   the order in which the fields are evaluated becomes important. In practice,
1050   the fields defined in this document are consistently implemented in a
1051   single, logical order, since "lost update" preconditions have more strict
1052   requirements than cache validation, a validated cache is more efficient
1053   than a partial response, and entity tags are presumed to be more accurate
1054   than date validators.
1055</t>
1056<t>
1057   A recipient cache or origin server MUST evaluate the request
1058   preconditions defined by this specification in the following order:
1059   <list style="numbers">
1060     <t anchor="precedence1">When recipient is the origin server and
1061       <xref target="header.if-match" format="none">If-Match</xref> is present,
1062       evaluate the <xref target="header.if-match" format="none">If-Match</xref> precondition:
1063       <list style="symbols">
1064         <t>if true, continue to step <xref target="precedence3" format="counter"/></t>
1065         <t>if false, respond <xref target="status.412" format="none">412 (Precondition Failed)</xref> unless
1066            it can be determined that the state-changing request has already
1067            succeeded (see <xref target="header.if-match"/>)</t>
1068       </list>
1069     </t>
1070     <t anchor="precedence2">When recipient is the origin server,
1071       <xref target="header.if-match" format="none">If-Match</xref> is not present, and
1072       <xref target="header.if-unmodified-since" format="none">If-Unmodified-Since</xref> is present,
1073       evaluate the <xref target="header.if-unmodified-since" format="none">If-Unmodified-Since</xref> precondition:
1074       <list style="symbols">
1075         <t>if true, continue to step <xref target="precedence3" format="counter"/></t>
1076         <t>if false, respond <xref target="status.412" format="none">412 (Precondition Failed)</xref> unless
1077            it can be determined that the state-changing request has already
1078            succeeded (see <xref target="header.if-unmodified-since"/>)</t>
1079       </list>
1080     </t>
1081     <t anchor="precedence3">When <xref target="header.if-none-match" format="none">If-None-Match</xref> is present,
1082       evaluate the <xref target="header.if-none-match" format="none">If-None-Match</xref> precondition:
1083       <list style="symbols">
1084         <t>if true, continue to step <xref target="precedence5" format="counter"/></t>
1085         <t>if false for GET/HEAD, respond <xref target="status.304" format="none">304 (Not Modified)</xref></t>
1086         <t>if false for other methods, respond <xref target="status.412" format="none">412 (Precondition Failed)</xref></t>
1087       </list>
1088     </t>
1089     <t anchor="precedence4">When the method is GET or HEAD,
1090       <xref target="header.if-none-match" format="none">If-None-Match</xref> is not present, and
1091       <xref target="header.if-modified-since" format="none">If-Modified-Since</xref> is present,
1092       evaluate the <xref target="header.if-modified-since" format="none">If-Modified-Since</xref> precondition:
1093       <list style="symbols">
1094         <t>if true, continue to step <xref target="precedence5" format="counter"/></t>
1095         <t>if false, respond <xref target="status.304" format="none">304 (Not Modified)</xref></t>
1096       </list>
1097     </t>
1098     <t anchor="precedence5">When the method is GET and both
1099       Range and If-Range are present,
1100       evaluate the If-Range precondition:
1101       <list style="symbols">
1102         <t>if the validator matches and the Range specification is
1103            applicable to the selected representation, respond
1104            206 (Partial Content) <xref target="RFC7233"/></t>
1105       </list>
1106     </t>
1107     <t anchor="precedencelast">Otherwise,
1108       <list style="symbols">
1109         <t>all conditions are met, so perform the requested action and
1110            respond according to its success or failure.</t>
1111       </list>
1112     </t>
1113   </list>
1114</t>
1115<t>
1116   Any extension to HTTP/1.1 that defines additional conditional request
1117   header fields ought to define its own expectations regarding the order
1118   for evaluating such fields in relation to those defined in this document
1119   and other conditionals that might be found in practice.
1120</t>
1121</section>
1122
1123<section title="IANA Considerations" anchor="IANA.considerations">
1124
1125<section title="Status Code Registration" anchor="status.code.registration">
1126<t>
1127   The "Hypertext Transfer Protocol (HTTP) Status Code Registry" located at &lt;http://www.iana.org/assignments/http-status-codes&gt;
1128   has been updated with the registrations below:
1129</t>
1130
1131<!--AUTOGENERATED FROM extract-status-code-defs.xslt, do not edit manually-->
1132<texttable align="left" suppress-title="true" anchor="iana.status.code.registration.table">
1133   <ttcol>Value</ttcol>
1134   <ttcol>Description</ttcol>
1135   <ttcol>Reference</ttcol>
1136   <c>304</c>
1137   <c>Not Modified</c>
1138   <c>
1139      <xref target="status.304"/>
1140   </c>
1141   <c>412</c>
1142   <c>Precondition Failed</c>
1143   <c>
1144      <xref target="status.412"/>
1145   </c>
1146</texttable>
1147<!--(END)-->
1148
1149</section>
1150
1151<section title="Header Field Registration" anchor="header.field.registration">
1152<t>
1153   HTTP header fields are registered within the "Message Headers" registry
1154   maintained at
1155   &lt;http://www.iana.org/assignments/message-headers/&gt;.
1156</t>
1157<t>
1158   This document defines the following HTTP header fields, so their
1159   associated registry entries have been updated according to the
1160   permanent registrations below (see <xref target="BCP90"/>):
1161</t>
1162
1163<!--AUTOGENERATED FROM extract-header-defs.xslt, do not edit manually-->
1164<texttable align="left" suppress-title="true" anchor="iana.header.registration.table">
1165   <ttcol>Header Field Name</ttcol>
1166   <ttcol>Protocol</ttcol>
1167   <ttcol>Status</ttcol>
1168   <ttcol>Reference</ttcol>
1169
1170   <c>ETag</c>
1171   <c>http</c>
1172   <c>standard</c>
1173   <c>
1174      <xref target="header.etag"/>
1175   </c>
1176   <c>If-Match</c>
1177   <c>http</c>
1178   <c>standard</c>
1179   <c>
1180      <xref target="header.if-match"/>
1181   </c>
1182   <c>If-Modified-Since</c>
1183   <c>http</c>
1184   <c>standard</c>
1185   <c>
1186      <xref target="header.if-modified-since"/>
1187   </c>
1188   <c>If-None-Match</c>
1189   <c>http</c>
1190   <c>standard</c>
1191   <c>
1192      <xref target="header.if-none-match"/>
1193   </c>
1194   <c>If-Unmodified-Since</c>
1195   <c>http</c>
1196   <c>standard</c>
1197   <c>
1198      <xref target="header.if-unmodified-since"/>
1199   </c>
1200   <c>Last-Modified</c>
1201   <c>http</c>
1202   <c>standard</c>
1203   <c>
1204      <xref target="header.last-modified"/>
1205   </c>
1206</texttable>
1207<!--(END)-->
1208
1209<t>
1210   The change controller is: "IETF (iesg@ietf.org) - Internet Engineering Task Force".
1211</t>
1212</section>
1213</section>
1214
1215<section title="Security Considerations" anchor="security.considerations">
1216<t>
1217   This section is meant to inform developers, information providers, and
1218   users of known security concerns specific to the HTTP conditional
1219   request mechanisms. More general security considerations are addressed
1220   in HTTP "Message Syntax and Routing" <xref target="RFC7230"/> and "Semantics and Content"
1221   <xref target="RFC7231"/>.
1222</t>
1223<t>
1224   The validators defined by this specification are not intended to ensure
1225   the validity of a representation, guard against malicious changes, or
1226   detect man-in-the-middle attacks. At best, they enable more efficient cache
1227   updates and optimistic concurrent writes when all participants are behaving
1228   nicely. At worst, the conditions will fail and the client will receive a
1229   response that is no more harmful than an HTTP exchange without conditional
1230   requests.
1231</t>
1232<t>
1233   An entity-tag can be abused in ways that create privacy risks. For example,
1234   a site might deliberately construct a semantically invalid entity-tag that
1235   is unique to the user or user agent, send it in a cacheable response with a
1236   long freshness time, and then read that entity-tag in later conditional
1237   requests as a means of re-identifying that user or user agent. Such an
1238   identifying tag would become a persistent identifier for as long as the
1239   user agent retained the original cache entry. User agents that cache
1240   representations ought to ensure that the cache is cleared or replaced
1241   whenever the user performs privacy-maintaining actions, such as clearing
1242   stored cookies or changing to a private browsing mode.
1243</t>
1244</section>
1245
1246<section title="Acknowledgments" anchor="acks">
1247<t>
1248  See Section 10 of <xref target="RFC7230"/>.
1249</t>
1250</section>
1251</middle>
1252<back>
1253
1254<references title="Normative References">
1255
1256
1257
1258<!--Companion Doc; draft-ietf-httpbis-p1-messaging-26  -->
1259
1260<reference anchor="RFC7230">
1261  <front>
1262    <title>Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing</title>
1263    <author initials="R." surname="Fielding" fullname="Roy T. Fielding" role="editor">
1264      <organization abbrev="Adobe">Adobe Systems Incorporated</organization>
1265      <address><email>fielding@gbiv.com</email></address>
1266    </author>
1267    <author initials="J. F." surname="Reschke" fullname="Julian F. Reschke" role="editor">
1268      <organization abbrev="greenbytes">greenbytes GmbH</organization>
1269      <address><email>julian.reschke@greenbytes.de</email></address>
1270    </author>
1271    <date month="May" year="2014"/>
1272  </front>
1273  <seriesInfo name="RFC" value="7230"/>
1274 
1275</reference>
1276
1277<!--Companion doc; draft-ietf-httpbis-p2-semantics-26  -->
1278<reference anchor="RFC7231">
1279  <front>
1280    <title>Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content</title>
1281    <author initials="R." surname="Fielding" fullname="Roy T. Fielding" role="editor">
1282      <organization abbrev="Adobe">Adobe Systems Incorporated</organization>
1283      <address><email>fielding@gbiv.com</email></address>
1284    </author>
1285    <author initials="J. F." surname="Reschke" fullname="Julian F. Reschke" role="editor">
1286      <organization abbrev="greenbytes">greenbytes GmbH</organization>
1287      <address><email>julian.reschke@greenbytes.de</email></address>
1288    </author>
1289    <date month="May" year="2014"/>
1290  </front>
1291  <seriesInfo name="RFC" value="7231"/>
1292 
1293</reference>
1294
1295<!--Companion doc; draft-ietf-httpbis-p5-range-26  -->
1296<reference anchor="RFC7233">
1297  <front>
1298    <title>Hypertext Transfer Protocol (HTTP/1.1): Range Requests</title>
1299    <author initials="R." surname="Fielding" fullname="Roy T. Fielding" role="editor">
1300      <organization abbrev="Adobe">Adobe Systems Incorporated</organization>
1301      <address><email>fielding@gbiv.com</email></address>
1302    </author>
1303    <author initials="Y." surname="Lafon" fullname="Yves Lafon" role="editor">
1304      <organization abbrev="W3C">World Wide Web Consortium</organization>
1305      <address><email>ylafon@w3.org</email></address>
1306    </author>
1307    <author initials="J. F." surname="Reschke" fullname="Julian F. Reschke" role="editor">
1308      <organization abbrev="greenbytes">greenbytes GmbH</organization>
1309      <address><email>julian.reschke@greenbytes.de</email></address>
1310    </author>
1311    <date month="May" year="2014"/>
1312  </front>
1313  <seriesInfo name="RFC" value="7233"/>
1314 
1315</reference>
1316
1317
1318<!--Companion doc; draft-ietf-httpbis-p6-cache-26  -->
1319<reference anchor="RFC7234">
1320  <front>
1321    <title>Hypertext Transfer Protocol (HTTP/1.1): Caching</title>
1322    <author initials="R." surname="Fielding" fullname="Roy T. Fielding" role="editor">
1323      <organization abbrev="Adobe">Adobe Systems Incorporated</organization>
1324      <address><email>fielding@gbiv.com</email></address>
1325    </author>
1326    <author initials="M." surname="Nottingham" fullname="Mark Nottingham" role="editor">
1327      <organization>Akamai</organization>
1328      <address><email>mnot@mnot.net</email></address>
1329    </author>
1330    <author initials="J. F." surname="Reschke" fullname="Julian F. Reschke" role="editor">
1331      <organization abbrev="greenbytes">greenbytes GmbH</organization>
1332      <address><email>julian.reschke@greenbytes.de</email></address>
1333    </author>
1334    <date month="May" year="2014"/>
1335  </front>
1336  <seriesInfo name="RFC" value="7234"/>
1337 
1338</reference>
1339
1340
1341<?rfc include="reference.RFC.2119.xml"?>
1342
1343  <reference anchor="RFC5234">
1344    <front>
1345      <title abbrev="ABNF for Syntax Specifications">Augmented BNF for Syntax Specifications: ABNF</title>
1346      <author initials="D." surname="Crocker" fullname="Dave Crocker" role="editor">
1347        <organization>Brandenburg InternetWorking</organization>
1348        <address>
1349          <email>dcrocker@bbiw.net</email>
1350        </address> 
1351      </author>
1352      <author initials="P." surname="Overell" fullname="Paul Overell">
1353        <organization>THUS plc.</organization>
1354        <address>
1355          <email>paul.overell@thus.net</email>
1356        </address>
1357      </author>
1358      <date month="January" year="2008"/>
1359    </front>
1360    <seriesInfo name="STD" value="68"/>
1361    <seriesInfo name="RFC" value="5234"/>
1362  </reference>
1363
1364
1365</references>
1366
1367<references title="Informative References">
1368
1369<?rfc include="reference.RFC.2616.xml"?>
1370
1371
1372<reference anchor="BCP90">
1373  <front>
1374    <title>Registration Procedures for Message Header Fields</title>
1375    <author initials="G." surname="Klyne" fullname="G. Klyne">
1376      <organization>Nine by Nine</organization>
1377      <address><email>GK-IETF@ninebynine.org</email></address>
1378    </author>
1379    <author initials="M." surname="Nottingham" fullname="M. Nottingham">
1380      <organization>BEA Systems</organization>
1381      <address><email>mnot@pobox.com</email></address>
1382    </author>
1383    <author initials="J." surname="Mogul" fullname="J. Mogul">
1384      <organization>HP Labs</organization>
1385      <address><email>JeffMogul@acm.org</email></address>
1386    </author>
1387    <date year="2004" month="September"/>
1388  </front>
1389  <seriesInfo name="BCP" value="90"/>
1390  <seriesInfo name="RFC" value="3864"/>
1391</reference>
1392
1393<reference anchor="RFC4918">
1394  <front>
1395    <title>HTTP Extensions for Web Distributed Authoring and Versioning (WebDAV)</title>
1396    <author initials="L.M." surname="Dusseault" fullname="Lisa Dusseault" role="editor">
1397      <organization abbrev="CommerceNet">CommerceNet</organization>
1398      <address><email>ldusseault@commerce.net</email></address>
1399    </author>
1400    <date month="June" year="2007"/>
1401  </front>
1402  <seriesInfo name="RFC" value="4918"/>
1403</reference>
1404</references>
1405
1406<section title="Changes from RFC 2616" anchor="changes.from.rfc.2616">
1407<t>
1408  The definition of validator weakness has been expanded and clarified.
1409  (<xref target="weak.and.strong.validators"/>)
1410</t>
1411<t>
1412  Weak entity-tags are now allowed in all requests except range requests.
1413  (Sections <xref target="weak.and.strong.validators" format="counter"/> and
1414  <xref target="header.if-none-match" format="counter"/>)
1415</t>
1416<t>
1417  The <xref target="header.etag" format="none">ETag</xref> header field ABNF has been changed to not use
1418  quoted-string, thus avoiding escaping issues.
1419  (<xref target="header.etag"/>)
1420</t>
1421<t>
1422  ETag is defined to provide an entity tag for the selected representation,
1423  thereby clarifying what it applies to in various situations (such as a
1424  PUT response).
1425  (<xref target="header.etag"/>)
1426</t>
1427<t>
1428  The precedence for evaluation of conditional requests has been defined.
1429  (<xref target="precedence"/>)
1430</t>
1431</section>
1432
1433<section title="Imported ABNF" anchor="imported.abnf">
1434 
1435 
1436 
1437 
1438 
1439 
1440 
1441 
1442 
1443 
1444 
1445<t>
1446  The following core rules are included by
1447  reference, as defined in Appendix B.1 of <xref target="RFC5234"/>:
1448  ALPHA (letters), CR (carriage return), CRLF (CR LF), CTL (controls),
1449  DIGIT (decimal 0-9), DQUOTE (double quote),
1450  HEXDIG (hexadecimal 0-9/A-F/a-f), LF (line feed),
1451  OCTET (any 8-bit sequence of data), SP (space), and
1452  VCHAR (any visible US-ASCII character).
1453</t>
1454<t>
1455  The rules below are defined in <xref target="RFC7230"/>:
1456</t>
1457<figure><artwork type="abnf2616"><![CDATA[
1458  OWS           = <OWS, see [RFC7230], Section 3.2.3>
1459  obs-text      = <obs-text, see [RFC7230], Section 3.2.6>
1460]]></artwork></figure>
1461<t>
1462  The rules below are defined in other parts:
1463</t>
1464<figure><artwork type="abnf2616"><![CDATA[
1465  HTTP-date     = <HTTP-date, see [RFC7231], Section 7.1.1.1>
1466]]></artwork></figure>
1467</section>
1468
1469
1470<section title="Collected ABNF" anchor="collected.abnf">
1471<t>
1472  In the collected ABNF below, list rules are expanded as per Section 1.2 of <xref target="RFC7230"/>.
1473</t><figure>
1474<artwork type="abnf" name="p4-conditional.parsed-abnf"><![CDATA[
1475ETag = entity-tag
1476
1477HTTP-date = <HTTP-date, see [RFC7231], Section 7.1.1.1>
1478
1479If-Match = "*" / ( *( "," OWS ) entity-tag *( OWS "," [ OWS
1480 entity-tag ] ) )
1481If-Modified-Since = HTTP-date
1482If-None-Match = "*" / ( *( "," OWS ) entity-tag *( OWS "," [ OWS
1483 entity-tag ] ) )
1484If-Unmodified-Since = HTTP-date
1485
1486Last-Modified = HTTP-date
1487
1488OWS = <OWS, see [RFC7230], Section 3.2.3>
1489
1490entity-tag = [ weak ] opaque-tag
1491etagc = "!" / %x23-7E ; '#'-'~'
1492 / obs-text
1493
1494obs-text = <obs-text, see [RFC7230], Section 3.2.6>
1495opaque-tag = DQUOTE *etagc DQUOTE
1496
1497weak = %x57.2F ; W/
1498]]></artwork>
1499</figure>
1500</section>
1501
1502</back>
1503</rfc>
Note: See TracBrowser for help on using the repository browser.