![(please configure the [header_logo] section in trac.ini)](https://www.ietf.org/images/ietflogotrans.gif)
- Timestamp:
- Feb 10, 2011, 10:58:41 AM (9 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
draft-ietf-httpbis-content-disp/latest/draft-ietf-httpbis-content-disp.html
r1104 r1115 365 365 } 366 366 @bottom-center { 367 content: "Expires August 8, 2011";367 content: "Expires August 14, 2011"; 368 368 } 369 369 @bottom-right { … … 389 389 <link rel="Chapter" title="1 Introduction" href="#rfc.section.1"> 390 390 <link rel="Chapter" title="2 Notational Conventions" href="#rfc.section.2"> 391 <link rel="Chapter" title="3 Header Field Definition" href="#rfc.section.3"> 392 <link rel="Chapter" title="4 Examples" href="#rfc.section.4"> 393 <link rel="Chapter" title="5 Internationalization Considerations" href="#rfc.section.5"> 394 <link rel="Chapter" title="6 Security Considerations" href="#rfc.section.6"> 395 <link rel="Chapter" title="7 IANA Considerations" href="#rfc.section.7"> 396 <link rel="Chapter" title="8 Acknowledgements" href="#rfc.section.8"> 397 <link rel="Chapter" href="#rfc.section.9" title="9 References"> 391 <link rel="Chapter" title="3 Conformance and Error Handling" href="#rfc.section.3"> 392 <link rel="Chapter" title="4 Header Field Definition" href="#rfc.section.4"> 393 <link rel="Chapter" title="5 Examples" href="#rfc.section.5"> 394 <link rel="Chapter" title="6 Internationalization Considerations" href="#rfc.section.6"> 395 <link rel="Chapter" title="7 Security Considerations" href="#rfc.section.7"> 396 <link rel="Chapter" title="8 IANA Considerations" href="#rfc.section.8"> 397 <link rel="Chapter" title="9 Acknowledgements" href="#rfc.section.9"> 398 <link rel="Chapter" href="#rfc.section.10" title="10 References"> 398 399 <link rel="Appendix" title="A Changes from the RFC 2616 Definition" href="#rfc.section.A"> 399 400 <link rel="Appendix" title="B Differences compared to RFC 2183" href="#rfc.section.B"> … … 404 405 <meta name="dct.creator" content="Reschke, J. F."> 405 406 <meta name="dct.identifier" content="urn:ietf:id:draft-ietf-httpbis-content-disp-latest"> 406 <meta name="dct.issued" scheme="ISO8601" content="2011-02- 04">407 <meta name="dct.issued" scheme="ISO8601" content="2011-02-10"> 407 408 <meta name="dct.abstract" content="HTTP/1.1 defines the Content-Disposition response header field, but points out that it is not part of the HTTP/1.1 Standard. This specification takes over the definition and registration of Content-Disposition, as used in HTTP, and clarifies internationalization aspects."> 408 409 <meta name="description" content="HTTP/1.1 defines the Content-Disposition response header field, but points out that it is not part of the HTTP/1.1 Standard. This specification takes over the definition and registration of Content-Disposition, as used in HTTP, and clarifies internationalization aspects."> … … 422 423 <td class="left">Updates: <a href="http://tools.ietf.org/html/rfc2616">2616</a> (if approved) 423 424 </td> 424 <td class="right">February 4, 2011</td>425 <td class="right">February 10, 2011</td> 425 426 </tr> 426 427 <tr> … … 429 430 </tr> 430 431 <tr> 431 <td class="left">Expires: August 8, 2011</td>432 <td class="left">Expires: August 14, 2011</td> 432 433 <td class="right"></td> 433 434 </tr> … … 458 459 in progress”. 459 460 </p> 460 <p>This Internet-Draft will expire on August 8, 2011.</p>461 <p>This Internet-Draft will expire on August 14, 2011.</p> 461 462 <h1><a id="rfc.copyrightnotice" href="#rfc.copyrightnotice">Copyright Notice</a></h1> 462 463 <p>Copyright © 2011 IETF Trust and the persons identified as the document authors. All rights reserved.</p> … … 470 471 <ul class="toc"> 471 472 <li>1. <a href="#introduction">Introduction</a></li> 472 <li>2. <a href="#rfc.section.2">Notational Conventions</a></li> 473 <li>3. <a href="#header.field.definition">Header Field Definition</a><ul> 474 <li>3.1 <a href="#rfc.section.3.1">Grammar</a></li> 475 <li>3.2 <a href="#disposition.type">Disposition Type</a></li> 476 <li>3.3 <a href="#disposition.parameter.filename">Disposition Parameter: 'Filename'</a></li> 477 <li>3.4 <a href="#disposition.parameter.extensions">Disposition Parameter: Extensions</a></li> 478 <li>3.5 <a href="#extensibility">Extensibility</a></li> 473 <li>2. <a href="#notational.conventions">Notational Conventions</a></li> 474 <li>3. <a href="#conformance.and.error.handling">Conformance and Error Handling</a></li> 475 <li>4. <a href="#header.field.definition">Header Field Definition</a><ul> 476 <li>4.1 <a href="#rfc.section.4.1">Grammar</a></li> 477 <li>4.2 <a href="#disposition.type">Disposition Type</a></li> 478 <li>4.3 <a href="#disposition.parameter.filename">Disposition Parameter: 'Filename'</a></li> 479 <li>4.4 <a href="#disposition.parameter.extensions">Disposition Parameter: Extensions</a></li> 480 <li>4.5 <a href="#extensibility">Extensibility</a></li> 479 481 </ul> 480 482 </li> 481 <li> 4. <a href="#examples">Examples</a></li>482 <li> 5. <a href="#i18n">Internationalization Considerations</a></li>483 <li> 6. <a href="#security.considerations">Security Considerations</a></li>484 <li> 7. <a href="#iana.considerations">IANA Considerations</a><ul>485 <li> 7.1 <a href="#registry">Registry for Disposition Values and Parameter</a></li>486 <li> 7.2 <a href="#header.field.registration">Header Field Registration</a></li>483 <li>5. <a href="#examples">Examples</a></li> 484 <li>6. <a href="#i18n">Internationalization Considerations</a></li> 485 <li>7. <a href="#security.considerations">Security Considerations</a></li> 486 <li>8. <a href="#iana.considerations">IANA Considerations</a><ul> 487 <li>8.1 <a href="#registry">Registry for Disposition Values and Parameter</a></li> 488 <li>8.2 <a href="#header.field.registration">Header Field Registration</a></li> 487 489 </ul> 488 490 </li> 489 <li> 8. <a href="#rfc.section.8">Acknowledgements</a></li>490 <li> 9. <a href="#rfc.references">References</a><ul>491 <li> 9.1 <a href="#rfc.references.1">Normative References</a></li>492 <li> 9.2 <a href="#rfc.references.2">Informative References</a></li>491 <li>9. <a href="#rfc.section.9">Acknowledgements</a></li> 492 <li>10. <a href="#rfc.references">References</a><ul> 493 <li>10.1 <a href="#rfc.references.1">Normative References</a></li> 494 <li>10.2 <a href="#rfc.references.2">Informative References</a></li> 493 495 </ul> 494 496 </li> … … 534 536 </p> 535 537 </div> 536 <h1 id="rfc.section.2"><a href="#rfc.section.2">2.</a> Notational Conventions 537 </h1> 538 <h1 id="rfc.section.2"><a href="#rfc.section.2">2.</a> <a id="notational.conventions" href="#notational.conventions">Notational Conventions</a></h1> 538 539 <p id="rfc.section.2.p.1">The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" 539 540 in this document are to be interpreted as described in <a href="#RFC2119" id="rfc.xref.RFC2119.1"><cite title="Key words for use in RFCs to Indicate Requirement Levels">[RFC2119]</cite></a>. … … 541 542 <p id="rfc.section.2.p.2">This specification uses the augmented BNF notation defined in <a href="http://tools.ietf.org/html/rfc2616#section-2.1">Section 2.1</a> of <a href="#RFC2616" id="rfc.xref.RFC2616.3"><cite title="Hypertext Transfer Protocol -- HTTP/1.1">[RFC2616]</cite></a>, including its rules for implied linear whitespace (LWS). 542 543 </p> 544 <h1 id="rfc.section.3"><a href="#rfc.section.3">3.</a> <a id="conformance.and.error.handling" href="#conformance.and.error.handling">Conformance and Error Handling</a></h1> 545 <p id="rfc.section.3.p.1">This specification defines conformance criteria for both senders (usually, HTTP origin servers) and recipients (usually, HTTP 546 user agents) of the Content-Location header field. An implementation is considered conformant if it complies with all of the 547 requirements associated with its role. 548 </p> 549 <p id="rfc.section.3.p.2">This specification also defines certain forms of the header field-value to be invalid, using both ABNF and prose requirements, 550 but it does not define special handling these invalid field-values. 551 </p> 552 <p id="rfc.section.3.p.3">Sending implementations <em class="bcp14">MUST NOT</em> generate Content-Location header fields that are invalid. 553 </p> 554 <p id="rfc.section.3.p.4">Consuming implementations <em class="bcp14">MAY</em> take steps to recover a usable field-value from an invalid header field, but <em class="bcp14">SHOULD NOT</em> reject the message outright, unless this is explicitly desirable behaviour (e.g., the implementation is a validator). As such, 555 the default handling of invalid fields is to ignore them. 556 </p> 543 557 <div id="rfc.iref.h.1"></div> 544 558 <div id="rfc.iref.c.1"></div> 545 <h1 id="rfc.section. 3"><a href="#rfc.section.3">3.</a> <a id="header.field.definition" href="#header.field.definition">Header Field Definition</a></h1>546 <p id="rfc.section. 3.p.1">The Content-Disposition response header field is used to convey additional information about how to process the response payload,559 <h1 id="rfc.section.4"><a href="#rfc.section.4">4.</a> <a id="header.field.definition" href="#header.field.definition">Header Field Definition</a></h1> 560 <p id="rfc.section.4.p.1">The Content-Disposition response header field is used to convey additional information about how to process the response payload, 547 561 and also can be used to attach additional metadata, such as the filename to use when saving the response payload locally. 548 562 </p> 549 <h2 id="rfc.section. 3.1"><a href="#rfc.section.3.1">3.1</a> Grammar563 <h2 id="rfc.section.4.1"><a href="#rfc.section.4.1">4.1</a> Grammar 550 564 </h2> 551 565 <div id="rfc.figure.u.1"></div><pre class="inline"> content-disposition = "Content-Disposition" ":" … … 574 588 <p>Defined in <a href="#RFC5987" id="rfc.xref.RFC5987.1"><cite title="Character Set and Language Encoding for Hypertext Transfer Protocol (HTTP) Header Field Parameters">[RFC5987]</cite></a>: 575 589 </p> <pre class="inline"> ext-value = <ext-value, defined in <a href="#RFC5987" id="rfc.xref.RFC5987.2"><cite title="Character Set and Language Encoding for Hypertext Transfer Protocol (HTTP) Header Field Parameters">[RFC5987]</cite></a>, <a href="http://tools.ietf.org/html/rfc5987#section-3.2">Section 3.2</a>> 576 </pre><p id="rfc.section.3.1.p.4">Senders <em class="bcp14">MUST NOT</em> generate header field values with multiple instances of the same parameter name. Recipients <em class="bcp14">SHOULD</em> treat these values as invalid. 577 </p> 578 <p id="rfc.section.3.1.p.5">Note that due to the rules for implied linear whitespace (<a href="http://tools.ietf.org/html/rfc2616#section-2.1">Section 2.1</a> of <a href="#RFC2616" id="rfc.xref.RFC2616.8"><cite title="Hypertext Transfer Protocol -- HTTP/1.1">[RFC2616]</cite></a>), OPTIONAL whitespace can appear between words (token or quoted-string) and separator characters. 579 </p> 580 <p id="rfc.section.3.1.p.6">Furthermore note that the format used for ext-value allows specifying a natural language; this is of limited use for filenames 590 </pre><p id="rfc.section.4.1.p.4">Header field values with multiple instances of the same parameter name are invalid.</p> 591 <p id="rfc.section.4.1.p.5">Note that due to the rules for implied linear whitespace (<a href="http://tools.ietf.org/html/rfc2616#section-2.1">Section 2.1</a> of <a href="#RFC2616" id="rfc.xref.RFC2616.8"><cite title="Hypertext Transfer Protocol -- HTTP/1.1">[RFC2616]</cite></a>), OPTIONAL whitespace can appear between words (token or quoted-string) and separator characters. 592 </p> 593 <p id="rfc.section.4.1.p.6">Furthermore note that the format used for ext-value allows specifying a natural language; this is of limited use for filenames 581 594 and is likely to be ignored by recipients. 582 595 </p> 583 <h2 id="rfc.section. 3.2"><a href="#rfc.section.3.2">3.2</a> <a id="disposition.type" href="#disposition.type">Disposition Type</a></h2>584 <p id="rfc.section. 3.2.p.1">If the disposition type matches "attachment" (case-insensitively), this indicates that the user agent should prompt the user596 <h2 id="rfc.section.4.2"><a href="#rfc.section.4.2">4.2</a> <a id="disposition.type" href="#disposition.type">Disposition Type</a></h2> 597 <p id="rfc.section.4.2.p.1">If the disposition type matches "attachment" (case-insensitively), this indicates that the user agent should prompt the user 585 598 to save the response locally, rather than process it normally (as per its media type). 586 599 </p> 587 <p id="rfc.section. 3.2.p.2">On the other hand, if it matches "inline" (case-insensitively), this implies default processing.</p>588 <p id="rfc.section. 3.2.p.3">Unknown or unhandled disposition types <em class="bcp14">SHOULD</em> be handledthe same way as "attachment" (see also <a href="#RFC2183" id="rfc.xref.RFC2183.2"><cite title="Communicating Presentation Information in Internet Messages: The Content-Disposition Header Field">[RFC2183]</cite></a>, <a href="http://tools.ietf.org/html/rfc2183#section-2.8">Section 2.8</a>).589 </p> 590 <h2 id="rfc.section. 3.3"><a href="#rfc.section.3.3">3.3</a> <a id="disposition.parameter.filename" href="#disposition.parameter.filename">Disposition Parameter: 'Filename'</a></h2>591 <p id="rfc.section. 3.3.p.1">The parameters "filename" and "filename*", to be matched case-insensitively, provide information on how to construct a filename600 <p id="rfc.section.4.2.p.2">On the other hand, if it matches "inline" (case-insensitively), this implies default processing.</p> 601 <p id="rfc.section.4.2.p.3">Unknown or unhandled disposition types <em class="bcp14">SHOULD</em> be handled by recipients the same way as "attachment" (see also <a href="#RFC2183" id="rfc.xref.RFC2183.2"><cite title="Communicating Presentation Information in Internet Messages: The Content-Disposition Header Field">[RFC2183]</cite></a>, <a href="http://tools.ietf.org/html/rfc2183#section-2.8">Section 2.8</a>). 602 </p> 603 <h2 id="rfc.section.4.3"><a href="#rfc.section.4.3">4.3</a> <a id="disposition.parameter.filename" href="#disposition.parameter.filename">Disposition Parameter: 'Filename'</a></h2> 604 <p id="rfc.section.4.3.p.1">The parameters "filename" and "filename*", to be matched case-insensitively, provide information on how to construct a filename 592 605 for storing the message payload. 593 606 </p> 594 <p id="rfc.section. 3.3.p.2">Depending on the disposition type, this information might be used right away (in the "save as..." interaction caused for the607 <p id="rfc.section.4.3.p.2">Depending on the disposition type, this information might be used right away (in the "save as..." interaction caused for the 595 608 "attachment" disposition type), or later on (for instance, when the user decides to save the contents of the current page 596 609 being displayed). 597 610 </p> 598 <p id="rfc.section. 3.3.p.3">The parameters "filename" and "filename*" differ only in that "filename*" uses the encoding defined in <a href="#RFC5987" id="rfc.xref.RFC5987.3"><cite title="Character Set and Language Encoding for Hypertext Transfer Protocol (HTTP) Header Field Parameters">[RFC5987]</cite></a>, allowing the use of characters not present in the ISO-8859-1 character set (<a href="#ISO-8859-1" id="rfc.xref.ISO-8859-1.1"><cite title="Information technology -- 8-bit single-byte coded graphic character sets -- Part 1: Latin alphabet No. 1">[ISO-8859-1]</cite></a>).599 </p> 600 <p id="rfc.section. 3.3.p.4">Many user agent implementations predating this specification do not understand the "filename*" parameter. Therefore, when611 <p id="rfc.section.4.3.p.3">The parameters "filename" and "filename*" differ only in that "filename*" uses the encoding defined in <a href="#RFC5987" id="rfc.xref.RFC5987.3"><cite title="Character Set and Language Encoding for Hypertext Transfer Protocol (HTTP) Header Field Parameters">[RFC5987]</cite></a>, allowing the use of characters not present in the ISO-8859-1 character set (<a href="#ISO-8859-1" id="rfc.xref.ISO-8859-1.1"><cite title="Information technology -- 8-bit single-byte coded graphic character sets -- Part 1: Latin alphabet No. 1">[ISO-8859-1]</cite></a>). 612 </p> 613 <p id="rfc.section.4.3.p.4">Many user agent implementations predating this specification do not understand the "filename*" parameter. Therefore, when 601 614 both "filename" and "filename*" are present in a single header field value, recipients <em class="bcp14">SHOULD</em> pick "filename*" and ignore "filename". This way, senders can avoid special-casing specific user agents by sending both the 602 more expressive "filename*" parameter, and the "filename" parameter as fallback for legacy recipients (see <a href="#examples" title="Examples">Section 4</a> for an example).603 </p> 604 <p id="rfc.section. 3.3.p.5">It is essential that user agents treat the specified filename as advisory only, thus be very careful in extracting the desired615 more expressive "filename*" parameter, and the "filename" parameter as fallback for legacy recipients (see <a href="#examples" title="Examples">Section 5</a> for an example). 616 </p> 617 <p id="rfc.section.4.3.p.5">It is essential that user agents treat the specified filename as advisory only, thus be very careful in extracting the desired 605 618 information. In particular: 606 619 </p> … … 628 641 </li> 629 642 </ul> 630 <div class="note" id="rfc.section. 3.3.p.6">643 <div class="note" id="rfc.section.4.3.p.6"> 631 644 <p> <b>Note:</b> Many user agents do not properly handle escape characters when using the quoted-string form. Furthermore, some user agents 632 645 erroneously try to perform unescaping of "percent" escapes (see <a href="#alternatives.percent" title="Percent Encoding">Appendix C.2</a>), and thus might misinterpret filenames containing the percent character followed by two hex digits. 633 646 </p> 634 647 </div> 635 <h2 id="rfc.section. 3.4"><a href="#rfc.section.3.4">3.4</a> <a id="disposition.parameter.extensions" href="#disposition.parameter.extensions">Disposition Parameter: Extensions</a></h2>636 <p id="rfc.section. 3.4.p.1">To enable future extensions, recipients <em class="bcp14">SHOULD</em> ignore unrecognized parameters (see also <a href="#RFC2183" id="rfc.xref.RFC2183.3"><cite title="Communicating Presentation Information in Internet Messages: The Content-Disposition Header Field">[RFC2183]</cite></a>, <a href="http://tools.ietf.org/html/rfc2183#section-2.8">Section 2.8</a>).637 </p> 638 <h2 id="rfc.section. 3.5"><a href="#rfc.section.3.5">3.5</a> <a id="extensibility" href="#extensibility">Extensibility</a></h2>639 <p id="rfc.section. 3.5.p.1">Note that <a href="http://tools.ietf.org/html/rfc2183#section-9">Section 9</a> of <a href="#RFC2183" id="rfc.xref.RFC2183.4"><cite title="Communicating Presentation Information in Internet Messages: The Content-Disposition Header Field">[RFC2183]</cite></a> defines IANA registries both for disposition types and disposition parameters. This registry is shared by different protocols648 <h2 id="rfc.section.4.4"><a href="#rfc.section.4.4">4.4</a> <a id="disposition.parameter.extensions" href="#disposition.parameter.extensions">Disposition Parameter: Extensions</a></h2> 649 <p id="rfc.section.4.4.p.1">To enable future extensions, recipients <em class="bcp14">SHOULD</em> ignore unrecognized parameters (see also <a href="#RFC2183" id="rfc.xref.RFC2183.3"><cite title="Communicating Presentation Information in Internet Messages: The Content-Disposition Header Field">[RFC2183]</cite></a>, <a href="http://tools.ietf.org/html/rfc2183#section-2.8">Section 2.8</a>). 650 </p> 651 <h2 id="rfc.section.4.5"><a href="#rfc.section.4.5">4.5</a> <a id="extensibility" href="#extensibility">Extensibility</a></h2> 652 <p id="rfc.section.4.5.p.1">Note that <a href="http://tools.ietf.org/html/rfc2183#section-9">Section 9</a> of <a href="#RFC2183" id="rfc.xref.RFC2183.4"><cite title="Communicating Presentation Information in Internet Messages: The Content-Disposition Header Field">[RFC2183]</cite></a> defines IANA registries both for disposition types and disposition parameters. This registry is shared by different protocols 640 653 using Content-Disposition, such as MIME and HTTP. Therefore, not all registered values may make sense in the context of HTTP. 641 654 </p> 642 <h1 id="rfc.section. 4"><a href="#rfc.section.4">4.</a> <a id="examples" href="#examples">Examples</a></h1>655 <h1 id="rfc.section.5"><a href="#rfc.section.5">5.</a> <a id="examples" href="#examples">Examples</a></h1> 643 656 <div id="rfc.figure.u.4"></div> 644 657 <p>Direct UA to show "save as" dialog, with a filename of "example.html":</p> <pre class="text">Content-Disposition: Attachment; filename=example.html … … 661 674 when it occurs first; it is expected that this situation is going to improve soon. 662 675 </p> 663 <h1 id="rfc.section. 5"><a href="#rfc.section.5">5.</a> <a id="i18n" href="#i18n">Internationalization Considerations</a></h1>664 <p id="rfc.section. 5.p.1">The "filename*" parameter (<a href="#disposition.parameter.filename" title="Disposition Parameter: 'Filename'">Section 3.3</a>), using the encoding defined in <a href="#RFC5987" id="rfc.xref.RFC5987.5"><cite title="Character Set and Language Encoding for Hypertext Transfer Protocol (HTTP) Header Field Parameters">[RFC5987]</cite></a>, allows the server to transmit characters outside the ISO-8859-1 character set, and also to optionally specify the language676 <h1 id="rfc.section.6"><a href="#rfc.section.6">6.</a> <a id="i18n" href="#i18n">Internationalization Considerations</a></h1> 677 <p id="rfc.section.6.p.1">The "filename*" parameter (<a href="#disposition.parameter.filename" title="Disposition Parameter: 'Filename'">Section 4.3</a>), using the encoding defined in <a href="#RFC5987" id="rfc.xref.RFC5987.5"><cite title="Character Set and Language Encoding for Hypertext Transfer Protocol (HTTP) Header Field Parameters">[RFC5987]</cite></a>, allows the server to transmit characters outside the ISO-8859-1 character set, and also to optionally specify the language 665 678 in use. 666 679 </p> 667 <p id="rfc.section. 5.p.2">Future parameters might also require internationalization, in which case the same encoding can be used.</p>668 <h1 id="rfc.section. 6"><a href="#rfc.section.6">6.</a> <a id="security.considerations" href="#security.considerations">Security Considerations</a></h1>669 <p id="rfc.section. 6.p.1">Using server-supplied information for constructing local filenames introduces many risks. These are summarized in <a href="#disposition.parameter.filename" title="Disposition Parameter: 'Filename'">Section 3.3</a>.670 </p> 671 <p id="rfc.section. 6.p.2">Furthermore, implementers also ought to be aware of the Security Considerations applying to HTTP (see <a href="http://tools.ietf.org/html/rfc2616#section-15">Section 15</a> of <a href="#RFC2616" id="rfc.xref.RFC2616.9"><cite title="Hypertext Transfer Protocol -- HTTP/1.1">[RFC2616]</cite></a>), and also the parameter encoding defined in <a href="#RFC5987" id="rfc.xref.RFC5987.6"><cite title="Character Set and Language Encoding for Hypertext Transfer Protocol (HTTP) Header Field Parameters">[RFC5987]</cite></a> (see <a href="http://tools.ietf.org/html/rfc5987#section-5" id="rfc.xref.RFC5987.7">Section 5</a>).672 </p> 673 <h1 id="rfc.section. 7"><a href="#rfc.section.7">7.</a> <a id="iana.considerations" href="#iana.considerations">IANA Considerations</a></h1>674 <h2 id="rfc.section. 7.1"><a href="#rfc.section.7.1">7.1</a> <a id="registry" href="#registry">Registry for Disposition Values and Parameter</a></h2>675 <p id="rfc.section. 7.1.p.1">This specification does not introduce any changes to the registration procedures for disposition values and parameters that680 <p id="rfc.section.6.p.2">Future parameters might also require internationalization, in which case the same encoding can be used.</p> 681 <h1 id="rfc.section.7"><a href="#rfc.section.7">7.</a> <a id="security.considerations" href="#security.considerations">Security Considerations</a></h1> 682 <p id="rfc.section.7.p.1">Using server-supplied information for constructing local filenames introduces many risks. These are summarized in <a href="#disposition.parameter.filename" title="Disposition Parameter: 'Filename'">Section 4.3</a>. 683 </p> 684 <p id="rfc.section.7.p.2">Furthermore, implementers also ought to be aware of the Security Considerations applying to HTTP (see <a href="http://tools.ietf.org/html/rfc2616#section-15">Section 15</a> of <a href="#RFC2616" id="rfc.xref.RFC2616.9"><cite title="Hypertext Transfer Protocol -- HTTP/1.1">[RFC2616]</cite></a>), and also the parameter encoding defined in <a href="#RFC5987" id="rfc.xref.RFC5987.6"><cite title="Character Set and Language Encoding for Hypertext Transfer Protocol (HTTP) Header Field Parameters">[RFC5987]</cite></a> (see <a href="http://tools.ietf.org/html/rfc5987#section-5" id="rfc.xref.RFC5987.7">Section 5</a>). 685 </p> 686 <h1 id="rfc.section.8"><a href="#rfc.section.8">8.</a> <a id="iana.considerations" href="#iana.considerations">IANA Considerations</a></h1> 687 <h2 id="rfc.section.8.1"><a href="#rfc.section.8.1">8.1</a> <a id="registry" href="#registry">Registry for Disposition Values and Parameter</a></h2> 688 <p id="rfc.section.8.1.p.1">This specification does not introduce any changes to the registration procedures for disposition values and parameters that 676 689 are defined in <a href="http://tools.ietf.org/html/rfc2183#section-9">Section 9</a> of <a href="#RFC2183" id="rfc.xref.RFC2183.5"><cite title="Communicating Presentation Information in Internet Messages: The Content-Disposition Header Field">[RFC2183]</cite></a>. 677 690 </p> 678 <h2 id="rfc.section. 7.2"><a href="#rfc.section.7.2">7.2</a> <a id="header.field.registration" href="#header.field.registration">Header Field Registration</a></h2>679 <p id="rfc.section. 7.2.p.1">This document updates the definition of the Content-Disposition HTTP header field in the permanent HTTP header field registry691 <h2 id="rfc.section.8.2"><a href="#rfc.section.8.2">8.2</a> <a id="header.field.registration" href="#header.field.registration">Header Field Registration</a></h2> 692 <p id="rfc.section.8.2.p.1">This document updates the definition of the Content-Disposition HTTP header field in the permanent HTTP header field registry 680 693 (see <a href="#RFC3864" id="rfc.xref.RFC3864.1"><cite title="Registration Procedures for Message Header Fields">[RFC3864]</cite></a>). 681 694 </p> 682 <p id="rfc.section. 7.2.p.2"> </p>695 <p id="rfc.section.8.2.p.2"> </p> 683 696 <dl> 684 697 <dt>Header field name:</dt> … … 691 704 <dd>IETF</dd> 692 705 <dt>Specification document:</dt> 693 <dd>this specification (<a href="#header.field.definition" id="rfc.xref.header.field.definition.1" title="Header Field Definition">Section 3</a>)706 <dd>this specification (<a href="#header.field.definition" id="rfc.xref.header.field.definition.1" title="Header Field Definition">Section 4</a>) 694 707 </dd> 695 708 </dl> 696 <h1 id="rfc.section. 8"><a href="#rfc.section.8">8.</a> Acknowledgements709 <h1 id="rfc.section.9"><a href="#rfc.section.9">9.</a> Acknowledgements 697 710 </h1> 698 <p id="rfc.section. 8.p.1">Thanks to Adam Barth, Rolf Eike Beer, Bjoern Hoehrmann, Alfred Hoenes, Roar Lauritzsen, Henrik Nordstrom, and Mark Nottingham711 <p id="rfc.section.9.p.1">Thanks to Adam Barth, Rolf Eike Beer, Bjoern Hoehrmann, Alfred Hoenes, Roar Lauritzsen, Henrik Nordstrom, and Mark Nottingham 699 712 for their valuable feedback. 700 713 </p> 701 <h1 id="rfc.references"><a id="rfc.section. 9" href="#rfc.section.9">9.</a> References714 <h1 id="rfc.references"><a id="rfc.section.10" href="#rfc.section.10">10.</a> References 702 715 </h1> 703 <h2 id="rfc.references.1"><a href="#rfc.section. 9.1" id="rfc.section.9.1">9.1</a> Normative References716 <h2 id="rfc.references.1"><a href="#rfc.section.10.1" id="rfc.section.10.1">10.1</a> Normative References 704 717 </h2> 705 718 <table> … … 724 737 </tr> 725 738 </table> 726 <h2 id="rfc.references.2"><a href="#rfc.section. 9.2" id="rfc.section.9.2">9.2</a> Informative References739 <h2 id="rfc.references.2"><a href="#rfc.section.10.2" id="rfc.section.10.2">10.2</a> Informative References 727 740 </h2> 728 741 <table> … … 886 899 </table> 887 900 </div> 888 <p id="rfc.section.C.4.p.3">(*) Does not implement the fallback behavior to "filename" described in <a href="#disposition.parameter.filename" title="Disposition Parameter: 'Filename'">Section 3.3</a>.901 <p id="rfc.section.C.4.p.3">(*) Does not implement the fallback behavior to "filename" described in <a href="#disposition.parameter.filename" title="Disposition Parameter: 'Filename'">Section 4.3</a>. 889 902 </p> 890 903 <h1 id="rfc.section.D"><a href="#rfc.section.D">D.</a> <a id="change.log" href="#change.log">Change Log (to be removed by RFC Editor before publication)</a></h1> … … 945 958 <h2 id="rfc.section.D.9"><a href="#rfc.section.D.9">D.9</a> <a id="changes.since.04" href="#changes.since.04">Since draft-ietf-httpbis-content-disp-04</a></h2> 946 959 <p id="rfc.section.D.9.p.1">Updated implementation information (Chrome 9 implements RFC 5987).</p> 960 <p id="rfc.section.D.9.p.2">Clarify who requirements are on, add a section discussing conformance and handling of invalid field values in general.</p> 947 961 <h1 id="rfc.index"><a href="#rfc.index">Index</a></h1> 948 962 <p class="noprint"><a href="#rfc.index.C">C</a> <a href="#rfc.index.H">H</a> <a href="#rfc.index.I">I</a> <a href="#rfc.index.R">R</a> … … 951 965 <ul class="ind"> 952 966 <li><a id="rfc.index.C" href="#rfc.index.C"><b>C</b></a><ul> 953 <li>Content-Disposition header <a href="#rfc.iref.c.1"><b> 3</b></a>, <a href="#rfc.xref.header.field.definition.1">7.2</a></li>967 <li>Content-Disposition header <a href="#rfc.iref.c.1"><b>4</b></a>, <a href="#rfc.xref.header.field.definition.1">8.2</a></li> 954 968 </ul> 955 969 </li> … … 957 971 <li>Headers 958 972 <ul> 959 <li>Content-Disposition <a href="#rfc.iref.h.1"><b> 3</b></a>, <a href="#rfc.xref.header.field.definition.1">7.2</a></li>973 <li>Content-Disposition <a href="#rfc.iref.h.1"><b>4</b></a>, <a href="#rfc.xref.header.field.definition.1">8.2</a></li> 960 974 </ul> 961 975 </li> … … 963 977 </li> 964 978 <li><a id="rfc.index.I" href="#rfc.index.I"><b>I</b></a><ul> 965 <li><em>ISO-8859-1</em> <a href="#rfc.xref.ISO-8859-1.1"> 3.3</a>, <a href="#ISO-8859-1"><b>9.1</b></a>, <a href="#rfc.xref.ISO-8859-1.2">C</a></li>979 <li><em>ISO-8859-1</em> <a href="#rfc.xref.ISO-8859-1.1">4.3</a>, <a href="#ISO-8859-1"><b>10.1</b></a>, <a href="#rfc.xref.ISO-8859-1.2">C</a></li> 966 980 </ul> 967 981 </li> 968 982 <li><a id="rfc.index.R" href="#rfc.index.R"><b>R</b></a><ul> 969 <li><em>RFC2046</em> <a href="#rfc.xref.RFC2046.1"> 3.3</a>, <a href="#RFC2046"><b>9.2</b></a></li>970 <li><em>RFC2047</em> <a href="#RFC2047"><b> 9.2</b></a>, <a href="#rfc.xref.RFC2047.1">C.1</a><ul>983 <li><em>RFC2046</em> <a href="#rfc.xref.RFC2046.1">4.3</a>, <a href="#RFC2046"><b>10.2</b></a></li> 984 <li><em>RFC2047</em> <a href="#RFC2047"><b>10.2</b></a>, <a href="#rfc.xref.RFC2047.1">C.1</a><ul> 971 985 <li><em>Section 5</em> <a href="#rfc.xref.RFC2047.1">C.1</a></li> 972 986 </ul> 973 987 </li> 974 <li><em>RFC2119</em> <a href="#rfc.xref.RFC2119.1">2</a>, <a href="#RFC2119"><b> 9.1</b></a></li>975 <li><em>RFC2183</em> <a href="#rfc.xref.RFC2183.1">1</a>, <a href="#rfc.xref.RFC2183.2"> 3.2</a>, <a href="#rfc.xref.RFC2183.3">3.4</a>, <a href="#rfc.xref.RFC2183.4">3.5</a>, <a href="#rfc.xref.RFC2183.5">7.1</a>, <a href="#RFC2183"><b>9.2</b></a>, <a href="#rfc.xref.RFC2183.6">A</a>, <a href="#rfc.xref.RFC2183.7">B</a><ul>988 <li><em>RFC2119</em> <a href="#rfc.xref.RFC2119.1">2</a>, <a href="#RFC2119"><b>10.1</b></a></li> 989 <li><em>RFC2183</em> <a href="#rfc.xref.RFC2183.1">1</a>, <a href="#rfc.xref.RFC2183.2">4.2</a>, <a href="#rfc.xref.RFC2183.3">4.4</a>, <a href="#rfc.xref.RFC2183.4">4.5</a>, <a href="#rfc.xref.RFC2183.5">8.1</a>, <a href="#RFC2183"><b>10.2</b></a>, <a href="#rfc.xref.RFC2183.6">A</a>, <a href="#rfc.xref.RFC2183.7">B</a><ul> 976 990 <li><em>Section 2</em> <a href="#rfc.xref.RFC2183.7">B</a></li> 977 991 <li><em>Section 2.1</em> <a href="#rfc.xref.RFC2183.6">A</a></li> 978 <li><em>Section 2.8</em> <a href="#rfc.xref.RFC2183.2"> 3.2</a>, <a href="#rfc.xref.RFC2183.3">3.4</a></li>979 <li><em>Section 9</em> <a href="#rfc.xref.RFC2183.4"> 3.5</a>, <a href="#rfc.xref.RFC2183.5">7.1</a></li>992 <li><em>Section 2.8</em> <a href="#rfc.xref.RFC2183.2">4.2</a>, <a href="#rfc.xref.RFC2183.3">4.4</a></li> 993 <li><em>Section 9</em> <a href="#rfc.xref.RFC2183.4">4.5</a>, <a href="#rfc.xref.RFC2183.5">8.1</a></li> 980 994 </ul> 981 995 </li> 982 <li><em>RFC2231</em> <a href="#RFC2231"><b> 9.2</b></a>, <a href="#rfc.xref.RFC2231.1">C</a></li>983 <li><em>RFC2388</em> <a href="#rfc.xref.RFC2388.1">1</a>, <a href="#RFC2388"><b> 9.2</b></a></li>984 <li><em>RFC2616</em> <a href="#rfc.xref.RFC2616.1">1</a>, <a href="#rfc.xref.RFC2616.2">1</a>, <a href="#rfc.xref.RFC2616.3">2</a>, <a href="#rfc.xref.RFC2616.4"> 3.1</a>, <a href="#rfc.xref.RFC2616.5">3.1</a>, <a href="#rfc.xref.RFC2616.6">3.1</a>, <a href="#rfc.xref.RFC2616.7">3.1</a>, <a href="#rfc.xref.RFC2616.8">3.1</a>, <a href="#rfc.xref.RFC2616.9">6</a>, <a href="#RFC2616"><b>9.1</b></a>, <a href="#rfc.xref.RFC2616.10">A</a>, <a href="#rfc.xref.RFC2616.11">C</a><ul>985 <li><em>Section 2.1</em> <a href="#rfc.xref.RFC2616.3">2</a>, <a href="#rfc.xref.RFC2616.8"> 3.1</a></li>986 <li><em>Section 2.2</em> <a href="#rfc.xref.RFC2616.5"> 3.1</a>, <a href="#rfc.xref.RFC2616.6">3.1</a>, <a href="#rfc.xref.RFC2616.11">C</a></li>987 <li><em>Section 3.6</em> <a href="#rfc.xref.RFC2616.7"> 3.1</a></li>996 <li><em>RFC2231</em> <a href="#RFC2231"><b>10.2</b></a>, <a href="#rfc.xref.RFC2231.1">C</a></li> 997 <li><em>RFC2388</em> <a href="#rfc.xref.RFC2388.1">1</a>, <a href="#RFC2388"><b>10.2</b></a></li> 998 <li><em>RFC2616</em> <a href="#rfc.xref.RFC2616.1">1</a>, <a href="#rfc.xref.RFC2616.2">1</a>, <a href="#rfc.xref.RFC2616.3">2</a>, <a href="#rfc.xref.RFC2616.4">4.1</a>, <a href="#rfc.xref.RFC2616.5">4.1</a>, <a href="#rfc.xref.RFC2616.6">4.1</a>, <a href="#rfc.xref.RFC2616.7">4.1</a>, <a href="#rfc.xref.RFC2616.8">4.1</a>, <a href="#rfc.xref.RFC2616.9">7</a>, <a href="#RFC2616"><b>10.1</b></a>, <a href="#rfc.xref.RFC2616.10">A</a>, <a href="#rfc.xref.RFC2616.11">C</a><ul> 999 <li><em>Section 2.1</em> <a href="#rfc.xref.RFC2616.3">2</a>, <a href="#rfc.xref.RFC2616.8">4.1</a></li> 1000 <li><em>Section 2.2</em> <a href="#rfc.xref.RFC2616.5">4.1</a>, <a href="#rfc.xref.RFC2616.6">4.1</a>, <a href="#rfc.xref.RFC2616.11">C</a></li> 1001 <li><em>Section 3.6</em> <a href="#rfc.xref.RFC2616.7">4.1</a></li> 988 1002 <li><em>Section 15.5</em> <a href="#rfc.xref.RFC2616.2">1</a></li> 989 <li><em>Section 15</em> <a href="#rfc.xref.RFC2616.9"> 6</a></li>1003 <li><em>Section 15</em> <a href="#rfc.xref.RFC2616.9">7</a></li> 990 1004 <li><em>Section 19.5.1</em> <a href="#rfc.xref.RFC2616.1">1</a>, <a href="#rfc.xref.RFC2616.10">A</a></li> 991 1005 </ul> 992 1006 </li> 993 <li><em>RFC3864</em> <a href="#rfc.xref.RFC3864.1"> 7.2</a>, <a href="#RFC3864"><b>9.2</b></a></li>994 <li><em>RFC3986</em> <a href="#RFC3986"><b> 9.2</b></a>, <a href="#rfc.xref.RFC3986.1">C.2</a><ul>1007 <li><em>RFC3864</em> <a href="#rfc.xref.RFC3864.1">8.2</a>, <a href="#RFC3864"><b>10.2</b></a></li> 1008 <li><em>RFC3986</em> <a href="#RFC3986"><b>10.2</b></a>, <a href="#rfc.xref.RFC3986.1">C.2</a><ul> 995 1009 <li><em>Section 2.1</em> <a href="#rfc.xref.RFC3986.1">C.2</a></li> 996 1010 </ul> 997 1011 </li> 998 <li><em>RFC5987</em> <a href="#rfc.xref.RFC5987.1"> 3.1</a>, <a href="#rfc.xref.RFC5987.2">3.1</a>, <a href="#rfc.xref.RFC5987.3">3.3</a>, <a href="#rfc.xref.RFC5987.4">4</a>, <a href="#rfc.xref.RFC5987.5">5</a>, <a href="#rfc.xref.RFC5987.6">6</a>, <a href="#rfc.xref.RFC5987.7">6</a>, <a href="#RFC5987"><b>9.1</b></a>, <a href="#rfc.xref.RFC5987.8">A</a>, <a href="#rfc.xref.RFC5987.9">C</a><ul>999 <li><em>Section 3.2</em> <a href="#rfc.xref.RFC5987.2"> 3.1</a></li>1000 <li><em>Section 5</em> <a href="#rfc.xref.RFC5987.7"> 6</a></li>1012 <li><em>RFC5987</em> <a href="#rfc.xref.RFC5987.1">4.1</a>, <a href="#rfc.xref.RFC5987.2">4.1</a>, <a href="#rfc.xref.RFC5987.3">4.3</a>, <a href="#rfc.xref.RFC5987.4">5</a>, <a href="#rfc.xref.RFC5987.5">6</a>, <a href="#rfc.xref.RFC5987.6">7</a>, <a href="#rfc.xref.RFC5987.7">7</a>, <a href="#RFC5987"><b>10.1</b></a>, <a href="#rfc.xref.RFC5987.8">A</a>, <a href="#rfc.xref.RFC5987.9">C</a><ul> 1013 <li><em>Section 3.2</em> <a href="#rfc.xref.RFC5987.2">4.1</a></li> 1014 <li><em>Section 5</em> <a href="#rfc.xref.RFC5987.7">7</a></li> 1001 1015 </ul> 1002 1016 </li>
Note: See TracChangeset
for help on using the changeset viewer.
