Changeset 1581 for draft-ietf-httpbis/latest/p1-messaging.xml
- Timestamp:
- 11/03/12 09:32:11 (10 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
draft-ietf-httpbis/latest/p1-messaging.xml
r1579 r1581 33 33 <!ENTITY idempotent-methods "<xref target='Part2' x:rel='#idempotent.methods' xmlns:x='http://purl.org/net/xml2rfc/ext'/>"> 34 34 <!ENTITY method "<xref target='Part2' x:rel='#method' xmlns:x='http://purl.org/net/xml2rfc/ext'/>"> 35 <!ENTITY OPTIONS "<xref target='Part2' x:rel='#OPTIONS' xmlns:x='http://purl.org/net/xml2rfc/ext'/>"> 35 36 <!ENTITY status-code-reasonphr "<xref target='Part2' x:rel='#status.code.and.reason.phrase' xmlns:x='http://purl.org/net/xml2rfc/ext'/>"> 36 37 <!ENTITY status-codes "<xref target='Part2' x:rel='#status.codes' xmlns:x='http://purl.org/net/xml2rfc/ext'/>"> … … 2360 2361 the method being requested and whether the request is to a proxy. 2361 2362 </t> 2362 <figure><artwork type="abnf2616"><iref primary="true" item="Grammar" subitem="request-target"/> 2363 <x:ref>request-target</x:ref> = "*" 2364 / <x:ref>absolute-URI</x:ref> 2365 / ( <x:ref>path-absolute</x:ref> [ "?" <x:ref>query</x:ref> ] ) 2366 / <x:ref>authority</x:ref> 2363 <figure><artwork type="abnf2616"><iref primary="true" item="Grammar" subitem="request-target"/><iref primary="true" item="Grammar" subitem="origin-form"/><iref primary="true" item="Grammar" subitem="absolute-form"/><iref primary="true" item="Grammar" subitem="authority-form"/><iref primary="true" item="Grammar" subitem="asterisk-form"/> 2364 <x:ref>request-target</x:ref> = <x:ref>origin-form</x:ref> 2365 / <x:ref>absolute-form</x:ref> 2366 / <x:ref>authority-form</x:ref> 2367 / <x:ref>asterisk-form</x:ref> 2368 2369 <x:ref>origin-form</x:ref> = <x:ref>path-absolute</x:ref> [ "?" <x:ref>query</x:ref> ] 2370 <x:ref>absolute-form</x:ref> = <x:ref>absolute-URI</x:ref> 2371 <x:ref>authority-form</x:ref> = <x:ref>authority</x:ref> 2372 <x:ref>asterisk-form</x:ref> = "*" 2367 2373 </artwork></figure> 2368 <t anchor="origin-form"><iref item="origin form (of request-target)"/> 2369 The most common form of request-target is that used when making 2370 a request to an origin server ("origin form") to access a resource 2371 identified by an "http" (<xref target="http.uri"/>) or 2372 "https" (<xref target="https.uri"/>) URI. 2373 In this case, the absolute path and query components of the URI 2374 &MUST; be transmitted as the request-target and the authority component 2375 (excluding any userinfo) &MUST; be transmitted in a Host header field. 2374 <t anchor="origin-form"><iref item="origin-form (of request-target)"/> 2375 The most common form of request-target is the origin-form. 2376 When making a request directly to an origin server, other than a CONNECT 2377 or server-wide OPTIONS request (as detailed below), 2378 a client &MUST; send only the absolute path and query components of 2379 the target URI as the request-target. 2380 If the target URI's path component is empty, then the client &MUST; send 2381 "/" as the path within the origin-form of request-target. 2382 A Host header field is also sent, as defined in 2383 <xref target="header.host"/>, containing the target URI's 2384 authority component (excluding any userinfo). 2385 </t> 2386 <t> 2376 2387 For example, a client wishing to retrieve a representation of the resource 2377 2388 identified as … … 2389 2400 </artwork></figure> 2390 2401 <t> 2391 followed by the remainder of the request. Note that the origin form 2392 of request-target always starts with an absolute path. If the target 2393 resource's URI path is empty, then an absolute path of "/" &MUST; be 2394 provided in the request-target. 2395 </t> 2396 <t> 2397 If the request-target is percent-encoded 2398 (<xref target="RFC3986" x:fmt="," x:sec="2.1"/>), the origin server 2399 &MUST; decode the request-target in order to 2400 properly interpret the request. Servers &SHOULD; respond to invalid 2401 request-targets with an appropriate status code. 2402 </t> 2403 <t anchor="absolute-URI-form"><iref item="absolute-URI form (of request-target)"/> 2404 The "absolute-URI" form of request-target is &REQUIRED; when the request 2405 is being made to a proxy. The proxy is requested to either forward the 2406 request or service it from a valid cache, and then return the response. 2407 Note that the proxy &MAY; forward the request on to another proxy or 2408 directly to the server specified by the absolute-URI. 2402 followed by the remainder of the request message. 2403 </t> 2404 <t anchor="absolute-form"><iref item="absolute-form (of request-target)"/> 2405 When making a request to a proxy, other than a CONNECT or server-wide 2406 OPTIONS request (as detailed below), a client &MUST; send the target URI 2407 in absolute-form as the request-target. 2408 The proxy is requested to either service that request from a valid cache, 2409 if possible, or make the same request on the client's behalf to either 2410 the next inbound proxy server or directly to the origin server indicated 2411 by the request-target. 2409 2412 In order to avoid request loops, a proxy that forwards requests to other 2410 2413 proxies &MUST; be able to recognize and exclude all of its own server 2411 2414 names, including any aliases, local variations, or literal IP addresses. 2412 An example request-line would be: 2415 </t> 2416 <t> 2417 An example absolute-form of request-line would be: 2413 2418 </t> 2414 2419 <figure><artwork type="message/http; msgtype="request"" x:indent-with=" "> … … 2416 2421 </artwork></figure> 2417 2422 <t> 2418 To allow for transition to absolute-URIs in all requests in future 2419 versions of HTTP, all HTTP/1.1 servers &MUST; accept the absolute-URI 2420 form in requests, even though HTTP/1.1 clients will only generate 2421 them in requests to proxies. 2422 </t> 2423 <t> 2424 If a proxy receives a host name that is not a fully qualified domain 2425 name, it &MAY; add its domain to the host name it received. If a proxy 2426 receives a fully qualified domain name, the proxy &MUST-NOT; change 2427 the host name. 2428 </t> 2429 <t anchor="authority-form"><iref item="authority form (of request-target)"/> 2430 The "authority form" of request-target, which &MUST-NOT; be used 2431 with any request method other than CONNECT, is used to establish a 2432 tunnel through one or more proxies (&CONNECT;). For example, 2423 To allow for transition to the absolute-form for all requests in some 2424 future version of HTTP, HTTP/1.1 servers &MUST; accept the absolute-form 2425 in requests, even though HTTP/1.1 clients will only send them in requests 2426 to proxies. 2427 </t> 2428 <t anchor="authority-form"><iref item="authority-form (of request-target)"/> 2429 The authority-form of request-target is only used for CONNECT requests 2430 (&CONNECT;). When making a CONNECT request to establish a tunnel through 2431 one or more proxies, a client &MUST; send only the target URI's 2432 authority component (excluding any userinfo) as the request-target. 2433 For example, 2433 2434 </t> 2434 2435 <figure><artwork type="message/http; msgtype="request"" x:indent-with=" "> 2435 2436 CONNECT www.example.com:80 HTTP/1.1 2436 2437 </artwork></figure> 2437 <t anchor="asterix-form"><iref item="asterisk form (of request-target)"/> 2438 The asterisk ("*") form of request-target, which &MUST-NOT; be used 2439 with any request method other than OPTIONS, means that the request 2440 applies to the server as a whole (the listening process) rather than 2441 to a specific named resource at that server. For example, 2438 <t anchor="asterisk-form"><iref item="asterisk-form (of request-target)"/> 2439 The asterisk-form of request-target is only used for a server-wide 2440 OPTIONS request (&OPTIONS;). When a client wishes to request OPTIONS 2441 for the server as a whole, as opposed to a specific named resource of 2442 that server, the client &MUST; send only "*" (%x2A) as the request-target. 2443 For example, 2442 2444 </t> 2443 2445 <figure><artwork type="message/http; msgtype="request"" x:indent-with=" "> … … 2445 2447 </artwork></figure> 2446 2448 <t> 2447 If a proxy receives an OPTIONS request with an absolute- URIform of2449 If a proxy receives an OPTIONS request with an absolute-form of 2448 2450 request-target in which the URI has an empty path and no query component, 2449 then the last proxy on the request chain &MUST; usea request-target2451 then the last proxy on the request chain &MUST; send a request-target 2450 2452 of "*" when it forwards the request to the indicated origin server. 2451 2453 </t> … … 2466 2468 </figure> 2467 2469 <t> 2470 If a proxy receives a request-target with a host name that is not a 2471 fully qualified domain name, it &MAY; add its domain to the host name 2472 it received when forwarding the request. A proxy &MUST-NOT; change the 2473 host name if it is a fully qualified domain name. 2474 </t> 2475 <t> 2468 2476 A non-transforming proxy &MUST-NOT; rewrite the "path-absolute" and "query" 2469 2477 parts of the received request-target when forwarding it to the next inbound 2470 server, except as noted above to replace a null path-absolute with "/" or 2471 "*". 2478 server, except as noted above to replace an empty path with "/" or "*". 2472 2479 </t> 2473 2480 </section> … … 2479 2486 <t> 2480 2487 The "Host" header field in a request provides the host and port 2481 information from the target resource'sURI, enabling the origin2482 server to distinguish betweenresources while servicing requests2488 information from the target URI, enabling the origin 2489 server to distinguish among resources while servicing requests 2483 2490 for multiple host names on a single IP address. Since the Host 2484 2491 field-value is critical information for handling a request, it … … 2490 2497 <t> 2491 2498 A client &MUST; send a Host header field in all HTTP/1.1 request 2492 messages. If the target resource's URI includes an authority 2493 component, then the Host field-value &MUST; be identical to that 2494 authority component after excluding any userinfo (<xref target="http.uri"/>). 2495 If the authority component is missing or undefined for the target 2496 resource's URI, then the Host header field &MUST; be sent with an 2497 empty field-value. 2499 messages. If the target URI includes an authority component, then 2500 the Host field-value &MUST; be identical to that authority component 2501 after excluding any userinfo (<xref target="http.uri"/>). 2502 If the authority component is missing or undefined for the target URI, 2503 then the Host header field &MUST; be sent with an empty field-value. 2498 2504 </t> 2499 2505 <t> … … 2507 2513 <t> 2508 2514 The Host header field &MUST; be sent in an HTTP/1.1 request even 2509 if the request-target is in the form of an absolute-URI, since this2515 if the request-target is in the absolute-form, since this 2510 2516 allows the Host information to be forwarded through ancient HTTP/1.0 2511 2517 proxies that might not have implemented Host. 2512 2518 </t> 2513 2519 <t> 2514 When an HTTP/1.1 proxy receives a request with a request-target in2515 the form of an absolute-URI, the proxy &MUST; ignore the received2520 When an HTTP/1.1 proxy receives a request with an absolute-form of 2521 request-target, the proxy &MUST; ignore the received 2516 2522 Host header field (if any) and instead replace it with the host 2517 information of the request-target. When a proxy forwards arequest,2518 it &MUST; generate the Host header fieldbased on the received2519 absolute-URI rather than the received Host.2523 information of the request-target. If the proxy forwards the request, 2524 it &MUST; generate a new Host field-value based on the received 2525 request-target rather than forward the received Host field-value. 2520 2526 </t> 2521 2527 <t> … … 2524 2530 a shared cache or redirect a request to an unintended server. 2525 2531 An interception proxy is particularly vulnerable if it relies on 2526 the Host header fieldvalue for redirecting requests to internal2532 the Host field-value for redirecting requests to internal 2527 2533 servers, or for use as a cache key in a shared cache, without 2528 2534 first verifying that the intercepted connection is targeting a … … 2534 2540 to any request message that contains more than one Host header field 2535 2541 or a Host header field with an invalid field-value. 2536 </t>2537 <t>2538 See Sections <xref target="the.resource.identified.by.a.request" format="counter"/>2539 and <xref target="changes.to.simplify.multi-homed.web.servers.and.conserve.ip.addresses" format="counter"/>2540 for other requirements relating to Host.2541 2542 </t> 2542 2543 </section> … … 5144 5145 5145 5146 <x:ref>absolute-URI</x:ref> = <absolute-URI, defined in [RFC3986], Section 4.3> 5147 <x:ref>absolute-form</x:ref> = absolute-URI 5148 <x:ref>asterisk-form</x:ref> = "*" 5146 5149 <x:ref>attribute</x:ref> = token 5147 5150 <x:ref>authority</x:ref> = <authority, defined in [RFC3986], Section 3.2> 5151 <x:ref>authority-form</x:ref> = authority 5148 5152 5149 5153 <x:ref>chunk</x:ref> = chunk-size [ chunk-ext ] CRLF chunk-data CRLF … … 5176 5180 <x:ref>obs-fold</x:ref> = CRLF ( SP / HTAB ) 5177 5181 <x:ref>obs-text</x:ref> = %x80-FF 5182 <x:ref>origin-form</x:ref> = path-absolute [ "?" query ] 5178 5183 5179 5184 <x:ref>partial-URI</x:ref> = relative-part [ "?" query ] … … 5204 5209 <x:ref>relative-part</x:ref> = <relative-part, defined in [RFC3986], Section 4.2> 5205 5210 <x:ref>request-line</x:ref> = method SP request-target SP HTTP-version CRLF 5206 <x:ref>request-target</x:ref> = "*" / absolute-URI / ( path-absolute [ "?" query ] )5207 / authority5211 <x:ref>request-target</x:ref> = origin-form / absolute-form / authority-form / 5212 asterisk-form 5208 5213 5209 5214 <x:ref>special</x:ref> = "(" / ")" / "<" / ">" / "@" / "," / ";" / ":" / "\" /
Note: See TracChangeset
for help on using the changeset viewer.