Context Navigation

← Previous Change
Next Change →

p2-semantics.xml

Timestamp:

26/03/12 14:21:18 (11 years ago)

Author:

julian.reschke@…

Message:

re-org sections

File:

: 1 edited

draft-ietf-httpbis/latest/p2-semantics.xml (modified) (5 diffs)

Legend:

: Unmodified
: Added
: Removed

draft-ietf-httpbis/latest/p2-semantics.xml

-                      r1617
+                      r1618
    information which will explain the unusual status.
 </t>
+<t>
+   The first digit of the status-code defines the class of response. The
+   last two digits do not have any categorization role. There are 5
+   values for the first digit:
+  <list style="symbols">
+    <t>
+xx: Informational - Request received, continuing process
+    </t>
+    <t>
+xx: Success - The action was successfully received,
+        understood, and accepted
+    </t>
+    <t>
+xx: Redirection - Further action needs to be taken in order to
+        complete the request
+    </t>
+    <t>
+xx: Client Error - The request contains bad syntax or cannot
+        be fulfilled
+    </t>
+    <t>
+xx: Server Error - The server failed to fulfill an apparently
+        valid request
+    </t>
+  </list>
+</t>
 <section title="Overview of Status Codes" anchor="overview.of.status.codes">
 …
 </section>
-</section>
-<section title="Representation" anchor="representation">
-<t>
-   Request and Response messages &MAY; transfer a representation if not otherwise
-   restricted by the request method or response status code. A representation
-   consists of metadata (representation header fields) and data (representation
-   body).  When a complete or partial representation is enclosed in an HTTP message,
-   it is referred to as the payload of the message. HTTP representations
-   are defined in &payload;.
-</t>
-<t>
-   A representation body is only present in a message when a message body is
-   present, as described in &message-body;. The representation body is obtained
-   from the message body by decoding any Transfer-Encoding that might
-   have been applied to ensure safe and proper transfer of the message.
-</t>
-<section title="Identifying the Resource Associated with a Representation" anchor="identifying.response.associated.with.representation">
-<t>
-   It is sometimes necessary to determine an identifier for the resource
-   associated with a representation.
-</t>
-<t>
-   An HTTP request representation, when present, is always associated with an
-   anonymous (i.e., unidentified) resource.
-</t>
-<t>
-   In the common case, an HTTP response is a representation of the target
-   resource (see &effective-request-uri;). However, this is not always the
-   case. To determine the URI of the resource a response is associated with,
-   the following rules are used (with the first applicable one being selected):
-</t>
-<t><list style="numbers">
-   <t>If the response status code is 200 or 203 and the request method was GET,
-   the response payload is a representation of the target resource.</t>
-   <t>If the response status code is 204, 206, or 304 and the request method was GET
-   or HEAD, the response payload is a partial representation of the target
-   resource.</t>
-   <t>If the response has a Content-Location header field, and that URI is the same
-   as the effective request URI, the response payload is a representation of the
-   target resource.</t>
-   <t>If the response has a Content-Location header field, and that URI is not the
-   same as the effective request URI, then the response asserts that its
-   payload is a representation of the resource identified by the
-   Content-Location URI. However, such an assertion cannot be trusted unless
-   it can be verified by other means (not defined by HTTP).</t>
-   <t>Otherwise, the response is a representation of an anonymous (i.e.,
-   unidentified) resource.</t>
-</list></t>
-<t>
-  <cref anchor="TODO-req-uri">
-   The comparison function is going to have to be defined somewhere,
-   because we already need to compare URIs for things like cache invalidation.</cref>
-</t>
-</section>
-</section>
-<section title="Method Definitions" anchor="method.definitions">
-<t>
-   The set of common request methods for HTTP/1.1 is defined below. Although
-   this set can be expanded, additional methods cannot be assumed to
-   share the same semantics for separately extended clients and servers.
-</t>
-<section title="Safe and Idempotent Methods" anchor="safe.and.idempotent">
-<section title="Safe Methods" anchor="safe.methods">
-<iref item="Safe Methods" primary="true"/>
-<t>
-   Implementors need to be aware that the software represents the user in
-   their interactions over the Internet, and need to allow
-   the user to be aware of any actions they take which might have an
-   unexpected significance to themselves or others.
-</t>
-<t>
-   In particular, the convention has been established that the GET, HEAD,
-   OPTIONS, and TRACE request methods &SHOULD-NOT; have the significance
-   of taking an action other than retrieval. These request methods ought
-   to be considered "<x:dfn anchor="safe">safe</x:dfn>".
-   This allows user agents to represent other methods, such as POST, PUT
-   and DELETE, in a special way, so that the user is made aware of the
-   fact that a possibly unsafe action is being requested.
-</t>
-<t>
-   Naturally, it is not possible to ensure that the server does not
-   generate side-effects as a result of performing a GET request; in
-   fact, some dynamic resources consider that a feature. The important
-   distinction here is that the user did not request the side-effects,
-   so therefore cannot be held accountable for them.
-</t>
-</section>
-<section title="Idempotent Methods" anchor="idempotent.methods">
-<iref item="Idempotent Methods" primary="true"/>
-<t>
-   Request methods can also have the property of "idempotence" in that,
-   aside from error or expiration issues, the intended effect of multiple
-   identical requests is the same as for a single request.
-   PUT, DELETE, and all safe request methods are idempotent.
-   It is important to note that idempotence refers only to changes
-   requested by the client: a server is free to change its state due
-   to multiple requests for the purpose of tracking those requests,
-   versioning of results, etc.
-</t>
-</section>
-</section>
-<section title="OPTIONS" anchor="OPTIONS">
-  <rdf:Description>
-    <safe xmlns="urn:ietf:id:draft-ietf-httpbis-p2-semantics#">yes</safe>
-  </rdf:Description>
-  <iref primary="true" item="OPTIONS method" x:for-anchor=""/>
-  <iref primary="true" item="Methods" subitem="OPTIONS" x:for-anchor=""/>
-<t>
-   The OPTIONS method requests information about the
-   communication options available on the request/response chain
-   identified by the effective request URI. This method allows a client to
-   determine the options and/or requirements associated with a resource,
-   or the capabilities of a server, without implying a resource action
-   or initiating a resource retrieval.
-</t>
-<t>
-   Responses to the OPTIONS method are not cacheable.
-</t>
-<t>
-   If the OPTIONS request includes a message body (as indicated by the
-   presence of Content-Length or Transfer-Encoding), then the media type
-   &MUST; be indicated by a Content-Type field. Although this
-   specification does not define any use for such a body, future
-   extensions to HTTP might use the OPTIONS body to make more detailed
-   queries on the server.
-</t>
-<t>
-   If the request-target (&request-target;) is an asterisk ("*"),
-   the OPTIONS request is
-   intended to apply to the server in general rather than to a specific
-   resource. Since a server's communication options typically depend on
-   the resource, the "*" request is only useful as a "ping" or "no-op"
-   type of method; it does nothing beyond allowing the client to test
-   the capabilities of the server. For example, this can be used to test
-   a proxy for HTTP/1.1 conformance (or lack thereof).
-</t>
-<t>
-   If the request-target is not an asterisk, the OPTIONS request applies
-   only to the options that are available when communicating with that
-   resource.
-</t>
-<t>
-   A 200 response &SHOULD; include any header fields that indicate
-   optional features implemented by the server and applicable to that
-   resource (e.g., Allow), possibly including extensions not defined by
-   this specification. The response body, if any, &SHOULD; also include
-   information about the communication options. The format for such a
-   body is not defined by this specification, but might be defined by
-   future extensions to HTTP. Content negotiation &MAY; be used to select
-   the appropriate response format. If no response body is included, the
-   response &MUST; include a Content-Length field with a field-value of
-   "0".
-</t>
-<t>
-   The Max-Forwards header field &MAY; be used to target a
-   specific proxy in the request chain (see <xref target="header.max-forwards"/>).
-   If no Max-Forwards field is present in the request, then the forwarded
-   request &MUST-NOT; include a Max-Forwards field.
-</t>
-</section>
-<section title="GET" anchor="GET">
-  <rdf:Description>
-    <safe xmlns="urn:ietf:id:draft-ietf-httpbis-p2-semantics#">yes</safe>
-  </rdf:Description>
-  <iref primary="true" item="GET method" x:for-anchor=""/>
-  <iref primary="true" item="Methods" subitem="GET" x:for-anchor=""/>
-<t>
-   The GET method requests transfer of a current representation of
-   the target resource.
-</t>
-<t>
-   If the target resource is a data-producing process, it is the
-   produced data which shall be returned as the representation in the response and not
-   the source text of the process, unless that text happens to be the output of
-   the process.
-</t>
-<t>
-   The semantics of the GET method change to a "conditional GET" if the
-   request message includes an If-Modified-Since, If-Unmodified-Since,
-   If-Match, If-None-Match, or If-Range header field. A conditional GET
-   requests that the representation be transferred only under the
-   circumstances described by the conditional header field(s). The
-   conditional GET request is intended to reduce unnecessary network
-   usage by allowing cached representations to be refreshed without requiring
-   multiple requests or transferring data already held by the client.
-</t>
-<t>
-   The semantics of the GET method change to a "partial GET" if the
-   request message includes a Range header field. A partial GET requests
-   that only part of the representation be transferred, as described in &header-range;.
-   The partial GET request is intended to reduce unnecessary
-   network usage by allowing partially-retrieved representations to be
-   completed without transferring data already held by the client.
-</t>
-<t>
-   Bodies on GET requests have no defined semantics. Note that sending a body
-   on a GET request might cause some existing implementations to reject the
-   request.
-</t>
-<t>
-   The response to a GET request is cacheable and &MAY; be used to satisfy
-   subsequent GET and HEAD requests (see &caching;).
-</t>
-<t>
-   See <xref target="encoding.sensitive.information.in.uris"/> for security considerations when used for forms.
-</t>
-</section>
-<section title="HEAD" anchor="HEAD">
-  <rdf:Description>
-    <safe xmlns="urn:ietf:id:draft-ietf-httpbis-p2-semantics#">yes</safe>
-  </rdf:Description>
-  <iref primary="true" item="HEAD method" x:for-anchor=""/>
-  <iref primary="true" item="Methods" subitem="HEAD" x:for-anchor=""/>
-<t>
-   The HEAD method is identical to GET except that the server &MUST-NOT;
-   return a message body in the response. The metadata contained
-   in the HTTP header fields in response to a HEAD request &SHOULD; be identical
-   to the information sent in response to a GET request. This method can
-   be used for obtaining metadata about the representation implied by the
-   request without transferring the representation body. This method is
-   often used for testing hypertext links for validity, accessibility,
-   and recent modification.
-</t>
-<t>
-   The response to a HEAD request is cacheable and &MAY; be used to satisfy
-   a subsequent HEAD request. It also has potential side effects on
-   previously stored responses to GET; see &p6-head;.
-</t>
-<t>
-   Bodies on HEAD requests have no defined semantics. Note that sending a body
-   on a HEAD request might cause some existing implementations to reject the
-   request.
-</t>
-</section>
-<section title="POST" anchor="POST">
-  <iref primary="true" item="POST method" x:for-anchor=""/>
-  <iref primary="true" item="Methods" subitem="POST" x:for-anchor=""/>
-<t>
-   The POST method requests that the origin server accept the
-   representation enclosed in the request as data to be processed by the
-   target resource. POST is designed to allow a uniform method to cover the
-   following functions:
-  <list style="symbols">
-    <t>
-      Annotation of existing resources;
-    </t>
-    <t>
-        Posting a message to a bulletin board, newsgroup, mailing list,
-        or similar group of articles;
-    </t>
-    <t>
-        Providing a block of data, such as the result of submitting a
-        form, to a data-handling process;
-    </t>
-    <t>
-        Extending a database through an append operation.
-    </t>
-  </list>
-</t>
-<t>
-   The actual function performed by the POST method is determined by the
-   server and is usually dependent on the effective request URI.
-</t>
-<t>
-   The action performed by the POST method might not result in a
-   resource that can be identified by a URI. In this case, either 200
-   (OK) or 204 (No Content) is the appropriate response status code,
-   depending on whether or not the response includes a representation that
-   describes the result.
-</t>
-<t>
-   If a resource has been created on the origin server, the response
-   &SHOULD; be 201 (Created) and contain a representation which describes the
-   status of the request and refers to the new resource, and a Location
-   header field (see <xref target="header.location"/>).
-</t>
-<t>
-   Responses to POST requests are only cacheable when they
-   include explicit freshness information (see &p6-explicit;). A
-   cached POST response with a Content-Location header field
-   (see &header-content-location;) whose value is the effective
-   Request URI &MAY; be used to satisfy subsequent GET and HEAD requests.
-</t>
-<t>
-   Note that POST caching is not widely implemented.
-   However, the 303 (See Other) response can be used to direct the
-   user agent to retrieve a cacheable representation of the resource.
-</t>
-</section>
-<section title="PUT" anchor="PUT">
-  <iref primary="true" item="PUT method" x:for-anchor=""/>
-  <iref primary="true" item="Methods" subitem="PUT" x:for-anchor=""/>
-<t>
-   The PUT method requests that the state of the target resource
-   be created or replaced with the state defined by the representation
-   enclosed in the request message payload.  A successful PUT of a given
-   representation would suggest that a subsequent GET on that same target
-   resource will result in an equivalent representation being returned in
-   a 200 (OK) response.  However, there is no guarantee that such a state
-   change will be observable, since the target resource might be acted
-   upon by other user agents in parallel, or might be subject to dynamic
-   processing by the origin server, before any subsequent GET is received.
-   A successful response only implies that the user agent's intent was
-   achieved at the time of its processing by the origin server.
-</t>
-<t>
-   If the target resource does not have a current representation and
-   the PUT successfully creates one, then the origin server &MUST; inform
-   the user agent by sending a 201 (Created) response.  If the target
-   resource does have a current representation and that representation is
-   successfully modified in accordance with the state of the enclosed
-   representation, then either a 200 (OK) or 204 (No Content) response
-   &SHOULD; be sent to indicate successful completion of the request.
-</t>
-<t>
-   Unrecognized header fields &SHOULD; be ignored (i.e., not saved
-   as part of the resource state).
-</t>
-<t>
-   An origin server &SHOULD; verify that the PUT representation is
-   consistent with any constraints which the server has for the target
-   resource that cannot or will not be changed by the PUT.  This is
-   particularly important when the origin server uses internal
-   configuration information related to the URI in order to set the
-   values for representation metadata on GET responses.  When a PUT
-   representation is inconsistent with the target resource, the origin
-   server &SHOULD; either make them consistent, by transforming the
-   representation or changing the resource configuration, or respond
-   with an appropriate error message containing sufficient information
-   to explain why the representation is unsuitable.  The 409 (Conflict)
-   or 415 (Unsupported Media Type) status codes are suggested, with the
-   latter being specific to constraints on Content-Type values.
-</t>
-<t>
-   For example, if the target resource is configured to always have a
-   Content-Type of "text/html" and the representation being PUT has a
-   Content-Type of "image/jpeg", then the origin server &SHOULD; do one of:
-   (a) reconfigure the target resource to reflect the new media type;
-   (b) transform the PUT representation to a format consistent with that
-   of the resource before saving it as the new resource state; or,
-   (c) reject the request with a 415 response indicating that the target
-   resource is limited to "text/html", perhaps including a link to a
-   different resource that would be a suitable target for the new
-   representation.
-</t>
-<t>
-   HTTP does not define exactly how a PUT method affects the state
-   of an origin server beyond what can be expressed by the intent of
-   the user agent request and the semantics of the origin server response.
-   It does not define what a resource might be, in any sense of that
-   word, beyond the interface provided via HTTP.  It does not define
-   how resource state is "stored", nor how such storage might change
-   as a result of a change in resource state, nor how the origin server
-   translates resource state into representations.  Generally speaking,
-   all implementation details behind the resource interface are
-   intentionally hidden by the server.
-</t>
-<t>
-   The fundamental difference between the POST and PUT methods is
-   highlighted by the different intent for the target resource.
-   The target resource in a POST request is intended to handle the
-   enclosed representation as a data-accepting process, such as for
-   a gateway to some other protocol or a document that accepts annotations.
-   In contrast, the target resource in a PUT request is intended to
-   take the enclosed representation as a new or replacement value.
-   Hence, the intent of PUT is idempotent and visible to intermediaries,
-   even though the exact effect is only known by the origin server.
-</t>
-<t>
-   Proper interpretation of a PUT request presumes that the user agent
-   knows what target resource is desired.  A service that is intended
-   to select a proper URI on behalf of the client, after receiving
-   a state-changing request, &SHOULD; be implemented using the POST
-   method rather than PUT.  If the origin server will not make the
-   requested PUT state change to the target resource and instead
-   wishes to have it applied to a different resource, such as when the
-   resource has been moved to a different URI, then the origin server
-   &MUST; send a 301 (Moved Permanently) response; the user agent &MAY;
-   then make its own decision regarding whether or not to redirect the
-   request.
-</t>
-<t>
-   A PUT request applied to the target resource &MAY; have side-effects
-   on other resources.  For example, an article might have a URI for
-   identifying "the current version" (a resource) which is separate
-   from the URIs identifying each particular version (different
-   resources that at one point shared the same state as the current version
-   resource).  A successful PUT request on "the current version" URI might
-   therefore create a new version resource in addition to changing the
-   state of the target resource, and might also cause links to be added
-   between the related resources.
-</t>
-<t>
-   An origin server &SHOULD; reject any PUT request that contains a
-   Content-Range header field, since it might be misinterpreted as
-   partial content (or might be partial content that is being mistakenly
-   PUT as a full representation).  Partial content updates are
-   possible by targeting a separately identified resource with state
-   that overlaps a portion of the larger resource, or by using a
-   different method that has been specifically defined for partial
-   updates (for example, the PATCH method defined in
-   <xref target="RFC5789"/>).
-</t>
-<t>
-   Responses to the PUT method are not cacheable. If a PUT request passes
-   through a cache that has one or more stored responses for the effective
-   request URI, those stored responses will be invalidated (see
-   &p6-invalid;).
-</t>
-</section>
-<section title="DELETE" anchor="DELETE">
-  <iref primary="true" item="DELETE method" x:for-anchor=""/>
-  <iref primary="true" item="Methods" subitem="DELETE" x:for-anchor=""/>
-<t>
-   The DELETE method requests that the origin server delete the target
-   resource. This method &MAY; be overridden by
-   human intervention (or other means) on the origin server. The client cannot
-   be guaranteed that the operation has been carried out, even if the
-   status code returned from the origin server indicates that the action
-   has been completed successfully. However, the server &SHOULD-NOT;
-   indicate success unless, at the time the response is given, it
-   intends to delete the resource or move it to an inaccessible
-   location.
-</t>
-<t>
-   A successful response &SHOULD; be 200 (OK) if the response includes an
-   representation describing the status, 202 (Accepted) if the action has not
-   yet been enacted, or 204 (No Content) if the action has been enacted
-   but the response does not include a representation.
-</t>
-<t>
-   Bodies on DELETE requests have no defined semantics. Note that sending a body
-   on a DELETE request might cause some existing implementations to reject the
-   request.
-</t>
-<t>
-   Responses to the DELETE method are not cacheable. If a DELETE request
-   passes through a cache that has one or more stored responses for the
-   effective request URI, those stored responses will be invalidated (see
-   &p6-invalid;).
-</t>
-</section>
-<section title="TRACE" anchor="TRACE">
-  <rdf:Description>
-    <safe xmlns="urn:ietf:id:draft-ietf-httpbis-p2-semantics#">yes</safe>
-  </rdf:Description>
-  <iref primary="true" item="TRACE method" x:for-anchor=""/>
-  <iref primary="true" item="Methods" subitem="TRACE" x:for-anchor=""/>
-<t>
-   The TRACE method requests a remote, application-layer loop-back
-   of the request message. The final recipient of the request
-   &SHOULD; reflect the message received back to the client as the
-   message body of a 200 (OK) response. The final recipient is either the
-   origin server or the first proxy to receive a Max-Forwards
-   value of zero (0) in the request (see <xref target="header.max-forwards"/>).
-   A TRACE request &MUST-NOT; include a message body.
-</t>
-<t>
-   TRACE allows the client to see what is being received at the other
-   end of the request chain and use that data for testing or diagnostic
-   information. The value of the Via header field (&header-via;) is of
-   particular interest, since it acts as a trace of the request chain.
-   Use of the Max-Forwards header field allows the client to limit the
-   length of the request chain, which is useful for testing a chain of
-   proxies forwarding messages in an infinite loop.
-</t>
-<t>
-   If the request is valid, the response &SHOULD; have a Content-Type of
-   "message/http" (see &media-type-message-http;) and contain a message body
-   that encloses a copy of the entire request message.
-   Responses to the TRACE method are not cacheable.
-</t>
-</section>
-<section title="CONNECT" anchor="CONNECT">
-  <iref primary="true" item="CONNECT method" x:for-anchor=""/>
-  <iref primary="true" item="Methods" subitem="CONNECT" x:for-anchor=""/>
-<t>
-   The CONNECT method requests that the proxy establish a tunnel
-   to the request-target and, if successful, thereafter restrict its behavior
-   to blind forwarding of packets until the connection is closed.
-</t>
-<t>
-   When using CONNECT, the request-target &MUST; use the authority form
-   (&request-target;); i.e., the request-target consists of only the
-   host name and port number of the tunnel destination, separated by a colon.
-   For example,
-</t>
-<figure><artwork type="message/http; msgtype=&#34;request&#34;" x:indent-with="  ">
-CONNECT server.example.com:80 HTTP/1.1
-Host: server.example.com:80
-</artwork></figure>
-<t>
-   Any successful (2xx) response to a CONNECT request indicates that the
-   proxy has established a connection to the requested host and port,
-   and has switched to tunneling the current connection to that server
-   connection.
-   The tunneled data from the server begins immediately after the blank line
-   that concludes the successful response's header block.
-   A server &SHOULD-NOT; send any Transfer-Encoding or Content-Length
-   header fields in a successful response.
-   A client &MUST; ignore any Content-Length or Transfer-Encoding header
-   fields received in a successful response.
-</t>
-<t>
-   Any response other than a successful response indicates that the tunnel
-   has not yet been formed and that the connection remains governed by HTTP.
-</t>
-<t>
-   Proxy authentication might be used to establish the
-   authority to create a tunnel:
-</t>
-<figure><artwork type="message/http; msgtype=&#34;request&#34;" x:indent-with="  ">
-CONNECT server.example.com:80 HTTP/1.1
-Host: server.example.com:80
-Proxy-Authorization: basic aGVsbG86d29ybGQ=
-</artwork></figure>
-<t>
-   A message body on a CONNECT request has no defined semantics. Sending a
-   body on a CONNECT request might cause existing implementations to reject
-   the request.
-</t>
-<t>
-   Similar to a pipelined HTTP/1.1 request, data to be tunneled from client
-   to server &MAY; be sent immediately after the request (before a response
-   is received). The usual caveats also apply:
-   data may be discarded if the eventual response is negative, and the
-   connection may be reset with no response if more than one TCP segment
-   is outstanding.
-</t>
-<t>
-   It may be the case that the proxy itself can only reach the requested
-   origin server through another proxy.  In this case, the first proxy
-   &SHOULD; make a CONNECT request of that next proxy, requesting a tunnel
-   to the authority.  A proxy &MUST-NOT; respond with any 2xx status code
-   unless it has either a direct or tunnel connection established to the
-   authority.
-</t>
-<t>
-   If at any point either one of the peers gets disconnected, any
-   outstanding data that came from that peer will be passed to the other
-   one, and after that also the other connection will be terminated by
-   the proxy. If there is outstanding data to that peer undelivered,
-   that data will be discarded.
-</t>
-<t>
-   An origin server which receives a CONNECT request for itself &MAY;
-   respond with a 2xx status code to indicate that a connection is
-   established.  However, most origin servers do not implement CONNECT.
-</t>
-</section>
-</section>
 <section title="Status Code Definitions" anchor="status.codes">
-<t>
-   The first digit of the status-code defines the class of response. The
-   last two digits do not have any categorization role. There are 5
-   values for the first digit:
-  <list style="symbols">
-    <t>
-xx: Informational - Request received, continuing process
-    </t>
-    <t>
-xx: Success - The action was successfully received,
-        understood, and accepted
-    </t>
-    <t>
-xx: Redirection - Further action needs to be taken in order to
-        complete the request
-    </t>
-    <t>
-xx: Client Error - The request contains bad syntax or cannot
-        be fulfilled
-    </t>
-    <t>
-xx: Server Error - The server failed to fulfill an apparently
-        valid request
-    </t>
-  </list>
-</t>
 <t>
    Each status-code is described below, including any metadata required
 …
 </section>
+</section>
+<section title="Representation" anchor="representation">
+<t>
+   Request and Response messages &MAY; transfer a representation if not otherwise
+   restricted by the request method or response status code. A representation
+   consists of metadata (representation header fields) and data (representation
+   body).  When a complete or partial representation is enclosed in an HTTP message,
+   it is referred to as the payload of the message. HTTP representations
+   are defined in &payload;.
+</t>
+<t>
+   A representation body is only present in a message when a message body is
+   present, as described in &message-body;. The representation body is obtained
+   from the message body by decoding any Transfer-Encoding that might
+   have been applied to ensure safe and proper transfer of the message.
+</t>
+<section title="Identifying the Resource Associated with a Representation" anchor="identifying.response.associated.with.representation">
+<t>
+   It is sometimes necessary to determine an identifier for the resource
+   associated with a representation.
+</t>
+<t>
+   An HTTP request representation, when present, is always associated with an
+   anonymous (i.e., unidentified) resource.
+</t>
+<t>
+   In the common case, an HTTP response is a representation of the target
+   resource (see &effective-request-uri;). However, this is not always the
+   case. To determine the URI of the resource a response is associated with,
+   the following rules are used (with the first applicable one being selected):
+</t>
+<t><list style="numbers">
+   <t>If the response status code is 200 or 203 and the request method was GET,
+   the response payload is a representation of the target resource.</t>
+   <t>If the response status code is 204, 206, or 304 and the request method was GET
+   or HEAD, the response payload is a partial representation of the target
+   resource.</t>
+   <t>If the response has a Content-Location header field, and that URI is the same
+   as the effective request URI, the response payload is a representation of the
+   target resource.</t>
+   <t>If the response has a Content-Location header field, and that URI is not the
+   same as the effective request URI, then the response asserts that its
+   payload is a representation of the resource identified by the
+   Content-Location URI. However, such an assertion cannot be trusted unless
+   it can be verified by other means (not defined by HTTP).</t>
+   <t>Otherwise, the response is a representation of an anonymous (i.e.,
+   unidentified) resource.</t>
+</list></t>
+<t>
+  <cref anchor="TODO-req-uri">
+   The comparison function is going to have to be defined somewhere,
+   because we already need to compare URIs for things like cache invalidation.</cref>
+</t>
+</section>
+</section>
+<section title="Method Definitions" anchor="method.definitions">
+<t>
+   The set of common request methods for HTTP/1.1 is defined below. Although
+   this set can be expanded, additional methods cannot be assumed to
+   share the same semantics for separately extended clients and servers.
+</t>
+<section title="Safe and Idempotent Methods" anchor="safe.and.idempotent">
+<section title="Safe Methods" anchor="safe.methods">
+<iref item="Safe Methods" primary="true"/>
+<t>
+   Implementors need to be aware that the software represents the user in
+   their interactions over the Internet, and need to allow
+   the user to be aware of any actions they take which might have an
+   unexpected significance to themselves or others.
+</t>
+<t>
+   In particular, the convention has been established that the GET, HEAD,
+   OPTIONS, and TRACE request methods &SHOULD-NOT; have the significance
+   of taking an action other than retrieval. These request methods ought
+   to be considered "<x:dfn anchor="safe">safe</x:dfn>".
+   This allows user agents to represent other methods, such as POST, PUT
+   and DELETE, in a special way, so that the user is made aware of the
+   fact that a possibly unsafe action is being requested.
+</t>
+<t>
+   Naturally, it is not possible to ensure that the server does not
+   generate side-effects as a result of performing a GET request; in
+   fact, some dynamic resources consider that a feature. The important
+   distinction here is that the user did not request the side-effects,
+   so therefore cannot be held accountable for them.
+</t>
+</section>
+<section title="Idempotent Methods" anchor="idempotent.methods">
+<iref item="Idempotent Methods" primary="true"/>
+<t>
+   Request methods can also have the property of "idempotence" in that,
+   aside from error or expiration issues, the intended effect of multiple
+   identical requests is the same as for a single request.
+   PUT, DELETE, and all safe request methods are idempotent.
+   It is important to note that idempotence refers only to changes
+   requested by the client: a server is free to change its state due
+   to multiple requests for the purpose of tracking those requests,
+   versioning of results, etc.
+</t>
+</section>
+</section>
+<section title="OPTIONS" anchor="OPTIONS">
+  <rdf:Description>
+    <safe xmlns="urn:ietf:id:draft-ietf-httpbis-p2-semantics#">yes</safe>
+  </rdf:Description>
+  <iref primary="true" item="OPTIONS method" x:for-anchor=""/>
+  <iref primary="true" item="Methods" subitem="OPTIONS" x:for-anchor=""/>
+<t>
+   The OPTIONS method requests information about the
+   communication options available on the request/response chain
+   identified by the effective request URI. This method allows a client to
+   determine the options and/or requirements associated with a resource,
+   or the capabilities of a server, without implying a resource action
+   or initiating a resource retrieval.
+</t>
+<t>
+   Responses to the OPTIONS method are not cacheable.
+</t>
+<t>
+   If the OPTIONS request includes a message body (as indicated by the
+   presence of Content-Length or Transfer-Encoding), then the media type
+   &MUST; be indicated by a Content-Type field. Although this
+   specification does not define any use for such a body, future
+   extensions to HTTP might use the OPTIONS body to make more detailed
+   queries on the server.
+</t>
+<t>
+   If the request-target (&request-target;) is an asterisk ("*"),
+   the OPTIONS request is
+   intended to apply to the server in general rather than to a specific
+   resource. Since a server's communication options typically depend on
+   the resource, the "*" request is only useful as a "ping" or "no-op"
+   type of method; it does nothing beyond allowing the client to test
+   the capabilities of the server. For example, this can be used to test
+   a proxy for HTTP/1.1 conformance (or lack thereof).
+</t>
+<t>
+   If the request-target is not an asterisk, the OPTIONS request applies
+   only to the options that are available when communicating with that
+   resource.
+</t>
+<t>
+   A 200 response &SHOULD; include any header fields that indicate
+   optional features implemented by the server and applicable to that
+   resource (e.g., Allow), possibly including extensions not defined by
+   this specification. The response body, if any, &SHOULD; also include
+   information about the communication options. The format for such a
+   body is not defined by this specification, but might be defined by
+   future extensions to HTTP. Content negotiation &MAY; be used to select
+   the appropriate response format. If no response body is included, the
+   response &MUST; include a Content-Length field with a field-value of
+   "0".
+</t>
+<t>
+   The Max-Forwards header field &MAY; be used to target a
+   specific proxy in the request chain (see <xref target="header.max-forwards"/>).
+   If no Max-Forwards field is present in the request, then the forwarded
+   request &MUST-NOT; include a Max-Forwards field.
+</t>
+</section>
+<section title="GET" anchor="GET">
+  <rdf:Description>
+    <safe xmlns="urn:ietf:id:draft-ietf-httpbis-p2-semantics#">yes</safe>
+  </rdf:Description>
+  <iref primary="true" item="GET method" x:for-anchor=""/>
+  <iref primary="true" item="Methods" subitem="GET" x:for-anchor=""/>
+<t>
+   The GET method requests transfer of a current representation of
+   the target resource.
+</t>
+<t>
+   If the target resource is a data-producing process, it is the
+   produced data which shall be returned as the representation in the response and not
+   the source text of the process, unless that text happens to be the output of
+   the process.
+</t>
+<t>
+   The semantics of the GET method change to a "conditional GET" if the
+   request message includes an If-Modified-Since, If-Unmodified-Since,
+   If-Match, If-None-Match, or If-Range header field. A conditional GET
+   requests that the representation be transferred only under the
+   circumstances described by the conditional header field(s). The
+   conditional GET request is intended to reduce unnecessary network
+   usage by allowing cached representations to be refreshed without requiring
+   multiple requests or transferring data already held by the client.
+</t>
+<t>
+   The semantics of the GET method change to a "partial GET" if the
+   request message includes a Range header field. A partial GET requests
+   that only part of the representation be transferred, as described in &header-range;.
+   The partial GET request is intended to reduce unnecessary
+   network usage by allowing partially-retrieved representations to be
+   completed without transferring data already held by the client.
+</t>
+<t>
+   Bodies on GET requests have no defined semantics. Note that sending a body
+   on a GET request might cause some existing implementations to reject the
+   request.
+</t>
+<t>
+   The response to a GET request is cacheable and &MAY; be used to satisfy
+   subsequent GET and HEAD requests (see &caching;).
+</t>
+<t>
+   See <xref target="encoding.sensitive.information.in.uris"/> for security considerations when used for forms.
+</t>
+</section>
+<section title="HEAD" anchor="HEAD">
+  <rdf:Description>
+    <safe xmlns="urn:ietf:id:draft-ietf-httpbis-p2-semantics#">yes</safe>
+  </rdf:Description>
+  <iref primary="true" item="HEAD method" x:for-anchor=""/>
+  <iref primary="true" item="Methods" subitem="HEAD" x:for-anchor=""/>
+<t>
+   The HEAD method is identical to GET except that the server &MUST-NOT;
+   return a message body in the response. The metadata contained
+   in the HTTP header fields in response to a HEAD request &SHOULD; be identical
+   to the information sent in response to a GET request. This method can
+   be used for obtaining metadata about the representation implied by the
+   request without transferring the representation body. This method is
+   often used for testing hypertext links for validity, accessibility,
+   and recent modification.
+</t>
+<t>
+   The response to a HEAD request is cacheable and &MAY; be used to satisfy
+   a subsequent HEAD request. It also has potential side effects on
+   previously stored responses to GET; see &p6-head;.
+</t>
+<t>
+   Bodies on HEAD requests have no defined semantics. Note that sending a body
+   on a HEAD request might cause some existing implementations to reject the
+   request.
+</t>
+</section>
+<section title="POST" anchor="POST">
+  <iref primary="true" item="POST method" x:for-anchor=""/>
+  <iref primary="true" item="Methods" subitem="POST" x:for-anchor=""/>
+<t>
+   The POST method requests that the origin server accept the
+   representation enclosed in the request as data to be processed by the
+   target resource. POST is designed to allow a uniform method to cover the
+   following functions:
+  <list style="symbols">
+    <t>
+      Annotation of existing resources;
+    </t>
+    <t>
+        Posting a message to a bulletin board, newsgroup, mailing list,
+        or similar group of articles;
+    </t>
+    <t>
+        Providing a block of data, such as the result of submitting a
+        form, to a data-handling process;
+    </t>
+    <t>
+        Extending a database through an append operation.
+    </t>
+  </list>
+</t>
+<t>
+   The actual function performed by the POST method is determined by the
+   server and is usually dependent on the effective request URI.
+</t>
+<t>
+   The action performed by the POST method might not result in a
+   resource that can be identified by a URI. In this case, either 200
+   (OK) or 204 (No Content) is the appropriate response status code,
+   depending on whether or not the response includes a representation that
+   describes the result.
+</t>
+<t>
+   If a resource has been created on the origin server, the response
+   &SHOULD; be 201 (Created) and contain a representation which describes the
+   status of the request and refers to the new resource, and a Location
+   header field (see <xref target="header.location"/>).
+</t>
+<t>
+   Responses to POST requests are only cacheable when they
+   include explicit freshness information (see &p6-explicit;). A
+   cached POST response with a Content-Location header field
+   (see &header-content-location;) whose value is the effective
+   Request URI &MAY; be used to satisfy subsequent GET and HEAD requests.
+</t>
+<t>
+   Note that POST caching is not widely implemented.
+   However, the 303 (See Other) response can be used to direct the
+   user agent to retrieve a cacheable representation of the resource.
+</t>
+</section>
+<section title="PUT" anchor="PUT">
+  <iref primary="true" item="PUT method" x:for-anchor=""/>
+  <iref primary="true" item="Methods" subitem="PUT" x:for-anchor=""/>
+<t>
+   The PUT method requests that the state of the target resource
+   be created or replaced with the state defined by the representation
+   enclosed in the request message payload.  A successful PUT of a given
+   representation would suggest that a subsequent GET on that same target
+   resource will result in an equivalent representation being returned in
+   a 200 (OK) response.  However, there is no guarantee that such a state
+   change will be observable, since the target resource might be acted
+   upon by other user agents in parallel, or might be subject to dynamic
+   processing by the origin server, before any subsequent GET is received.
+   A successful response only implies that the user agent's intent was
+   achieved at the time of its processing by the origin server.
+</t>
+<t>
+   If the target resource does not have a current representation and
+   the PUT successfully creates one, then the origin server &MUST; inform
+   the user agent by sending a 201 (Created) response.  If the target
+   resource does have a current representation and that representation is
+   successfully modified in accordance with the state of the enclosed
+   representation, then either a 200 (OK) or 204 (No Content) response
+   &SHOULD; be sent to indicate successful completion of the request.
+</t>
+<t>
+   Unrecognized header fields &SHOULD; be ignored (i.e., not saved
+   as part of the resource state).
+</t>
+<t>
+   An origin server &SHOULD; verify that the PUT representation is
+   consistent with any constraints which the server has for the target
+   resource that cannot or will not be changed by the PUT.  This is
+   particularly important when the origin server uses internal
+   configuration information related to the URI in order to set the
+   values for representation metadata on GET responses.  When a PUT
+   representation is inconsistent with the target resource, the origin
+   server &SHOULD; either make them consistent, by transforming the
+   representation or changing the resource configuration, or respond
+   with an appropriate error message containing sufficient information
+   to explain why the representation is unsuitable.  The 409 (Conflict)
+   or 415 (Unsupported Media Type) status codes are suggested, with the
+   latter being specific to constraints on Content-Type values.
+</t>
+<t>
+   For example, if the target resource is configured to always have a
+   Content-Type of "text/html" and the representation being PUT has a
+   Content-Type of "image/jpeg", then the origin server &SHOULD; do one of:
+   (a) reconfigure the target resource to reflect the new media type;
+   (b) transform the PUT representation to a format consistent with that
+   of the resource before saving it as the new resource state; or,
+   (c) reject the request with a 415 response indicating that the target
+   resource is limited to "text/html", perhaps including a link to a
+   different resource that would be a suitable target for the new
+   representation.
+</t>
+<t>
+   HTTP does not define exactly how a PUT method affects the state
+   of an origin server beyond what can be expressed by the intent of
+   the user agent request and the semantics of the origin server response.
+   It does not define what a resource might be, in any sense of that
+   word, beyond the interface provided via HTTP.  It does not define
+   how resource state is "stored", nor how such storage might change
+   as a result of a change in resource state, nor how the origin server
+   translates resource state into representations.  Generally speaking,
+   all implementation details behind the resource interface are
+   intentionally hidden by the server.
+</t>
+<t>
+   The fundamental difference between the POST and PUT methods is
+   highlighted by the different intent for the target resource.
+   The target resource in a POST request is intended to handle the
+   enclosed representation as a data-accepting process, such as for
+   a gateway to some other protocol or a document that accepts annotations.
+   In contrast, the target resource in a PUT request is intended to
+   take the enclosed representation as a new or replacement value.
+   Hence, the intent of PUT is idempotent and visible to intermediaries,
+   even though the exact effect is only known by the origin server.
+</t>
+<t>
+   Proper interpretation of a PUT request presumes that the user agent
+   knows what target resource is desired.  A service that is intended
+   to select a proper URI on behalf of the client, after receiving
+   a state-changing request, &SHOULD; be implemented using the POST
+   method rather than PUT.  If the origin server will not make the
+   requested PUT state change to the target resource and instead
+   wishes to have it applied to a different resource, such as when the
+   resource has been moved to a different URI, then the origin server
+   &MUST; send a 301 (Moved Permanently) response; the user agent &MAY;
+   then make its own decision regarding whether or not to redirect the
+   request.
+</t>
+<t>
+   A PUT request applied to the target resource &MAY; have side-effects
+   on other resources.  For example, an article might have a URI for
+   identifying "the current version" (a resource) which is separate
+   from the URIs identifying each particular version (different
+   resources that at one point shared the same state as the current version
+   resource).  A successful PUT request on "the current version" URI might
+   therefore create a new version resource in addition to changing the
+   state of the target resource, and might also cause links to be added
+   between the related resources.
+</t>
+<t>
+   An origin server &SHOULD; reject any PUT request that contains a
+   Content-Range header field, since it might be misinterpreted as
+   partial content (or might be partial content that is being mistakenly
+   PUT as a full representation).  Partial content updates are
+   possible by targeting a separately identified resource with state
+   that overlaps a portion of the larger resource, or by using a
+   different method that has been specifically defined for partial
+   updates (for example, the PATCH method defined in
+   <xref target="RFC5789"/>).
+</t>
+<t>
+   Responses to the PUT method are not cacheable. If a PUT request passes
+   through a cache that has one or more stored responses for the effective
+   request URI, those stored responses will be invalidated (see
+   &p6-invalid;).
+</t>
+</section>
+<section title="DELETE" anchor="DELETE">
+  <iref primary="true" item="DELETE method" x:for-anchor=""/>
+  <iref primary="true" item="Methods" subitem="DELETE" x:for-anchor=""/>
+<t>
+   The DELETE method requests that the origin server delete the target
+   resource. This method &MAY; be overridden by
+   human intervention (or other means) on the origin server. The client cannot
+   be guaranteed that the operation has been carried out, even if the
+   status code returned from the origin server indicates that the action
+   has been completed successfully. However, the server &SHOULD-NOT;
+   indicate success unless, at the time the response is given, it
+   intends to delete the resource or move it to an inaccessible
+   location.
+</t>
+<t>
+   A successful response &SHOULD; be 200 (OK) if the response includes an
+   representation describing the status, 202 (Accepted) if the action has not
+   yet been enacted, or 204 (No Content) if the action has been enacted
+   but the response does not include a representation.
+</t>
+<t>
+   Bodies on DELETE requests have no defined semantics. Note that sending a body
+   on a DELETE request might cause some existing implementations to reject the
+   request.
+</t>
+<t>
+   Responses to the DELETE method are not cacheable. If a DELETE request
+   passes through a cache that has one or more stored responses for the
+   effective request URI, those stored responses will be invalidated (see
+   &p6-invalid;).
+</t>
+</section>
+<section title="TRACE" anchor="TRACE">
+  <rdf:Description>
+    <safe xmlns="urn:ietf:id:draft-ietf-httpbis-p2-semantics#">yes</safe>
+  </rdf:Description>
+  <iref primary="true" item="TRACE method" x:for-anchor=""/>
+  <iref primary="true" item="Methods" subitem="TRACE" x:for-anchor=""/>
+<t>
+   The TRACE method requests a remote, application-layer loop-back
+   of the request message. The final recipient of the request
+   &SHOULD; reflect the message received back to the client as the
+   message body of a 200 (OK) response. The final recipient is either the
+   origin server or the first proxy to receive a Max-Forwards
+   value of zero (0) in the request (see <xref target="header.max-forwards"/>).
+   A TRACE request &MUST-NOT; include a message body.
+</t>
+<t>
+   TRACE allows the client to see what is being received at the other
+   end of the request chain and use that data for testing or diagnostic
+   information. The value of the Via header field (&header-via;) is of
+   particular interest, since it acts as a trace of the request chain.
+   Use of the Max-Forwards header field allows the client to limit the
+   length of the request chain, which is useful for testing a chain of
+   proxies forwarding messages in an infinite loop.
+</t>
+<t>
+   If the request is valid, the response &SHOULD; have a Content-Type of
+   "message/http" (see &media-type-message-http;) and contain a message body
+   that encloses a copy of the entire request message.
+   Responses to the TRACE method are not cacheable.
+</t>
+</section>
+<section title="CONNECT" anchor="CONNECT">
+  <iref primary="true" item="CONNECT method" x:for-anchor=""/>
+  <iref primary="true" item="Methods" subitem="CONNECT" x:for-anchor=""/>
+<t>
+   The CONNECT method requests that the proxy establish a tunnel
+   to the request-target and, if successful, thereafter restrict its behavior
+   to blind forwarding of packets until the connection is closed.
+</t>
+<t>
+   When using CONNECT, the request-target &MUST; use the authority form
+   (&request-target;); i.e., the request-target consists of only the
+   host name and port number of the tunnel destination, separated by a colon.
+   For example,
+</t>
+<figure><artwork type="message/http; msgtype=&#34;request&#34;" x:indent-with="  ">
+CONNECT server.example.com:80 HTTP/1.1
+Host: server.example.com:80
+</artwork></figure>
+<t>
+   Any successful (2xx) response to a CONNECT request indicates that the
+   proxy has established a connection to the requested host and port,
+   and has switched to tunneling the current connection to that server
+   connection.
+   The tunneled data from the server begins immediately after the blank line
+   that concludes the successful response's header block.
+   A server &SHOULD-NOT; send any Transfer-Encoding or Content-Length
+   header fields in a successful response.
+   A client &MUST; ignore any Content-Length or Transfer-Encoding header
+   fields received in a successful response.
+</t>
+<t>
+   Any response other than a successful response indicates that the tunnel
+   has not yet been formed and that the connection remains governed by HTTP.
+</t>
+<t>
+   Proxy authentication might be used to establish the
+   authority to create a tunnel:
+</t>
+<figure><artwork type="message/http; msgtype=&#34;request&#34;" x:indent-with="  ">
+CONNECT server.example.com:80 HTTP/1.1
+Host: server.example.com:80
+Proxy-Authorization: basic aGVsbG86d29ybGQ=
+</artwork></figure>
+<t>
+   A message body on a CONNECT request has no defined semantics. Sending a
+   body on a CONNECT request might cause existing implementations to reject
+   the request.
+</t>
+<t>
+   Similar to a pipelined HTTP/1.1 request, data to be tunneled from client
+   to server &MAY; be sent immediately after the request (before a response
+   is received). The usual caveats also apply:
+   data may be discarded if the eventual response is negative, and the
+   connection may be reset with no response if more than one TCP segment
+   is outstanding.
+</t>
+<t>
+   It may be the case that the proxy itself can only reach the requested
+   origin server through another proxy.  In this case, the first proxy
+   &SHOULD; make a CONNECT request of that next proxy, requesting a tunnel
+   to the authority.  A proxy &MUST-NOT; respond with any 2xx status code
+   unless it has either a direct or tunnel connection established to the
+   authority.
+</t>
+<t>
+   If at any point either one of the peers gets disconnected, any
+   outstanding data that came from that peer will be passed to the other
+   one, and after that also the other connection will be terminated by
+   the proxy. If there is outstanding data to that peer undelivered,
+   that data will be discarded.
+</t>
+<t>
+   An origin server which receives a CONNECT request for itself &MAY;
+   respond with a 2xx status code to indicate that a connection is
+   established.  However, most origin servers do not implement CONNECT.
+</t>
+</section>
+</section>
 <section title="Common Protocol Parameters" anchor="common.protocol.parameters">
 <section title="Date/Time Formats" anchor="http.date">
 …
 </t>
 <t>
-  Clarify definition of POST.
-  (<xref target="POST"/>)
-</t>
-<t>
-  Remove requirement to handle all Content-* header fields; ban use of
-  Content-Range with PUT.
-  (<xref target="PUT"/>)
-</t>
-<t>
-  Take over definition of CONNECT method from <xref target="RFC2817"/>.
-  (<xref target="CONNECT"/>)
-</t>
-<t>
   Broadened the definition of 203 (Non-Authoritative Information) to include
   cases of payload transformations as well.
 …
   <xref target="RFC2817"/>).
   (<xref target="status.426"/>)
+</t>
+<t>
+  Clarify definition of POST.
+  (<xref target="POST"/>)
+</t>
+<t>
+  Remove requirement to handle all Content-* header fields; ban use of
+  Content-Range with PUT.
+  (<xref target="PUT"/>)
+</t>
+<t>
+  Take over definition of CONNECT method from <xref target="RFC2817"/>.
+  (<xref target="CONNECT"/>)
 </t>
 <t>

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 1618 for draft-ietf-httpbis/latest/p2-semantics.xml

Legend:

draft-ietf-httpbis/latest/p2-semantics.xml

Download in other formats: