Changeset 1714 for draft-ietf-httpbis/latest
- Timestamp:
- 04/07/12 19:22:01 (10 years ago)
- Location:
- draft-ietf-httpbis/latest
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
draft-ietf-httpbis/latest/p1-messaging.html
r1713 r1714 1171 1171 </p> 1172 1172 <p id="rfc.section.3.1.1.p.8">Unfortunately, some user agents fail to properly encode hypertext references that have embedded whitespace, sending the characters 1173 directly instead of properly percent-encoding the disallowed characters. Recipients of an invalid request-line <em class="bcp14">SHOULD</em> respond with either a <a href="p2-semantics.html#status.400" class="smpl">400 (Bad Request)</a> error or a 301 (Moved Permanently)redirect with the request-target properly encoded. Recipients <em class="bcp14">SHOULD NOT</em> attempt to autocorrect and then process the request without a redirect, since the invalid request-line might be deliberately1173 directly instead of properly percent-encoding the disallowed characters. Recipients of an invalid request-line <em class="bcp14">SHOULD</em> respond with either a <a href="p2-semantics.html#status.400" class="smpl">400 (Bad Request)</a> error or a <a href="p2-semantics.html#status.301" class="smpl">301 (Moved Permanently)</a> redirect with the request-target properly encoded. Recipients <em class="bcp14">SHOULD NOT</em> attempt to autocorrect and then process the request without a redirect, since the invalid request-line might be deliberately 1174 1174 crafted to bypass security filters along the request chain. 1175 1175 </p> -
draft-ietf-httpbis/latest/p1-messaging.xml
r1713 r1714 1060 1060 directly instead of properly percent-encoding the disallowed characters. 1061 1061 Recipients of an invalid request-line &SHOULD; respond with either a 1062 <x:ref>400 (Bad Request)</x:ref> error or a 301 (Moved Permanently) redirect with the1063 re quest-target properly encoded. Recipients &SHOULD-NOT; attempt to1064 a utocorrect and then process the request without a redirect, since the1065 invalid request-line might be deliberately crafted to bypass1062 <x:ref>400 (Bad Request)</x:ref> error or a <x:ref>301 (Moved Permanently)</x:ref> 1063 redirect with the request-target properly encoded. Recipients &SHOULD-NOT; 1064 attempt to autocorrect and then process the request without a redirect, 1065 since the invalid request-line might be deliberately crafted to bypass 1066 1066 security filters along the request chain. 1067 1067 </t> … … 4109 4109 <seriesInfo name="Internet-Draft" value="draft-ietf-httpbis-p2-semantics-&ID-VERSION;"/> 4110 4110 <x:source href="p2-semantics.xml" basename="p2-semantics"> 4111 <x:defines>301 (Moved Permanently)</x:defines> 4111 4112 <x:defines>400 (Bad Request)</x:defines> 4112 4113 <x:defines>405 (Method Not Allowed)</x:defines> -
draft-ietf-httpbis/latest/p2-semantics.html
r1713 r1714 1030 1030 <p id="rfc.section.2.3.4.p.5">Responses to POST requests are only cacheable when they include explicit freshness information (see <a href="p6-cache.html#calculating.freshness.lifetime" title="Calculating Freshness Lifetime">Section 2.3.1</a> of <a href="#Part6" id="rfc.xref.Part6.4"><cite title="HTTP/1.1, part 6: Caching">[Part6]</cite></a>). A cached POST response with a Content-Location header field (see <a href="#header.content-location" id="rfc.xref.header.content-location.1" title="Content-Location">Section 9.8</a>) whose value is the effective Request URI <em class="bcp14">MAY</em> be used to satisfy subsequent GET and HEAD requests. 1031 1031 </p> 1032 <p id="rfc.section.2.3.4.p.6">Note that POST caching is not widely implemented. However, the 303 (See Other) response can be used to direct the user agent 1033 to retrieve a cacheable representation of the resource. 1032 <p id="rfc.section.2.3.4.p.6">Note that POST caching is not widely implemented. However, the <a href="#status.303" class="smpl">303 (See Other)</a> response can be used to direct the user agent to retrieve a cacheable representation of the resource. 1034 1033 </p> 1035 1034 <div id="rfc.iref.p.2"></div> … … 1077 1076 is intended to select a proper URI on behalf of the client, after receiving a state-changing request, <em class="bcp14">SHOULD</em> be implemented using the POST method rather than PUT. If the origin server will not make the requested PUT state change to 1078 1077 the target resource and instead wishes to have it applied to a different resource, such as when the resource has been moved 1079 to a different URI, then the origin server <em class="bcp14">MUST</em> send a 301 (Moved Permanently)response; the user agent <em class="bcp14">MAY</em> then make its own decision regarding whether or not to redirect the request.1078 to a different URI, then the origin server <em class="bcp14">MUST</em> send a <a href="#status.301" class="smpl">301 (Moved Permanently)</a> response; the user agent <em class="bcp14">MAY</em> then make its own decision regarding whether or not to redirect the request. 1080 1079 </p> 1081 1080 <p id="rfc.section.2.3.5.p.9">A PUT request applied to the target resource <em class="bcp14">MAY</em> have side-effects on other resources. For example, an article might have a URI for identifying "the current version" (a resource) … … 1771 1770 <li> 1772 1771 <p>Redirects of the request to another URI, either temporarily or permanently. The new URI is specified in the Location header 1773 field. In this specification, the status codes 301 (Moved Permanently), 302 (Found), and 307 (Temporary Redirect) fall under 1774 this category. 1772 field. In this specification, the status codes <a href="#status.301" class="smpl">301 (Moved Permanently)</a>, <a href="#status.302" class="smpl">302 (Found)</a>, and <a href="#status.307" class="smpl">307 (Temporary Redirect)</a> fall under this category. 1775 1773 </p> 1776 1774 </li> 1777 1775 <li> 1778 1776 <p>Redirection to a new location that represents an indirect response to the request, such as the result of a POST operation 1779 to be retrieved with a subsequent GET request. This is status code 303 (See Other). 1777 to be retrieved with a subsequent GET request. This is status code <a href="#status.303" class="smpl">303 (See 1778 Other)</a>. 1780 1779 </p> 1781 1780 </li> 1782 1781 <li> 1783 <p>Redirection offering a choice of matching resources for use by agent-driven content negotiation (<a href="#agent-driven.negotiation" title="Agent-driven Negotiation">Section 8.2</a>). This is status code 300 (Multiple Choices).1782 <p>Redirection offering a choice of matching resources for use by agent-driven content negotiation (<a href="#agent-driven.negotiation" title="Agent-driven Negotiation">Section 8.2</a>). This is status code <a href="#status.300" class="smpl">300 (Multiple Choices)</a>. 1784 1783 </p> 1785 1784 </li> … … 1791 1790 </ol> 1792 1791 <div class="note" id="rfc.section.4.5.p.3"> 1793 <p> <b>Note:</b> In HTTP/1.0, only the status codes 301 (Moved Permanently) and 302 (Found) were defined for the first type of redirect, and 1794 the second type did not exist at all (<a href="#RFC1945" id="rfc.xref.RFC1945.1"><cite title="Hypertext Transfer Protocol -- HTTP/1.0">[RFC1945]</cite></a>, <a href="http://tools.ietf.org/html/rfc1945#section-9.3">Section 9.3</a>). However it turned out that web forms using POST expected redirects to change the operation for the subsequent request to 1795 retrieval (GET). To address this use case, HTTP/1.1 introduced the second type of redirect with the status code 303 (See Other) 1796 (<a href="#RFC2068" id="rfc.xref.RFC2068.1"><cite title="Hypertext Transfer Protocol -- HTTP/1.1">[RFC2068]</cite></a>, <a href="http://tools.ietf.org/html/rfc2068#section-10.3.4">Section 10.3.4</a>). As user agents did not change their behavior to maintain backwards compatibility, the first revision of HTTP/1.1 added 1797 yet another status code, 307 (Temporary Redirect), for which the backwards compatibility problems did not apply (<a href="#RFC2616" id="rfc.xref.RFC2616.2"><cite title="Hypertext Transfer Protocol -- HTTP/1.1">[RFC2616]</cite></a>, <a href="http://tools.ietf.org/html/rfc2616#section-10.3.8">Section 10.3.8</a>). Over 10 years later, most user agents still do method rewriting for status codes 301 and 302, therefore this specification 1792 <p> <b>Note:</b> In HTTP/1.0, only the status codes <a href="#status.301" class="smpl">301 (Moved Permanently)</a> and <a href="#status.302" class="smpl">302 (Found)</a> were defined for the first type of redirect, and the second type did not exist at all (<a href="#RFC1945" id="rfc.xref.RFC1945.1"><cite title="Hypertext Transfer Protocol -- HTTP/1.0">[RFC1945]</cite></a>, <a href="http://tools.ietf.org/html/rfc1945#section-9.3">Section 9.3</a>). However it turned out that web forms using POST expected redirects to change the operation for the subsequent request to 1793 retrieval (GET). To address this use case, HTTP/1.1 introduced the second type of redirect with the status code <a href="#status.303" class="smpl">303 (See Other)</a> (<a href="#RFC2068" id="rfc.xref.RFC2068.1"><cite title="Hypertext Transfer Protocol -- HTTP/1.1">[RFC2068]</cite></a>, <a href="http://tools.ietf.org/html/rfc2068#section-10.3.4">Section 10.3.4</a>). As user agents did not change their behavior to maintain backwards compatibility, the first revision of HTTP/1.1 added 1794 yet another status code, <a href="#status.307" class="smpl">307 (Temporary Redirect)</a>, for which the backwards compatibility problems did not apply (<a href="#RFC2616" id="rfc.xref.RFC2616.2"><cite title="Hypertext Transfer Protocol -- HTTP/1.1">[RFC2616]</cite></a>, <a href="http://tools.ietf.org/html/rfc2616#section-10.3.8">Section 10.3.8</a>). Over 10 years later, most user agents still do method rewriting for status codes 301 and 302, therefore this specification 1798 1795 makes that behavior conformant in case the original request was POST. 1799 1796 </p> … … 1837 1834 </p> 1838 1835 <div class="note" id="rfc.section.4.5.2.p.4"> 1839 <p> <b>Note:</b> For historic reasons, user agents <em class="bcp14">MAY</em> change the request method from POST to GET for the subsequent request. If this behavior is undesired, status code 307 (Temporary 1840 Redirect) can be used instead. 1836 <p> <b>Note:</b> For historic reasons, user agents <em class="bcp14">MAY</em> change the request method from POST to GET for the subsequent request. If this behavior is undesired, status code <a href="#status.307" class="smpl">307 (Temporary Redirect)</a> can be used instead. 1841 1837 </p> 1842 1838 </div> … … 1850 1846 </p> 1851 1847 <div class="note" id="rfc.section.4.5.3.p.3"> 1852 <p> <b>Note:</b> For historic reasons, user agents <em class="bcp14">MAY</em> change the request method from POST to GET for the subsequent request. If this behavior is undesired, status code 307 (Temporary 1853 Redirect) can be used instead. 1848 <p> <b>Note:</b> For historic reasons, user agents <em class="bcp14">MAY</em> change the request method from POST to GET for the subsequent request. If this behavior is undesired, status code <a href="#status.307" class="smpl">307 (Temporary Redirect)</a> can be used instead. 1854 1849 </p> 1855 1850 </div> … … 1893 1888 </p> 1894 1889 <div class="note" id="rfc.section.4.5.7.p.3"> 1895 <p> <b>Note:</b> This status code is similar to 302 Found, except that it does not allow rewriting the request method from POST to GET. This 1896 specification defines no equivalent counterpart for 301 Moved Permanently (<a href="#draft-reschke-http-status-308" id="rfc.xref.draft-reschke-http-status-308.1"><cite title="The Hypertext Transfer Protocol (HTTP) Status Code 308 (Permanent Redirect)">[draft-reschke-http-status-308]</cite></a>, however, defines the status code 308 Permanent Redirect for this purpose). 1890 <p> <b>Note:</b> This status code is similar to <a href="#status.302" class="smpl">302 (Found)</a>, except that it does not allow rewriting the request method from POST to GET. This specification defines no equivalent counterpart 1891 for <a href="#status.301" class="smpl">301 (Moved 1892 Permanently)</a> (<a href="#draft-reschke-http-status-308" id="rfc.xref.draft-reschke-http-status-308.1"><cite title="The Hypertext Transfer Protocol (HTTP) Status Code 308 (Permanent Redirect)">[draft-reschke-http-status-308]</cite></a>, however, defines the status code 308 (Permanent Redirect) for this purpose). 1897 1893 </p> 1898 1894 </div> … … 2565 2561 and used within HTTP/1.1. 2566 2562 </p> 2567 <p id="rfc.section.8.2.p.4">This specification defines the 300 (Multiple Choices)and <a href="#status.406" class="smpl">406 (Not Acceptable)</a> status codes for enabling agent-driven negotiation when the server is unwilling or unable to provide a varying response using2563 <p id="rfc.section.8.2.p.4">This specification defines the <a href="#status.300" class="smpl">300 (Multiple Choices)</a> and <a href="#status.406" class="smpl">406 (Not Acceptable)</a> status codes for enabling agent-driven negotiation when the server is unwilling or unable to provide a varying response using 2568 2564 server-driven negotiation. 2569 2565 </p> -
draft-ietf-httpbis/latest/p2-semantics.xml
r1713 r1714 686 686 <t> 687 687 Note that POST caching is not widely implemented. 688 However, the 303 (See Other) response can be used to direct the689 user agent to retrieve a cacheable representation of the resource.688 However, the <x:ref>303 (See Other)</x:ref> response can be used to direct 689 the user agent to retrieve a cacheable representation of the resource. 690 690 </t> 691 691 </section> … … 779 779 wishes to have it applied to a different resource, such as when the 780 780 resource has been moved to a different URI, then the origin server 781 &MUST; send a 301 (Moved Permanently) response; the user agent &MAY;782 then make its own decision regarding whether or not to redirect the783 request.781 &MUST; send a <x:ref>301 (Moved Permanently)</x:ref> response; the user 782 agent &MAY; then make its own decision regarding whether or not to redirect 783 the request. 784 784 </t> 785 785 <t> … … 1516 1516 Redirects of the request to another URI, either temporarily or 1517 1517 permanently. The new URI is specified in the Location header field. 1518 In this specification, the status codes 301 (Moved Permanently), 1519 302 (Found), and 307 (Temporary Redirect) fall under this category. 1518 In this specification, the status codes <x:ref>301 (Moved Permanently)</x:ref>, 1519 <x:ref>302 (Found)</x:ref>, and <x:ref>307 (Temporary Redirect)</x:ref> 1520 fall under this category. 1520 1521 </t> 1521 1522 </x:lt> … … 1524 1525 Redirection to a new location that represents an indirect response to 1525 1526 the request, such as the result of a POST operation to be retrieved 1526 with a subsequent GET request. This is status code 303 (See Other). 1527 with a subsequent GET request. This is status code <x:ref>303 (See 1528 Other)</x:ref>. 1527 1529 </t> 1528 1530 </x:lt> … … 1531 1533 Redirection offering a choice of matching resources for use by 1532 1534 agent-driven content negotiation (&agent-driven-negotiation;). This 1533 is status code 300 (Multiple Choices).1535 is status code <x:ref>300 (Multiple Choices)</x:ref>. 1534 1536 </t> 1535 1537 </x:lt> … … 1544 1546 <x:note> 1545 1547 <t> 1546 &Note; In HTTP/1.0, only the status codes 301 (Moved Permanently)1547 and 302 (Found) were defined for the first type of redirect, and the second1548 type did not exist at all (<xref target="RFC1945" x:fmt="," x:sec="9.3"/>).1548 &Note; In HTTP/1.0, only the status codes <x:ref>301 (Moved Permanently)</x:ref> 1549 and <x:ref>302 (Found)</x:ref> were defined for the first type of redirect, 1550 and the second type did not exist at all (<xref target="RFC1945" x:fmt="," x:sec="9.3"/>). 1549 1551 However it turned out that web forms using POST expected redirects to change 1550 1552 the operation for the subsequent request to retrieval (GET). To address this 1551 1553 use case, HTTP/1.1 introduced the second type of redirect with the status 1552 code 303 (See Other)(<xref target="RFC2068" x:fmt="," x:sec="10.3.4"/>).1554 code <x:ref>303 (See Other)</x:ref> (<xref target="RFC2068" x:fmt="," x:sec="10.3.4"/>). 1553 1555 As user agents did not change their behavior to maintain backwards 1554 1556 compatibility, the first revision of HTTP/1.1 added yet another status code, 1555 307 (Temporary Redirect), for which the backwards compatibility problems did1556 not apply (<xref target="RFC2616" x:fmt="," x:sec="10.3.8"/>).1557 <x:ref>307 (Temporary Redirect)</x:ref>, for which the backwards 1558 compatibility problems did not apply (<xref target="RFC2616" x:fmt="," x:sec="10.3.8"/>). 1557 1559 Over 10 years later, most user agents still do method rewriting for 1558 1560 status codes 301 and 302, therefore this specification makes that behavior … … 1585 1587 <iref primary="true" item="300 Multiple Choices (status code)" x:for-anchor=""/> 1586 1588 <iref primary="true" item="Status Codes" subitem="300 Multiple Choices" x:for-anchor=""/> 1589 <x:anchor-alias value="300 (Multiple Choices)"/> 1587 1590 <t> 1588 1591 The target resource has more than one … … 1617 1620 <iref primary="true" item="301 Moved Permanently (status code)" x:for-anchor=""/> 1618 1621 <iref primary="true" item="Status Codes" subitem="301 Moved Permanently" x:for-anchor=""/> 1622 <x:anchor-alias value="301 (Moved Permanently)"/> 1619 1623 <t> 1620 1624 The target resource has been assigned a new permanent URI and any … … 1637 1641 &Note; For historic reasons, user agents &MAY; change the 1638 1642 request method from POST to GET for the subsequent request. If this 1639 behavior is undesired, status code 307 (Temporary Redirect) can be used1640 instead.1643 behavior is undesired, status code <x:ref>307 (Temporary Redirect)</x:ref> 1644 can be used instead. 1641 1645 </t> 1642 1646 </x:note> … … 1646 1650 <iref primary="true" item="302 Found (status code)" x:for-anchor=""/> 1647 1651 <iref primary="true" item="Status Codes" subitem="302 Found" x:for-anchor=""/> 1652 <x:anchor-alias value="302 (Found)"/> 1648 1653 <t> 1649 1654 The target resource resides temporarily under a different URI. … … 1660 1665 &Note; For historic reasons, user agents &MAY; change the 1661 1666 request method from POST to GET for the subsequent request. If this 1662 behavior is undesired, status code 307 (Temporary Redirect) can be used1663 instead.1667 behavior is undesired, status code <x:ref>307 (Temporary Redirect)</x:ref> 1668 can be used instead. 1664 1669 </t> 1665 1670 </x:note> … … 1669 1674 <iref primary="true" item="303 See Other (status code)" x:for-anchor=""/> 1670 1675 <iref primary="true" item="Status Codes" subitem="303 See Other" x:for-anchor=""/> 1676 <x:anchor-alias value="303 (See Other)"/> 1671 1677 <t> 1672 1678 The 303 status code indicates that the server is redirecting the … … 1729 1735 <iref primary="true" item="307 Temporary Redirect (status code)" x:for-anchor=""/> 1730 1736 <iref primary="true" item="Status Codes" subitem="307 Temporary Redirect" x:for-anchor=""/> 1737 <x:anchor-alias value="307 (Temporary Redirect)"/> 1731 1738 <t> 1732 1739 The target resource resides temporarily under a different URI. … … 1741 1748 <x:note> 1742 1749 <t> 1743 &Note; This status code is similar to 302 Found, except that1744 it does not allow rewriting the request method from POST to GET. This1745 specification defines no equivalent counterpart for 301 Moved Permanently1746 (<xref target="draft-reschke-http-status-308"/>, however, defines the1747 status code 308 Permanent Redirectfor this purpose).1750 &Note; This status code is similar to <x:ref>302 (Found)</x:ref>, except 1751 that it does not allow rewriting the request method from POST to GET. This 1752 specification defines no equivalent counterpart for <x:ref>301 (Moved 1753 Permanently)</x:ref> (<xref target="draft-reschke-http-status-308"/>, 1754 however, defines the status code 308 (Permanent Redirect) for this purpose). 1748 1755 </t> 1749 1756 </x:note> … … 2925 2932 </t> 2926 2933 <t> 2927 This specification defines the 300 (Multiple Choices) and <x:ref>406 (Not Acceptable)</x:ref>2928 status codes for enabling agent-driven negotiation when the server is2929 unwilling or unable to provide a varying response using server-driven2930 negotiation.2934 This specification defines the <x:ref>300 (Multiple Choices)</x:ref> and 2935 <x:ref>406 (Not Acceptable)</x:ref> status codes for enabling agent-driven 2936 negotiation when the server is unwilling or unable to provide a varying 2937 response using server-driven negotiation. 2931 2938 </t> 2932 2939 </section>
Note: See TracChangeset
for help on using the changeset viewer.