Ignore:
Timestamp:
14/09/13 20:24:52 (8 years ago)
Author:
fielding@…
Message:

strengthen requirements on Referrer, rfc850-date, and Location fragment inheritance; addresses #475

File:
1 edited

Legend:

Unmodified
Added
Removed

  • draft-ietf-httpbis/latest/p2-semantics.html

    r2395 r2396  
    21252125         is a privacy concern if the referring resource's identifier reveals personal information (such as an account name) or a resource
    21262126         that is supposed to be confidential (such as behind a firewall or internal to a secured service). Most general-purpose user
    2127          agents do not send the Referer header field when the referring resource is a local "file" or "data" URI. A user agent <em class="bcp14">SHOULD NOT</em> send a <a href="#header.referer" class="smpl">Referer</a> header field in an unsecured HTTP request if the referring page was received with a secure protocol. See <a href="#sensitive.information.in.uris" title="Sensitive Information in URIs">Section&nbsp;9.3</a> for additional security considerations.
     2127         agents do not send the Referer header field when the referring resource is a local "file" or "data" URI. A user agent <em class="bcp14">MUST NOT</em> send a <a href="#header.referer" class="smpl">Referer</a> header field in an unsecured HTTP request if the referring page was received with a secure protocol. See <a href="#sensitive.information.in.uris" title="Sensitive Information in URIs">Section&nbsp;9.3</a> for additional security considerations.
    21282128      </p>
    21292129      <p id="rfc.section.5.5.2.p.8">Some intermediaries have been known to indiscriminately remove Referer header fields from outgoing requests. This has the
     
    29602960</pre><p id="rfc.section.7.1.1.1.p.13">HTTP-date is case sensitive. A sender <em class="bcp14">MUST NOT</em> generate additional whitespace in an HTTP-date beyond that specifically included as SP in the grammar. The semantics of <a href="#preferred.date.format" class="smpl">day-name</a>, <a href="#preferred.date.format" class="smpl">day</a>, <a href="#preferred.date.format" class="smpl">month</a>, <a href="#preferred.date.format" class="smpl">year</a>, and <a href="#preferred.date.format" class="smpl">time-of-day</a> are the same as those defined for the Internet Message Format constructs with the corresponding name (<a href="#RFC5322" id="rfc.xref.RFC5322.5"><cite title="Internet Message Format">[RFC5322]</cite></a>, <a href="http://tools.ietf.org/html/rfc5322#section-3.3">Section 3.3</a>).
    29612961      </p>
    2962       <p id="rfc.section.7.1.1.1.p.14">Recipients of a timestamp value in rfc850-date format, which uses a two-digit year, <em class="bcp14">SHOULD</em> interpret a timestamp that appears to be more than 50 years in the future as representing the most recent year in the past
     2962      <p id="rfc.section.7.1.1.1.p.14">Recipients of a timestamp value in rfc850-date format, which uses a two-digit year, <em class="bcp14">MUST</em> interpret a timestamp that appears to be more than 50 years in the future as representing the most recent year in the past
    29632963         that had the same last two digits.
    29642964      </p>
     
    30043004      <p id="rfc.section.7.1.2.p.4">For <a href="#status.201" class="smpl">201 (Created)</a> responses, the Location value refers to the primary resource created by the request. For <a href="#status.3xx" class="smpl">3xx (Redirection)</a> responses, the Location value refers to the preferred target resource for automatically redirecting the request.
    30053005      </p>
    3006       <p id="rfc.section.7.1.2.p.5">When Location is provided in a <a href="#status.3xx" class="smpl">3xx (Redirection)</a> response and the URI reference that the user agent used to generate the request target contains a fragment identifier, the
    3007          user agent <em class="bcp14">SHOULD</em> process the redirection as if the Location field value inherits the original fragment. In other words, if the Location does
    3008          not have a fragment component, the user agent <em class="bcp14">SHOULD</em> interpret the Location reference as if it had the original reference's fragment.
     3006      <p id="rfc.section.7.1.2.p.5">If the Location value provided in a <a href="#status.3xx" class="smpl">3xx (Redirection)</a> does not have a fragment component, a user agent <em class="bcp14">MUST</em> process the redirection as if the value inherits the fragment component of the URI reference used to generate the request
     3007         target (i.e., the redirection inherits the original reference's fragment, if any).
    30093008      </p>
    30103009      <div id="rfc.figure.u.53"></div>
Note: See TracChangeset for help on using the changeset viewer.