Ignore:
Timestamp:
15/01/14 17:14:38 (6 years ago)
Author:
julian.reschke@…
Message:

augment security considerations with pointers to current research (see #549)

File:
1 edited

Legend:

Unmodified
Added
Removed
  • draft-ietf-httpbis/latest/p2-semantics.html

    r2542 r2547  
    448448  }
    449449  @bottom-center {
    450        content: "Expires July 12, 2014";
     450       content: "Expires July 19, 2014";
    451451  }
    452452  @bottom-right {
     
    493493      <meta name="dct.creator" content="Reschke, J. F.">
    494494      <meta name="dct.identifier" content="urn:ietf:id:draft-ietf-httpbis-p2-semantics-latest">
    495       <meta name="dct.issued" scheme="ISO8601" content="2014-01-08">
     495      <meta name="dct.issued" scheme="ISO8601" content="2014-01-15">
    496496      <meta name="dct.replaces" content="urn:ietf:rfc:2616">
    497497      <meta name="dct.abstract" content="The Hypertext Transfer Protocol (HTTP) is an application-level protocol for distributed, collaborative, hypertext information systems. This document defines the semantics of HTTP/1.1 messages, as expressed by request methods, request header fields, response status codes, and response header fields, along with the payload of messages (metadata and body content) and mechanisms for content negotiation.">
     
    521521            <tr>
    522522               <td class="left">Intended status: Standards Track</td>
    523                <td class="right">January 8, 2014</td>
     523               <td class="right">January 15, 2014</td>
    524524            </tr>
    525525            <tr>
    526                <td class="left">Expires: July 12, 2014</td>
     526               <td class="left">Expires: July 19, 2014</td>
    527527               <td class="right"></td>
    528528            </tr>
     
    553553            in progress”.
    554554         </p>
    555          <p>This Internet-Draft will expire on July 12, 2014.</p>
     555         <p>This Internet-Draft will expire on July 19, 2014.</p>
    556556      </div>
    557557      <div id="rfc.copyrightnotice">
     
    859859         <p id="rfc.section.3.p.3">An origin server might be provided with, or capable of generating, multiple representations that are each intended to reflect
    860860            the current state of a <a href="#resources" class="smpl">target resource</a>. In such cases, some algorithm is used by the origin server to select one of those representations as most applicable to
    861             a given request, usually based on <a href="#content.negotiation" class="smpl">content negotiation</a>. We refer to that one representation as the "<dfn>selected representation</dfn>" and use its particular data and metadata for evaluating conditional requests <a href="#Part4" id="rfc.xref.Part4.1"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Conditional Requests">[Part4]</cite></a> and constructing the payload for <a href="#status.200" class="smpl">200 (OK)</a> and <a href="p4-conditional.html#status.304" class="smpl">304 (Not Modified)</a> responses to GET (<a href="#GET" id="rfc.xref.GET.1" title="GET">Section&nbsp;4.3.1</a>).
     861            a given request, usually based on <a href="#content.negotiation" class="smpl">content negotiation</a>. We refer to that one representation as the "<dfn>selected representation</dfn>" and use its particular data and metadata for evaluating conditional requests <a href="#Part4" id="rfc.xref.Part4.1"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Conditional Requests">[Part4]</cite></a> and constructing the payload for <a href="#status.200" class="smpl">200 (OK)</a> and
     862            <div class="error">ERROR: Anchor '304 (Not Modified)' not found in source file 'p4-conditional.xml'. (at line 325)</div><a href="http://tools.ietf.org/html/draft-ietf-httpbis-p4-conditional-latest" class="smpl">304 (Not Modified)</a> responses to GET (<a href="#GET" id="rfc.xref.GET.1" title="GET">Section&nbsp;4.3.1</a>).
    862863         </p>
    863864         <div id="representation.metadata">
     
    965966                  <p id="rfc.section.3.1.1.4.p.2">HTTP message framing does not use the multipart boundary as an indicator of message body length, though it might be used by
    966967                     implementations that generate or process the payload. For example, the "multipart/form-data" type is often used for carrying
    967                      form data in a request, as described in <a href="#RFC2388" id="rfc.xref.RFC2388.1"><cite title="Returning Values from Forms: multipart/form-data">[RFC2388]</cite></a>, and the "multipart/byteranges" type is defined by this specification for use in some <a href="p5-range.html#status.206" class="smpl">206 (Partial Content)</a> responses <a href="#Part5" id="rfc.xref.Part5.1"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Range Requests">[Part5]</cite></a>.
     968                     form data in a request, as described in <a href="#RFC2388" id="rfc.xref.RFC2388.1"><cite title="Returning Values from Forms: multipart/form-data">[RFC2388]</cite></a>, and the "multipart/byteranges" type is defined by this specification for use in some
     969                     <div class="error">ERROR: Anchor '206 (Partial Content)' not found in source file 'p5-range.xml'. (at line 478)</div><a href="http://tools.ietf.org/html/draft-ietf-httpbis-p5-range-latest" class="smpl">206 (Partial Content)</a> responses <a href="#Part5" id="rfc.xref.Part5.1"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Range Requests">[Part5]</cite></a>.
    968970                  </p>
    969971               </div>
     
    11131115                  <p id="rfc.section.3.1.4.1.p.3">For a response message, the following rules are applied in order until a match is found: </p>
    11141116                  <ol>
    1115                      <li>If the request is GET or HEAD and the response status code is <a href="#status.200" class="smpl">200 (OK)</a>, <a href="#status.204" class="smpl">204 (No Content)</a>, <a href="p5-range.html#status.206" class="smpl">206 (Partial Content)</a>, or <a href="p4-conditional.html#status.304" class="smpl">304 (Not Modified)</a>, the payload is a representation of the resource identified by the effective request URI (<a href="p1-messaging.html#effective.request.uri" title="Effective Request URI">Section 5.5</a> of <a href="#Part1" id="rfc.xref.Part1.11"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>).
     1117                     <li>If the request is GET or HEAD and the response status code is <a href="#status.200" class="smpl">200 (OK)</a>, <a href="#status.204" class="smpl">204 (No Content)</a>,
     1118                        <div class="error">ERROR: Anchor '206 (Partial Content)' not found in source file 'p5-range.xml'. (at line 743)</div><a href="http://tools.ietf.org/html/draft-ietf-httpbis-p5-range-latest" class="smpl">206 (Partial Content)</a>, or
     1119                        <div class="error">ERROR: Anchor '304 (Not Modified)' not found in source file 'p4-conditional.xml'. (at line 744)</div><a href="http://tools.ietf.org/html/draft-ietf-httpbis-p4-conditional-latest" class="smpl">304 (Not Modified)</a>, the payload is a representation of the resource identified by the effective request URI (<a href="p1-messaging.html#effective.request.uri" title="Effective Request URI">Section 5.5</a> of <a href="#Part1" id="rfc.xref.Part1.11"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>).
    11161120                     </li>
    11171121                     <li>If the request is GET or HEAD and the response status code is <a href="#status.203" class="smpl">203 (Non-Authoritative Information)</a>, the payload is a potentially modified or enhanced representation of the <a href="#resources" class="smpl">target resource</a> as provided by an intermediary.
     
    11901194            <h2 id="rfc.section.3.3"><a href="#rfc.section.3.3">3.3</a>&nbsp;<a href="#payload">Payload Semantics</a></h2>
    11911195            <p id="rfc.section.3.3.p.1">Some HTTP messages transfer a complete or partial representation as the message "<dfn>payload</dfn>". In some cases, a payload might contain only the associated representation's header fields (e.g., responses to HEAD) or
    1192                only some part(s) of the representation data (e.g., the <a href="p5-range.html#status.206" class="smpl">206 (Partial Content)</a> status code).
     1196               only some part(s) of the representation data (e.g., the
     1197               <div class="error">ERROR: Anchor '206 (Partial Content)' not found in source file 'p5-range.xml'. (at line 884)</div><a href="http://tools.ietf.org/html/draft-ietf-httpbis-p5-range-latest" class="smpl">206 (Partial Content)</a> status code).
    11931198            </p>
    11941199            <p id="rfc.section.3.3.p.2">The purpose of a payload in a request is defined by the method semantics. For example, a representation in the payload of
     
    12191224                     <tr>
    12201225                        <td class="left">Content-Range</td>
    1221                         <td class="left"><a href="p5-range.html#header.content-range" title="Content-Range">Section 4.2</a> of <a href="#Part5" id="rfc.xref.Part5.2"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Range Requests">[Part5]</cite></a></td>
     1226                        <td class="left"><a href="p5-range.html#header.content-range" title="ERROR: Anchor 'header.content-range' not found in p5-range.xml.">Appendix ERROR: Anchor 'header.content-range' in Part5 not found in source file 'p5-range.xml'.</a> of <a href="#Part5" id="rfc.xref.Part5.2"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Range Requests">[Part5]</cite></a></td>
    12221227                     </tr>
    12231228                     <tr>
     
    14751480               </p>
    14761481               <p id="rfc.section.4.3.1.p.3">A client can alter the semantics of GET to be a "range request", requesting transfer of only some part(s) of the selected
    1477                   representation, by sending a <a href="p5-range.html#header.range" class="smpl">Range</a> header field in the request (<a href="#Part5" id="rfc.xref.Part5.3"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Range Requests">[Part5]</cite></a>).
     1482                  representation, by sending a
     1483                  <div class="error">ERROR: Anchor 'Range' not found in source file 'p5-range.xml'. (at line 1318)</div><a href="http://tools.ietf.org/html/draft-ietf-httpbis-p5-range-latest" class="smpl">Range</a> header field in the request (<a href="#Part5" id="rfc.xref.Part5.3"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Range Requests">[Part5]</cite></a>).
    14781484               </p>
    14791485               <p id="rfc.section.4.3.1.p.4">A payload within a GET request message has no defined semantics; sending a payload body on a GET request might cause some
     
    15621568                  the server.
    15631569               </p>
    1564                <p id="rfc.section.4.3.4.p.7">An origin server <em class="bcp14">MUST NOT</em> send a validator header field (<a href="#response.validator" title="Validator Header Fields">Section&nbsp;7.2</a>), such as an <a href="p4-conditional.html#header.etag" class="smpl">ETag</a> or <a href="p4-conditional.html#header.last-modified" class="smpl">Last-Modified</a> field, in a successful response to PUT unless the request's representation data was saved without any transformation applied
     1570               <p id="rfc.section.4.3.4.p.7">An origin server <em class="bcp14">MUST NOT</em> send a validator header field (<a href="#response.validator" title="Validator Header Fields">Section&nbsp;7.2</a>), such as an
     1571                  <div class="error">ERROR: Anchor 'ETag' not found in source file 'p4-conditional.xml'. (at line 1491)</div><a href="http://tools.ietf.org/html/draft-ietf-httpbis-p4-conditional-latest" class="smpl">ETag</a> or
     1572                  <div class="error">ERROR: Anchor 'Last-Modified' not found in source file 'p4-conditional.xml'. (at line 1492)</div><a href="http://tools.ietf.org/html/draft-ietf-httpbis-p4-conditional-latest" class="smpl">Last-Modified</a> field, in a successful response to PUT unless the request's representation data was saved without any transformation applied
    15651573                  to the body (i.e., the resource's new representation data is identical to the representation data received in the PUT request)
    15661574                  and the validator field value reflects the new representation. This requirement allows a user agent to know when the representation
     
    15851593                  and might also cause links to be added between the related resources.
    15861594               </p>
    1587                <p id="rfc.section.4.3.4.p.11">An origin server that allows PUT on a given target resource <em class="bcp14">MUST</em> send a <a href="#status.400" class="smpl">400 (Bad Request)</a> response to a PUT request that contains a <a href="p5-range.html#header.content-range" class="smpl">Content-Range</a> header field (<a href="p5-range.html#header.content-range" title="Content-Range">Section 4.2</a> of <a href="#Part5" id="rfc.xref.Part5.4"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Range Requests">[Part5]</cite></a>), since the payload is likely to be partial content that has been mistakenly PUT as a full representation. Partial content
     1595               <p id="rfc.section.4.3.4.p.11">An origin server that allows PUT on a given target resource <em class="bcp14">MUST</em> send a <a href="#status.400" class="smpl">400 (Bad Request)</a> response to a PUT request that contains a
     1596                  <div class="error">ERROR: Anchor 'Content-Range' not found in source file 'p5-range.xml'. (at line 1539)</div><a href="http://tools.ietf.org/html/draft-ietf-httpbis-p5-range-latest" class="smpl">Content-Range</a> header field (<a href="p5-range.html#header.content-range" title="ERROR: Anchor 'header.content-range' not found in p5-range.xml.">Appendix ERROR: Anchor 'header.content-range' in Part5 not found in source file 'p5-range.xml'.</a> of <a href="#Part5" id="rfc.xref.Part5.4"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Range Requests">[Part5]</cite></a>), since the payload is likely to be partial content that has been mistakenly PUT as a full representation. Partial content
    15881597                  updates are possible by targeting a separately identified resource with state that overlaps a portion of the larger resource,
    15891598                  or by using a different method that has been specifically defined for partial updates (for example, the PATCH method defined
     
    17511760                     <tr>
    17521761                        <td class="left">Range</td>
    1753                         <td class="left"><a href="p5-range.html#header.range" title="Range">Section 3.1</a> of <a href="#Part5" id="rfc.xref.Part5.5"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Range Requests">[Part5]</cite></a></td>
     1762                        <td class="left"><a href="p5-range.html#header.range" title="ERROR: Anchor 'header.range' not found in p5-range.xml.">Appendix ERROR: Anchor 'header.range' in Part5 not found in source file 'p5-range.xml'.</a> of <a href="#Part5" id="rfc.xref.Part5.5"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Range Requests">[Part5]</cite></a></td>
    17541763                     </tr>
    17551764                     <tr>
     
    18511860               of a comparison between a set of validators obtained from prior representations of the target resource to the current state
    18521861               of validators for the <a href="#representations" class="smpl">selected representation</a> (<a href="#response.validator" title="Validator Header Fields">Section&nbsp;7.2</a>). Hence, these preconditions evaluate whether the state of the target resource has changed since a given state known by the
    1853                client. The effect of such an evaluation depends on the method semantics and choice of conditional, as defined in <a href="p4-conditional.html#evaluation" title="Evaluation">Section 5</a> of <a href="#Part4" id="rfc.xref.Part4.4"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Conditional Requests">[Part4]</cite></a>.
     1862               client. The effect of such an evaluation depends on the method semantics and choice of conditional, as defined in <a href="p4-conditional.html#evaluation" title="ERROR: Anchor 'evaluation' not found in p4-conditional.xml.">Appendix ERROR: Anchor 'evaluation' in Part4 not found in source file 'p4-conditional.xml'.</a> of <a href="#Part4" id="rfc.xref.Part4.4"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Conditional Requests">[Part4]</cite></a>.
    18541863            </p>
    18551864            <div id="rfc.table.u.4">
     
    18641873                     <tr>
    18651874                        <td class="left">If-Match</td>
    1866                         <td class="left"><a href="p4-conditional.html#header.if-match" title="If-Match">Section 3.1</a> of <a href="#Part4" id="rfc.xref.Part4.5"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Conditional Requests">[Part4]</cite></a></td>
     1875                        <td class="left"><a href="p4-conditional.html#header.if-match" title="ERROR: Anchor 'header.if-match' not found in p4-conditional.xml.">Appendix ERROR: Anchor 'header.if-match' in Part4 not found in source file 'p4-conditional.xml'.</a> of <a href="#Part4" id="rfc.xref.Part4.5"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Conditional Requests">[Part4]</cite></a></td>
    18671876                     </tr>
    18681877                     <tr>
    18691878                        <td class="left">If-None-Match</td>
    1870                         <td class="left"><a href="p4-conditional.html#header.if-none-match" title="If-None-Match">Section 3.2</a> of <a href="#Part4" id="rfc.xref.Part4.6"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Conditional Requests">[Part4]</cite></a></td>
     1879                        <td class="left"><a href="p4-conditional.html#header.if-none-match" title="ERROR: Anchor 'header.if-none-match' not found in p4-conditional.xml.">Appendix ERROR: Anchor 'header.if-none-match' in Part4 not found in source file 'p4-conditional.xml'.</a> of <a href="#Part4" id="rfc.xref.Part4.6"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Conditional Requests">[Part4]</cite></a></td>
    18711880                     </tr>
    18721881                     <tr>
    18731882                        <td class="left">If-Modified-Since</td>
    1874                         <td class="left"><a href="p4-conditional.html#header.if-modified-since" title="If-Modified-Since">Section 3.3</a> of <a href="#Part4" id="rfc.xref.Part4.7"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Conditional Requests">[Part4]</cite></a></td>
     1883                        <td class="left"><a href="p4-conditional.html#header.if-modified-since" title="ERROR: Anchor 'header.if-modified-since' not found in p4-conditional.xml.">Appendix ERROR: Anchor 'header.if-modified-since' in Part4 not found in source file 'p4-conditional.xml'.</a> of <a href="#Part4" id="rfc.xref.Part4.7"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Conditional Requests">[Part4]</cite></a></td>
    18751884                     </tr>
    18761885                     <tr>
    18771886                        <td class="left">If-Unmodified-Since</td>
    1878                         <td class="left"><a href="p4-conditional.html#header.if-unmodified-since" title="If-Unmodified-Since">Section 3.4</a> of <a href="#Part4" id="rfc.xref.Part4.8"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Conditional Requests">[Part4]</cite></a></td>
     1887                        <td class="left"><a href="p4-conditional.html#header.if-unmodified-since" title="ERROR: Anchor 'header.if-unmodified-since' not found in p4-conditional.xml.">Appendix ERROR: Anchor 'header.if-unmodified-since' in Part4 not found in source file 'p4-conditional.xml'.</a> of <a href="#Part4" id="rfc.xref.Part4.8"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Conditional Requests">[Part4]</cite></a></td>
    18791888                     </tr>
    18801889                     <tr>
    18811890                        <td class="left">If-Range</td>
    1882                         <td class="left"><a href="p5-range.html#header.if-range" title="If-Range">Section 3.2</a> of <a href="#Part5" id="rfc.xref.Part5.6"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Range Requests">[Part5]</cite></a></td>
     1891                        <td class="left"><a href="p5-range.html#header.if-range" title="ERROR: Anchor 'header.if-range' not found in p5-range.xml.">Appendix ERROR: Anchor 'header.if-range' in Part5 not found in source file 'p5-range.xml'.</a> of <a href="#Part5" id="rfc.xref.Part5.6"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Range Requests">[Part5]</cite></a></td>
    18831892                     </tr>
    18841893                  </tbody>
     
    23072316         <div id="overview.of.status.codes">
    23082317            <h2 id="rfc.section.6.1"><a href="#rfc.section.6.1">6.1</a>&nbsp;<a href="#overview.of.status.codes">Overview of Status Codes</a></h2>
    2309             <p id="rfc.section.6.1.p.1">The status codes listed below are defined in this specification, <a href="p4-conditional.html#status.code.definitions" title="Status Code Definitions">Section 4</a> of <a href="#Part4" id="rfc.xref.Part4.9"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Conditional Requests">[Part4]</cite></a>, <a href="p5-range.html#range.response" title="Responses to a Range Request">Section 4</a> of <a href="#Part5" id="rfc.xref.Part5.7"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Range Requests">[Part5]</cite></a>, and <a href="p7-auth.html#status.code.definitions" title="Status Code Definitions">Section 3</a> of <a href="#Part7" id="rfc.xref.Part7.5"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Authentication">[Part7]</cite></a>. The reason phrases listed here are only recommendations — they can be replaced by local equivalents without affecting the
     2318            <p id="rfc.section.6.1.p.1">The status codes listed below are defined in this specification, <a href="p4-conditional.html#status.code.definitions" title="ERROR: Anchor 'status.code.definitions' not found in p4-conditional.xml.">Appendix ERROR: Anchor 'status.code.definitions' in Part4 not found in source file 'p4-conditional.xml'.</a> of <a href="#Part4" id="rfc.xref.Part4.9"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Conditional Requests">[Part4]</cite></a>, <a href="p5-range.html#range.response" title="ERROR: Anchor 'range.response' not found in p5-range.xml.">Appendix ERROR: Anchor 'range.response' in Part5 not found in source file 'p5-range.xml'.</a> of <a href="#Part5" id="rfc.xref.Part5.7"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Range Requests">[Part5]</cite></a>, and <a href="p7-auth.html#status.code.definitions" title="Status Code Definitions">Section 3</a> of <a href="#Part7" id="rfc.xref.Part7.5"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Authentication">[Part7]</cite></a>. The reason phrases listed here are only recommendations — they can be replaced by local equivalents without affecting the
    23102319               protocol.
    23112320            </p>
     
    23672376                        <td class="left">206</td>
    23682377                        <td class="left">Partial Content</td>
    2369                         <td id="status.206" class="left"><a href="p5-range.html#status.206" title="206 Partial Content">Section 4.1</a> of <a href="#Part5" id="rfc.xref.Part5.8"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Range Requests">[Part5]</cite></a></td>
     2378                        <td id="status.206" class="left"><a href="p5-range.html#status.206" title="ERROR: Anchor 'status.206' not found in p5-range.xml.">Appendix ERROR: Anchor 'status.206' in Part5 not found in source file 'p5-range.xml'.</a> of <a href="#Part5" id="rfc.xref.Part5.8"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Range Requests">[Part5]</cite></a></td>
    23702379                     </tr>
    23712380                     <tr>
     
    23922401                        <td class="left">304</td>
    23932402                        <td class="left">Not Modified</td>
    2394                         <td id="status.304" class="left"><a href="p4-conditional.html#status.304" title="304 Not Modified">Section 4.1</a> of <a href="#Part4" id="rfc.xref.Part4.10"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Conditional Requests">[Part4]</cite></a></td>
     2403                        <td id="status.304" class="left"><a href="p4-conditional.html#status.304" title="ERROR: Anchor 'status.304' not found in p4-conditional.xml.">Appendix ERROR: Anchor 'status.304' in Part4 not found in source file 'p4-conditional.xml'.</a> of <a href="#Part4" id="rfc.xref.Part4.10"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Conditional Requests">[Part4]</cite></a></td>
    23952404                     </tr>
    23962405                     <tr>
     
    24672476                        <td class="left">412</td>
    24682477                        <td class="left">Precondition Failed</td>
    2469                         <td id="status.412" class="left"><a href="p4-conditional.html#status.412" title="412 Precondition Failed">Section 4.2</a> of <a href="#Part4" id="rfc.xref.Part4.11"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Conditional Requests">[Part4]</cite></a></td>
     2478                        <td id="status.412" class="left"><a href="p4-conditional.html#status.412" title="ERROR: Anchor 'status.412' not found in p4-conditional.xml.">Appendix ERROR: Anchor 'status.412' in Part4 not found in source file 'p4-conditional.xml'.</a> of <a href="#Part4" id="rfc.xref.Part4.11"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Conditional Requests">[Part4]</cite></a></td>
    24702479                     </tr>
    24712480                     <tr>
     
    24872496                        <td class="left">416</td>
    24882497                        <td class="left">Range Not Satisfiable</td>
    2489                         <td id="status.416" class="left"><a href="p5-range.html#status.416" title="416 Range Not Satisfiable">Section 4.4</a> of <a href="#Part5" id="rfc.xref.Part5.9"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Range Requests">[Part5]</cite></a></td>
     2498                        <td id="status.416" class="left"><a href="p5-range.html#status.416" title="ERROR: Anchor 'status.416' not found in p5-range.xml.">Appendix ERROR: Anchor 'status.416' in Part5 not found in source file 'p5-range.xml'.</a> of <a href="#Part5" id="rfc.xref.Part5.9"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Range Requests">[Part5]</cite></a></td>
    24902499                     </tr>
    24912500                     <tr>
     
    26142623                  primary resource created by the request is identified by either a <a href="#header.location" class="smpl">Location</a> header field in the response or, if no <a href="#header.location" class="smpl">Location</a> field is received, by the effective request URI.
    26152624               </p>
    2616                <p id="rfc.section.6.3.2.p.2">The 201 response payload typically describes and links to the resource(s) created. See <a href="#response.validator" title="Validator Header Fields">Section&nbsp;7.2</a> for a discussion of the meaning and purpose of validator header fields, such as <a href="p4-conditional.html#header.etag" class="smpl">ETag</a> and <a href="p4-conditional.html#header.last-modified" class="smpl">Last-Modified</a>, in a 201 response.
     2625               <p id="rfc.section.6.3.2.p.2">The 201 response payload typically describes and links to the resource(s) created. See <a href="#response.validator" title="Validator Header Fields">Section&nbsp;7.2</a> for a discussion of the meaning and purpose of validator header fields, such as
     2626                  <div class="error">ERROR: Anchor 'ETag' not found in source file 'p4-conditional.xml'. (at line 2866)</div><a href="http://tools.ietf.org/html/draft-ietf-httpbis-p4-conditional-latest" class="smpl">ETag</a> and
     2627                  <div class="error">ERROR: Anchor 'Last-Modified' not found in source file 'p4-conditional.xml'. (at line 2866)</div><a href="http://tools.ietf.org/html/draft-ietf-httpbis-p4-conditional-latest" class="smpl">Last-Modified</a>, in a 201 response.
    26172628               </p>
    26182629            </div>
     
    26502661                  in the response payload body. Metadata in the response header fields refer to the <a href="#resources" class="smpl">target resource</a> and its <a href="#representations" class="smpl">selected representation</a> after the requested action was applied.
    26512662               </p>
    2652                <p id="rfc.section.6.3.5.p.2">For example, if a 204 status code is received in response to a PUT request and the response contains an <a href="p4-conditional.html#header.etag" class="smpl">ETag</a> header field, then the PUT was successful and the ETag field-value contains the entity-tag for the new representation of that
     2663               <p id="rfc.section.6.3.5.p.2">For example, if a 204 status code is received in response to a PUT request and the response contains an
     2664                  <div class="error">ERROR: Anchor 'ETag' not found in source file 'p4-conditional.xml'. (at line 2929)</div><a href="http://tools.ietf.org/html/draft-ietf-httpbis-p4-conditional-latest" class="smpl">ETag</a> header field, then the PUT was successful and the ETag field-value contains the entity-tag for the new representation of that
    26532665                  target resource.
    26542666               </p>
     
    27052717               </li>
    27062718               <li>
    2707                   <p>Redirection to a previously cached result, as in the <a href="p4-conditional.html#status.304" class="smpl">304 (Not Modified)</a> status code.
     2719                  <p>Redirection to a previously cached result, as in the
     2720                     <div class="error">ERROR: Anchor '304 (Not Modified)' not found in source file 'p4-conditional.xml'. (at line 3036)</div><a href="http://tools.ietf.org/html/draft-ietf-httpbis-p4-conditional-latest" class="smpl">304 (Not Modified)</a> status code.
    27082721                  </p>
    27092722               </li>
     
    33383351                     <tr>
    33393352                        <td class="left">ETag</td>
    3340                         <td class="left"><a href="p4-conditional.html#header.etag" title="ETag">Section 2.3</a> of <a href="#Part4" id="rfc.xref.Part4.13"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Conditional Requests">[Part4]</cite></a></td>
     3353                        <td class="left"><a href="p4-conditional.html#header.etag" title="ERROR: Anchor 'header.etag' not found in p4-conditional.xml.">Appendix ERROR: Anchor 'header.etag' in Part4 not found in source file 'p4-conditional.xml'.</a> of <a href="#Part4" id="rfc.xref.Part4.13"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Conditional Requests">[Part4]</cite></a></td>
    33413354                     </tr>
    33423355                     <tr>
    33433356                        <td class="left">Last-Modified</td>
    3344                         <td class="left"><a href="p4-conditional.html#header.last-modified" title="Last-Modified">Section 2.2</a> of <a href="#Part4" id="rfc.xref.Part4.14"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Conditional Requests">[Part4]</cite></a></td>
     3357                        <td class="left"><a href="p4-conditional.html#header.last-modified" title="ERROR: Anchor 'header.last-modified' not found in p4-conditional.xml.">Appendix ERROR: Anchor 'header.last-modified' in Part4 not found in source file 'p4-conditional.xml'.</a> of <a href="#Part4" id="rfc.xref.Part4.14"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Conditional Requests">[Part4]</cite></a></td>
    33453358                     </tr>
    33463359                  </tbody>
     
    33893402                     <tr>
    33903403                        <td class="left">Accept-Ranges</td>
    3391                         <td class="left"><a href="p5-range.html#header.accept-ranges" title="Accept-Ranges">Section 2.3</a> of <a href="#Part5" id="rfc.xref.Part5.10"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Range Requests">[Part5]</cite></a></td>
     3404                        <td class="left"><a href="p5-range.html#header.accept-ranges" title="ERROR: Anchor 'header.accept-ranges' not found in p5-range.xml.">Appendix ERROR: Anchor 'header.accept-ranges' in Part5 not found in source file 'p5-range.xml'.</a> of <a href="#Part5" id="rfc.xref.Part5.10"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Range Requests">[Part5]</cite></a></td>
    33923405                     </tr>
    33933406                     <tr>
     
    41384151            semantics and its use for transferring information over the Internet. Considerations related to message syntax, parsing, and
    41394152            routing are discussed in <a href="p1-messaging.html#security.considerations" title="Security Considerations">Section 9</a> of <a href="#Part1" id="rfc.xref.Part1.42"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>.
     4153         </p>
     4154         <p id="rfc.section.9.p.2">The list of considerations below is not exhaustive — security analysis in an ongoing activity. Various organizations, such
     4155            as the "Open Web Application Security Project" (OWASP, &lt;<a href="https://www.owasp.org/">https://www.owasp.org/</a>&gt;), provide information about current research.
    41404156         </p>
    41414157         <div id="attack.pathname">
     
    44984514               fold long lines. MHTML messages being transported by HTTP follow all conventions of MHTML, including line length limitations
    44994515               and folding, canonicalization, etc., since HTTP transfers message-bodies as payload and, aside from the "multipart/byteranges"
    4500                type (<a href="p5-range.html#internet.media.type.multipart.byteranges" title="Internet Media Type multipart/byteranges">Appendix A</a> of <a href="#Part5" id="rfc.xref.Part5.12"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Range Requests">[Part5]</cite></a>), does not interpret the content or any MIME header lines that might be contained therein.
     4516               type (<a href="p5-range.html#internet.media.type.multipart.byteranges" title="ERROR: Anchor 'internet.media.type.multipart.byteranges' not found in p5-range.xml.">Appendix ERROR: Anchor 'internet.media.type.multipart.byteranges' in Part5 not found in source file 'p5-range.xml'.</a> of <a href="#Part5" id="rfc.xref.Part5.12"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Range Requests">[Part5]</cite></a>), does not interpret the content or any MIME header lines that might be contained therein.
    45014517            </p>
    45024518         </div>
     
    45224538         <p id="rfc.section.B.p.6">To be consistent with the method-neutral parsing algorithm of <a href="#Part1" id="rfc.xref.Part1.45"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a>, the definition of GET has been relaxed so that requests can have a body, even though a body has no meaning for GET. (<a href="#GET" id="rfc.xref.GET.5" title="GET">Section&nbsp;4.3.1</a>)
    45234539         </p>
    4524          <p id="rfc.section.B.p.7">Servers are no longer required to handle all Content-* header fields and use of <a href="p5-range.html#header.content-range" class="smpl">Content-Range</a> has been explicitly banned in PUT requests. (<a href="#PUT" id="rfc.xref.PUT.4" title="PUT">Section&nbsp;4.3.4</a>)
     4540         <p id="rfc.section.B.p.7">Servers are no longer required to handle all Content-* header fields and use of
     4541            <div class="error">ERROR: Anchor 'Content-Range' not found in source file 'p5-range.xml'. (at line 5924)</div><a href="http://tools.ietf.org/html/draft-ietf-httpbis-p5-range-latest" class="smpl">Content-Range</a> has been explicitly banned in PUT requests. (<a href="#PUT" id="rfc.xref.PUT.4" title="PUT">Section&nbsp;4.3.4</a>)
    45254542         </p>
    45264543         <p id="rfc.section.B.p.8">Definition of the CONNECT method has been moved from <a href="#RFC2817" id="rfc.xref.RFC2817.2"><cite title="Upgrading to TLS Within HTTP/1.1">[RFC2817]</cite></a> to this specification. (<a href="#CONNECT" id="rfc.xref.CONNECT.3" title="CONNECT">Section&nbsp;4.3.6</a>)
     
    47594776               </li>
    47604777               <li>&lt;<a href="http://tools.ietf.org/wg/httpbis/trac/ticket/546">http://tools.ietf.org/wg/httpbis/trac/ticket/546</a>&gt;: "considerations for new headers: privacy"
     4778               </li>
     4779               <li>&lt;<a href="http://tools.ietf.org/wg/httpbis/trac/ticket/549">http://tools.ietf.org/wg/httpbis/trac/ticket/549</a>&gt;: "augment security considerations with pointers to current research"
    47614780               </li>
    47624781            </ul>
     
    49905009                  </li>
    49915010                  <li><em>Part4</em>&nbsp;&nbsp;<a href="#rfc.xref.Part4.1">3</a>, <a href="#rfc.xref.Part4.2">4.1</a>, <a href="#rfc.xref.Part4.3">5.2</a>, <a href="#rfc.xref.Part4.4">5.2</a>, <a href="#rfc.xref.Part4.5">5.2</a>, <a href="#rfc.xref.Part4.6">5.2</a>, <a href="#rfc.xref.Part4.7">5.2</a>, <a href="#rfc.xref.Part4.8">5.2</a>, <a href="#rfc.xref.Part4.9">6.1</a>, <a href="#rfc.xref.Part4.10">6.1</a>, <a href="#rfc.xref.Part4.11">6.1</a>, <a href="#rfc.xref.Part4.12">7.2</a>, <a href="#rfc.xref.Part4.13">7.2</a>, <a href="#rfc.xref.Part4.14">7.2</a>, <a href="#Part4"><b>11.1</b></a><ul>
    4992                         <li><em>Section 2.2</em>&nbsp;&nbsp;<a href="#rfc.xref.Part4.14">7.2</a></li>
    4993                         <li><em>Section 2.3</em>&nbsp;&nbsp;<a href="#rfc.xref.Part4.13">7.2</a></li>
    4994                         <li><em>Section 3.1</em>&nbsp;&nbsp;<a href="#rfc.xref.Part4.5">5.2</a></li>
    4995                         <li><em>Section 3.2</em>&nbsp;&nbsp;<a href="#rfc.xref.Part4.6">5.2</a></li>
    4996                         <li><em>Section 3.3</em>&nbsp;&nbsp;<a href="#rfc.xref.Part4.7">5.2</a></li>
    4997                         <li><em>Section 3.4</em>&nbsp;&nbsp;<a href="#rfc.xref.Part4.8">5.2</a></li>
    4998                         <li><em>Section 4</em>&nbsp;&nbsp;<a href="#rfc.xref.Part4.9">6.1</a></li>
    4999                         <li><em>Section 4.1</em>&nbsp;&nbsp;<a href="#rfc.xref.Part4.10">6.1</a></li>
    5000                         <li><em>Section 4.2</em>&nbsp;&nbsp;<a href="#rfc.xref.Part4.11">6.1</a></li>
    5001                         <li><em>Section 5</em>&nbsp;&nbsp;<a href="#rfc.xref.Part4.4">5.2</a></li>
     5011                        <li><em>Appendix </em>&nbsp;&nbsp;<a href="#rfc.xref.Part4.4">5.2</a></li>
     5012                        <li><em>Appendix </em>&nbsp;&nbsp;<a href="#rfc.xref.Part4.5">5.2</a></li>
     5013                        <li><em>Appendix </em>&nbsp;&nbsp;<a href="#rfc.xref.Part4.6">5.2</a></li>
     5014                        <li><em>Appendix </em>&nbsp;&nbsp;<a href="#rfc.xref.Part4.7">5.2</a></li>
     5015                        <li><em>Appendix </em>&nbsp;&nbsp;<a href="#rfc.xref.Part4.8">5.2</a></li>
     5016                        <li><em>Appendix </em>&nbsp;&nbsp;<a href="#rfc.xref.Part4.9">6.1</a></li>
     5017                        <li><em>Appendix </em>&nbsp;&nbsp;<a href="#rfc.xref.Part4.10">6.1</a></li>
     5018                        <li><em>Appendix </em>&nbsp;&nbsp;<a href="#rfc.xref.Part4.11">6.1</a></li>
     5019                        <li><em>Appendix </em>&nbsp;&nbsp;<a href="#rfc.xref.Part4.13">7.2</a></li>
     5020                        <li><em>Appendix </em>&nbsp;&nbsp;<a href="#rfc.xref.Part4.14">7.2</a></li>
    50025021                     </ul>
    50035022                  </li>
    50045023                  <li><em>Part5</em>&nbsp;&nbsp;<a href="#rfc.xref.Part5.1">3.1.1.4</a>, <a href="#rfc.xref.Part5.2">3.3</a>, <a href="#rfc.xref.Part5.3">4.3.1</a>, <a href="#rfc.xref.Part5.4">4.3.4</a>, <a href="#rfc.xref.Part5.5">5.1</a>, <a href="#rfc.xref.Part5.6">5.2</a>, <a href="#rfc.xref.Part5.7">6.1</a>, <a href="#rfc.xref.Part5.8">6.1</a>, <a href="#rfc.xref.Part5.9">6.1</a>, <a href="#rfc.xref.Part5.10">7.4</a>, <a href="#rfc.xref.Part5.11">8.1.2</a>, <a href="#Part5"><b>11.1</b></a>, <a href="#rfc.xref.Part5.12">A.6</a><ul>
    5005                         <li><em>Section 2.3</em>&nbsp;&nbsp;<a href="#rfc.xref.Part5.10">7.4</a></li>
    5006                         <li><em>Section 3.1</em>&nbsp;&nbsp;<a href="#rfc.xref.Part5.5">5.1</a></li>
    5007                         <li><em>Section 3.2</em>&nbsp;&nbsp;<a href="#rfc.xref.Part5.6">5.2</a></li>
    5008                         <li><em>Section 4</em>&nbsp;&nbsp;<a href="#rfc.xref.Part5.7">6.1</a></li>
    5009                         <li><em>Section 4.1</em>&nbsp;&nbsp;<a href="#rfc.xref.Part5.8">6.1</a></li>
    5010                         <li><em>Section 4.2</em>&nbsp;&nbsp;<a href="#rfc.xref.Part5.2">3.3</a>, <a href="#rfc.xref.Part5.4">4.3.4</a></li>
    5011                         <li><em>Section 4.4</em>&nbsp;&nbsp;<a href="#rfc.xref.Part5.9">6.1</a></li>
    5012                         <li><em>Appendix A</em>&nbsp;&nbsp;<a href="#rfc.xref.Part5.12">A.6</a></li>
     5024                        <li><em>Appendix </em>&nbsp;&nbsp;<a href="#rfc.xref.Part5.2">3.3</a>, <a href="#rfc.xref.Part5.4">4.3.4</a></li>
     5025                        <li><em>Appendix </em>&nbsp;&nbsp;<a href="#rfc.xref.Part5.5">5.1</a></li>
     5026                        <li><em>Appendix </em>&nbsp;&nbsp;<a href="#rfc.xref.Part5.6">5.2</a></li>
     5027                        <li><em>Appendix </em>&nbsp;&nbsp;<a href="#rfc.xref.Part5.7">6.1</a></li>
     5028                        <li><em>Appendix </em>&nbsp;&nbsp;<a href="#rfc.xref.Part5.8">6.1</a></li>
     5029                        <li><em>Appendix </em>&nbsp;&nbsp;<a href="#rfc.xref.Part5.9">6.1</a></li>
     5030                        <li><em>Appendix </em>&nbsp;&nbsp;<a href="#rfc.xref.Part5.10">7.4</a></li>
     5031                        <li><em>Appendix </em>&nbsp;&nbsp;<a href="#rfc.xref.Part5.12">A.6</a></li>
    50135032                     </ul>
    50145033                  </li>
Note: See TracChangeset for help on using the changeset viewer.