Changeset 2578
- Timestamp:
- 24/01/14 10:03:05 (8 years ago)
- Location:
- draft-ietf-httpbis/latest
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
draft-ietf-httpbis/latest/p2-semantics.html
r2577 r2578 1444 1444 <p id="rfc.section.4.2.2.p.3">Idempotent methods are distinguished because the request can be repeated automatically if a communication failure occurs before 1445 1445 the client is able to read the server's response. For example, if a client sends a PUT request and the underlying connection 1446 is closed before any response is received, then the client can establish a new connection and retry the idempotent request 1447 because it knows that repeating the request will have the same effect (even if the original request succeeded, though the 1448 status codes might differ in response). Note, however, that repeated communication failures might indicate that the server 1449 has failed in general, or that something in the request is triggering a connection drop. 1446 is closed before any response is received, then the client can establish a new connection and retry the idempotent request. 1447 It knows that repeating the request will have the same intended effect, even if the original request succeeded, though the 1448 response might differ. 1450 1449 </p> 1451 1450 </div> … … 2783 2782 <div id="rfc.iref.68"></div> 2784 2783 <h3 id="rfc.section.6.4.4"><a href="#rfc.section.6.4.4">6.4.4</a> <a href="#status.303">303 See Other</a></h3> 2785 <p id="rfc.section.6.4.4.p.1">The <dfn>303 (See Other)</dfn> status code indicates that the server is redirecting the user agent to a different resource, as indicated by a URI in the <a href="#header.location" class="smpl">Location</a> header field, that is intended to provide an indirect response to the original request. In order to satisfy the original request,2786 a user agent ought to perform a retrieval request using the Location URI (a GET or HEAD request if using HTTP), which can2787 itself be redirected further, and present the eventual result as an answer to the original request. Note that the new URI2788 in the Location header field is not considered equivalentto the effective request URI.2784 <p id="rfc.section.6.4.4.p.1">The <dfn>303 (See Other)</dfn> status code indicates that the server is redirecting the user agent to a different resource, as indicated by a URI in the <a href="#header.location" class="smpl">Location</a> header field, which is intended to provide an indirect response to the original request. A user agent can perform a retrieval 2785 request targeting that URI (a GET or HEAD request if using HTTP), which might also be redirected, and present the eventual 2786 result as an answer to the original request. Note that the new URI in the Location header field is not considered equivalent 2787 to the effective request URI. 2789 2788 </p> 2790 2789 <p id="rfc.section.6.4.4.p.2">This status code is applicable to any HTTP method. It is primarily used to allow the output of a POST action to redirect the … … 3285 3284 <div id="rfc.figure.u.58"></div><pre class="inline"><span id="rfc.iref.g.53"></span> <a href="#header.vary" class="smpl">Vary</a> = "*" / 1#<a href="#imported.abnf" class="smpl">field-name</a> 3286 3285 </pre><p id="rfc.section.7.1.4.p.3">A Vary field value of "*" signals that anything about the request might play a role in selecting the response representation, 3287 possibly including elements outside the message syntax (e.g., the client's network address) , and thus a recipient will not3288 be able to determine whether this response is appropriate for a later request without forwarding the request to the origin3289 server.A proxy <em class="bcp14">MUST NOT</em> generate a Vary field with a "*" value.3286 possibly including elements outside the message syntax (e.g., the client's network address). A recipient will not be able 3287 to determine whether this response is appropriate for a later request without forwarding the request to the origin server. 3288 A proxy <em class="bcp14">MUST NOT</em> generate a Vary field with a "*" value. 3290 3289 </p> 3291 3290 <p id="rfc.section.7.1.4.p.4">A Vary field value consisting of a comma-separated list of names indicates that the named request header fields, known as … … 4244 4243 information that is least expected by users is <a href="#proactive.negotiation" class="smpl">proactive negotiation</a> (<a href="#request.conneg" title="Content Negotiation">Section 5.3</a>), including the <a href="#header.accept" class="smpl">Accept</a>, <a href="#header.accept-charset" class="smpl">Accept-Charset</a>, <a href="#header.accept-encoding" class="smpl">Accept-Encoding</a>, and <a href="#header.accept-language" class="smpl">Accept-Language</a> header fields. 4245 4244 </p> 4246 <p id="rfc.section.9.7.p.4">In addition to the fingerprinting concern, detailed use of the <a href="#header.accept-language" class="smpl">Accept-Language</a> header field can reveal information the user might consider to be of a private nature , because the understanding of particular4247 language s is often strongly correlated to membership in a particular ethnic group. An approach that limits such loss of privacy4248 would be for a user agent to omit the sending of Accept-Language except for sites that have been whitelisted, perhaps via4249 interaction after detecting a <a href="#header.vary" class="smpl">Vary</a> header field that would indicatelanguage negotiation might be useful.4245 <p id="rfc.section.9.7.p.4">In addition to the fingerprinting concern, detailed use of the <a href="#header.accept-language" class="smpl">Accept-Language</a> header field can reveal information the user might consider to be of a private nature. For example, understanding a given 4246 language set might be strongly correlated to membership in a particular ethnic group. An approach that limits such loss of 4247 privacy would be for a user agent to omit the sending of Accept-Language except for sites that have been whitelisted, perhaps 4248 via interaction after detecting a <a href="#header.vary" class="smpl">Vary</a> header field that indicates language negotiation might be useful. 4250 4249 </p> 4251 4250 <p id="rfc.section.9.7.p.5">In environments where proxies are used to enhance privacy, user agents ought to be conservative in sending proactive negotiation -
draft-ietf-httpbis/latest/p2-semantics.xml
r2577 r2578 1262 1262 request and the underlying connection is closed before any response is 1263 1263 received, then the client can establish a new connection and retry the 1264 idempotent request because it knows that repeating the request will have 1265 the same effect (even if the original request succeeded, though the 1266 status codes might differ in response). 1267 Note, however, that repeated communication failures might indicate that 1268 the server has failed in general, or that something in the request is 1269 triggering a connection drop. 1264 idempotent request. It knows that repeating the request will have 1265 the same intended effect, even if the original request succeeded, though 1266 the response might differ. 1270 1267 </t> 1271 1268 </section> … … 3188 3185 The <x:dfn>303 (See Other)</x:dfn> status code indicates that the server is 3189 3186 redirecting the user agent to a different resource, as indicated by a URI 3190 in the <x:ref>Location</x:ref> header field, that is intended to provide an 3191 indirect response to the original request. In order to satisfy the original 3192 request, a user agent ought to perform a retrieval request using the 3193 Location URI (a GET or HEAD request if using HTTP), which can itself be 3194 redirected further, and present the eventual result as an answer to the 3195 original request. Note that the new URI in the Location header field is not 3196 considered equivalent to the effective request URI. 3187 in the <x:ref>Location</x:ref> header field, which is intended to provide 3188 an indirect response to the original request. A user agent can perform a 3189 retrieval request targeting that URI (a GET or HEAD request if using HTTP), 3190 which might also be redirected, and present the eventual result as an 3191 answer to the original request. Note that the new URI in the Location 3192 header field is not considered equivalent to the effective request URI. 3197 3193 </t> 3198 3194 <t> … … 4018 4014 A Vary field value of "*" signals that anything about the request might 4019 4015 play a role in selecting the response representation, possibly including 4020 elements outside the message syntax (e.g., the client's network address) ,4021 and thus arecipient will not be able to determine whether this response is4016 elements outside the message syntax (e.g., the client's network address). 4017 A recipient will not be able to determine whether this response is 4022 4018 appropriate for a later request without forwarding the request to the 4023 4019 origin server. A proxy &MUST-NOT; generate a Vary field with a "*" value. … … 5097 5093 In addition to the fingerprinting concern, detailed use of the 5098 5094 <x:ref>Accept-Language</x:ref> header field can reveal information the 5099 user might consider to be of a private nature , because the understanding of5100 particular languages is oftenstrongly correlated to membership in a5095 user might consider to be of a private nature. For example, understanding 5096 a given language set might be strongly correlated to membership in a 5101 5097 particular ethnic group. 5102 5098 An approach that limits such loss of privacy would be for a user agent 5103 5099 to omit the sending of Accept-Language except for sites that have been 5104 5100 whitelisted, perhaps via interaction after detecting a <x:ref>Vary</x:ref> 5105 header field that would indicatelanguage negotiation might be useful.5101 header field that indicates language negotiation might be useful. 5106 5102 </t> 5107 5103 <t>
Note: See TracChangeset
for help on using the changeset viewer.