|Network Working Group||J. F. Reschke|
|Intended status: Experimental Protocol||March 26, 2012|
|Expires: September 25, 2012|
The Hypertext Transfer Protocol (HTTP) Status Code 308 (Permanent Redirect)
This document specifies the additional HyperText Transfer Protocol (HTTP) Status Code 308 (Permanent Redirect).
Distribution of this document is unlimited. Although this is not a work item of the HTTPbis Working Group, comments should be sent to the Hypertext Transfer Protocol (HTTP) mailing list at email@example.com, which may be joined by sending a message with subject "subscribe" to firstname.lastname@example.org.
Discussions of the HTTPbis Working Group are archived at http://lists.w3.org/Archives/Public/ietf-http-wg/.
XML versions, latest edits, and the issues list for this document are available from http://greenbytes.de/tech/webdav/#draft-reschke-http-status-308.
Test cases related to redirection in general and the status code 308 in particular can be found at http://greenbytes.de/tech/tc/httpredirects/#l-308.
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 25, 2012.
Copyright (c) 2012 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
HTTP defines a set of status codes for the purpose of redirecting a request to a different URI ([RFC3986]). The history of these status codes is summarized in Section 7.3 of [draft-ietf-httpbis-p2-semantics], which also classifies the existing status codes into four categories.
The first of these categories contains the status codes 301 (Moved Permanently), 302 (Found), and 307 (Temporary Redirect), which can be classified as below:
|Allows changing the request method from POST to GET||301||302|
|Does not allow changing the request method from POST to GET||-||307|
Section 7.3.7 of [draft-ietf-httpbis-p2-semantics] states that HTTP does not define a permanent variant of status code 307; this specification adds the status code 308, defining this missing variant (Section 3).
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].
The target resource has been assigned a new permanent URI and any future references to this resource SHOULD use one of the returned URIs. Clients with link editing capabilities ought to automatically re-link references to the effective request URI (Section 5.5 of [draft-ietf-httpbis-p1-messaging]) to one or more of the new references returned by the server, where possible.
Caches MAY use a heuristic (see [draft-ietf-httpbis-p6-cache], Section 188.8.131.52) to determine freshness for 308 responses.
The new permanent URI SHOULD be given by the Location field in the response ([draft-ietf-httpbis-p2-semantics], Section 10.5). A response payload can contain a short hypertext note with a hyperlink to the new URI(s).
Section 4 of [draft-ietf-httpbis-p2-semantics] requires recipients to treat unknown 3xx status codes the same way as status code 300 Multiple Choices ([draft-ietf-httpbis-p2-semantics], Section 7.3.1). Thus, servers will not be able to rely on automatic redirection happening similar to status codes 301, 302, or 307.
Therefore, initial use of status code 308 will be restricted to cases where the server has sufficient confidence in the clients understanding the new code, or when a fallback to the semantics of status code 300 is not problematic. Server implementers are advised not to vary the status code based on characteristics of the request, such as the User-Agent header field ("User-Agent Sniffing") — doing so usually results in both hard to maintain and hard to debug code and would also require special attention to caching (i.e., setting a "Vary" response header field, as defined in Section 3.5 of [draft-ietf-httpbis-p6-cache]).
Note that many existing HTML-based user agents will emulate a refresh when encountering an HTML <meta> refresh directive ([HTML]). This can be used as another fallback. For example:
GET / HTTP/1.1 Host: example.com
HTTP/1.1 308 Permanent Redirect Content-Type: text/html; charset=UTF-8 Location: http://example.com/new Content-Length: 454 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <title>Permanent Redirect</title> <meta http-equiv="refresh" content="0; url=http://example.com/new"> </head> <body> <p> The document has been moved to <a href="http://example.com/new" >http://example.com/new</a>. </p> </body> </html>
All security considerations that apply to HTTP redirects apply to the 308 status code as well (see Section 12 of [draft-ietf-httpbis-p2-semantics]).
The registration below shall be added to the HTTP Status Code Registry (defined in Section 4.2 of [draft-ietf-httpbis-p2-semantics] and located at http://www.iana.org/assignments/http-status-codes):
|308||Permanent Redirect||Section 3 of this specification|
The definition for the new status code 308 re-uses text from the HTTP/1.1 definitions of status codes 301 and 307.
Furthermore, thanks to Ben Campbell, Cyrus Daboo, Eran Hammer-Lahav, Bjoern Hoehrmann, Subramanian Moonesamy, Peter Saint-Andre, and Robert Sparks for feedback on this document.
|[RFC2119]||Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.|
|[RFC3986]||Berners-Lee, T., Fielding, R. and L. Masinter, "Uniform Resource Identifier (URI): Generic Syntax", STD 66, RFC 3986, January 2005.|
|[draft-ietf-httpbis-p1-messaging]||Fielding, R., Lafon, Y. and J. F. Reschke, "HTTP/1.1, part 1: URIs, Connections, and Message Parsing", Internet-Draft draft-ietf-httpbis-p1-messaging-19, March 2012.|
|[draft-ietf-httpbis-p2-semantics]||Fielding, R., Lafon, Y. and J. F. Reschke, "HTTP/1.1, part 2: Message Semantics", Internet-Draft draft-ietf-httpbis-p2-semantics-19, March 2012.|
|[draft-ietf-httpbis-p6-cache]||Fielding, R., Lafon, Y., Nottingham, M. and J. F. Reschke, "HTTP/1.1, part 6: Caching", Internet-Draft draft-ietf-httpbis-p6-cache-19, March 2012.|
Raggett, D., Le Hors, A. and I. Jacobs, "HTML 4.01 Specification", W3C Recommendation REC-html401-19991224, December 1999.
Latest version available at
Chrome: Feature requested in Chromium Issue 109012 (http://code.google.com/p/chromium/issues/detail?id=109012).
Curl (the library): no change was needed (test case: https://github.com/bagder/curl/blob/master/tests/data/test1325).
Firefox: now in "nightly" builds, scheduled for release in Firefox 14 (see https://bugzilla.mozilla.org/show_bug.cgi?id=714302).
Safari: automatically redirects 3xx status codes when a Location header field is present, but does not preserve the request method.
Updated HTTPbis reference. Added Appendix Appendix A. Added and resolved issue "refresh".
Added URI spec reference.
Tune HTML example. Expand "Implementations" section. Added and resolved issue "respformat" (align with new proposed text for 307 in HTTPbis P2).
Added and resolved issue "uaconfirm".
Added and resolved issue "missingconsiderations". Added request message to example. Updated the Safari implementation note.
Add informative HTML reference. Update HTTPbis references.
Added and resolved issues "consistency307" and "sniffing". Updated Firefox implementation status.
Issues that were either rejected or resolved in this version of this document.
In Section 3:
email@example.com (2012-03-16): The 307 definition includes an explicit post about that behavior not being allowed. Section 3 of this doc does neither.
Resolution: Import (part of the) note from status code 307 description.
In Section 4:
firstname.lastname@example.org (2012-03-15): Would it be worth adding something to the draft explicitily discouraging UA sniffing? A reference to something that already explores why that's not a good idea perhaps?
Resolution: Add advice not to attempt UA sniffing.
email@example.com (2011-04-15): Umbrella issue for editorial fixes/enhancements.