draft-ietf-httpbis-p2-semantics-03.txt   draft-ietf-httpbis-p2-semantics-04.txt 
Network Working Group R. Fielding, Ed. Network Working Group R. Fielding, Ed.
Internet-Draft Day Software Internet-Draft Day Software
Obsoletes: 2616 (if approved) J. Gettys Obsoletes: 2616 (if approved) J. Gettys
Updates: 2817 (if approved) One Laptop per Child Updates: 2817 (if approved) One Laptop per Child
Intended status: Standards Track J. Mogul Intended status: Standards Track J. Mogul
Expires: December 19, 2008 HP Expires: March 2, 2009 HP
H. Frystyk H. Frystyk
Microsoft Microsoft
L. Masinter L. Masinter
Adobe Systems Adobe Systems
P. Leach P. Leach
Microsoft Microsoft
T. Berners-Lee T. Berners-Lee
W3C/MIT W3C/MIT
Y. Lafon, Ed. Y. Lafon, Ed.
W3C W3C
J. Reschke, Ed. J. Reschke, Ed.
greenbytes greenbytes
June 17, 2008 August 29, 2008
HTTP/1.1, part 2: Message Semantics HTTP/1.1, part 2: Message Semantics
draft-ietf-httpbis-p2-semantics-03 draft-ietf-httpbis-p2-semantics-04
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 1, line 49 skipping to change at page 1, line 49
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on December 19, 2008. This Internet-Draft will expire on March 2, 2009.
Abstract Abstract
The Hypertext Transfer Protocol (HTTP) is an application-level The Hypertext Transfer Protocol (HTTP) is an application-level
protocol for distributed, collaborative, hypermedia information protocol for distributed, collaborative, hypermedia information
systems. HTTP has been in use by the World Wide Web global systems. HTTP has been in use by the World Wide Web global
information initiative since 1990. This document is Part 2 of the information initiative since 1990. This document is Part 2 of the
seven-part specification that defines the protocol referred to as seven-part specification that defines the protocol referred to as
"HTTP/1.1" and, taken together, obsoletes RFC 2616. Part 2 defines "HTTP/1.1" and, taken together, obsoletes RFC 2616. Part 2 defines
the semantics of HTTP messages as expressed by request methods, the semantics of HTTP messages as expressed by request methods,
skipping to change at page 3, line 11 skipping to change at page 3, line 11
<http://www.tools.ietf.org/wg/httpbis/>. <http://www.tools.ietf.org/wg/httpbis/>.
The changes in this draft are summarized in Appendix B.4. The changes in this draft are summarized in Appendix B.4.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 6 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 6
1.1. Requirements . . . . . . . . . . . . . . . . . . . . . . . 6 1.1. Requirements . . . . . . . . . . . . . . . . . . . . . . . 6
2. Notational Conventions and Generic Grammar . . . . . . . . . . 6 2. Notational Conventions and Generic Grammar . . . . . . . . . . 6
3. Method . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 3. Method . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
4. Request Header Fields . . . . . . . . . . . . . . . . . . . . 8 3.1. Method Registry . . . . . . . . . . . . . . . . . . . . . 8
4. Request Header Fields . . . . . . . . . . . . . . . . . . . . 9
5. Status Code and Reason Phrase . . . . . . . . . . . . . . . . 9 5. Status Code and Reason Phrase . . . . . . . . . . . . . . . . 9
5.1. Status Code Registry . . . . . . . . . . . . . . . . . . . 11 5.1. Status Code Registry . . . . . . . . . . . . . . . . . . . 12
6. Response Header Fields . . . . . . . . . . . . . . . . . . . . 11 6. Response Header Fields . . . . . . . . . . . . . . . . . . . . 12
7. Entity . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 7. Entity . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
8. Method Definitions . . . . . . . . . . . . . . . . . . . . . . 12 8. Method Definitions . . . . . . . . . . . . . . . . . . . . . . 13
8.1. Safe and Idempotent Methods . . . . . . . . . . . . . . . 12 8.1. Safe and Idempotent Methods . . . . . . . . . . . . . . . 13
8.1.1. Safe Methods . . . . . . . . . . . . . . . . . . . . . 12 8.1.1. Safe Methods . . . . . . . . . . . . . . . . . . . . . 13
8.1.2. Idempotent Methods . . . . . . . . . . . . . . . . . . 13 8.1.2. Idempotent Methods . . . . . . . . . . . . . . . . . . 14
8.2. OPTIONS . . . . . . . . . . . . . . . . . . . . . . . . . 13 8.2. OPTIONS . . . . . . . . . . . . . . . . . . . . . . . . . 14
8.3. GET . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 8.3. GET . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
8.4. HEAD . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 8.4. HEAD . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
8.5. POST . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 8.5. POST . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
8.6. PUT . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 8.6. PUT . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
8.7. DELETE . . . . . . . . . . . . . . . . . . . . . . . . . . 17 8.7. DELETE . . . . . . . . . . . . . . . . . . . . . . . . . . 18
8.8. TRACE . . . . . . . . . . . . . . . . . . . . . . . . . . 17 8.8. TRACE . . . . . . . . . . . . . . . . . . . . . . . . . . 18
8.9. CONNECT . . . . . . . . . . . . . . . . . . . . . . . . . 18 8.9. CONNECT . . . . . . . . . . . . . . . . . . . . . . . . . 19
9. Status Code Definitions . . . . . . . . . . . . . . . . . . . 18 9. Status Code Definitions . . . . . . . . . . . . . . . . . . . 19
9.1. Informational 1xx . . . . . . . . . . . . . . . . . . . . 18 9.1. Informational 1xx . . . . . . . . . . . . . . . . . . . . 19
9.1.1. 100 Continue . . . . . . . . . . . . . . . . . . . . . 19 9.1.1. 100 Continue . . . . . . . . . . . . . . . . . . . . . 19
9.1.2. 101 Switching Protocols . . . . . . . . . . . . . . . 19 9.1.2. 101 Switching Protocols . . . . . . . . . . . . . . . 20
9.2. Successful 2xx . . . . . . . . . . . . . . . . . . . . . . 19 9.2. Successful 2xx . . . . . . . . . . . . . . . . . . . . . . 20
9.2.1. 200 OK . . . . . . . . . . . . . . . . . . . . . . . . 19 9.2.1. 200 OK . . . . . . . . . . . . . . . . . . . . . . . . 20
9.2.2. 201 Created . . . . . . . . . . . . . . . . . . . . . 20 9.2.2. 201 Created . . . . . . . . . . . . . . . . . . . . . 20
9.2.3. 202 Accepted . . . . . . . . . . . . . . . . . . . . . 20 9.2.3. 202 Accepted . . . . . . . . . . . . . . . . . . . . . 21
9.2.4. 203 Non-Authoritative Information . . . . . . . . . . 20 9.2.4. 203 Non-Authoritative Information . . . . . . . . . . 21
9.2.5. 204 No Content . . . . . . . . . . . . . . . . . . . . 21 9.2.5. 204 No Content . . . . . . . . . . . . . . . . . . . . 21
9.2.6. 205 Reset Content . . . . . . . . . . . . . . . . . . 21 9.2.6. 205 Reset Content . . . . . . . . . . . . . . . . . . 22
9.2.7. 206 Partial Content . . . . . . . . . . . . . . . . . 21 9.2.7. 206 Partial Content . . . . . . . . . . . . . . . . . 22
9.3. Redirection 3xx . . . . . . . . . . . . . . . . . . . . . 21 9.3. Redirection 3xx . . . . . . . . . . . . . . . . . . . . . 22
9.3.1. 300 Multiple Choices . . . . . . . . . . . . . . . . . 22 9.3.1. 300 Multiple Choices . . . . . . . . . . . . . . . . . 22
9.3.2. 301 Moved Permanently . . . . . . . . . . . . . . . . 22 9.3.2. 301 Moved Permanently . . . . . . . . . . . . . . . . 23
9.3.3. 302 Found . . . . . . . . . . . . . . . . . . . . . . 23 9.3.3. 302 Found . . . . . . . . . . . . . . . . . . . . . . 23
9.3.4. 303 See Other . . . . . . . . . . . . . . . . . . . . 23 9.3.4. 303 See Other . . . . . . . . . . . . . . . . . . . . 24
9.3.5. 304 Not Modified . . . . . . . . . . . . . . . . . . . 24 9.3.5. 304 Not Modified . . . . . . . . . . . . . . . . . . . 25
9.3.6. 305 Use Proxy . . . . . . . . . . . . . . . . . . . . 24 9.3.6. 305 Use Proxy . . . . . . . . . . . . . . . . . . . . 25
9.3.7. 306 (Unused) . . . . . . . . . . . . . . . . . . . . . 24 9.3.7. 306 (Unused) . . . . . . . . . . . . . . . . . . . . . 25
9.3.8. 307 Temporary Redirect . . . . . . . . . . . . . . . . 24 9.3.8. 307 Temporary Redirect . . . . . . . . . . . . . . . . 25
9.4. Client Error 4xx . . . . . . . . . . . . . . . . . . . . . 25 9.4. Client Error 4xx . . . . . . . . . . . . . . . . . . . . . 25
9.4.1. 400 Bad Request . . . . . . . . . . . . . . . . . . . 25 9.4.1. 400 Bad Request . . . . . . . . . . . . . . . . . . . 26
9.4.2. 401 Unauthorized . . . . . . . . . . . . . . . . . . . 25 9.4.2. 401 Unauthorized . . . . . . . . . . . . . . . . . . . 26
9.4.3. 402 Payment Required . . . . . . . . . . . . . . . . . 25 9.4.3. 402 Payment Required . . . . . . . . . . . . . . . . . 26
9.4.4. 403 Forbidden . . . . . . . . . . . . . . . . . . . . 25 9.4.4. 403 Forbidden . . . . . . . . . . . . . . . . . . . . 26
9.4.5. 404 Not Found . . . . . . . . . . . . . . . . . . . . 26 9.4.5. 404 Not Found . . . . . . . . . . . . . . . . . . . . 26
9.4.6. 405 Method Not Allowed . . . . . . . . . . . . . . . . 26 9.4.6. 405 Method Not Allowed . . . . . . . . . . . . . . . . 27
9.4.7. 406 Not Acceptable . . . . . . . . . . . . . . . . . . 26 9.4.7. 406 Not Acceptable . . . . . . . . . . . . . . . . . . 27
9.4.8. 407 Proxy Authentication Required . . . . . . . . . . 26 9.4.8. 407 Proxy Authentication Required . . . . . . . . . . 27
9.4.9. 408 Request Timeout . . . . . . . . . . . . . . . . . 27 9.4.9. 408 Request Timeout . . . . . . . . . . . . . . . . . 27
9.4.10. 409 Conflict . . . . . . . . . . . . . . . . . . . . . 27 9.4.10. 409 Conflict . . . . . . . . . . . . . . . . . . . . . 27
9.4.11. 410 Gone . . . . . . . . . . . . . . . . . . . . . . . 27 9.4.11. 410 Gone . . . . . . . . . . . . . . . . . . . . . . . 28
9.4.12. 411 Length Required . . . . . . . . . . . . . . . . . 28 9.4.12. 411 Length Required . . . . . . . . . . . . . . . . . 28
9.4.13. 412 Precondition Failed . . . . . . . . . . . . . . . 28 9.4.13. 412 Precondition Failed . . . . . . . . . . . . . . . 28
9.4.14. 413 Request Entity Too Large . . . . . . . . . . . . . 28 9.4.14. 413 Request Entity Too Large . . . . . . . . . . . . . 29
9.4.15. 414 Request-URI Too Long . . . . . . . . . . . . . . . 28 9.4.15. 414 Request-URI Too Long . . . . . . . . . . . . . . . 29
9.4.16. 415 Unsupported Media Type . . . . . . . . . . . . . . 28 9.4.16. 415 Unsupported Media Type . . . . . . . . . . . . . . 29
9.4.17. 416 Requested Range Not Satisfiable . . . . . . . . . 28 9.4.17. 416 Requested Range Not Satisfiable . . . . . . . . . 29
9.4.18. 417 Expectation Failed . . . . . . . . . . . . . . . . 29 9.4.18. 417 Expectation Failed . . . . . . . . . . . . . . . . 29
9.5. Server Error 5xx . . . . . . . . . . . . . . . . . . . . . 29 9.5. Server Error 5xx . . . . . . . . . . . . . . . . . . . . . 29
9.5.1. 500 Internal Server Error . . . . . . . . . . . . . . 29 9.5.1. 500 Internal Server Error . . . . . . . . . . . . . . 30
9.5.2. 501 Not Implemented . . . . . . . . . . . . . . . . . 29 9.5.2. 501 Not Implemented . . . . . . . . . . . . . . . . . 30
9.5.3. 502 Bad Gateway . . . . . . . . . . . . . . . . . . . 29 9.5.3. 502 Bad Gateway . . . . . . . . . . . . . . . . . . . 30
9.5.4. 503 Service Unavailable . . . . . . . . . . . . . . . 29 9.5.4. 503 Service Unavailable . . . . . . . . . . . . . . . 30
9.5.5. 504 Gateway Timeout . . . . . . . . . . . . . . . . . 30 9.5.5. 504 Gateway Timeout . . . . . . . . . . . . . . . . . 30
9.5.6. 505 HTTP Version Not Supported . . . . . . . . . . . . 30 9.5.6. 505 HTTP Version Not Supported . . . . . . . . . . . . 31
10. Header Field Definitions . . . . . . . . . . . . . . . . . . . 30 10. Header Field Definitions . . . . . . . . . . . . . . . . . . . 31
10.1. Allow . . . . . . . . . . . . . . . . . . . . . . . . . . 30 10.1. Allow . . . . . . . . . . . . . . . . . . . . . . . . . . 31
10.2. Expect . . . . . . . . . . . . . . . . . . . . . . . . . . 31 10.2. Expect . . . . . . . . . . . . . . . . . . . . . . . . . . 31
10.3. From . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 10.3. From . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
10.4. Location . . . . . . . . . . . . . . . . . . . . . . . . . 32 10.4. Location . . . . . . . . . . . . . . . . . . . . . . . . . 33
10.5. Max-Forwards . . . . . . . . . . . . . . . . . . . . . . . 33 10.5. Max-Forwards . . . . . . . . . . . . . . . . . . . . . . . 34
10.6. Referer . . . . . . . . . . . . . . . . . . . . . . . . . 33 10.6. Referer . . . . . . . . . . . . . . . . . . . . . . . . . 34
10.7. Retry-After . . . . . . . . . . . . . . . . . . . . . . . 34 10.7. Retry-After . . . . . . . . . . . . . . . . . . . . . . . 35
10.8. Server . . . . . . . . . . . . . . . . . . . . . . . . . . 34 10.8. Server . . . . . . . . . . . . . . . . . . . . . . . . . . 35
10.9. User-Agent . . . . . . . . . . . . . . . . . . . . . . . . 35 10.9. User-Agent . . . . . . . . . . . . . . . . . . . . . . . . 36
11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 35 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 36
11.1. Status Code Registry . . . . . . . . . . . . . . . . . . . 35 11.1. Method Registry . . . . . . . . . . . . . . . . . . . . . 36
11.2. Message Header Registration . . . . . . . . . . . . . . . 37 11.2. Status Code Registry . . . . . . . . . . . . . . . . . . . 37
12. Security Considerations . . . . . . . . . . . . . . . . . . . 37 11.3. Message Header Registration . . . . . . . . . . . . . . . 39
12.1. Transfer of Sensitive Information . . . . . . . . . . . . 37 12. Security Considerations . . . . . . . . . . . . . . . . . . . 39
12.2. Encoding Sensitive Information in URIs . . . . . . . . . . 38 12.1. Transfer of Sensitive Information . . . . . . . . . . . . 39
12.3. Location Headers and Spoofing . . . . . . . . . . . . . . 39 12.2. Encoding Sensitive Information in URIs . . . . . . . . . . 40
13. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 39 12.3. Location Headers and Spoofing . . . . . . . . . . . . . . 41
14. References . . . . . . . . . . . . . . . . . . . . . . . . . . 39 13. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 41
14.1. Normative References . . . . . . . . . . . . . . . . . . . 39 14. References . . . . . . . . . . . . . . . . . . . . . . . . . . 41
14.2. Informative References . . . . . . . . . . . . . . . . . . 40 14.1. Normative References . . . . . . . . . . . . . . . . . . . 41
Appendix A. Compatibility with Previous Versions . . . . . . . . 40 14.2. Informative References . . . . . . . . . . . . . . . . . . 42
A.1. Changes from RFC 2068 . . . . . . . . . . . . . . . . . . 40 Appendix A. Compatibility with Previous Versions . . . . . . . . 42
A.2. Changes from RFC 2616 . . . . . . . . . . . . . . . . . . 41 A.1. Changes from RFC 2068 . . . . . . . . . . . . . . . . . . 42
A.2. Changes from RFC 2616 . . . . . . . . . . . . . . . . . . 43
Appendix B. Change Log (to be removed by RFC Editor before Appendix B. Change Log (to be removed by RFC Editor before
publication) . . . . . . . . . . . . . . . . . . . . 42 publication) . . . . . . . . . . . . . . . . . . . . 44
B.1. Since RFC2616 . . . . . . . . . . . . . . . . . . . . . . 42 B.1. Since RFC2616 . . . . . . . . . . . . . . . . . . . . . . 44
B.2. Since draft-ietf-httpbis-p2-semantics-00 . . . . . . . . . 42 B.2. Since draft-ietf-httpbis-p2-semantics-00 . . . . . . . . . 44
B.3. Since draft-ietf-httpbis-p2-semantics-01 . . . . . . . . . 43 B.3. Since draft-ietf-httpbis-p2-semantics-01 . . . . . . . . . 45
B.4. Since draft-ietf-httpbis-p2-semantics-02 . . . . . . . . . 43 B.4. Since draft-ietf-httpbis-p2-semantics-02 . . . . . . . . . 45
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 B.5. Since draft-ietf-httpbis-p2-semantics-03 . . . . . . . . . 46
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 48 Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Intellectual Property and Copyright Statements . . . . . . . . . . 51 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 50
Intellectual Property and Copyright Statements . . . . . . . . . . 54
1. Introduction 1. Introduction
This document defines HTTP/1.1 request and response semantics. Each This document defines HTTP/1.1 request and response semantics. Each
HTTP message, as defined in [Part1], is in the form of either a HTTP message, as defined in [Part1], is in the form of either a
request or a response. An HTTP server listens on a connection for request or a response. An HTTP server listens on a connection for
HTTP requests and responds to each request, in the order received on HTTP requests and responds to each request, in the order received on
that connection, with one or more HTTP response messages. This that connection, with one or more HTTP response messages. This
document defines the commonly agreed upon semantics of the HTTP document defines the commonly agreed upon semantics of the HTTP
uniform interface, the intentions defined by each request method, and uniform interface, the intentions defined by each request method, and
skipping to change at page 8, line 35 skipping to change at page 8, line 35
resource, since the set of allowed methods can change dynamically. resource, since the set of allowed methods can change dynamically.
An origin server SHOULD return the status code 405 (Method Not An origin server SHOULD return the status code 405 (Method Not
Allowed) if the method is known by the origin server but not allowed Allowed) if the method is known by the origin server but not allowed
for the requested resource, and 501 (Not Implemented) if the method for the requested resource, and 501 (Not Implemented) if the method
is unrecognized or not implemented by the origin server. The methods is unrecognized or not implemented by the origin server. The methods
GET and HEAD MUST be supported by all general-purpose servers. All GET and HEAD MUST be supported by all general-purpose servers. All
other methods are OPTIONAL; however, if the above methods are other methods are OPTIONAL; however, if the above methods are
implemented, they MUST be implemented with the same semantics as implemented, they MUST be implemented with the same semantics as
those specified in Section 8. those specified in Section 8.
3.1. Method Registry
The HTTP Method Registry defines the name space for the Method token
in the Request line of an HTTP request.
Registrations MUST include the following fields:
o Method Name (see Section 3)
o Safe ("yes" or "no", see Section 8.1.1)
o Pointer to specification text
Values to be added to this name space are subject to IETF review
([RFC5226], Section 4.1). Any document registering new method names
should be traceable through statuses of either 'Obsoletes' or
'Updates' to this document.
The registry itself is maintained at
<http://www.iana.org/assignments/http-methods>.
4. Request Header Fields 4. Request Header Fields
The request-header fields allow the client to pass additional The request-header fields allow the client to pass additional
information about the request, and about the client itself, to the information about the request, and about the client itself, to the
server. These fields act as request modifiers, with semantics server. These fields act as request modifiers, with semantics
equivalent to the parameters on a programming language method equivalent to the parameters on a programming language method
invocation. invocation.
request-header = Accept ; [Part3], Section 6.1 request-header = Accept ; [Part3], Section 6.1
| Accept-Charset ; [Part3], Section 6.2 | Accept-Charset ; [Part3], Section 6.2
skipping to change at page 13, line 41 skipping to change at page 14, line 41
or the capabilities of a server, without implying a resource action or the capabilities of a server, without implying a resource action
or initiating a resource retrieval. or initiating a resource retrieval.
Responses to this method are not cacheable. Responses to this method are not cacheable.
If the OPTIONS request includes an entity-body (as indicated by the If the OPTIONS request includes an entity-body (as indicated by the
presence of Content-Length or Transfer-Encoding), then the media type presence of Content-Length or Transfer-Encoding), then the media type
MUST be indicated by a Content-Type field. Although this MUST be indicated by a Content-Type field. Although this
specification does not define any use for such a body, future specification does not define any use for such a body, future
extensions to HTTP might use the OPTIONS body to make more detailed extensions to HTTP might use the OPTIONS body to make more detailed
queries on the server. A server that does not support such an queries on the server.
extension MAY discard the request body.
If the Request-URI is an asterisk ("*"), the OPTIONS request is If the Request-URI is an asterisk ("*"), the OPTIONS request is
intended to apply to the server in general rather than to a specific intended to apply to the server in general rather than to a specific
resource. Since a server's communication options typically depend on resource. Since a server's communication options typically depend on
the resource, the "*" request is only useful as a "ping" or "no-op" the resource, the "*" request is only useful as a "ping" or "no-op"
type of method; it does nothing beyond allowing the client to test type of method; it does nothing beyond allowing the client to test
the capabilities of the server. For example, this can be used to the capabilities of the server. For example, this can be used to
test a proxy for HTTP/1.1 compliance (or lack thereof). test a proxy for HTTP/1.1 compliance (or lack thereof).
If the Request-URI is not an asterisk, the OPTIONS request applies If the Request-URI is not an asterisk, the OPTIONS request applies
skipping to change at page 18, line 13 skipping to change at page 19, line 10
TRACE allows the client to see what is being received at the other TRACE allows the client to see what is being received at the other
end of the request chain and use that data for testing or diagnostic end of the request chain and use that data for testing or diagnostic
information. The value of the Via header field (Section 8.9 of information. The value of the Via header field (Section 8.9 of
[Part1]) is of particular interest, since it acts as a trace of the [Part1]) is of particular interest, since it acts as a trace of the
request chain. Use of the Max-Forwards header field allows the request chain. Use of the Max-Forwards header field allows the
client to limit the length of the request chain, which is useful for client to limit the length of the request chain, which is useful for
testing a chain of proxies forwarding messages in an infinite loop. testing a chain of proxies forwarding messages in an infinite loop.
If the request is valid, the response SHOULD contain the entire If the request is valid, the response SHOULD contain the entire
request message in the entity-body, with a Content-Type of "message/ request message in the entity-body, with a Content-Type of "message/
http" (see Appendix A.1 of [Part1]). Responses to this method MUST http" (see Section 9.3.1 of [Part1]). Responses to this method MUST
NOT be cached. NOT be cached.
8.9. CONNECT 8.9. CONNECT
This specification reserves the method name CONNECT for use with a This specification reserves the method name CONNECT for use with a
proxy that can dynamically switch to being a tunnel (e.g. SSL proxy that can dynamically switch to being a tunnel (e.g. SSL
tunneling [Luo1998]). tunneling [RFC2817]).
9. Status Code Definitions 9. Status Code Definitions
Each Status-Code is described below, including a description of which Each Status-Code is described below, including a description of which
method(s) it can follow and any metainformation required in the method(s) it can follow and any metainformation required in the
response. response.
9.1. Informational 1xx 9.1. Informational 1xx
This class of status code indicates a provisional response, This class of status code indicates a provisional response,
skipping to change at page 33, line 4 skipping to change at page 33, line 42
responses, the Location is that of the new resource which was created responses, the Location is that of the new resource which was created
by the request. For 3xx responses, the location SHOULD indicate the by the request. For 3xx responses, the location SHOULD indicate the
server's preferred URI for automatic redirection to the resource. server's preferred URI for automatic redirection to the resource.
The field value consists of a single absolute URI. The field value consists of a single absolute URI.
Location = "Location" ":" absoluteURI [ "#" fragment ] Location = "Location" ":" absoluteURI [ "#" fragment ]
An example is: An example is:
Location: http://www.example.org/pub/WWW/People.html Location: http://www.example.org/pub/WWW/People.html
Note: The Content-Location header field (Section 6.7 of [Part3]) Note: The Content-Location header field (Section 6.7 of [Part3])
differs from Location in that the Content-Location identifies the differs from Location in that the Content-Location identifies the
original location of the entity enclosed in the request. It is original location of the entity enclosed in the response. It is
therefore possible for a response to contain header fields for therefore possible for a response to contain header fields for
both Location and Content-Location. both Location and Content-Location.
There are circumstances in which a fragment identifier in a Location There are circumstances in which a fragment identifier in a Location
URL would not be appropriate: URL would not be appropriate:
o With a 201 Created response, because in this usage the Location o With a 201 Created response, because in this usage the Location
header specifies the URL for the entire created resource. header specifies the URL for the entire created resource.
o With a 300 Multiple Choices, since the choice decision is intended o With a 300 Multiple Choices, since the choice decision is intended
skipping to change at page 35, line 44 skipping to change at page 36, line 34
significance for identifying the application. significance for identifying the application.
User-Agent = "User-Agent" ":" 1*( product | comment ) User-Agent = "User-Agent" ":" 1*( product | comment )
Example: Example:
User-Agent: CERN-LineMode/2.15 libwww/2.17b3 User-Agent: CERN-LineMode/2.15 libwww/2.17b3
11. IANA Considerations 11. IANA Considerations
11.1. Status Code Registry 11.1. Method Registry
The registration procedure for HTTP Methods is defined by Section 3.1
of this document.
The HTTP Method Registry located at
<http://www.iana.org/assignments/http-methods> should be populated
with the registrations below:
+---------+------+-------------+
| Method | Safe | Reference |
+---------+------+-------------+
| CONNECT | no | Section 8.9 |
| DELETE | no | Section 8.7 |
| GET | yes | Section 8.3 |
| HEAD | yes | Section 8.4 |
| OPTIONS | yes | Section 8.2 |
| POST | no | Section 8.5 |
| PUT | no | Section 8.6 |
| TRACE | yes | Section 8.8 |
+---------+------+-------------+
11.2. Status Code Registry
The registration procedure for HTTP Status Codes -- previously The registration procedure for HTTP Status Codes -- previously
defined in Section 7.1 of [RFC2817] -- is now defined by Section 5.1 defined in Section 7.1 of [RFC2817] -- is now defined by Section 5.1
of this document. of this document.
The HTTP Status Code Registry located at The HTTP Status Code Registry located at
<http://www.iana.org/assignments/http-status-codes> should be updated <http://www.iana.org/assignments/http-status-codes> should be updated
with the registrations below: with the registrations below:
+-------+---------------------------------+----------------+ +-------+---------------------------------+----------------+
skipping to change at page 37, line 5 skipping to change at page 39, line 5
| 416 | Requested Range Not Satisfiable | Section 9.4.17 | | 416 | Requested Range Not Satisfiable | Section 9.4.17 |
| 417 | Expectation Failed | Section 9.4.18 | | 417 | Expectation Failed | Section 9.4.18 |
| 500 | Internal Server Error | Section 9.5.1 | | 500 | Internal Server Error | Section 9.5.1 |
| 501 | Not Implemented | Section 9.5.2 | | 501 | Not Implemented | Section 9.5.2 |
| 502 | Bad Gateway | Section 9.5.3 | | 502 | Bad Gateway | Section 9.5.3 |
| 503 | Service Unavailable | Section 9.5.4 | | 503 | Service Unavailable | Section 9.5.4 |
| 504 | Gateway Timeout | Section 9.5.5 | | 504 | Gateway Timeout | Section 9.5.5 |
| 505 | HTTP Version Not Supported | Section 9.5.6 | | 505 | HTTP Version Not Supported | Section 9.5.6 |
+-------+---------------------------------+----------------+ +-------+---------------------------------+----------------+
11.2. Message Header Registration 11.3. Message Header Registration
The Message Header Registry located at <http://www.iana.org/ The Message Header Registry located at <http://www.iana.org/
assignments/message-headers/message-header-index.html> should be assignments/message-headers/message-header-index.html> should be
updated with the permanent registrations below (see [RFC3864]): updated with the permanent registrations below (see [RFC3864]):
+-------------------+----------+----------+--------------+ +-------------------+----------+----------+--------------+
| Header Field Name | Protocol | Status | Reference | | Header Field Name | Protocol | Status | Reference |
+-------------------+----------+----------+--------------+ +-------------------+----------+----------+--------------+
| Allow | http | standard | Section 10.1 | | Allow | http | standard | Section 10.1 |
| Expect | http | standard | Section 10.2 | | Expect | http | standard | Section 10.2 |
skipping to change at page 39, line 22 skipping to change at page 41, line 22
13. Acknowledgments 13. Acknowledgments
14. References 14. References
14.1. Normative References 14.1. Normative References
[Part1] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H., [Part1] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H.,
Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed., Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed.,
and J. Reschke, Ed., "HTTP/1.1, part 1: URIs, Connections, and J. Reschke, Ed., "HTTP/1.1, part 1: URIs, Connections,
and Message Parsing", draft-ietf-httpbis-p1-messaging-03 and Message Parsing", draft-ietf-httpbis-p1-messaging-04
(work in progress), June 2008. (work in progress), August 2008.
[Part3] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H., [Part3] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H.,
Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed., Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed.,
and J. Reschke, Ed., "HTTP/1.1, part 3: Message Payload and J. Reschke, Ed., "HTTP/1.1, part 3: Message Payload
and Content Negotiation", draft-ietf-httpbis-p3-payload-03 and Content Negotiation", draft-ietf-httpbis-p3-payload-04
(work in progress), June 2008. (work in progress), August 2008.
[Part4] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H., [Part4] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H.,
Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed., Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed.,
and J. Reschke, Ed., "HTTP/1.1, part 4: Conditional and J. Reschke, Ed., "HTTP/1.1, part 4: Conditional
Requests", draft-ietf-httpbis-p4-conditional-03 (work in Requests", draft-ietf-httpbis-p4-conditional-04 (work in
progress), June 2008. progress), August 2008.
[Part5] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H., [Part5] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H.,
Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed., Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed.,
and J. Reschke, Ed., "HTTP/1.1, part 5: Range Requests and and J. Reschke, Ed., "HTTP/1.1, part 5: Range Requests and
Partial Responses", draft-ietf-httpbis-p5-range-03 (work Partial Responses", draft-ietf-httpbis-p5-range-04 (work
in progress), June 2008. in progress), August 2008.
[Part6] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H., [Part6] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H.,
Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed., Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed.,
and J. Reschke, Ed., "HTTP/1.1, part 6: Caching", and J. Reschke, Ed., "HTTP/1.1, part 6: Caching",
draft-ietf-httpbis-p6-cache-03 (work in progress), draft-ietf-httpbis-p6-cache-04 (work in progress),
June 2008. August 2008.
[Part7] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H., [Part7] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H.,
Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed., Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed.,
and J. Reschke, Ed., "HTTP/1.1, part 7: Authentication", and J. Reschke, Ed., "HTTP/1.1, part 7: Authentication",
draft-ietf-httpbis-p7-auth-03 (work in progress), draft-ietf-httpbis-p7-auth-04 (work in progress),
June 2008. August 2008.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
14.2. Informative References 14.2. Informative References
[Luo1998] Luotonen, A., "Tunneling TCP based protocols through Web
proxy servers", draft-luotonen-web-proxy-tunneling-01
(work in progress), August 1998.
[RFC1945] Berners-Lee, T., Fielding, R., and H. Nielsen, "Hypertext [RFC1945] Berners-Lee, T., Fielding, R., and H. Nielsen, "Hypertext
Transfer Protocol -- HTTP/1.0", RFC 1945, May 1996. Transfer Protocol -- HTTP/1.0", RFC 1945, May 1996.
[RFC2068] Fielding, R., Gettys, J., Mogul, J., Nielsen, H., and T. [RFC2068] Fielding, R., Gettys, J., Mogul, J., Nielsen, H., and T.
Berners-Lee, "Hypertext Transfer Protocol -- HTTP/1.1", Berners-Lee, "Hypertext Transfer Protocol -- HTTP/1.1",
RFC 2068, January 1997. RFC 2068, January 1997.
[RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., [RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H.,
Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext
Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999. Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999.
skipping to change at page 44, line 28 skipping to change at page 46, line 28
o Reference RFC 3984, and update header registrations for headers o Reference RFC 3984, and update header registrations for headers
defined in this document. defined in this document.
Ongoing work on ABNF conversion Ongoing work on ABNF conversion
(<http://www3.tools.ietf.org/wg/httpbis/trac/ticket/36>): (<http://www3.tools.ietf.org/wg/httpbis/trac/ticket/36>):
o Replace string literals when the string really is case-sensitive o Replace string literals when the string really is case-sensitive
(method). (method).
B.5. Since draft-ietf-httpbis-p2-semantics-03
Closed issues:
o <http://www3.tools.ietf.org/wg/httpbis/trac/ticket/98>: "OPTIONS
request bodies"
o <http://www3.tools.ietf.org/wg/httpbis/trac/ticket/119>:
"Description of CONNECT should refer to RFC2817"
o <http://www3.tools.ietf.org/wg/httpbis/trac/ticket/125>: "Location
Content-Location reference request/response mixup"
Ongoing work on Method Registry
(<http://www3.tools.ietf.org/wg/httpbis/trac/ticket/72>):
o Added initial proposal for registration process, plus initial
content (non-HTTP/1.1 methods to be added by a separate
specification).
Index Index
1 1
100 Continue (status code) 19 100 Continue (status code) 19
101 Switching Protocols (status code) 19 101 Switching Protocols (status code) 20
2 2
200 OK (status code) 19 200 OK (status code) 20
201 Created (status code) 20 201 Created (status code) 20
202 Accepted (status code) 20 202 Accepted (status code) 21
203 Non-Authoritative Information (status code) 20 203 Non-Authoritative Information (status code) 21
204 No Content (status code) 21 204 No Content (status code) 21
205 Reset Content (status code) 21 205 Reset Content (status code) 22
206 Partial Content (status code) 21 206 Partial Content (status code) 22
3 3
300 Multiple Choices (status code) 22 300 Multiple Choices (status code) 22
301 Moved Permanently (status code) 22 301 Moved Permanently (status code) 23
302 Found (status code) 23 302 Found (status code) 23
303 See Other (status code) 23 303 See Other (status code) 24
304 Not Modified (status code) 24 304 Not Modified (status code) 25
305 Use Proxy (status code) 24 305 Use Proxy (status code) 25
306 (Unused) (status code) 24 306 (Unused) (status code) 25
307 Temporary Redirect (status code) 24 307 Temporary Redirect (status code) 25
4 4
400 Bad Request (status code) 25 400 Bad Request (status code) 26
401 Unauthorized (status code) 25 401 Unauthorized (status code) 26
402 Payment Required (status code) 25 402 Payment Required (status code) 26
403 Forbidden (status code) 25 403 Forbidden (status code) 26
404 Not Found (status code) 26 404 Not Found (status code) 26
405 Method Not Allowed (status code) 26 405 Method Not Allowed (status code) 27
406 Not Acceptable (status code) 26 406 Not Acceptable (status code) 27
407 Proxy Authentication Required (status code) 26 407 Proxy Authentication Required (status code) 27
408 Request Timeout (status code) 27 408 Request Timeout (status code) 27
409 Conflict (status code) 27 409 Conflict (status code) 27
410 Gone (status code) 27 410 Gone (status code) 28
411 Length Required (status code) 28 411 Length Required (status code) 28
412 Precondition Failed (status code) 28 412 Precondition Failed (status code) 28
413 Request Entity Too Large (status code) 28 413 Request Entity Too Large (status code) 29
414 Request-URI Too Long (status code) 28 414 Request-URI Too Long (status code) 29
415 Unsupported Media Type (status code) 28 415 Unsupported Media Type (status code) 29
416 Requested Range Not Satisfiable (status code) 28 416 Requested Range Not Satisfiable (status code) 29
417 Expectation Failed (status code) 29 417 Expectation Failed (status code) 29
5 5
500 Internal Server Error (status code) 29 500 Internal Server Error (status code) 30
501 Not Implemented (status code) 29 501 Not Implemented (status code) 30
502 Bad Gateway (status code) 29 502 Bad Gateway (status code) 30
503 Service Unavailable (status code) 29 503 Service Unavailable (status code) 30
504 Gateway Timeout (status code) 30 504 Gateway Timeout (status code) 30
505 HTTP Version Not Supported (status code) 30 505 HTTP Version Not Supported (status code) 31
A A
Allow header 30 Allow header 31
C C
CONNECT method 18 CONNECT method 19
D D
DELETE method 17 DELETE method 18
E E
Expect header 31 Expect header 31
F F
From header 31 From header 32
G G
GET method 14 GET method 15
Grammar Grammar
Allow 30 Allow 31
delta-seconds 34 delta-seconds 35
Expect 31 Expect 32
expect-params 31 expect-params 32
expectation 31 expectation 32
expectation-extension 31 expectation-extension 32
extension-code 10 extension-code 11
extension-method 8 extension-method 8
From 32 From 32
Location 32 Location 33
Max-Forwards 33 Max-Forwards 34
Method 8 Method 8
Reason-Phrase 10 Reason-Phrase 11
Referer 34 Referer 34
request-header 9 request-header 9
response-header 11 response-header 12
Retry-After 34 Retry-After 35
Server 35 Server 35
Status-Code 10 Status-Code 11
User-Agent 35 User-Agent 36
H H
HEAD method 15 HEAD method 16
Headers Headers
Allow 30 Allow 31
Expect 31 Expect 31
From 31 From 32
Location 32 Location 33
Max-Forwards 33 Max-Forwards 34
Referer 33 Referer 34
Retry-After 34 Retry-After 35
Server 34 Server 35
User-Agent 35 User-Agent 36
I
Idempotent Methods 14
L L
LINK method 41 LINK method 43
Location header 32 Location header 33
M M
Max-Forwards header 33 Max-Forwards header 34
Methods Methods
CONNECT 18 CONNECT 19
DELETE 17 DELETE 18
GET 14 GET 15
HEAD 15 HEAD 16
LINK 41 LINK 43
OPTIONS 13 OPTIONS 14
PATCH 41 PATCH 43
POST 15 POST 16
PUT 16 PUT 17
TRACE 17 TRACE 18
UNLINK 41 UNLINK 43
O O
OPTIONS method 13 OPTIONS method 14
P P
PATCH method 41 PATCH method 43
POST method 15 POST method 16
PUT method 16 PUT method 17
R R
Referer header 33 Referer header 34
Retry-After header 34 Retry-After header 35
S S
Server header 34 Safe Methods 13
Server header 35
Status Codes Status Codes
100 Continue 19 100 Continue 19
101 Switching Protocols 19 101 Switching Protocols 20
200 OK 19 200 OK 20
201 Created 20 201 Created 20
202 Accepted 20 202 Accepted 21
203 Non-Authoritative Information 20 203 Non-Authoritative Information 21
204 No Content 21 204 No Content 21
205 Reset Content 21 205 Reset Content 22
206 Partial Content 21 206 Partial Content 22
300 Multiple Choices 22 300 Multiple Choices 22
301 Moved Permanently 22 301 Moved Permanently 23
302 Found 23 302 Found 23
303 See Other 23 303 See Other 24
304 Not Modified 24 304 Not Modified 25
305 Use Proxy 24 305 Use Proxy 25
306 (Unused) 24 306 (Unused) 25
307 Temporary Redirect 24 307 Temporary Redirect 25
400 Bad Request 25 400 Bad Request 26
401 Unauthorized 25 401 Unauthorized 26
402 Payment Required 25 402 Payment Required 26
403 Forbidden 25 403 Forbidden 26
404 Not Found 26 404 Not Found 26
405 Method Not Allowed 26 405 Method Not Allowed 27
406 Not Acceptable 26 406 Not Acceptable 27
407 Proxy Authentication Required 26 407 Proxy Authentication Required 27
408 Request Timeout 27 408 Request Timeout 27
409 Conflict 27 409 Conflict 27
410 Gone 27 410 Gone 28
411 Length Required 28 411 Length Required 28
412 Precondition Failed 28 412 Precondition Failed 28
413 Request Entity Too Large 28 413 Request Entity Too Large 29
414 Request-URI Too Long 28 414 Request-URI Too Long 29
415 Unsupported Media Type 28 415 Unsupported Media Type 29
416 Requested Range Not Satisfiable 28 416 Requested Range Not Satisfiable 29
417 Expectation Failed 29 417 Expectation Failed 29
500 Internal Server Error 29 500 Internal Server Error 30
501 Not Implemented 29 501 Not Implemented 30
502 Bad Gateway 29 502 Bad Gateway 30
503 Service Unavailable 29 503 Service Unavailable 30
504 Gateway Timeout 30 504 Gateway Timeout 30
505 HTTP Version Not Supported 30 505 HTTP Version Not Supported 31
T T
TRACE method 17 TRACE method 18
U U
UNLINK method 41 UNLINK method 43
User-Agent header 35 User-Agent header 36
Authors' Addresses Authors' Addresses
Roy T. Fielding (editor) Roy T. Fielding (editor)
Day Software Day Software
23 Corporate Plaza DR, Suite 280 23 Corporate Plaza DR, Suite 280
Newport Beach, CA 92660 Newport Beach, CA 92660
USA USA
Phone: +1-949-706-5300 Phone: +1-949-706-5300
 End of changes. 79 change blocks. 
217 lines changed or deleted 283 lines changed or added

This html diff was produced by rfcdiff 1.35. The latest version is available from http://tools.ietf.org/tools/rfcdiff/