idnits 2.17.1 draft-ietf-httpbis-early-hints-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (March 29, 2017) is 2582 days in the past. Is this intentional? Checking references for intended status: Experimental ---------------------------------------------------------------------------- ** Obsolete normative reference: RFC 7230 (Obsoleted by RFC 9110, RFC 9112) ** Obsolete normative reference: RFC 7231 (Obsoleted by RFC 9110) ** Obsolete normative reference: RFC 7540 (Obsoleted by RFC 9113) Summary: 3 errors (**), 0 flaws (~~), 1 warning (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 HTTP Working Group K. Oku 3 Internet-Draft DeNA Co., Ltd. 4 Intended status: Experimental March 29, 2017 5 Expires: September 30, 2017 7 An HTTP Status Code for Indicating Hints 8 draft-ietf-httpbis-early-hints-01 10 Abstract 12 This memo introduces an informational status code for HTTP that can 13 be used for indicating hints to help a client start making 14 preparations for processing the final response. 16 Note to Readers 18 Discussion of this draft takes place on the HTTP working group 19 mailing list (ietf-http-wg@w3.org), which is archived at 20 https://lists.w3.org/Archives/Public/ietf-http-wg/ . 22 Working Group information can be found at https://httpwg.github.io/ ; 23 source code and issues list for this draft can be found at 24 https://github.com/httpwg/http-extensions/labels/early-hints . 26 Status of This Memo 28 This Internet-Draft is submitted in full conformance with the 29 provisions of BCP 78 and BCP 79. 31 Internet-Drafts are working documents of the Internet Engineering 32 Task Force (IETF). Note that other groups may also distribute 33 working documents as Internet-Drafts. The list of current Internet- 34 Drafts is at http://datatracker.ietf.org/drafts/current/. 36 Internet-Drafts are draft documents valid for a maximum of six months 37 and may be updated, replaced, or obsoleted by other documents at any 38 time. It is inappropriate to use Internet-Drafts as reference 39 material or to cite them other than as "work in progress." 41 This Internet-Draft will expire on September 30, 2017. 43 Copyright Notice 45 Copyright (c) 2017 IETF Trust and the persons identified as the 46 document authors. All rights reserved. 48 This document is subject to BCP 78 and the IETF Trust's Legal 49 Provisions Relating to IETF Documents 50 (http://trustee.ietf.org/license-info) in effect on the date of 51 publication of this document. Please review these documents 52 carefully, as they describe your rights and restrictions with respect 53 to this document. Code Components extracted from this document must 54 include Simplified BSD License text as described in Section 4.e of 55 the Trust Legal Provisions and are provided without warranty as 56 described in the Simplified BSD License. 58 Table of Contents 60 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 61 1.1. Notational Conventions . . . . . . . . . . . . . . . . . 3 62 2. 103 Early Hints . . . . . . . . . . . . . . . . . . . . . . . 3 63 3. Security Considerations . . . . . . . . . . . . . . . . . . . 4 64 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 65 5. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 4 66 6. Changes . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 67 6.1. Since draft-ietf-httpbis-early-hints-00 . . . . . . . . . 4 68 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 5 69 7.1. Normative References . . . . . . . . . . . . . . . . . . 5 70 7.2. Informative References . . . . . . . . . . . . . . . . . 5 71 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 5 73 1. Introduction 75 Most if not all of the web pages processed by a web browser contain 76 links to external resources that need to be fetched prior to 77 rendering the documents. Therefore, it is beneficial to send such 78 links as early as possible in order to minimize the time spent until 79 the browser becomes possible to render the document. Link header of 80 type "preload" ([Preload]) can be used to indicate such links within 81 the response headers of an HTTP response. 83 However, it is not always possible for an origin server to send a 84 response immediately after receiving a request. In fact, it is often 85 the contrary. There are many deployments in which an origin server 86 needs to query a database before generating a response. It is also 87 not unusual for an origin server to delegate a request to an upstream 88 HTTP server running at a distant location. 90 The dilemma here is that even though it is preferable for an origin 91 server to send some headers as soon as it receives a request, it 92 cannot do so until the status code and the headers of the final HTTP 93 response is determined. 95 HTTP/2 ([RFC7540]) push can be used as a solution to the issue, but 96 has its own limitations. The resources that can be pushed using 97 HTTP/2 are limited to those belonging to the same origin. Also, it 98 is impossible to send only the links of the resources using HTTP/2 99 push. Sending HTTP responses for every resource is an inefficient 100 way of using bandwidth, especially when a caching server exists as an 101 intermediary. 103 This memo defines a status code for sending an informational response 104 ([RFC7231], section 6.2) that contains headers that are likely to be 105 included in the final response. A server can send the informational 106 response containing some of the headers to help the client start 107 making preparations for processing the final response, and then run 108 time-consuming operations to generate the final response. The 109 informational response can also be used by an origin server to 110 trigger HTTP/2 push at an caching intermediary. 112 1.1. Notational Conventions 114 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 115 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 116 document are to be interpreted as described in [RFC2119]. 118 2. 103 Early Hints 120 This informational status code indicates the client that the server 121 is likely to send a final response with the headers included in the 122 informational response. 124 A server MUST NOT include Content-Length, Transfer-Encoding, or any 125 hop-by-hop headers ([RFC7230], section 6.1) in the informational 126 response using the status code. 128 A client MAY speculatively evaluate the headers included in the 129 informational response while waiting for the final response. For 130 example, a client may recognize the link header of type preload and 131 start fetching the resource. However, the evaluation MUST NOT affect 132 how the final response is processed; the client must behave as if it 133 had not seen the informational response. A client MUST NOT process 134 the headers included in the response as if they belonged to the 135 informational response. 137 An intermediary MAY drop the informational response. It MAY send 138 HTTP/2 ([RFC7540]) push responses using the information found in the 139 informational response. 141 3. Security Considerations 143 Clients may have issues handling Early Hints, since informational 144 response is rarely used for requests not including an Expect header 145 ([RFC7231], section 5.1.1). 147 An HTTP/1.1 client that mishandles the informational response as a 148 final response is likely to consider all the responses to the 149 succeeding requests sent over the same connection to be part of the 150 final response. Such behavior may constitute a cross-origin 151 information disclosure vulnerability in case the client multiplexes 152 requests to different origins onto a single persistent connection. 154 Therefore, a server might refrain from sending Early Hints over 155 HTTP/1.1 unless when the client is known to handle informational 156 responses correctly. 158 HTTP/2 clients are less likely to suffer from incorrect framing since 159 handling of the response headers does not affect how the end of the 160 response body is determined. 162 4. IANA Considerations 164 If Early Hints is standardized, the HTTP Status Codes Registry should 165 be updated with the following entries: 167 o Code: 103 169 o Description: Early Hints 171 o Specification: this document 173 5. Acknowledgements 175 Thanks to Tatsuhiro Tsujikawa for coming up with the idea of sending 176 the link headers using an informational response. 178 6. Changes 180 6.1. Since draft-ietf-httpbis-early-hints-00 182 o Forbid processing the headers of a 103 response as part of the 183 informational response. 185 7. References 187 7.1. Normative References 189 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 190 Requirement Levels", BCP 14, RFC 2119, 191 DOI 10.17487/RFC2119, March 1997, 192 . 194 [RFC7230] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer 195 Protocol (HTTP/1.1): Message Syntax and Routing", 196 RFC 7230, DOI 10.17487/RFC7230, June 2014, 197 . 199 [RFC7231] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer 200 Protocol (HTTP/1.1): Semantics and Content", RFC 7231, 201 DOI 10.17487/RFC7231, June 2014, 202 . 204 [RFC7540] Belshe, M., Peon, R., and M. Thomson, Ed., "Hypertext 205 Transfer Protocol Version 2 (HTTP/2)", RFC 7540, 206 DOI 10.17487/RFC7540, May 2015, 207 . 209 7.2. Informative References 211 [Preload] Grigorik, I., "Preload", September 2016, 212 . 214 Author's Address 216 Kazuho Oku 217 DeNA Co., Ltd. 219 Email: kazuhooku@gmail.com