idnits 2.17.1 draft-ietf-httpbis-header-structure-16.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The abstract seems to contain references ([2], [3], [4], [5], [1]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (March 9, 2020) is 1507 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: '1' on line 1556 -- Looks like a reference, but probably isn't: '2' on line 1558 -- Looks like a reference, but probably isn't: '3' on line 1560 -- Looks like a reference, but probably isn't: '4' on line 1562 -- Looks like a reference, but probably isn't: '5' on line 1564 == Missing Reference: 'RFCxxxx' is mentioned on line 321, but not defined == Missing Reference: 'RFC3986' is mentioned on line 328, but not defined -- Looks like a reference, but probably isn't: '6' on line 1617 ** Obsolete normative reference: RFC 7230 (Obsoleted by RFC 9110, RFC 9112) -- Obsolete informational reference (is this intentional?): RFC 7231 (Obsoleted by RFC 9110) -- Obsolete informational reference (is this intentional?): RFC 7540 (Obsoleted by RFC 9113) Summary: 2 errors (**), 0 flaws (~~), 3 warnings (==), 9 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 HTTP M. Nottingham 3 Internet-Draft Fastly 4 Intended status: Standards Track P-H. Kamp 5 Expires: September 10, 2020 The Varnish Cache Project 6 March 9, 2020 8 Structured Field Values for HTTP 9 draft-ietf-httpbis-header-structure-16 11 Abstract 13 This document describes a set of data types and associated algorithms 14 that are intended to make it easier and safer to define and handle 15 HTTP header and trailer fields, known as "Structured Fields", or 16 "Structured Headers". It is intended for use by specifications of 17 new HTTP fields that wish to use a common syntax that is more 18 restrictive than traditional HTTP field values. 20 Note to Readers 22 _RFC EDITOR: please remove this section before publication_ 24 Discussion of this draft takes place on the HTTP working group 25 mailing list (ietf-http-wg@w3.org), which is archived at 26 https://lists.w3.org/Archives/Public/ietf-http-wg/ [1]. 28 Working Group information can be found at https://httpwg.github.io/ 29 [2]; source code and issues list for this draft can be found at 30 https://github.com/httpwg/http-extensions/labels/header-structure 31 [3]. 33 Tests for implementations are collected at https://github.com/httpwg/ 34 structured-header-tests [4]. 36 Implementations are tracked at https://github.com/httpwg/wiki/wiki/ 37 Structured-Headers [5]. 39 Status of This Memo 41 This Internet-Draft is submitted in full conformance with the 42 provisions of BCP 78 and BCP 79. 44 Internet-Drafts are working documents of the Internet Engineering 45 Task Force (IETF). Note that other groups may also distribute 46 working documents as Internet-Drafts. The list of current Internet- 47 Drafts is at https://datatracker.ietf.org/drafts/current/. 49 Internet-Drafts are draft documents valid for a maximum of six months 50 and may be updated, replaced, or obsoleted by other documents at any 51 time. It is inappropriate to use Internet-Drafts as reference 52 material or to cite them other than as "work in progress." 54 This Internet-Draft will expire on September 10, 2020. 56 Copyright Notice 58 Copyright (c) 2020 IETF Trust and the persons identified as the 59 document authors. All rights reserved. 61 This document is subject to BCP 78 and the IETF Trust's Legal 62 Provisions Relating to IETF Documents 63 (https://trustee.ietf.org/license-info) in effect on the date of 64 publication of this document. Please review these documents 65 carefully, as they describe your rights and restrictions with respect 66 to this document. Code Components extracted from this document must 67 include Simplified BSD License text as described in Section 4.e of 68 the Trust Legal Provisions and are provided without warranty as 69 described in the Simplified BSD License. 71 Table of Contents 73 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 74 1.1. Intentionally Strict Processing . . . . . . . . . . . . . 4 75 1.2. Notational Conventions . . . . . . . . . . . . . . . . . 5 76 2. Defining New Structured Fields . . . . . . . . . . . . . . . 5 77 3. Structured Data Types . . . . . . . . . . . . . . . . . . . . 8 78 3.1. Lists . . . . . . . . . . . . . . . . . . . . . . . . . . 8 79 3.1.1. Inner Lists . . . . . . . . . . . . . . . . . . . . . 9 80 3.1.2. Parameters . . . . . . . . . . . . . . . . . . . . . 9 81 3.2. Dictionaries . . . . . . . . . . . . . . . . . . . . . . 10 82 3.3. Items . . . . . . . . . . . . . . . . . . . . . . . . . . 12 83 3.3.1. Integers . . . . . . . . . . . . . . . . . . . . . . 12 84 3.3.2. Decimals . . . . . . . . . . . . . . . . . . . . . . 12 85 3.3.3. Strings . . . . . . . . . . . . . . . . . . . . . . . 13 86 3.3.4. Tokens . . . . . . . . . . . . . . . . . . . . . . . 14 87 3.3.5. Byte Sequences . . . . . . . . . . . . . . . . . . . 14 88 3.3.6. Booleans . . . . . . . . . . . . . . . . . . . . . . 14 89 4. Working With Structured Fields in HTTP . . . . . . . . . . . 15 90 4.1. Serializing Structured Fields . . . . . . . . . . . . . . 15 91 4.1.1. Serializing a List . . . . . . . . . . . . . . . . . 15 92 4.1.2. Serializing a Dictionary . . . . . . . . . . . . . . 17 93 4.1.3. Serializing an Item . . . . . . . . . . . . . . . . . 18 94 4.1.4. Serializing an Integer . . . . . . . . . . . . . . . 19 95 4.1.5. Serializing a Decimal . . . . . . . . . . . . . . . . 19 96 4.1.6. Serializing a String . . . . . . . . . . . . . . . . 20 97 4.1.7. Serializing a Token . . . . . . . . . . . . . . . . . 20 98 4.1.8. Serializing a Byte Sequence . . . . . . . . . . . . . 21 99 4.1.9. Serializing a Boolean . . . . . . . . . . . . . . . . 21 100 4.2. Parsing Structured Fields . . . . . . . . . . . . . . . . 22 101 4.2.1. Parsing a List . . . . . . . . . . . . . . . . . . . 23 102 4.2.2. Parsing a Dictionary . . . . . . . . . . . . . . . . 25 103 4.2.3. Parsing an Item . . . . . . . . . . . . . . . . . . . 26 104 4.2.4. Parsing an Integer or Decimal . . . . . . . . . . . . 28 105 4.2.5. Parsing a String . . . . . . . . . . . . . . . . . . 29 106 4.2.6. Parsing a Token . . . . . . . . . . . . . . . . . . . 30 107 4.2.7. Parsing a Byte Sequence . . . . . . . . . . . . . . . 30 108 4.2.8. Parsing a Boolean . . . . . . . . . . . . . . . . . . 31 109 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 32 110 6. Security Considerations . . . . . . . . . . . . . . . . . . . 32 111 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 32 112 7.1. Normative References . . . . . . . . . . . . . . . . . . 32 113 7.2. Informative References . . . . . . . . . . . . . . . . . 33 114 7.3. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 33 115 Appendix A. Frequently Asked Questions . . . . . . . . . . . . . 34 116 A.1. Why not JSON? . . . . . . . . . . . . . . . . . . . . . . 34 117 Appendix B. Implementation Notes . . . . . . . . . . . . . . . . 34 118 Appendix C. Changes . . . . . . . . . . . . . . . . . . . . . . 35 119 C.1. Since draft-ietf-httpbis-header-structure-15 . . . . . . 35 120 C.2. Since draft-ietf-httpbis-header-structure-14 . . . . . . 35 121 C.3. Since draft-ietf-httpbis-header-structure-13 . . . . . . 36 122 C.4. Since draft-ietf-httpbis-header-structure-12 . . . . . . 36 123 C.5. Since draft-ietf-httpbis-header-structure-11 . . . . . . 37 124 C.6. Since draft-ietf-httpbis-header-structure-10 . . . . . . 37 125 C.7. Since draft-ietf-httpbis-header-structure-09 . . . . . . 37 126 C.8. Since draft-ietf-httpbis-header-structure-08 . . . . . . 37 127 C.9. Since draft-ietf-httpbis-header-structure-07 . . . . . . 38 128 C.10. Since draft-ietf-httpbis-header-structure-06 . . . . . . 38 129 C.11. Since draft-ietf-httpbis-header-structure-05 . . . . . . 38 130 C.12. Since draft-ietf-httpbis-header-structure-04 . . . . . . 39 131 C.13. Since draft-ietf-httpbis-header-structure-03 . . . . . . 39 132 C.14. Since draft-ietf-httpbis-header-structure-02 . . . . . . 39 133 C.15. Since draft-ietf-httpbis-header-structure-01 . . . . . . 39 134 C.16. Since draft-ietf-httpbis-header-structure-00 . . . . . . 39 135 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 40 136 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 40 138 1. Introduction 140 Specifying the syntax of new HTTP header (and trailer) fields is an 141 onerous task; even with the guidance in Section 8.3.1 of [RFC7231], 142 there are many decisions - and pitfalls - for a prospective HTTP 143 field author. 145 Once a field is defined, bespoke parsers and serializers often need 146 to be written, because each field value has slightly different 147 handling of what looks like common syntax. 149 This document introduces a set of common data structures for use in 150 definitions of new HTTP field values to address these problems. In 151 particular, it defines a generic, abstract model for them, along with 152 a concrete serialization for expressing that model in HTTP [RFC7230] 153 header and trailer fields. 155 A HTTP field that is defined as a "Structured Header" (or "Structured 156 Trailer", respectively; if the field can be either, it is a 157 "Structured Field") uses the types defined in this specification to 158 define its syntax and basic handling rules, thereby simplifying both 159 its definition by specification writers and handling by 160 implementations. 162 Additionally, future versions of HTTP can define alternative 163 serializations of the abstract model of these structures, allowing 164 fields that use it to be transmitted more efficiently without being 165 redefined. 167 Note that it is not a goal of this document to redefine the syntax of 168 existing HTTP fields; the mechanisms described herein are only 169 intended to be used with those that explicitly opt into them. 171 Section 2 describes how to specify a Structured Field. 173 Section 3 defines a number of abstract data types that can be used in 174 Structured Fields. 176 Those abstract types can be serialized into and parsed from HTTP 177 field values using the algorithms described in Section 4. 179 1.1. Intentionally Strict Processing 181 This specification intentionally defines strict parsing and 182 serialization behaviors using step-by-step algorithms; the only error 183 handling defined is to fail the operation altogether. 185 It is designed to encourage faithful implementation and therefore 186 good interoperability. Therefore, an implementation that tried to be 187 "helpful" by being more tolerant of input would make interoperability 188 worse, since that would create pressure on other implementations to 189 implement similar (but likely subtly different) workarounds. 191 In other words, strict processing is an intentional feature of this 192 specification; it allows non-conformant input to be discovered and 193 corrected by the producer early, and avoids both interoperability and 194 security issues that might otherwise result. 196 Note that as a result of this strictness, if a field is appended to 197 by multiple parties (e.g., intermediaries, or different components in 198 the sender), an error in one party's value is likely to cause the 199 entire field value to fail parsing. 201 1.2. Notational Conventions 203 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 204 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 205 "OPTIONAL" in this document are to be interpreted as described in BCP 206 14 [RFC2119] [RFC8174] when, and only when, they appear in all 207 capitals, as shown here. 209 This document uses algorithms to specify parsing and serialization 210 behaviors, and the Augmented Backus-Naur Form (ABNF) notation of 211 [RFC5234] to illustrate expected syntax in HTTP header fields. In 212 doing so, it uses the VCHAR, SP, DIGIT, ALPHA and DQUOTE rules from 213 [RFC5234]. It also includes the tchar rule from [RFC7230]. 215 When parsing from HTTP fields, implementations MUST follow the 216 algorithms, but MAY vary in implementation so as the behaviors are 217 indistinguishable from specified behavior. If there is disagreement 218 between the parsing algorithms and ABNF, the specified algorithms 219 take precedence. In some places, the algorithms are "greedy" with 220 whitespace, but this should not affect conformance. 222 For serialization to HTTP fields, the ABNF illustrates the range of 223 acceptable wire representations with as much fidelity as possible, 224 and the algorithms define the recommended way to produce them. 225 Implementations MAY vary from the specified behavior so long as the 226 output still matches the ABNF. 228 2. Defining New Structured Fields 230 To specify a HTTP field as a Structured Field, its authors needs to: 232 o Reference this specification. Recipients and generators of the 233 field need to know that the requirements of this document are in 234 effect. 236 o Identify whether the field is a Structured Header (i.e., it can 237 only be used in the header section - the common case), a 238 Structured Field (only in the trailer section), or a Structured 239 Field (both). 241 o Specify the type of the field value; either List (Section 3.1), 242 Dictionary (Section 3.2), or Item (Section 3.3). 244 o Define the semantics of those structures. 246 o Specify any additional constraints upon the structures used, as 247 well as the consequences when those constraints are violated. 249 Typically, this means that a field definition will specify the top- 250 level type - List, Dictionary or Item - and then define its allowable 251 types, and constraints upon them. For example, a header defined as a 252 List might have all Integer members, or a mix of types; a header 253 defined as an Item might allow only Strings, and additionally only 254 strings beginning with the letter "Q". Likewise, Inner Lists are 255 only valid when a field definition explicitly allows them. 257 When parsing fails, the field is ignored (see Section 4.2); in most 258 situations, violating field-specific constraints should have the same 259 effect. Thus, if a header is defined as an Item and required to be 260 an Integer, but a String is received, it will by default be ignored. 261 If the field requires different error handling, this should be 262 explicitly specified. 264 However, both Items and Inner Lists allow parameters as an 265 extensibility mechanism; this means that values can later be extended 266 to accommodate more information, if need be. As a result, field 267 specifications are discouraged from defining the presence of an 268 unrecognized Parameter as an error condition. 270 To help assure that this extensibility is available in the future, 271 and to encourage consumers to use a complete parser implementation, a 272 field definition can specify that "grease" Parameters be added by 273 senders. For example, a specification could stipulate that all 274 Parameters beginning with the letter "h" are reserved for this use, 275 and then encourage them to be sent on some portion of requests. This 276 helps to discourage recipients from writing a parser that does not 277 account for Parameters. 279 Note that a field definition cannot relax the requirements of this 280 specification because doing so would preclude handling by generic 281 software; they can only add additional constraints (for example, on 282 the numeric range of Integers and Decimals, the format of Strings and 283 Tokens, the types allowed in a Dictionary's values, or the number of 284 Items in a List). Likewise, field definitions can only use this 285 specification for the entire field value, not a portion thereof. 287 This specification defines minimums for the length or number of 288 various structures supported by implementations. It does not specify 289 maximum sizes in most cases, but authors should be aware that HTTP 290 implementations do impose various limits on the size of individual 291 fields, the total number of fields, and/or the size of the entire 292 header or trailer section. 294 Specifications can refer to a field name as a "structured header 295 name", "structured trailer name" or "structured field name" as 296 appropriate. Likewise, they can refer its field value as a 297 "structured header value", "structured trailer value" or "structured 298 field value" as necessary. Field definitions are encouraged to use 299 the ABNF rules beginning with "sh-" defined in this specification; 300 other rules in this specification are not intended for their use. 302 For example, a fictitious Foo-Example header field might be specified 303 as: 305 42. Foo-Example Header 307 The Foo-Example HTTP header field conveys information about how 308 much Foo the message has. 310 Foo-Example is a Item Structured Header [RFCxxxx]. Its value MUST be 311 an Integer (Section Y.Y of [RFCxxxx]). Its ABNF is: 313 Foo-Example = sh-integer 315 Its value indicates the amount of Foo in the message, and MUST 316 be between 0 and 10, inclusive; other values MUST cause 317 the entire header to be ignored. 319 The following parameters are defined: 320 * A Parameter whose name is "foourl", and whose value is a String 321 (Section Y.Y of [RFCxxxx]), conveying the Foo URL 322 for the message. See below for processing requirements. 324 "foourl" contains a URI-reference (Section 4.1 of 325 [RFC3986]). If its value is not a valid URI-reference, 326 it MUST be ignored. If its value is a relative reference 327 (Section 4.2 of [RFC3986]), it MUST be resolved (Section 5 of 328 [RFC3986]) before being used. 330 For example: 332 Foo-Example: 2; foourl="https://foo.example.com/" 334 3. Structured Data Types 336 This section defines the abstract value types that can be composed 337 into Structured Fields. The ABNF provided represents the on-wire 338 format in HTTP field values. 340 In summary: 342 o There are three top-level types that a HTTP field can be defined 343 as; Lists, Dictionaries, and Items. 345 o Lists and Dictionaries are containers; their members can be Items 346 or Inner Lists (which are themselves lists of items). 348 o Both Items and Inner Lists can be parameterized with key/value 349 pairs. 351 3.1. Lists 353 Lists are arrays of zero or more members, each of which can be an 354 Item (Section 3.3) or an Inner List (Section 3.1.1), both of which 355 can be Parameterized (Section 3.1.2). 357 The ABNF for Lists in HTTP fields is: 359 sh-list = list-member *( *SP "," *SP list-member ) 360 list-member = sh-item / inner-list 362 Each member is separated by a comma and optional whitespace. For 363 example, a field whose value is defined as a List of Strings could 364 look like: 366 Example-StrListHeader: "foo", "bar", "It was the best of times." 368 An empty List is denoted by not serializing the field at all. 370 Note that Lists can have their members split across multiple lines 371 inside a header or trailer section, as per Section 3.2.2 of 372 [RFC7230]; for example, the following are equivalent: 374 Example-Hdr: foo, bar 376 and 378 Example-Hdr: foo 379 Example-Hdr: bar 380 However, individual members of a List cannot be safely split between 381 across lines; see Section 4.2 for details. 383 Parsers MUST support Lists containing at least 1024 members. Field 384 specifications can constrain the types and cardinality of individual 385 List values as they require. 387 3.1.1. Inner Lists 389 An Inner List is an array of zero or more Items (Section 3.3). Both 390 the individual Items and the Inner List itself can be Parameterized 391 (Section 3.1.2). 393 The ABNF for Inner Lists is: 395 inner-list = "(" *SP [ sh-item *( 1*SP sh-item ) *SP ] ")" 396 parameters 398 Inner Lists are denoted by surrounding parenthesis, and have their 399 values delimited by a single space. A field whose value is defined 400 as a list of Inner Lists of Strings could look like: 402 Example-StrListListHeader: ("foo" "bar"), ("baz"), ("bat" "one"), () 404 Note that the last member in this example is an empty Inner List. 406 A header field whose value is defined as a list of Inner Lists with 407 Parameters at both levels could look like: 409 Example-ListListParam: ("foo"; a=1;b=2);lvl=5, ("bar" "baz");lvl=1 411 Parsers MUST support Inner Lists containing at least 256 members. 412 Field specifications can constrain the types and cardinality of 413 individual Inner List members as they require. 415 3.1.2. Parameters 417 Parameters are an ordered map of key-values pairs that are associated 418 with an Item (Section 3.3) or Inner List (Section 3.1.1). The keys 419 are unique within the scope the Parameters they occur within, and the 420 values are bare items (i.e., they themselves cannot be parameterized; 421 see Section 3.3). 423 The ABNF for Parameters is: 425 parameters = *( ";" *SP parameter ) 426 parameter = param-name [ "=" param-value ] 427 param-name = key 428 key = ( lcalpha / "*" ) 429 *( lcalpha / DIGIT / "_" / "-" / "." / "*" ) 430 lcalpha = %x61-7A ; a-z 431 param-value = bare-item 433 A parameter is separated from its Item or Inner List and other 434 parameters by a semicolon. For example: 436 Example-ParamListHeader: abc;a=1;b=2; cde_456, (ghi;jk=4 l);q="9";r=w 438 Parameters whose value is Boolean true MUST omit that value when 439 serialized. For example: 441 Example-IntHeader: 1; a; b=?0 443 Note that this requirement is only on serialization; parsers are 444 still required to correctly handle the true value when it appears in 445 a parameter. 447 Parsers MUST support at least 256 parameters on an Item or Inner 448 List, and support parameter keys with at least 64 characters. Field 449 specifications can constrain the types and cardinality of individual 450 parameter names and values as they require. 452 3.2. Dictionaries 454 Dictionaries are ordered maps of name-value pairs, where the names 455 are short, textual strings and the values are items (Section 3.3) or 456 arrays of items, both of which can be Parameterized (Section 3.1.2). 457 There can be zero or more members, and their names are unique in the 458 scope of the Dictionary they occur within. 460 Implementations MUST provide access to Dictionaries both by index and 461 by name. Specifications MAY use either means of accessing the 462 members. 464 The ABNF for Dictionaries is: 466 sh-dictionary = dict-member *( *SP "," *SP dict-member ) 467 dict-member = member-name [ "=" member-value ] 468 member-name = key 469 member-value = sh-item / inner-list 470 Members are separated by a comma with optional whitespace, while 471 names and values are separated by "=" (without whitespace). For 472 example: 474 Example-DictHeader: en="Applepie", da=:w4ZibGV0w6ZydGU=: 476 Members whose value is Boolean true MUST omit that value when 477 serialized. For example, here both "b" and "c" are true: 479 Example-DictHeader: a=?0, b, c; foo=bar 481 Note that this requirement is only on serialization; parsers are 482 still required to correctly handle the true Boolean value when it 483 appears in Dictionary values. 485 A Dictionary with a member whose value is an Inner List of tokens: 487 Example-DictListHeader: rating=1.5, feelings=(joy sadness) 489 A Dictionary with a mix of singular and list values, some with 490 Parameters: 492 Example-MixDict: a=(1 2), b=3, c=4;aa=bb, d=(5 6);valid 494 As with lists, an empty Dictionary is represented by omitting the 495 entire field. 497 Typically, a field specification will define the semantics of 498 Dictionaries by specifying the allowed type(s) for individual member 499 names, as well as whether their presence is required or optional. 500 Recipients MUST ignore names that are undefined or unknown, unless 501 the field's specification specifically disallows them. 503 Note that dictionaries can have their members split across multiple 504 lines inside a header or trailer section; for example, the following 505 are equivalent: 507 Example-Hdr: foo=1, bar=2 509 and 511 Example-Hdr: foo=1 512 Example-Hdr: bar=2 514 However, individual members of a Dictionary cannot be safely split 515 between lines; see Section 4.2 for details. 517 Parsers MUST support Dictionaries containing at least 1024 name/value 518 pairs, and names with at least 64 characters. 520 3.3. Items 522 An Item can be a Integer (Section 3.3.1), Decimal (Section 3.3.2), 523 String (Section 3.3.3), Token (Section 3.3.4), Byte Sequence 524 (Section 3.3.5), or Boolean (Section 3.3.6). It can have associated 525 Parameters (Section 3.1.2). 527 The ABNF for Items is: 529 sh-item = bare-item parameters 530 bare-item = sh-integer / sh-decimal / sh-string / sh-token 531 / sh-binary / sh-boolean 533 For example, a header field that is defined to be an Item that is an 534 Integer might look like: 536 Example-IntItemHeader: 5 538 or with Parameters: 540 Example-IntItemHeader: 5; foo=bar 542 3.3.1. Integers 544 Integers have a range of -999,999,999,999,999 to 999,999,999,999,999 545 inclusive (i.e., up to fifteen digits, signed), for IEEE 754 546 compatibility ([IEEE754]). 548 The ABNF for Integers is: 550 sh-integer = ["-"] 1*15DIGIT 552 For example: 554 Example-IntegerHeader: 42 556 Note that commas in Integers are used in this section's prose only 557 for readability; they are not valid in the wire format. 559 3.3.2. Decimals 561 Decimals are numbers with an integer and a fractional component. The 562 integer component has at most 12 digits; the fractional component has 563 at most three digits. 565 The ABNF for decimals is: 567 sh-decimal = ["-"] 1*12DIGIT "." 1*3DIGIT 569 For example, a header whose value is defined as a Decimal could look 570 like: 572 Example-DecimalHeader: 4.5 574 Note that the serialisation algorithm (Section 4.1.5) rounds input 575 with more than three digits of precision in the fractional component. 576 If an alternative rounding strategy is desired, this should be 577 specified by the header definition to occur before serialisation. 579 3.3.3. Strings 581 Strings are zero or more printable ASCII [RFC0020] characters (i.e., 582 the range %x20 to %x7E). Note that this excludes tabs, newlines, 583 carriage returns, etc. 585 The ABNF for Strings is: 587 sh-string = DQUOTE *(chr) DQUOTE 588 chr = unescaped / escaped 589 unescaped = %x20-21 / %x23-5B / %x5D-7E 590 escaped = "\" ( DQUOTE / "\" ) 592 Strings are delimited with double quotes, using a backslash ("\") to 593 escape double quotes and backslashes. For example: 595 Example-StringHeader: "hello world" 597 Note that Strings only use DQUOTE as a delimiter; single quotes do 598 not delimit Strings. Furthermore, only DQUOTE and "\" can be 599 escaped; other characters after "\" MUST cause parsing to fail. 601 Unicode is not directly supported in Strings, because it causes a 602 number of interoperability issues, and - with few exceptions - field 603 values do not require it. 605 When it is necessary for a field value to convey non-ASCII content, a 606 Byte Sequence (Section 3.3.5) can be specified, along with a 607 character encoding (preferably [UTF-8]). 609 Parsers MUST support Strings (after any decoding) with at least 1024 610 characters. 612 3.3.4. Tokens 614 Tokens are short textual words; their abstract model is identical to 615 their expression in the HTTP field value serialization. 617 The ABNF for Tokens is: 619 sh-token = ( ALPHA / "*" ) *( tchar / ":" / "/" ) 621 Parsers MUST support Tokens with at least 512 characters. 623 Note that Token allows the characters as the "token" ABNF rule 624 defined in [RFC7230], with the exceptions that the first character is 625 required to be either ALPHA or "*", and ":" and "/" are also allowed 626 in subsequent characters. 628 3.3.5. Byte Sequences 630 Byte Sequences can be conveyed in Structured Fields. 632 The ABNF for a Byte Sequence is: 634 sh-binary = ":" *(base64) ":" 635 base64 = ALPHA / DIGIT / "+" / "/" / "=" 637 A Byte Sequence is delimited with colons and encoded using base64 638 ([RFC4648], Section 4). For example: 640 Example-BinaryHdr: :cHJldGVuZCB0aGlzIGlzIGJpbmFyeSBjb250ZW50Lg==: 642 Parsers MUST support Byte Sequences with at least 16384 octets after 643 decoding. 645 3.3.6. Booleans 647 Boolean values can be conveyed in Structured Fields. 649 The ABNF for a Boolean is: 651 sh-boolean = "?" boolean 652 boolean = "0" / "1" 654 A Boolean is indicated with a leading "?" character followed by a "1" 655 for a true value or "0" for false. For example: 657 Example-BoolHdr: ?1 659 4. Working With Structured Fields in HTTP 661 This section defines how to serialize and parse Structured Fields in 662 field values, and protocols compatible with them (e.g., in HTTP/2 663 [RFC7540] before HPACK [RFC7541] is applied). 665 4.1. Serializing Structured Fields 667 Given a structure defined in this specification, return an ASCII 668 string suitable for use in a HTTP field value. 670 1. If the structure is a Dictionary or List and its value is empty 671 (i.e., it has no members), do not serialize the field at all 672 (i.e., omit both the field-name and field-value). 674 2. If the structure is a List, let output_string be the result of 675 running Serializing a List (Section 4.1.1) with the structure. 677 3. Else if the structure is a Dictionary, let output_string be the 678 result of running Serializing a Dictionary (Section 4.1.2) with 679 the structure. 681 4. Else if the structure is an Item, let output_string be the result 682 of running Serializing an Item (Section 4.1.3) with the 683 structure. 685 5. Else, fail serialization. 687 6. Return output_string converted into an array of bytes, using 688 ASCII encoding [RFC0020]. 690 4.1.1. Serializing a List 692 Given an array of (member_value, parameters) tuples as input_list, 693 return an ASCII string suitable for use in a HTTP field value. 695 1. Let output be an empty string. 697 2. For each (member_value, parameters) of input_list: 699 1. If member_value is an array, append the result of running 700 Serializing an Inner List (Section 4.1.1.1) with 701 (member_value, parameters) to output. 703 2. Otherwise, append the result of running Serializing an Item 704 (Section 4.1.3) with (member_value, parameters) to output. 706 3. If more member_values remain in input_list: 708 1. Append "," to output. 710 2. Append a single SP to output. 712 3. Return output. 714 4.1.1.1. Serializing an Inner List 716 Given an array of (member_value, parameters) tuples as inner_list, 717 and parameters as list_parameters, return an ASCII string suitable 718 for use in a HTTP field value. 720 1. Let output be the string "(". 722 2. For each (member_value, parameters) of inner_list: 724 1. Append the result of running Serializing an Item 725 (Section 4.1.3) with (member_value, parameters) to output. 727 2. If more values remain in inner_list, append a single SP to 728 output. 730 3. Append ")" to output. 732 4. Append the result of running Serializing Parameters 733 (Section 4.1.1.2) with list_parameters to output. 735 5. Return output. 737 4.1.1.2. Serializing Parameters 739 Given an ordered Dictionary as input_parameters (each member having a 740 param_name and a param_value), return an ASCII string suitable for 741 use in a HTTP field value. 743 1. Let output be an empty string. 745 2. For each param_name with a value of param_value in 746 input_parameters: 748 1. Append ";" to output. 750 2. Append the result of running Serializing a Key 751 (Section 4.1.1.3) with param_name to output. 753 3. If param_value is not Boolean true: 755 1. Append "=" to output. 757 2. Append the result of running Serializing a bare Item 758 (Section 4.1.3.1) with param_value to output. 760 3. Return output. 762 4.1.1.3. Serializing a Key 764 Given a key as input_key, return an ASCII string suitable for use in 765 a HTTP field value. 767 1. Convert input_key into a sequence of ASCII characters; if 768 conversion fails, fail serialization. 770 2. If input_key contains characters not in lcalpha, DIGIT, "_", "-", 771 ".", or "*" fail serialization. 773 3. If the first character of input_key is not lcalpha or "*", fail 774 serialization. 776 4. Let output be an empty string. 778 5. Append input_key to output. 780 6. Return output. 782 4.1.2. Serializing a Dictionary 784 Given an ordered Dictionary as input_dictionary (each member having a 785 member_name and a tuple value of (member_value, parameters)), return 786 an ASCII string suitable for use in a HTTP field value. 788 1. Let output be an empty string. 790 2. For each member_name with a value of (member_value, parameters) 791 in input_dictionary: 793 1. Append the result of running Serializing a Key 794 (Section 4.1.1.3) with member's member_name to output. 796 3. If member_value is Boolean true: 798 1. Append the result of running Serializing Parameters 799 (Section 4.1.1.2) with parameters to output. 801 4. Otherwise: 803 1. Append "=" to output. 805 2. If member_value is an array, append the result of running 806 Serializing an Inner List (Section 4.1.1.1) with 807 (member_value, parameters) to output. 809 3. Otherwise, append the result of running Serializing an Item 810 (Section 4.1.3) with (member_value, parameters) to output. 812 5. If more members remain in input_dictionary: 814 1. Append "," to output. 816 2. Append a single SP to output. 818 6. Return output. 820 4.1.3. Serializing an Item 822 Given an Item as bare_item and Parameters as item_parameters, return 823 an ASCII string suitable for use in a HTTP field value. 825 1. Let output be an empty string. 827 2. Append the result of running Serializing a Bare Item 828 Section 4.1.3.1 with bare_item to output. 830 3. Append the result of running Serializing Parameters 831 Section 4.1.1.2 with item_parameters to output. 833 4. Return output. 835 4.1.3.1. Serializing a Bare Item 837 Given an Item as input_item, return an ASCII string suitable for use 838 in a HTTP field value. 840 1. If input_item is an Integer, return the result of running 841 Serializing an Integer (Section 4.1.4) with input_item. 843 2. If input_item is a Decimal, return the result of running 844 Serializing a Decimal (Section 4.1.5) with input_item. 846 3. If input_item is a String, return the result of running 847 Serializing a String (Section 4.1.6) with input_item. 849 4. If input_item is a Token, return the result of running 850 Serializing a Token (Section 4.1.7) with input_item. 852 5. If input_item is a Boolean, return the result of running 853 Serializing a Boolean (Section 4.1.9) with input_item. 855 6. If input_item is a Byte Sequence, return the result of running 856 Serializing a Byte Sequence (Section 4.1.8) with input_item. 858 7. Otherwise, fail serialization. 860 4.1.4. Serializing an Integer 862 Given an Integer as input_integer, return an ASCII string suitable 863 for use in a HTTP field value. 865 1. If input_integer is not an integer in the range of 866 -999,999,999,999,999 to 999,999,999,999,999 inclusive, fail 867 serialization. 869 2. Let output be an empty string. 871 3. If input_integer is less than (but not equal to) 0, append "-" to 872 output. 874 4. Append input_integer's numeric value represented in base 10 using 875 only decimal digits to output. 877 5. Return output. 879 4.1.5. Serializing a Decimal 881 Given a decimal number as input_decimal, return an ASCII string 882 suitable for use in a HTTP field value. 884 1. If input_decimal is not a decimal number, fail serialization. 886 2. If input_decimal has more than three significant digits to the 887 right of the decimal point, round it to three decimal places, 888 rounding the final digit to the nearest value, or to the even 889 value if it is equidistant. 891 3. If input_decimal has more than 12 significant digits to the left 892 of the decimal point after rounding, fail serialization. 894 4. Let output be an empty string. 896 5. If input_decimal is less than (but not equal to) 0, append "-" 897 to output. 899 6. Append input_decimal's integer component represented in base 10 900 (using only decimal digits) to output; if it is zero, append 901 "0". 903 7. Append "." to output. 905 8. If input_decimal's fractional component is zero, append "0" to 906 output. 908 9. Otherwise, append the significant digits of input_decimal's 909 fractional component represented in base 10 (using only decimal 910 digits) to output. 912 10. Return output. 914 4.1.6. Serializing a String 916 Given a String as input_string, return an ASCII string suitable for 917 use in a HTTP field value. 919 1. Convert input_string into a sequence of ASCII characters; if 920 conversion fails, fail serialization. 922 2. If input_string contains characters in the range %x00-1f or %x7f 923 (i.e., not in VCHAR or SP), fail serialization. 925 3. Let output be an empty string. 927 4. Append DQUOTE to output. 929 5. For each character char in input_string: 931 1. If char is "\" or DQUOTE: 933 1. Append "\" to output. 935 2. Append char to output. 937 6. Append DQUOTE to output. 939 7. Return output. 941 4.1.7. Serializing a Token 943 Given a Token as input_token, return an ASCII string suitable for use 944 in a HTTP field value. 946 1. Convert input_token into a sequence of ASCII characters; if 947 conversion fails, fail serialization. 949 2. If the first character of input_token is not ALPHA or "*", or the 950 remaining portion contains a character not in tchar, ":" or "/", 951 fail serialization. 953 3. Let output be an empty string. 955 4. Append input_token to output. 957 5. Return output. 959 4.1.8. Serializing a Byte Sequence 961 Given a Byte Sequence as input_bytes, return an ASCII string suitable 962 for use in a HTTP field value. 964 1. If input_bytes is not a sequence of bytes, fail serialization. 966 2. Let output be an empty string. 968 3. Append ":" to output. 970 4. Append the result of base64-encoding input_bytes as per 971 [RFC4648], Section 4, taking account of the requirements below. 973 5. Append ":" to output. 975 6. Return output. 977 The encoded data is required to be padded with "=", as per [RFC4648], 978 Section 3.2. 980 Likewise, encoded data SHOULD have pad bits set to zero, as per 981 [RFC4648], Section 3.5, unless it is not possible to do so due to 982 implementation constraints. 984 4.1.9. Serializing a Boolean 986 Given a Boolean as input_boolean, return an ASCII string suitable for 987 use in a HTTP field value. 989 1. If input_boolean is not a boolean, fail serialization. 991 2. Let output be an empty string. 993 3. Append "?" to output. 995 4. If input_boolean is true, append "1" to output. 997 5. If input_boolean is false, append "0" to output. 999 6. Return output. 1001 4.2. Parsing Structured Fields 1003 When a receiving implementation parses HTTP fields that are known to 1004 be Structured Fields, it is important that care be taken, as there 1005 are a number of edge cases that can cause interoperability or even 1006 security problems. This section specifies the algorithm for doing 1007 so. 1009 Given an array of bytes input_bytes that represents the chosen 1010 field's field-value (which is empty if that field is not present), 1011 and field_type (one of "dictionary", "list", or "item"), return the 1012 parsed header value. 1014 1. Convert input_bytes into an ASCII string input_string; if 1015 conversion fails, fail parsing. 1017 2. Discard any leading SP characters from input_string. 1019 3. If field_type is "list", let output be the result of running 1020 Parsing a List (Section 4.2.1) with input_string. 1022 4. If field_type is "dictionary", let output be the result of 1023 running Parsing a Dictionary (Section 4.2.2) with input_string. 1025 5. If field_type is "item", let output be the result of running 1026 Parsing an Item (Section 4.2.3) with input_string. 1028 6. Discard any leading SP characters from input_string. 1030 7. If input_string is not empty, fail parsing. 1032 8. Otherwise, return output. 1034 When generating input_bytes, parsers MUST combine all lines in the 1035 same section (header or trailer) that case-insensitively match the 1036 field name into one comma-separated field-value, as per [RFC7230], 1037 Section 3.2.2; this assures that the entire field value is processed 1038 correctly. 1040 For Lists and Dictionaries, this has the effect of correctly 1041 concatenating all of the field's lines, as long as individual members 1042 of the top-level data structure are not split across multiple header 1043 instances. 1045 Strings split across multiple field lines will have unpredictable 1046 results, because comma(s) and whitespace inserted upon combination 1047 will become part of the string output by the parser. Since 1048 concatenation might be done by an upstream intermediary, the results 1049 are not under the control of the serializer or the parser. 1051 Tokens, Integers, Decimals and Byte Sequences cannot be split across 1052 multiple field lines because the inserted commas will cause parsing 1053 to fail. 1055 If parsing fails - including when calling another algorithm - the 1056 entire field value MUST be ignored (i.e., treated as if the field 1057 were not present in the section). This is intentionally strict, to 1058 improve interoperability and safety, and specifications referencing 1059 this document are not allowed to loosen this requirement. 1061 Note that this requirement does not apply to an implementation that 1062 is not parsing the field; for example, an intermediary is not 1063 required to strip a failing header field from a message before 1064 forwarding it. 1066 4.2.1. Parsing a List 1068 Given an ASCII string as input_string, return an array of 1069 (item_or_inner_list, parameters) tuples. input_string is modified to 1070 remove the parsed value. 1072 1. Let members be an empty array. 1074 2. While input_string is not empty: 1076 1. Append the result of running Parsing an Item or Inner List 1077 (Section 4.2.1.1) with input_string to members. 1079 2. Discard any leading SP characters from input_string. 1081 3. If input_string is empty, return members. 1083 4. Consume the first character of input_string; if it is not 1084 ",", fail parsing. 1086 5. Discard any leading SP characters from input_string. 1088 6. If input_string is empty, there is a trailing comma; fail 1089 parsing. 1091 3. No structured data has been found; return members (which is 1092 empty). 1094 4.2.1.1. Parsing an Item or Inner List 1096 Given an ASCII string as input_string, return the tuple 1097 (item_or_inner_list, parameters), where item_or_inner_list can be 1098 either a single bare item, or an array of (bare_item, parameters) 1099 tuples. input_string is modified to remove the parsed value. 1101 1. If the first character of input_string is "(", return the result 1102 of running Parsing an Inner List (Section 4.2.1.2) with 1103 input_string. 1105 2. Return the result of running Parsing an Item (Section 4.2.3) with 1106 input_string. 1108 4.2.1.2. Parsing an Inner List 1110 Given an ASCII string as input_string, return the tuple (inner_list, 1111 parameters), where inner_list is an array of (bare_item, parameters) 1112 tuples. input_string is modified to remove the parsed value. 1114 1. Consume the first character of input_string; if it is not "(", 1115 fail parsing. 1117 2. Let inner_list be an empty array. 1119 3. While input_string is not empty: 1121 1. Discard any leading SP characters from input_string. 1123 2. If the first character of input_string is ")": 1125 1. Consume the first character of input_string. 1127 2. Let parameters be the result of running Parsing 1128 Parameters (Section 4.2.3.2) with input_string. 1130 3. Return the tuple (inner_list, parameters). 1132 3. Let item be the result of running Parsing an Item 1133 (Section 4.2.3) with input_string. 1135 4. Append item to inner_list. 1137 5. If the first character of input_string is not SP or ")", fail 1138 parsing. 1140 4. The end of the inner list was not found; fail parsing. 1142 4.2.2. Parsing a Dictionary 1144 Given an ASCII string as input_string, return an ordered map whose 1145 values are (item_or_inner_list, parameters) tuples. input_string is 1146 modified to remove the parsed value. 1148 1. Let dictionary be an empty, ordered map. 1150 2. While input_string is not empty: 1152 1. Let this_key be the result of running Parsing a Key 1153 (Section 4.2.3.3) with input_string. 1155 2. If the first character of input_string is "=": 1157 1. Consume the first character of input_string. 1159 2. Let member be the result of running Parsing an Item or 1160 Inner List (Section 4.2.1.1) with input_string. 1162 3. Otherwise: 1164 1. Let value be Boolean true. 1166 2. Let parameters be the result of running Parsing 1167 Parameters Section 4.2.3.2 with input_string. 1169 3. Let member be the tuple (value, parameters). 1171 4. Add name this_key with value member to dictionary. If 1172 dictionary already contains a name this_key (comparing 1173 character-for-character), overwrite its value. 1175 5. Discard any leading SP characters from input_string. 1177 6. If input_string is empty, return dictionary. 1179 7. Consume the first character of input_string; if it is not 1180 ",", fail parsing. 1182 8. Discard any leading SP characters from input_string. 1184 9. If input_string is empty, there is a trailing comma; fail 1185 parsing. 1187 3. No structured data has been found; return dictionary (which is 1188 empty). 1190 4.2.3. Parsing an Item 1192 Given an ASCII string as input_string, return a (bare_item, 1193 parameters) tuple. input_string is modified to remove the parsed 1194 value. 1196 1. Let bare_item be the result of running Parsing a Bare Item 1197 (Section 4.2.3.1) with input_string. 1199 2. Let parameters be the result of running Parsing Parameters 1200 (Section 4.2.3.2) with input_string. 1202 3. Return the tuple (bare_item, parameters). 1204 4.2.3.1. Parsing a Bare Item 1206 Given an ASCII string as input_string, return a bare Item. 1207 input_string is modified to remove the parsed value. 1209 1. If the first character of input_string is a "-" or a DIGIT, 1210 return the result of running Parsing an Integer or Decimal 1211 (Section 4.2.4) with input_string. 1213 2. If the first character of input_string is a DQUOTE, return the 1214 result of running Parsing a String (Section 4.2.5) with 1215 input_string. 1217 3. If the first character of input_string is ":", return the result 1218 of running Parsing a Byte Sequence (Section 4.2.7) with 1219 input_string. 1221 4. If the first character of input_string is "?", return the result 1222 of running Parsing a Boolean (Section 4.2.8) with input_string. 1224 5. If the first character of input_string is an ALPHA or "*", return 1225 the result of running Parsing a Token (Section 4.2.6) with 1226 input_string. 1228 6. Otherwise, the item type is unrecognized; fail parsing. 1230 4.2.3.2. Parsing Parameters 1232 Given an ASCII string as input_string, return an ordered map whose 1233 values are bare Items. input_string is modified to remove the parsed 1234 value. 1236 1. Let parameters be an empty, ordered map. 1238 2. While input_string is not empty: 1240 1. If the first character of input_string is not ";", exit the 1241 loop. 1243 2. Consume a ";" character from the beginning of input_string. 1245 3. Discard any leading SP characters from input_string. 1247 4. let param_name be the result of running Parsing a Key 1248 (Section 4.2.3.3) with input_string. 1250 5. Let param_value be Boolean true. 1252 6. If the first character of input_string is "=": 1254 1. Consume the "=" character at the beginning of 1255 input_string. 1257 2. Let param_value be the result of running Parsing a Bare 1258 Item (Section 4.2.3.1) with input_string. 1260 7. Append key param_name with value param_value to parameters. 1261 If parameters already contains a name param_name (comparing 1262 character-for-character), overwrite its value. 1264 3. Return parameters. 1266 4.2.3.3. Parsing a Key 1268 Given an ASCII string as input_string, return a key. input_string is 1269 modified to remove the parsed value. 1271 1. If the first character of input_string is not lcalpha or "*", 1272 fail parsing. 1274 2. Let output_string be an empty string. 1276 3. While input_string is not empty: 1278 1. If the first character of input_string is not one of lcalpha, 1279 DIGIT, "_", "-", ".", or "*", return output_string. 1281 2. Let char be the result of consuming the first character of 1282 input_string. 1284 3. Append char to output_string. 1286 4. Return output_string. 1288 4.2.4. Parsing an Integer or Decimal 1290 Given an ASCII string as input_string, return an Integer or Decimal. 1291 input_string is modified to remove the parsed value. 1293 NOTE: This algorithm parses both Integers (Section 3.3.1) and 1294 Decimals (Section 3.3.2), and returns the corresponding structure. 1296 1. Let type be "integer". 1298 2. Let sign be 1. 1300 3. Let input_number be an empty string. 1302 4. If the first character of input_string is "-", consume it and 1303 set sign to -1. 1305 5. If input_string is empty, there is an empty integer; fail 1306 parsing. 1308 6. If the first character of input_string is not a DIGIT, fail 1309 parsing. 1311 7. While input_string is not empty: 1313 1. Let char be the result of consuming the first character of 1314 input_string. 1316 2. If char is a DIGIT, append it to input_number. 1318 3. Else, if type is "integer" and char is ".": 1320 1. If input_number contains more than 12 characters, fail 1321 parsing. 1323 2. Otherwise, append char to input_number and set type to 1324 "decimal". 1326 4. Otherwise, prepend char to input_string, and exit the loop. 1328 5. If type is "integer" and input_number contains more than 15 1329 characters, fail parsing. 1331 6. If type is "decimal" and input_number contains more than 16 1332 characters, fail parsing. 1334 8. If type is "integer": 1336 1. Parse input_number as an integer and let output_number be 1337 the product of the result and sign. 1339 2. If output_number is outside the range -999,999,999,999,999 1340 to 999,999,999,999,999 inclusive, fail parsing. 1342 9. Otherwise: 1344 1. If the final character of input_number is ".", fail parsing. 1346 2. If the number of characters after "." in input_number is 1347 greater than three, fail parsing. 1349 3. Parse input_number as a decimal number and let output_number 1350 be the product of the result and sign. 1352 10. Return output_number. 1354 4.2.5. Parsing a String 1356 Given an ASCII string as input_string, return an unquoted String. 1357 input_string is modified to remove the parsed value. 1359 1. Let output_string be an empty string. 1361 2. If the first character of input_string is not DQUOTE, fail 1362 parsing. 1364 3. Discard the first character of input_string. 1366 4. While input_string is not empty: 1368 1. Let char be the result of consuming the first character of 1369 input_string. 1371 2. If char is a backslash ("\"): 1373 1. If input_string is now empty, fail parsing. 1375 2. Let next_char be the result of consuming the first 1376 character of input_string. 1378 3. If next_char is not DQUOTE or "\", fail parsing. 1380 4. Append next_char to output_string. 1382 3. Else, if char is DQUOTE, return output_string. 1384 4. Else, if char is in the range %x00-1f or %x7f (i.e., is not 1385 in VCHAR or SP), fail parsing. 1387 5. Else, append char to output_string. 1389 5. Reached the end of input_string without finding a closing DQUOTE; 1390 fail parsing. 1392 4.2.6. Parsing a Token 1394 Given an ASCII string as input_string, return a Token. input_string 1395 is modified to remove the parsed value. 1397 1. If the first character of input_string is not ALPHA or "*", fail 1398 parsing. 1400 2. Let output_string be an empty string. 1402 3. While input_string is not empty: 1404 1. If the first character of input_string is not in tchar, ":" 1405 or "/", return output_string. 1407 2. Let char be the result of consuming the first character of 1408 input_string. 1410 3. Append char to output_string. 1412 4. Return output_string. 1414 4.2.7. Parsing a Byte Sequence 1416 Given an ASCII string as input_string, return a Byte Sequence. 1417 input_string is modified to remove the parsed value. 1419 1. If the first character of input_string is not ":", fail parsing. 1421 2. Discard the first character of input_string. 1423 3. If there is not a ":" character before the end of input_string, 1424 fail parsing. 1426 4. Let b64_content be the result of consuming content of 1427 input_string up to but not including the first instance of the 1428 character ":". 1430 5. Consume the ":" character at the beginning of input_string. 1432 6. If b64_content contains a character not included in ALPHA, DIGIT, 1433 "+", "/" and "=", fail parsing. 1435 7. Let binary_content be the result of Base 64 Decoding [RFC4648] 1436 b64_content, synthesizing padding if necessary (note the 1437 requirements about recipient behavior below). 1439 8. Return binary_content. 1441 Because some implementations of base64 do not allow reject of encoded 1442 data that is not properly "=" padded (see [RFC4648], Section 3.2), 1443 parsers SHOULD NOT fail when it is not present, unless they cannot be 1444 configured to do so. 1446 Because some implementations of base64 do not allow rejection of 1447 encoded data that has non-zero pad bits (see [RFC4648], Section 3.5), 1448 parsers SHOULD NOT fail when it is present, unless they cannot be 1449 configured to do so. 1451 This specification does not relax the requirements in [RFC4648], 1452 Section 3.1 and 3.3; therefore, parsers MUST fail on characters 1453 outside the base64 alphabet, and on line feeds in encoded data. 1455 4.2.8. Parsing a Boolean 1457 Given an ASCII string as input_string, return a Boolean. input_string 1458 is modified to remove the parsed value. 1460 1. If the first character of input_string is not "?", fail parsing. 1462 2. Discard the first character of input_string. 1464 3. If the first character of input_string matches "1", discard the 1465 first character, and return true. 1467 4. If the first character of input_string matches "0", discard the 1468 first character, and return false. 1470 5. No value has matched; fail parsing. 1472 5. IANA Considerations 1474 This document has no actions for IANA. 1476 6. Security Considerations 1478 The size of most types defined by Structured Fields is not limited; 1479 as a result, extremely large fields could be an attack vector (e.g., 1480 for resource consumption). Most HTTP implementations limit the sizes 1481 of individual fields as well as the overall header or trailer section 1482 size to mitigate such attacks. 1484 It is possible for parties with the ability to inject new HTTP fields 1485 to change the meaning of a Structured Field. In some circumstances, 1486 this will cause parsing to fail, but it is not possible to reliably 1487 fail in all such circumstances. 1489 7. References 1491 7.1. Normative References 1493 [RFC0020] Cerf, V., "ASCII format for network interchange", STD 80, 1494 RFC 20, DOI 10.17487/RFC0020, October 1969, 1495 . 1497 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1498 Requirement Levels", BCP 14, RFC 2119, 1499 DOI 10.17487/RFC2119, March 1997, 1500 . 1502 [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data 1503 Encodings", RFC 4648, DOI 10.17487/RFC4648, October 2006, 1504 . 1506 [RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax 1507 Specifications: ABNF", STD 68, RFC 5234, 1508 DOI 10.17487/RFC5234, January 2008, 1509 . 1511 [RFC7230] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer 1512 Protocol (HTTP/1.1): Message Syntax and Routing", 1513 RFC 7230, DOI 10.17487/RFC7230, June 2014, 1514 . 1516 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 1517 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 1518 May 2017, . 1520 7.2. Informative References 1522 [IEEE754] IEEE, "IEEE Standard for Floating-Point Arithmetic", 1523 IEEE 754-2019, DOI 10.1109/IEEESTD.2019.8766229, 1524 ISBN 978-1-5044-5924-2, July 2019, 1525 . 1527 [RFC7231] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer 1528 Protocol (HTTP/1.1): Semantics and Content", RFC 7231, 1529 DOI 10.17487/RFC7231, June 2014, 1530 . 1532 [RFC7493] Bray, T., Ed., "The I-JSON Message Format", RFC 7493, 1533 DOI 10.17487/RFC7493, March 2015, 1534 . 1536 [RFC7540] Belshe, M., Peon, R., and M. Thomson, Ed., "Hypertext 1537 Transfer Protocol Version 2 (HTTP/2)", RFC 7540, 1538 DOI 10.17487/RFC7540, May 2015, 1539 . 1541 [RFC7541] Peon, R. and H. Ruellan, "HPACK: Header Compression for 1542 HTTP/2", RFC 7541, DOI 10.17487/RFC7541, May 2015, 1543 . 1545 [RFC8259] Bray, T., Ed., "The JavaScript Object Notation (JSON) Data 1546 Interchange Format", STD 90, RFC 8259, 1547 DOI 10.17487/RFC8259, December 2017, 1548 . 1550 [UTF-8] Yergeau, F., "UTF-8, a transformation format of ISO 1551 10646", STD 63, RFC 3629, DOI 10.17487/RFC3629, November 1552 2003, . 1554 7.3. URIs 1556 [1] https://lists.w3.org/Archives/Public/ietf-http-wg/ 1558 [2] https://httpwg.github.io/ 1560 [3] https://github.com/httpwg/http-extensions/labels/header-structure 1562 [4] https://github.com/httpwg/structured-header-tests 1564 [5] https://github.com/httpwg/wiki/wiki/Structured-Headers 1566 [6] https://github.com/httpwg/structured-header-tests 1568 Appendix A. Frequently Asked Questions 1570 A.1. Why not JSON? 1572 Earlier proposals for Structured Fields were based upon JSON 1573 [RFC8259]. However, constraining its use to make it suitable for 1574 HTTP header fields required senders and recipients to implement 1575 specific additional handling. 1577 For example, JSON has specification issues around large numbers and 1578 objects with duplicate members. Although advice for avoiding these 1579 issues is available (e.g., [RFC7493]), it cannot be relied upon. 1581 Likewise, JSON strings are by default Unicode strings, which have a 1582 number of potential interoperability issues (e.g., in comparison). 1583 Although implementers can be advised to avoid non-ASCII content where 1584 unnecessary, this is difficult to enforce. 1586 Another example is JSON's ability to nest content to arbitrary 1587 depths. Since the resulting memory commitment might be unsuitable 1588 (e.g., in embedded and other limited server deployments), it's 1589 necessary to limit it in some fashion; however, existing JSON 1590 implementations have no such limits, and even if a limit is 1591 specified, it's likely that some field definition will find a need to 1592 violate it. 1594 Because of JSON's broad adoption and implementation, it is difficult 1595 to impose such additional constraints across all implementations; 1596 some deployments would fail to enforce them, thereby harming 1597 interoperability. In short, if it looks like JSON, people will be 1598 tempted to use a JSON parser / serializer on field values. 1600 Since a major goal for Structured Fields is to improve 1601 interoperability and simplify implementation, these concerns led to a 1602 format that requires a dedicated parser and serializer. 1604 Additionally, there were widely shared feelings that JSON doesn't 1605 "look right" in HTTP fields. 1607 Appendix B. Implementation Notes 1609 A generic implementation of this specification should expose the top- 1610 level serialize (Section 4.1) and parse (Section 4.2) functions. 1611 They need not be functions; for example, it could be implemented as 1612 an object, with methods for each of the different top-level types. 1614 For interoperability, it's important that generic implementations be 1615 complete and follow the algorithms closely; see Section 1.1. To aid 1616 this, a common test suite is being maintained by the community at 1617 https://github.com/httpwg/structured-header-tests [6]. 1619 Implementers should note that Dictionaries and Parameters are order- 1620 preserving maps. Some fields may not convey meaning in the ordering 1621 of these data types, but it should still be exposed so that 1622 applications which need to use it will have it available. 1624 Likewise, implementations should note that it's important to preserve 1625 the distinction between Tokens and Strings. While most programming 1626 languages have native types that map to the other types well, it may 1627 be necessary to create a wrapper "token" object or use a parameter on 1628 functions to assure that these types remain separate. 1630 The serialization algorithm is defined in a way that it is not 1631 strictly limited to the data types defined in Section 3 in every 1632 case. For example, Decimals are designed to take broader input and 1633 round to allowed values. 1635 Appendix C. Changes 1637 _RFC Editor: Please remove this section before publication._ 1639 C.1. Since draft-ietf-httpbis-header-structure-15 1641 o Editorial improvements. 1643 o Use HTTP field terminology more consistently, in line with recent 1644 changes to HTTP-core. 1646 o String length requirements apply to decoded strings (#1051). 1648 o Correctly round decimals in serialisation (#1043). 1650 o Clarify input to serialisation algorithms (#1055). 1652 o Omitted True dictionary value can have parameters (#1083). 1654 o Keys can now start with '*' (#1068). 1656 C.2. Since draft-ietf-httpbis-header-structure-14 1658 o Editorial improvements. 1660 o Allow empty dictionary values (#992). 1662 o Change value of omitted parameter value to True (#995). 1664 o Explain more about splitting dictionaries and lists across header 1665 instances (#997). 1667 o Disallow HTAB, replace OWS with spaces (#998). 1669 o Change byte sequence delimiters from "*" to ":" (#991). 1671 o Allow tokens to start with "*" (#991). 1673 o Change Floats to fixed-precision Decimals (#982). 1675 o Round the fractional component of decimal, rather than truncating 1676 it (#982). 1678 o Handle duplicate dictionary and parameter keys by overwriting 1679 their values, rather than failing (#997). 1681 o Allow "." in key (#1027). 1683 o Check first character of key in serialisation (#1037). 1685 o Talk about greasing headers (#1015). 1687 C.3. Since draft-ietf-httpbis-header-structure-13 1689 o Editorial improvements. 1691 o Define "structured header name" and "structured header value" 1692 terms (#908). 1694 o Corrected text about valid characters in strings (#931). 1696 o Removed most instances of the word "textual", as it was redundant 1697 (#915). 1699 o Allowed parameters on Items and Inner Lists (#907). 1701 o Expand the range of characters in token (#961). 1703 o Disallow OWS before ";" delimiter in parameters (#961). 1705 C.4. Since draft-ietf-httpbis-header-structure-12 1707 o Editorial improvements. 1709 o Reworked float serialisation (#896). 1711 o Don't add a trailing space in inner-list (#904). 1713 C.5. Since draft-ietf-httpbis-header-structure-11 1715 o Allow * in key (#844). 1717 o Constrain floats to six digits of precision (#848). 1719 o Allow dictionary members to have parameters (#842). 1721 C.6. Since draft-ietf-httpbis-header-structure-10 1723 o Update abstract (#799). 1725 o Input and output are now arrays of bytes (#662). 1727 o Implementations need to preserve difference between token and 1728 string (#790). 1730 o Allow empty dictionaries and lists (#781). 1732 o Change parameterized lists to have primary items (#797). 1734 o Allow inner lists in both dictionaries and lists; removes lists of 1735 lists (#816). 1737 o Subsume Parameterised Lists into Lists (#839). 1739 C.7. Since draft-ietf-httpbis-header-structure-09 1741 o Changed Boolean from T/F to 1/0 (#784). 1743 o Parameters are now ordered maps (#765). 1745 o Clamp integers to 15 digits (#737). 1747 C.8. Since draft-ietf-httpbis-header-structure-08 1749 o Disallow whitespace before items properly (#703). 1751 o Created "key" for use in dictionaries and parameters, rather than 1752 relying on identifier (#702). Identifiers have a separate minimum 1753 supported size. 1755 o Expanded the range of special characters allowed in identifier to 1756 include all of ALPHA, ".", ":", and "%" (#702). 1758 o Use "?" instead of "!" to indicate a Boolean (#719). 1760 o Added "Intentionally Strict Processing" (#684). 1762 o Gave better names for referring specs to use in Parameterised 1763 Lists (#720). 1765 o Added Lists of Lists (#721). 1767 o Rename Identifier to Token (#725). 1769 o Add implementation guidance (#727). 1771 C.9. Since draft-ietf-httpbis-header-structure-07 1773 o Make Dictionaries ordered mappings (#659). 1775 o Changed "binary content" to "byte sequence" to align with Infra 1776 specification (#671). 1778 o Changed "mapping" to "map" for #671. 1780 o Don't fail if byte sequences aren't "=" padded (#658). 1782 o Add Booleans (#683). 1784 o Allow identifiers in items again (#629). 1786 o Disallowed whitespace before items (#703). 1788 o Explain the consequences of splitting a string across multiple 1789 headers (#686). 1791 C.10. Since draft-ietf-httpbis-header-structure-06 1793 o Add a FAQ. 1795 o Allow non-zero pad bits. 1797 o Explicitly check for integers that violate constraints. 1799 C.11. Since draft-ietf-httpbis-header-structure-05 1801 o Reorganise specification to separate parsing out. 1803 o Allow referencing specs to use ABNF. 1805 o Define serialisation algorithms. 1807 o Refine relationship between ABNF, parsing and serialisation 1808 algorithms. 1810 C.12. Since draft-ietf-httpbis-header-structure-04 1812 o Remove identifiers from item. 1814 o Remove most limits on sizes. 1816 o Refine number parsing. 1818 C.13. Since draft-ietf-httpbis-header-structure-03 1820 o Strengthen language around failure handling. 1822 C.14. Since draft-ietf-httpbis-header-structure-02 1824 o Split Numbers into Integers and Floats. 1826 o Define number parsing. 1828 o Tighten up binary parsing and give it an explicit end delimiter. 1830 o Clarify that mappings are unordered. 1832 o Allow zero-length strings. 1834 o Improve string parsing algorithm. 1836 o Improve limits in algorithms. 1838 o Require parsers to combine header fields before processing. 1840 o Throw an error on trailing garbage. 1842 C.15. Since draft-ietf-httpbis-header-structure-01 1844 o Replaced with draft-nottingham-structured-headers. 1846 C.16. Since draft-ietf-httpbis-header-structure-00 1848 o Added signed 64bit integer type. 1850 o Drop UTF8, and settle on BCP137 ::EmbeddedUnicodeChar for h1- 1851 unicode-string. 1853 o Change h1_blob delimiter to ":" since "'" is valid t_char 1855 Acknowledgements 1857 Many thanks to Matthew Kerwin for his detailed feedback and careful 1858 consideration during the development of this specification. 1860 Thanks also to Ian Clelland, Roy Fielding, Anne van Kesteren, Kazuho 1861 Oku, Evert Pot, Julian Reschke, Martin Thomson, Mike West, and 1862 Jeffrey Yasskin for their contributions. 1864 Authors' Addresses 1866 Mark Nottingham 1867 Fastly 1869 Email: mnot@mnot.net 1870 URI: https://www.mnot.net/ 1872 Poul-Henning Kamp 1873 The Varnish Cache Project 1875 Email: phk@varnish-cache.org