idnits 2.17.1
draft-ietf-httpbis-http2-09.txt:
Checking boilerplate required by RFC 5378 and the IETF Trust (see
https://trustee.ietf.org/license-info):
----------------------------------------------------------------------------
No issues found here.
Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
----------------------------------------------------------------------------
No issues found here.
Checking nits according to https://www.ietf.org/id-info/checklist :
----------------------------------------------------------------------------
No issues found here.
Miscellaneous warnings:
----------------------------------------------------------------------------
== The copyright year in the IETF Trust and authors Copyright Line does not
match the current year
-- The document date (December 4, 2013) is 3797 days in the past. Is this
intentional?
Checking references for intended status: Proposed Standard
----------------------------------------------------------------------------
(See RFCs 3967 and 4897 for information about using normative references
to lower-maturity documents in RFCs)
== Outdated reference: A later version (-12) exists of
draft-ietf-httpbis-header-compression-05
== Outdated reference: A later version (-26) exists of
draft-ietf-httpbis-p1-messaging-25
== Outdated reference: A later version (-26) exists of
draft-ietf-httpbis-p2-semantics-25
== Outdated reference: A later version (-26) exists of
draft-ietf-httpbis-p4-conditional-25
== Outdated reference: A later version (-26) exists of
draft-ietf-httpbis-p5-range-25
== Outdated reference: A later version (-26) exists of
draft-ietf-httpbis-p6-cache-25
== Outdated reference: A later version (-26) exists of
draft-ietf-httpbis-p7-auth-25
** Obsolete normative reference: RFC 2818 (Obsoleted by RFC 9110)
** Obsolete normative reference: RFC 5226 (Obsoleted by RFC 8126)
** Obsolete normative reference: RFC 793 (ref. 'TCP') (Obsoleted by RFC
9293)
** Obsolete normative reference: RFC 4346 (ref. 'TLS11') (Obsoleted by RFC
5246)
** Obsolete normative reference: RFC 5246 (ref. 'TLS12') (Obsoleted by RFC
8446)
== Outdated reference: A later version (-05) exists of
draft-ietf-tls-applayerprotoneg-02
-- Obsolete informational reference (is this intentional?): RFC 1323
(Obsoleted by RFC 7323)
Summary: 5 errors (**), 0 flaws (~~), 9 warnings (==), 2 comments (--).
Run idnits with the --verbose option for more detailed information about
the items above.
--------------------------------------------------------------------------------
2 HTTPbis Working Group M. Belshe
3 Internet-Draft Twist
4 Intended status: Standards Track R. Peon
5 Expires: June 7, 2014 Google, Inc
6 M. Thomson, Ed.
7 Microsoft
8 A. Melnikov, Ed.
9 Isode Ltd
10 December 4, 2013
12 Hypertext Transfer Protocol version 2.0
13 draft-ietf-httpbis-http2-09
15 Abstract
17 This specification describes an optimized expression of the syntax of
18 the Hypertext Transfer Protocol (HTTP). HTTP/2.0 enables a more
19 efficient use of network resources and a reduced perception of
20 latency by introducing header field compression and allowing multiple
21 concurrent messages on the same connection. It also introduces
22 unsolicited push of representations from servers to clients.
24 This document is an alternative to, but does not obsolete, the
25 HTTP/1.1 message syntax. HTTP's existing semantics remain unchanged.
27 This version of the draft has been marked for implementation.
28 Interoperability testing will occur in the HTTP/2.0 interim in
29 Zurich, CH, starting 2014-01-22. This replaces -08, which was
30 originally identified as an implementation draft.
32 Editorial Note (To be removed by RFC Editor)
34 Discussion of this draft takes place on the HTTPBIS working group
35 mailing list (ietf-http-wg@w3.org), which is archived at
36 .
38 Working Group information and related documents can be found at
39 (Wiki) and
40 (source code and issues
41 tracker).
43 The changes in this draft are summarized in Appendix A.
45 Status of This Memo
47 This Internet-Draft is submitted in full conformance with the
48 provisions of BCP 78 and BCP 79.
50 Internet-Drafts are working documents of the Internet Engineering
51 Task Force (IETF). Note that other groups may also distribute
52 working documents as Internet-Drafts. The list of current Internet-
53 Drafts is at http://datatracker.ietf.org/drafts/current/.
55 Internet-Drafts are draft documents valid for a maximum of six months
56 and may be updated, replaced, or obsoleted by other documents at any
57 time. It is inappropriate to use Internet-Drafts as reference
58 material or to cite them other than as "work in progress."
60 This Internet-Draft will expire on June 7, 2014.
62 Copyright Notice
64 Copyright (c) 2013 IETF Trust and the persons identified as the
65 document authors. All rights reserved.
67 This document is subject to BCP 78 and the IETF Trust's Legal
68 Provisions Relating to IETF Documents
69 (http://trustee.ietf.org/license-info) in effect on the date of
70 publication of this document. Please review these documents
71 carefully, as they describe your rights and restrictions with respect
72 to this document. Code Components extracted from this document must
73 include Simplified BSD License text as described in Section 4.e of
74 the Trust Legal Provisions and are provided without warranty as
75 described in the Simplified BSD License.
77 Table of Contents
79 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 5
80 1.1. Document Organization . . . . . . . . . . . . . . . . . . 5
81 1.2. Conventions and Terminology . . . . . . . . . . . . . . . 6
82 2. HTTP/2.0 Protocol Overview . . . . . . . . . . . . . . . . . . 6
83 2.1. HTTP Frames . . . . . . . . . . . . . . . . . . . . . . . 7
84 2.2. HTTP Multiplexing . . . . . . . . . . . . . . . . . . . . 7
85 2.3. HTTP Semantics . . . . . . . . . . . . . . . . . . . . . . 7
86 3. Starting HTTP/2.0 . . . . . . . . . . . . . . . . . . . . . . 7
87 3.1. HTTP/2.0 Version Identification . . . . . . . . . . . . . 7
88 3.2. Starting HTTP/2.0 for "http" URIs . . . . . . . . . . . . 8
89 3.2.1. HTTP2-Settings Header Field . . . . . . . . . . . . . 10
90 3.3. Starting HTTP/2.0 for "https" URIs . . . . . . . . . . . . 10
91 3.4. Starting HTTP/2.0 with Prior Knowledge . . . . . . . . . . 10
92 3.5. HTTP/2.0 Connection Header . . . . . . . . . . . . . . . . 11
93 4. HTTP Frames . . . . . . . . . . . . . . . . . . . . . . . . . 12
94 4.1. Frame Format . . . . . . . . . . . . . . . . . . . . . . . 12
95 4.2. Frame Size . . . . . . . . . . . . . . . . . . . . . . . . 13
96 4.3. Header Compression and Decompression . . . . . . . . . . . 13
97 5. Streams and Multiplexing . . . . . . . . . . . . . . . . . . . 14
98 5.1. Stream States . . . . . . . . . . . . . . . . . . . . . . 15
99 5.1.1. Stream Identifiers . . . . . . . . . . . . . . . . . . 19
100 5.1.2. Stream Concurrency . . . . . . . . . . . . . . . . . . 19
101 5.2. Flow Control . . . . . . . . . . . . . . . . . . . . . . . 20
102 5.2.1. Flow Control Principles . . . . . . . . . . . . . . . 20
103 5.2.2. Appropriate Use of Flow Control . . . . . . . . . . . 21
104 5.3. Stream priority . . . . . . . . . . . . . . . . . . . . . 22
105 5.4. Error Handling . . . . . . . . . . . . . . . . . . . . . . 22
106 5.4.1. Connection Error Handling . . . . . . . . . . . . . . 23
107 5.4.2. Stream Error Handling . . . . . . . . . . . . . . . . 23
108 5.4.3. Connection Termination . . . . . . . . . . . . . . . . 24
109 6. Frame Definitions . . . . . . . . . . . . . . . . . . . . . . 24
110 6.1. DATA . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
111 6.2. HEADERS . . . . . . . . . . . . . . . . . . . . . . . . . 25
112 6.3. PRIORITY . . . . . . . . . . . . . . . . . . . . . . . . . 26
113 6.4. RST_STREAM . . . . . . . . . . . . . . . . . . . . . . . . 26
114 6.5. SETTINGS . . . . . . . . . . . . . . . . . . . . . . . . . 27
115 6.5.1. Setting Format . . . . . . . . . . . . . . . . . . . . 28
116 6.5.2. Defined Settings . . . . . . . . . . . . . . . . . . . 29
117 6.5.3. Settings Synchronization . . . . . . . . . . . . . . . 30
118 6.6. PUSH_PROMISE . . . . . . . . . . . . . . . . . . . . . . . 30
119 6.7. PING . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
120 6.8. GOAWAY . . . . . . . . . . . . . . . . . . . . . . . . . . 32
121 6.9. WINDOW_UPDATE . . . . . . . . . . . . . . . . . . . . . . 34
122 6.9.1. The Flow Control Window . . . . . . . . . . . . . . . 36
123 6.9.2. Initial Flow Control Window Size . . . . . . . . . . . 36
124 6.9.3. Reducing the Stream Window Size . . . . . . . . . . . 37
125 6.9.4. Ending Flow Control . . . . . . . . . . . . . . . . . 38
126 6.10. CONTINUATION . . . . . . . . . . . . . . . . . . . . . . . 38
127 7. Error Codes . . . . . . . . . . . . . . . . . . . . . . . . . 39
128 8. HTTP Message Exchanges . . . . . . . . . . . . . . . . . . . . 40
129 8.1. HTTP Request/Response Exchange . . . . . . . . . . . . . . 40
130 8.1.1. Informational Responses . . . . . . . . . . . . . . . 41
131 8.1.2. Examples . . . . . . . . . . . . . . . . . . . . . . . 42
132 8.1.3. HTTP Header Fields . . . . . . . . . . . . . . . . . . 44
133 8.1.4. Request Reliability Mechanisms in HTTP/2.0 . . . . . . 47
134 8.2. Server Push . . . . . . . . . . . . . . . . . . . . . . . 48
135 8.2.1. Push Requests . . . . . . . . . . . . . . . . . . . . 48
136 8.2.2. Push Responses . . . . . . . . . . . . . . . . . . . . 49
137 8.3. The CONNECT Method . . . . . . . . . . . . . . . . . . . . 50
138 9. Additional HTTP Requirements/Considerations . . . . . . . . . 51
139 9.1. Connection Management . . . . . . . . . . . . . . . . . . 51
140 9.2. Use of TLS Features . . . . . . . . . . . . . . . . . . . 52
141 9.3. GZip Content-Encoding . . . . . . . . . . . . . . . . . . 52
142 10. Security Considerations . . . . . . . . . . . . . . . . . . . 52
143 10.1. Server Authority and Same-Origin . . . . . . . . . . . . . 53
144 10.2. Cross-Protocol Attacks . . . . . . . . . . . . . . . . . . 53
145 10.3. Intermediary Encapsulation Attacks . . . . . . . . . . . . 53
146 10.4. Cacheability of Pushed Resources . . . . . . . . . . . . . 54
147 10.5. Denial of Service Considerations . . . . . . . . . . . . . 54
148 11. Privacy Considerations . . . . . . . . . . . . . . . . . . . . 55
149 12. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 55
150 12.1. Registration of HTTP/2.0 Identification String . . . . . . 55
151 12.2. Frame Type Registry . . . . . . . . . . . . . . . . . . . 56
152 12.3. Error Code Registry . . . . . . . . . . . . . . . . . . . 56
153 12.4. Settings Registry . . . . . . . . . . . . . . . . . . . . 57
154 12.5. HTTP2-Settings Header Field Registration . . . . . . . . . 58
155 13. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 58
156 14. References . . . . . . . . . . . . . . . . . . . . . . . . . . 58
157 14.1. Normative References . . . . . . . . . . . . . . . . . . . 58
158 14.2. Informative References . . . . . . . . . . . . . . . . . . 60
159 Appendix A. Change Log (to be removed by RFC Editor before
160 publication) . . . . . . . . . . . . . . . . . . . . 61
161 A.1. Since draft-ietf-httpbis-http2-08 . . . . . . . . . . . . 61
162 A.2. Since draft-ietf-httpbis-http2-07 . . . . . . . . . . . . 61
163 A.3. Since draft-ietf-httpbis-http2-06 . . . . . . . . . . . . 61
164 A.4. Since draft-ietf-httpbis-http2-05 . . . . . . . . . . . . 61
165 A.5. Since draft-ietf-httpbis-http2-04 . . . . . . . . . . . . 61
166 A.6. Since draft-ietf-httpbis-http2-03 . . . . . . . . . . . . 62
167 A.7. Since draft-ietf-httpbis-http2-02 . . . . . . . . . . . . 62
168 A.8. Since draft-ietf-httpbis-http2-01 . . . . . . . . . . . . 62
169 A.9. Since draft-ietf-httpbis-http2-00 . . . . . . . . . . . . 63
170 A.10. Since draft-mbelshe-httpbis-spdy-00 . . . . . . . . . . . 63
172 1. Introduction
174 The Hypertext Transfer Protocol (HTTP) is a wildly successful
175 protocol. However, the HTTP/1.1 message format ([HTTP-p1], Section
176 3) is optimized for implementation simplicity and accessibility, not
177 application performance. As such it has several characteristics that
178 have a negative overall effect on application performance.
180 In particular, HTTP/1.0 only allows one request to be outstanding at
181 a time on a given connection. HTTP/1.1 pipelining only partially
182 addressed request concurrency and suffers from head-of-line blocking.
183 Therefore, clients that need to make many requests typically use
184 multiple connections to a server in order to reduce latency.
186 Furthermore, HTTP/1.1 header fields are often repetitive and verbose,
187 which, in addition to generating more or larger network packets, can
188 cause the small initial TCP congestion window to quickly fill. This
189 can result in excessive latency when multiple requests are made on a
190 single new TCP connection.
192 This document addresses these issues by defining an optimized mapping
193 of HTTP's semantics to an underlying connection. Specifically, it
194 allows interleaving of request and response messages on the same
195 connection and uses an efficient coding for HTTP header fields. It
196 also allows prioritization of requests, letting more important
197 requests complete more quickly, further improving performance.
199 The resulting protocol is designed to be more friendly to the
200 network, because fewer TCP connections can be used, in comparison to
201 HTTP/1.x. This means less competition with other flows, and longer-
202 lived connections, which in turn leads to better utilization of
203 available network capacity.
205 Finally, this encapsulation also enables more scalable processing of
206 messages through use of binary message framing.
208 1.1. Document Organization
210 The HTTP/2.0 Specification is split into three parts: starting
211 HTTP/2.0 (Section 3), which covers how a HTTP/2.0 connection is
212 initiated; a framing layer (Section 4), which multiplexes a single
213 TCP connection into independent frames of various types; and an HTTP
214 layer (Section 8), which specifies the mechanism for expressing HTTP
215 interactions using the framing layer. While some of the framing
216 layer concepts are isolated from HTTP, building a generic framing
217 layer has not been a goal. The framing layer is tailored to the
218 needs of the HTTP protocol and server push.
220 1.2. Conventions and Terminology
222 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
223 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
224 document are to be interpreted as described in RFC 2119 [RFC2119].
226 All numeric values are in network byte order. Values are unsigned
227 unless otherwise indicated. Literal values are provided in decimal
228 or hexadecimal as appropriate. Hexadecimal literals are prefixed
229 with "0x" to distinguish them from decimal literals.
231 The following terms are used:
233 client: The endpoint initiating the HTTP connection.
235 connection: A transport-level connection between two endpoints.
237 connection error: An error on the HTTP/2.0 connection.
239 endpoint: Either the client or server of the connection.
241 frame: The smallest unit of communication within an HTTP/2.0
242 connection, consisting of a header and a variable-length sequence
243 of bytes structured according to the frame type.
245 peer: An endpoint. When discussing a particular endpoint, "peer"
246 refers to the endpoint that is remote to the primary subject of
247 discussion.
249 receiver: An endpoint that is receiving frames.
251 sender: An endpoint that is transmitting frames.
253 server: The endpoint which did not initiate the HTTP connection.
255 stream: A bi-directional flow of frames across a virtual channel
256 within the HTTP/2.0 connection.
258 stream error: An error on the individual HTTP/2.0 stream.
260 2. HTTP/2.0 Protocol Overview
262 HTTP/2.0 provides an optimized transport for HTTP semantics.
264 An HTTP/2.0 connection is an application level protocol running on
265 top of a TCP connection ([TCP]). The client is the TCP connection
266 initiator.
268 This document describes the HTTP/2.0 protocol using a logical
269 structure that is formed of three parts: framing, streams, and
270 application mapping. This structure is provided primarily as an aid
271 to specification, implementations are free to diverge from this
272 structure as necessary.
274 2.1. HTTP Frames
276 HTTP/2.0 provides an efficient serialization of HTTP semantics. HTTP
277 requests and responses are encoded into length-prefixed frames (see
278 Section 4.1).
280 HTTP header fields are compressed into a series of frames that
281 contain header block fragments (see Section 4.3).
283 2.2. HTTP Multiplexing
285 HTTP/2.0 provides the ability to multiplex HTTP requests and
286 responses over a single connection. Multiple requests or responses
287 can be sent concurrently on a connection using streams (Section 5).
288 In order to maintain independent streams, flow control and
289 prioritization are necessary.
291 2.3. HTTP Semantics
293 HTTP/2.0 defines how HTTP requests and responses are mapped to
294 streams (see Section 8.1) and introduces a new interaction model,
295 server push (Section 8.2).
297 3. Starting HTTP/2.0
299 HTTP/2.0 uses the same "http" and "https" URI schemes used by
300 HTTP/1.1. HTTP/2.0 shares the same default port numbers: 80 for
301 "http" URIs and 443 for "https" URIs. As a result, implementations
302 processing requests for target resource URIs like
303 "http://example.org/foo" or "https://example.com/bar" are required to
304 first discover whether the upstream server (the immediate peer to
305 which the client wishes to establish a connection) supports HTTP/2.0.
307 The means by which support for HTTP/2.0 is determined is different
308 for "http" and "https" URIs. Discovery for "http" URIs is described
309 in Section 3.2. Discovery for "https" URIs is described in
310 Section 3.3.
312 3.1. HTTP/2.0 Version Identification
314 The protocol defined in this document is identified using the string
315 "HTTP/2.0". This identification is used in the HTTP/1.1 Upgrade
316 header field, in the TLS application layer protocol negotiation
317 extension [TLSALPN] field, and other places where protocol
318 identification is required.
320 Negotiating "HTTP/2.0" implies the use of the transport, security,
321 framing and message semantics described in this document.
323 [[anchor6: Editor's Note: please remove the remainder of this section
324 prior to the publication of a final version of this document.]]
326 Only implementations of the final, published RFC can identify
327 themselves as "HTTP/2.0". Until such an RFC exists, implementations
328 MUST NOT identify themselves using "HTTP/2.0".
330 Examples and text throughout the rest of this document use "HTTP/2.0"
331 as a matter of editorial convenience only. Implementations of draft
332 versions MUST NOT identify using this string. The exception to this
333 rule is the string included in the connection header sent by clients
334 immediately after establishing an HTTP/2.0 connection (see
335 Section 3.5); this fixed length sequence of octets does not change.
337 Implementations of draft versions of the protocol MUST add the string
338 "-draft-" and the corresponding draft number to the identifier before
339 the separator ('/'). For example, draft-ietf-httpbis-http2-03 is
340 identified using the string "HTTP-draft-03/2.0".
342 Non-compatible experiments that are based on these draft versions
343 MUST instead replace the string "draft" with a different identifier.
344 For example, an experimental implementation of packet mood-based
345 encoding based on draft-ietf-httpbis-http2-07 might identify itself
346 as "HTTP-emo-07/2.0". Note that any label MUST conform to the
347 "token" syntax defined in Section 3.2.6 of [HTTP-p1]. Experimenters
348 are encouraged to coordinate their experiments on the
349 ietf-http-wg@w3.org mailing list.
351 3.2. Starting HTTP/2.0 for "http" URIs
353 A client that makes a request to an "http" URI without prior
354 knowledge about support for HTTP/2.0 uses the HTTP Upgrade mechanism
355 (Section 6.7 of [HTTP-p1]). The client makes an HTTP/1.1 request
356 that includes an Upgrade header field identifying HTTP/2.0. The
357 HTTP/1.1 request MUST include exactly one HTTP2-Settings
358 (Section 3.2.1) header field.
360 For example:
362 GET /default.htm HTTP/1.1
363 Host: server.example.com
364 Connection: Upgrade, HTTP2-Settings
365 Upgrade: HTTP/2.0
366 HTTP2-Settings:
368 Requests that contain an entity body MUST be sent in their entirety
369 before the client can send HTTP/2.0 frames. This means that a large
370 request entity can block the use of the connection until it is
371 completely sent.
373 If concurrency of an initial request with subsequent requests is
374 important, a small request can be used to perform the upgrade to
375 HTTP/2.0, at the cost of an additional round-trip.
377 A server that does not support HTTP/2.0 can respond to the request as
378 though the Upgrade header field were absent:
380 HTTP/1.1 200 OK
381 Content-Length: 243
382 Content-Type: text/html
384 ...
386 A server that supports HTTP/2.0 can accept the upgrade with a 101
387 (Switching Protocols) response. After the empty line that terminates
388 the 101 response, the server can begin sending HTTP/2.0 frames.
389 These frames MUST include a response to the request that initiated
390 the Upgrade.
392 HTTP/1.1 101 Switching Protocols
393 Connection: Upgrade
394 Upgrade: HTTP/2.0
396 [ HTTP/2.0 connection ...
398 The first HTTP/2.0 frame sent by the server is a SETTINGS frame
399 (Section 6.5). Upon receiving the 101 response, the client sends a
400 connection header (Section 3.5), which includes a SETTINGS frame.
402 The HTTP/1.1 request that is sent prior to upgrade is assigned stream
403 identifier 1 and is assigned the highest possible priority. Stream 1
404 is implicitly half closed from the client toward the server, since
405 the request is completed as an HTTP/1.1 request. After commencing
406 the HTTP/2.0 connection, stream 1 is used for the response.
408 3.2.1. HTTP2-Settings Header Field
410 A request that upgrades from HTTP/1.1 to HTTP/2.0 MUST include
411 exactly one "HTTP2-Settings" header field. The "HTTP2-Settings"
412 header field is a hop-by-hop header field that includes settings that
413 govern the HTTP/2.0 connection, provided in anticipation of the
414 server accepting the request to upgrade. A server MUST reject an
415 attempt to upgrade if this header field is not present.
417 HTTP2-Settings = token68
419 The content of the "HTTP2-Settings" header field is the payload of a
420 SETTINGS frame (Section 6.5), encoded as a base64url string (that is,
421 the URL- and filename-safe Base64 encoding described in Section 5 of
422 [RFC4648], with any trailing '=' characters omitted). The ABNF
423 [RFC5234] production for "token68" is defined in Section 2.1 of
424 [HTTP-p7].
426 The client MUST include values for the following settings
427 (Section 6.5.1):
429 o SETTINGS_MAX_CONCURRENT_STREAMS
431 o SETTINGS_INITIAL_WINDOW_SIZE
433 As a hop-by-hop header field, the "Connection" header field MUST
434 include a value of "HTTP2-Settings" in addition to "Upgrade" when
435 upgrading to HTTP/2.0.
437 A server decodes and interprets these values as it would any other
438 SETTINGS frame. Providing these values in the Upgrade request
439 ensures that the protocol does not require default values for the
440 above settings, and gives a client an opportunity to provide other
441 settings prior to receiving any frames from the server.
443 3.3. Starting HTTP/2.0 for "https" URIs
445 A client that makes a request to an "https" URI without prior
446 knowledge about support for HTTP/2.0 uses TLS [TLS12] with the
447 application layer protocol negotiation extension [TLSALPN].
449 Once TLS negotiation is complete, both the client and the server send
450 a connection header (Section 3.5).
452 3.4. Starting HTTP/2.0 with Prior Knowledge
454 A client can learn that a particular server supports HTTP/2.0 by
455 other means. A client MAY immediately send HTTP/2.0 frames to a
456 server that is known to support HTTP/2.0, after the connection header
457 (Section 3.5). This only affects the resolution of "http" URIs;
458 servers supporting HTTP/2.0 are required to support protocol
459 negotiation in TLS [TLSALPN] for "https" URIs.
461 Prior support for HTTP/2.0 is not a strong signal that a given server
462 will support HTTP/2.0 for future connections. It is possible for
463 server configurations to change or for configurations to differ
464 between instances in clustered server. Interception proxies (a.k.a.
465 "transparent" proxies) are another source of variability.
467 3.5. HTTP/2.0 Connection Header
469 Upon establishment of a TCP connection and determination that
470 HTTP/2.0 will be used by both peers, each endpoint MUST send a
471 connection header as a final confirmation and to establish the
472 initial settings for the HTTP/2.0 connection.
474 The client connection header starts with a sequence of 24 octets,
475 which in hex notation are:
477 505249202a20485454502f322e300d0a0d0a534d0d0a0d0a
479 (the string "PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n"). This sequence is
480 followed by a SETTINGS frame (Section 6.5). The client sends the
481 client connection header immediately upon receipt of a 101 Switching
482 Protocols response (indicating a successful upgrade), or as the first
483 application data octets of a TLS connection. If starting an HTTP/2.0
484 connection with prior knowledge of server support for the protocol,
485 the client connection header is sent upon connection establishment.
487 The client connection header is selected so that a large
488 proportion of HTTP/1.1 or HTTP/1.0 servers and intermediaries do
489 not attempt to process further frames. Note that this does not
490 address the concerns raised in [TALKING].
492 The server connection header consists of just a SETTINGS frame
493 (Section 6.5) that MUST be the first frame the server sends in the
494 HTTP/2.0 connection.
496 To avoid unnecessary latency, clients are permitted to send
497 additional frames to the server immediately after sending the client
498 connection header, without waiting to receive the server connection
499 header. It is important to note, however, that the server connection
500 header SETTINGS frame might include parameters that necessarily alter
501 how a client is expected to communicate with the server. Upon
502 receiving the SETTINGS frame, the client is expected to honor any
503 parameters established.
505 Clients and servers MUST terminate the TCP connection if either peer
506 does not begin with a valid connection header. A GOAWAY frame
507 (Section 6.8) MAY be omitted if it is clear that the peer is not
508 using HTTP/2.0.
510 4. HTTP Frames
512 Once the HTTP/2.0 connection is established, endpoints can begin
513 exchanging frames.
515 4.1. Frame Format
517 All frames begin with an 8-octet header followed by a payload of
518 between 0 and 16,383 octets.
520 0 1 2 3
521 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
522 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
523 | R | Length (14) | Type (8) | Flags (8) |
524 +-+-+-----------+---------------+-------------------------------+
525 |R| Stream Identifier (31) |
526 +-+-------------------------------------------------------------+
527 | Frame Payload (0...) ...
528 +---------------------------------------------------------------+
530 Frame Header
532 The fields of the frame header are defined as:
534 R: A reserved 2-bit field. The semantics of these bits are undefined
535 and the bit MUST remain unset (0) when sending and MUST be ignored
536 when receiving.
538 Length: The length of the frame payload expressed as an unsigned 14-
539 bit integer. The 8 octets of the frame header are not included in
540 this value.
542 Type: The 8-bit type of the frame. The frame type determines how
543 the remainder of the frame header and payload are interpreted.
544 Implementations MUST ignore frames of unsupported or unrecognized
545 types.
547 Flags: An 8-bit field reserved for frame-type specific boolean
548 flags.
550 Flags are assigned semantics specific to the indicated frame type.
551 Flags that have no defined semantics for a particular frame type
552 MUST be ignored, and MUST be left unset (0) when sending.
554 R: A reserved 1-bit field. The semantics of this bit are undefined
555 and the bit MUST remain unset (0) when sending and MUST be ignored
556 when receiving.
558 Stream Identifier: A 31-bit stream identifier (see Section 5.1.1).
559 The value 0 is reserved for frames that are associated with the
560 connection as a whole as opposed to an individual stream.
562 The structure and content of the frame payload is dependent entirely
563 on the frame type.
565 4.2. Frame Size
567 The maximum size of a frame payload varies by frame type. The
568 absolute maximum size of a frame is 2^14-1 (16,383) octets. All
569 implementations SHOULD be capable of receiving and minimally
570 processing frames up to this maximum size.
572 Certain frame types, such as PING (see Section 6.7), impose
573 additional limits on the amount of payload data allowed. Likewise,
574 additional size limits can be set by specific application uses (see
575 Section 9).
577 If a frame size exceeds any defined limit, or is too small to contain
578 mandatory frame data, the endpoint MUST send a FRAME_SIZE_ERROR
579 error. Frame size errors in frames that affect connection-level
580 state MUST be treated as a connection error (Section 5.4.1).
582 4.3. Header Compression and Decompression
584 A header field in HTTP/2.0 is a name-value pair with one or more
585 associated values. They are used within HTTP request and response
586 messages as well as server push operations (see Section 8.2).
588 Header sets are collections of zero or more header fields arranged at
589 the application layer. When transmitted over a connection, a header
590 set is serialized into a header block using HTTP Header Compression
591 [COMPRESSION]. The serialized header block is then divided into one
592 or more octet sequences, called header block fragments, and
593 transmitted within the payload of HEADERS (Section 6.2), PUSH_PROMISE
594 (Section 6.6) or CONTINUATION (Section 6.10) frames.
596 HTTP Header Compression does not preserve the relative ordering of
597 header fields. Header fields with multiple values are encoded into a
598 single header field using a special delimiter, see Section 8.1.3.3.
600 The Cookie header field [COOKIE] is treated specially by the HTTP
601 mapping, see Section 8.1.3.4.
603 A receiving endpoint reassembles the header block by concatenating
604 the individual fragments, then decompresses the block to reconstruct
605 the header set.
607 A complete header block consists of either:
609 o a single HEADERS or PUSH_PROMISE frame each respectively with the
610 END_HEADERS or END_PUSH_PROMISE flag set, or
612 o a HEADERS or PUSH_PROMISE frame with the END_HEADERS or
613 END_PUSH_PROMISE flag cleared and one or more CONTINUATION frames,
614 where the last CONTINUATION frame has the END_HEADER flag set.
616 Header blocks MUST be transmitted as a contiguous sequence of frames,
617 with no interleaved frames of any other type, or from any other
618 stream. The last frame in a sequence of HEADERS or CONTINUATION
619 frames MUST have the END_HEADERS flag set. The last frame in a
620 sequence of PUSH_PROMISE or CONTINUATION frames MUST have the
621 END_PUSH_PROMISE or END_HEADERS flag set (respectively).
623 Header block fragments can only be sent as the payload of HEADERS,
624 PUSH_PROMISE or CONTINUATION frames. HEADERS, PUSH_PROMISE and
625 CONTINUATION frames carry data that can modify the compression
626 context maintained by a receiver. An endpoint receiving HEADERS,
627 PUSH_PROMISE or CONTINUATION frames MUST reassemble header blocks and
628 perform decompression even if the frames are to be discarded. A
629 receiver MUST terminate the connection with a connection error
630 (Section 5.4.1) of type COMPRESSION_ERROR, if it does not decompress
631 a header block.
633 5. Streams and Multiplexing
635 A "stream" is an independent, bi-directional sequence of HEADERS and
636 DATA frames exchanged between the client and server within an
637 HTTP/2.0 connection. Streams have several important characteristics:
639 o A single HTTP/2.0 connection can contain multiple concurrently
640 open streams, with either endpoint interleaving frames from
641 multiple streams.
643 o Streams can be established and used unilaterally or shared by
644 either the client or server.
646 o Streams can be closed by either endpoint.
648 o The order in which frames are sent within a stream is significant.
649 Recipients process frames in the order they are received.
651 o Streams are identified by an integer. Stream identifiers are
652 assigned to streams by the initiating endpoint.
654 5.1. Stream States
656 The lifecycle of a stream is shown in Figure 1.
658 +--------+
659 PP | | PP
660 ,--------| idle |--------.
661 / | | \
662 v +--------+ v
663 +----------+ | +----------+
664 | | | H | |
665 ,---| reserved | | | reserved |---.
666 | | (local) | v | (remote) | |
667 | +----------+ +--------+ +----------+ |
668 | | ES | | ES | |
669 | | H ,-------| open |-------. | H |
670 | | / | | \ | |
671 | v v +--------+ v v |
672 | +----------+ | +----------+ |
673 | | half | | | half | |
674 | | closed | | R | closed | |
675 | | (remote) | | | (local) | |
676 | +----------+ | +----------+ |
677 | | v | |
678 | | ES / R +--------+ ES / R | |
679 | `----------->| |<-----------' |
680 | R | closed | R |
681 `-------------------->| |<--------------------'
682 +--------+
684 Figure 1: Stream States
686 Both endpoints have a subjective view of the state of a stream that
687 could be different when frames are in transit. Endpoints do not
688 coordinate the creation of streams, they are created unilaterally by
689 either endpoint. The negative consequences of a mismatch in states
690 are limited to the "closed" state after sending RST_STREAM, where
691 frames might be received for some time after closing.
693 Streams have the following states:
695 idle:
696 All streams start in the "idle" state. In this state, no frames
697 have been exchanged.
699 The following transitions are valid from this state:
701 * Sending or receiving a HEADERS frame causes the stream to
702 become "open". The stream identifier is selected as described
703 in Section 5.1.1. The same HEADERS frame can also cause a
704 stream to immediately become "half closed".
706 * Sending a PUSH_PROMISE frame marks the associated stream for
707 later use. The stream state for the reserved stream
708 transitions to "reserved (local)".
710 * Receiving a PUSH_PROMISE frame marks the associated stream as
711 reserved by the remote peer. The state of the stream becomes
712 "reserved (remote)".
714 reserved (local):
715 A stream in the "reserved (local)" state is one that has been
716 promised by sending a PUSH_PROMISE frame. A PUSH_PROMISE frame
717 reserves an idle stream by associating the stream with an open
718 stream that was initiated by the remote peer (see Section 8.2).
720 In this state, only the following transitions are possible:
722 * The endpoint can send a HEADERS frame. This causes the stream
723 to open in a "half closed (remote)" state.
725 * Either endpoint can send a RST_STREAM frame to cause the stream
726 to become "closed". This releases the stream reservation.
728 An endpoint MUST NOT send frames other than than HEADERS or
729 RST_STREAM in this state.
731 A PRIORITY frame MAY be received in this state. Receiving any
732 frame other than RST_STREAM, or PRIORITY MUST be treated as a
733 connection error (Section 5.4.1) of type PROTOCOL_ERROR.
735 reserved (remote):
736 A stream in the "reserved (remote)" state has been reserved by a
737 remote peer.
739 In this state, only the following transitions are possible:
741 * Receiving a HEADERS frame causes the stream to transition to
742 "half closed (local)".
744 * Either endpoint can send a RST_STREAM frame to cause the stream
745 to become "closed". This releases the stream reservation.
747 An endpoint MAY send a PRIORITY frame in this state to
748 reprioritize the reserved stream. An endpoint MUST NOT send any
749 other type of frame other than RST_STREAM or PRIORITY.
751 Receiving any other type of frame other than HEADERS or RST_STREAM
752 MUST be treated as a connection error (Section 5.4.1) of type
753 PROTOCOL_ERROR.
755 open:
756 A stream in the "open" state may be used by both peers to send
757 frames of any type. In this state, sending peers observe
758 advertised stream level flow control limits (Section 5.2).
760 From this state either endpoint can send a frame with an
761 END_STREAM flag set, which causes the stream to transition into
762 one of the "half closed" states: an endpoint sending an END_STREAM
763 flag causes the stream state to become "half closed (local)"; an
764 endpoint receiving an END_STREAM flag causes the stream state to
765 become "half closed (remote)". A HEADERS frame bearing an
766 END_STREAM flag can be followed by CONTINUATION frames.
768 Either endpoint can send a RST_STREAM frame from this state,
769 causing it to transition immediately to "closed".
771 half closed (local):
772 A stream that is in the "half closed (local)" state cannot be used
773 for sending frames.
775 A stream transitions from this state to "closed" when a frame that
776 contains an END_STREAM flag is received, or when either peer sends
777 a RST_STREAM frame. A HEADERS frame bearing an END_STREAM flag
778 can be followed by CONTINUATION frames.
780 A receiver can ignore WINDOW_UPDATE or PRIORITY frames in this
781 state. These frame types might arrive for a short period after a
782 frame bearing the END_STREAM flag is sent.
784 half closed (remote):
785 A stream that is "half closed (remote)" is no longer being used by
786 the peer to send frames. In this state, an endpoint is no longer
787 obligated to maintain a receiver flow control window if it
788 performs flow control.
790 If an endpoint receives additional frames for a stream that is in
791 this state, other than CONTINUATION frames, it MUST respond with a
792 stream error (Section 5.4.2) of type STREAM_CLOSED.
794 A stream can transition from this state to "closed" by sending a
795 frame that contains a END_STREAM flag, or when either peer sends a
796 RST_STREAM frame.
798 closed:
799 The "closed" state is the terminal state.
801 An endpoint MUST NOT send frames on a closed stream. An endpoint
802 that receives any frame after receiving a RST_STREAM MUST treat
803 that as a stream error (Section 5.4.2) of type STREAM_CLOSED.
804 Similarly, an endpoint that receives any frame after receiving a
805 DATA frame with the END_STREAM flag set, or any frame except a
806 CONTINUATION frame after receiving a HEADERS frame with a
807 END_STREAM flag set MUST treat that as a stream error
808 (Section 5.4.2) of type STREAM_CLOSED.
810 WINDOW_UPDATE, PRIORITY, or RST_STREAM frames can be received in
811 this state for a short period after a DATA or HEADERS frame
812 containing an END_STREAM flag is sent. Until the remote peer
813 receives and processes the frame bearing the END_STREAM flag, it
814 might send frame of any of these types. Endpoints MUST ignore
815 WINDOW_UPDATE, PRIORITY, or RST_STREAM frames received in this
816 state, though endpoints MAY choose to treat frames that arrive a
817 significant time after sending END_STREAM as a connection error
818 (Section 5.4.1) of type PROTOCOL_ERROR.
820 If this state is reached as a result of sending a RST_STREAM
821 frame, the peer that receives the RST_STREAM might have already
822 sent - or enqueued for sending - frames on the stream that cannot
823 be withdrawn. An endpoint MUST ignore frames that it receives on
824 closed streams after it has sent a RST_STREAM frame. An endpoint
825 MAY choose to limit the period over which it ignores frames and
826 treat frames that arrive after this time as being in error.
828 Flow controlled frames (i.e., DATA) received after sending
829 RST_STREAM are counted toward the connection flow control window.
830 Even though these frames might be ignored, because they are sent
831 before the sender receives the RST_STREAM, the sender will
832 consider the frames to count against the flow control window.
834 An endpoint might receive a PUSH_PROMISE frame after it sends
835 RST_STREAM. PUSH_PROMISE causes a stream to become "reserved".
837 The RST_STREAM does not cancel any promised stream. Therefore, if
838 promised streams are not desired, a RST_STREAM can be used to
839 close any of those streams.
841 In the absence of more specific guidance elsewhere in this document,
842 implementations SHOULD treat the receipt of a message that is not
843 expressly permitted in the description of a state as a connection
844 error (Section 5.4.1) of type PROTOCOL_ERROR.
846 5.1.1. Stream Identifiers
848 Streams are identified with an unsigned 31-bit integer. Streams
849 initiated by a client MUST use odd-numbered stream identifiers; those
850 initiated by the server MUST use even-numbered stream identifiers. A
851 stream identifier of zero (0x0) is used for connection control
852 message; the stream identifier zero MUST NOT be used to establish a
853 new stream.
855 A stream identifier of one (0x1) is used to respond to the HTTP/1.1
856 request which was specified during Upgrade (see Section 3.2). After
857 the upgrade completes, stream 0x1 is "half closed (local)" to the
858 client. Therefore, stream 0x1 cannot be selected as a new stream
859 identifier by a client that upgrades from HTTP/1.1.
861 The identifier of a newly established stream MUST be numerically
862 greater than all streams that the initiating endpoint has opened or
863 reserved. This governs streams that are opened using a HEADERS frame
864 and streams that are reserved using PUSH_PROMISE. An endpoint that
865 receives an unexpected stream identifier MUST respond with a
866 connection error (Section 5.4.1) of type PROTOCOL_ERROR.
868 The first use of a new stream identifier implicitly closes all
869 streams in the "idle" state that might have been initiated by that
870 peer with a lower-valued stream identifier. For example, if a client
871 sends a HEADERS frame on stream 7 without ever sending a frame on
872 stream 5, then stream 5 transitions to the "closed" state when the
873 first frame for stream 7 is sent or received.
875 Stream identifiers cannot be reused. Long-lived connections can
876 result in endpoint exhausting the available range of stream
877 identifiers. A client that is unable to establish a new stream
878 identifier can establish a new connection for new streams.
880 5.1.2. Stream Concurrency
882 A peer can limit the number of concurrently active streams using the
883 SETTINGS_MAX_CONCURRENT_STREAMS parameters within a SETTINGS frame.
884 The maximum concurrent streams setting is specific to each endpoint
885 and applies only to the peer that receives the setting. That is,
886 clients specify the maximum number of concurrent streams the server
887 can initiate, and servers specify the maximum number of concurrent
888 streams the client can initiate. Endpoints MUST NOT exceed the limit
889 set by their peer.
891 Streams that are in the "open" state, or either of the "half closed"
892 states count toward the maximum number of streams that an endpoint is
893 permitted to open. Streams in any of these three states count toward
894 the limit advertised in the SETTINGS_MAX_CONCURRENT_STREAMS setting
895 (see Section 6.5.2).
897 Streams in either of the "reserved" states do not count as open, even
898 if a small amount of application state is retained to ensure that the
899 promised stream can be successfully used.
901 5.2. Flow Control
903 Using streams for multiplexing introduces contention over use of the
904 TCP connection, resulting in blocked streams. A flow control scheme
905 ensures that streams on the same connection do not destructively
906 interfere with each other. Flow control is used for both individual
907 streams and for the connection as a whole.
909 HTTP/2.0 provides for flow control through use of the WINDOW_UPDATE
910 frame type.
912 5.2.1. Flow Control Principles
914 HTTP/2.0 stream flow control aims to allow for future improvements to
915 flow control algorithms without requiring protocol changes. Flow
916 control in HTTP/2.0 has the following characteristics:
918 1. Flow control is hop-by-hop, not end-to-end.
920 2. Flow control is based on window update frames. Receivers
921 advertise how many bytes they are prepared to receive on a stream
922 and for the entire connection. This is a credit-based scheme.
924 3. Flow control is directional with overall control provided by the
925 receiver. A receiver MAY choose to set any window size that it
926 desires for each stream and for the entire connection. A sender
927 MUST respect flow control limits imposed by a receiver. Clients,
928 servers and intermediaries all independently advertise their flow
929 control preferences as a receiver and abide by the flow control
930 limits set by their peer when sending.
932 4. The initial value for the flow control window is 65,535 bytes for
933 both new streams and the overall connection.
935 5. The frame type determines whether flow control applies to a
936 frame. Of the frames specified in this document, only DATA
937 frames are subject to flow control; all other frame types do not
938 consume space in the advertised flow control window. This
939 ensures that important control frames are not blocked by flow
940 control.
942 6. Flow control can be disabled by a receiver. A receiver can
943 choose to disable both forms of flow control by sending the
944 SETTINGS_FLOW_CONTROL_OPTIONS setting. See Ending Flow Control
945 (Section 6.9.4) for more details.
947 7. HTTP/2.0 standardizes only the format of the WINDOW_UPDATE frame
948 (Section 6.9). This does not stipulate how a receiver decides
949 when to send this frame or the value that it sends. Nor does it
950 specify how a sender chooses to send packets. Implementations
951 are able to select any algorithm that suits their needs.
953 Implementations are also responsible for managing how requests and
954 responses are sent based on priority; choosing how to avoid head of
955 line blocking for requests; and managing the creation of new streams.
956 Algorithm choices for these could interact with any flow control
957 algorithm.
959 5.2.2. Appropriate Use of Flow Control
961 Flow control is defined to protect endpoints that are operating under
962 resource constraints. For example, a proxy needs to share memory
963 between many connections, and also might have a slow upstream
964 connection and a fast downstream one. Flow control addresses cases
965 where the receiver is unable process data on one stream, yet wants to
966 continue to process other streams in the same connection.
968 Deployments that do not require this capability SHOULD disable flow
969 control for data that is being received. Note that flow control
970 cannot be disabled for sending. Sending data is always subject to
971 the flow control window advertised by the receiver.
973 Deployments with constrained resources (for example, memory) MAY
974 employ flow control to limit the amount of memory a peer can consume.
975 Note, however, that this can lead to suboptimal use of available
976 network resources if flow control is enabled without knowledge of the
977 bandwidth-delay product (see [RFC1323]).
979 Even with full awareness of the current bandwidth-delay product,
980 implementation of flow control can be difficult. When using flow
981 control, the receive MUST read from the TCP receive buffer in a
982 timely fashion. Failure to do so could lead to a deadlock when
983 critical frames, such as WINDOW_UPDATE, are not available to
984 HTTP/2.0. However, flow control can ensure that constrained
985 resources are protected without any reduction in connection
986 utilization.
988 5.3. Stream priority
990 The endpoint establishing a new stream can assign a priority for the
991 stream. Priority is represented as an unsigned 31-bit integer. 0
992 represents the highest priority and 2^31-1 represents the lowest
993 priority.
995 The purpose of this value is to allow an endpoint to express the
996 relative priority of a stream. An endpoint can use this information
997 to preferentially allocate resources to a stream. Within HTTP/2.0,
998 priority can be used to select streams for transmitting frames when
999 there is limited capacity for sending. For instance, an endpoint
1000 might enqueue frames for all concurrently active streams. As
1001 transmission capacity becomes available, frames from higher priority
1002 streams might be sent before lower priority streams.
1004 Explicitly setting the priority for a stream does not guarantee any
1005 particular processing or transmission order for the stream relative
1006 to any other stream. Nor is there any mechanism provided by which
1007 the initiator of a stream can force or require a receiving endpoint
1008 to process concurrent streams in a particular order.
1010 Unless explicitly specified in the HEADERS frame (Section 6.2) during
1011 stream creation, the default stream priority is 2^30.
1013 Pushed streams (Section 8.2) have a lower priority than their
1014 associated stream. The promised stream inherits the priority value
1015 of the associated stream plus one, up to a maximum of 2^31-1.
1017 5.4. Error Handling
1019 HTTP/2.0 framing permits two classes of error:
1021 o An error condition that renders the entire connection unusable is
1022 a connection error.
1024 o An error in an individual stream is a stream error.
1026 A list of error codes is included in Section 7.
1028 5.4.1. Connection Error Handling
1030 A connection error is any error which prevents further processing of
1031 the framing layer or which corrupts any connection state.
1033 An endpoint that encounters a connection error SHOULD first send a
1034 GOAWAY frame (Section 6.8) with the stream identifier of the last
1035 stream that it successfully received from its peer. The GOAWAY frame
1036 includes an error code that indicates why the connection is
1037 terminating. After sending the GOAWAY frame, the endpoint MUST close
1038 the TCP connection.
1040 It is possible that the GOAWAY will not be reliably received by the
1041 receiving endpoint. In the event of a connection error, GOAWAY only
1042 provides a best-effort attempt to communicate with the peer about why
1043 the connection is being terminated.
1045 An endpoint can end a connection at any time. In particular, an
1046 endpoint MAY choose to treat a stream error as a connection error.
1047 Endpoints SHOULD send a GOAWAY frame when ending a connection, as
1048 long as circumstances permit it.
1050 5.4.2. Stream Error Handling
1052 A stream error is an error related to a specific stream identifier
1053 that does not affect processing of other streams.
1055 An endpoint that detects a stream error sends a RST_STREAM frame
1056 (Section 6.4) that contains the stream identifier of the stream where
1057 the error occurred. The RST_STREAM frame includes an error code that
1058 indicates the type of error.
1060 A RST_STREAM is the last frame that an endpoint can send on a stream.
1061 The peer that sends the RST_STREAM frame MUST be prepared to receive
1062 any frames that were sent or enqueued for sending by the remote peer.
1063 These frames can be ignored, except where they modify connection
1064 state (such as the state maintained for header compression
1065 (Section 4.3)).
1067 Normally, an endpoint SHOULD NOT send more than one RST_STREAM frame
1068 for any stream. However, an endpoint MAY send additional RST_STREAM
1069 frames if it receives frames on a closed stream after more than a
1070 round-trip time. This behavior is permitted to deal with misbehaving
1071 implementations.
1073 An endpoint MUST NOT send a RST_STREAM in response to an RST_STREAM
1074 frame, to avoid looping.
1076 5.4.3. Connection Termination
1078 If the TCP connection is torn down while streams remain in open or
1079 half closed states, then the endpoint MUST assume that the stream was
1080 abnormally interrupted and could be incomplete.
1082 6. Frame Definitions
1084 This specification defines a number of frame types, each identified
1085 by a unique 8-bit type code. Each frame type serves a distinct
1086 purpose either in the establishment and management of the connection
1087 as a whole, or of individual streams.
1089 The transmission of specific frame types can alter the state of a
1090 connection. If endpoints fail to maintain a synchronized view of the
1091 connection state, successful communication within the connection will
1092 no longer be possible. Therefore, it is important that endpoints
1093 have a shared comprehension of how the state is affected by the use
1094 any given frame. Accordingly, while it is expected that new frame
1095 types will be introduced by extensions to this protocol, only frames
1096 defined by this document are permitted to alter the connection state.
1098 6.1. DATA
1100 DATA frames (type=0x0) convey arbitrary, variable-length sequences of
1101 octets associated with a stream. One or more DATA frames are used,
1102 for instance, to carry HTTP request or response payloads.
1104 The DATA frame defines the following flags:
1106 END_STREAM (0x1): Bit 1 being set indicates that this frame is the
1107 last that the endpoint will send for the identified stream.
1108 Setting this flag causes the stream to enter one of "half closed"
1109 states or "closed" state (Section 5.1).
1111 RESERVED (0x2): Bit 2 is reserved for future use.
1113 DATA frames MUST be associated with a stream. If a DATA frame is
1114 received whose stream identifier field is 0x0, the recipient MUST
1115 respond with a connection error (Section 5.4.1) of type
1116 PROTOCOL_ERROR.
1118 DATA frames are subject to flow control and can only be sent when a
1119 stream is in the "open" or "half closed (remote)" states. If a DATA
1120 frame is received whose stream is not in "open" or "half closed
1121 (local)" state, the recipient MUST respond with a stream error
1122 (Section 5.4.2) of type STREAM_CLOSED.
1124 6.2. HEADERS
1126 The HEADERS frame (type=0x1) carries name-value pairs. It is used to
1127 open a stream (Section 5.1). HEADERS frames can be sent on a stream
1128 in the "open" or "half closed (remote)" states.
1130 0 1 2 3
1131 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1132 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1133 |X| Priority (31) |
1134 +-+-------------------------------------------------------------+
1135 | Header Block Fragment (*) ...
1136 +---------------------------------------------------------------+
1138 HEADERS Frame Payload
1140 The HEADERS frame defines the following flags:
1142 END_STREAM (0x1): Bit 1 being set indicates that the header block
1143 (Section 4.3) is the last that the endpoint will send for the
1144 identified stream. Setting this flag causes the stream to enter
1145 one of "half closed" states (Section 5.1).
1147 A HEADERS frame that is followed by CONTINUATION frames carries
1148 the END_STREAM flag that signals the end of a stream. A
1149 CONTINUATION frame cannot be used to terminate a stream.
1151 RESERVED (0x2): Bit 2 is reserved for future use.
1153 END_HEADERS (0x4): Bit 3 being set indicates that this frame
1154 contains an entire header block (Section 4.3) and is not followed
1155 by any CONTINUATION frames.
1157 A HEADERS frame without the END_HEADERS flag set MUST be followed
1158 by a CONTINUATION frame for the same stream. A receiver MUST
1159 treat the receipt of any other type of frame or a frame on a
1160 different stream as a connection error (Section 5.4.1) of type
1161 PROTOCOL_ERROR.
1163 PRIORITY (0x8): Bit 4 being set indicates that the first four octets
1164 of this frame contain a single reserved bit and a 31-bit priority;
1165 see Section 5.3. If this bit is not set, the four bytes do not
1166 appear and the frame only contains a header block fragment.
1168 The payload of a HEADERS frame contains a header block fragment
1169 (Section 4.3). A header block that does not fit within a HEADERS
1170 frame is continued in a CONTINUATION frame (Section 6.10).
1172 HEADERS frames MUST be associated with a stream. If a HEADERS frame
1173 is received whose stream identifier field is 0x0, the recipient MUST
1174 respond with a connection error (Section 5.4.1) of type
1175 PROTOCOL_ERROR.
1177 The HEADERS frame changes the connection state as described in
1178 Section 4.3.
1180 6.3. PRIORITY
1182 The PRIORITY frame (type=0x2) specifies the sender-advised priority
1183 of a stream. It can be sent at any time for an existing stream.
1184 This enables reprioritisation of existing streams.
1186 0 1 2 3
1187 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1188 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1189 |X| Priority (31) |
1190 +-+-------------------------------------------------------------+
1192 PRIORITY Frame Payload
1194 The payload of a PRIORITY frame contains a single reserved bit and a
1195 31-bit priority.
1197 The PRIORITY frame does not define any flags.
1199 The PRIORITY frame is associated with an existing stream. If a
1200 PRIORITY frame is received with a stream identifier of 0x0, the
1201 recipient MUST respond with a connection error (Section 5.4.1) of
1202 type PROTOCOL_ERROR.
1204 The PRIORITY frame can be sent on a stream in any of the "reserved
1205 (remote)", "open", "half-closed (local)", or "half closed (remote)"
1206 states, though it cannot be sent between consecutive frames that
1207 comprise a single header block (Section 4.3). Note that this frame
1208 could arrive after processing or frame sending has completed, which
1209 would cause it to have no effect. For a stream that is in the "half
1210 closed (remote)" state, this frame can only affect processing of the
1211 stream and not frame transmission.
1213 6.4. RST_STREAM
1215 The RST_STREAM frame (type=0x3) allows for abnormal termination of a
1216 stream. When sent by the initiator of a stream, it indicates that
1217 they wish to cancel the stream or that an error condition has
1218 occurred. When sent by the receiver of a stream, it indicates that
1219 either the receiver is rejecting the stream, requesting that the
1220 stream be cancelled or that an error condition has occurred.
1222 0 1 2 3
1223 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1224 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1225 | Error Code (32) |
1226 +---------------------------------------------------------------+
1228 RST_STREAM Frame Payload
1230 The RST_STREAM frame contains a single unsigned, 32-bit integer
1231 identifying the error code (Section 7). The error code indicates why
1232 the stream is being terminated.
1234 The RST_STREAM frame does not define any flags.
1236 The RST_STREAM frame fully terminates the referenced stream and
1237 causes it to enter the closed state. After receiving a RST_STREAM on
1238 a stream, the receiver MUST NOT send additional frames for that
1239 stream. However, after sending the RST_STREAM, the sending endpoint
1240 MUST be prepared to receive and process additional frames sent on the
1241 stream that might have been sent by the peer prior to the arrival of
1242 the RST_STREAM.
1244 RST_STREAM frames MUST be associated with a stream. If a RST_STREAM
1245 frame is received with a stream identifier of 0x0, the recipient MUST
1246 treat this as a connection error (Section 5.4.1) of type
1247 PROTOCOL_ERROR.
1249 RST_STREAM frames MUST NOT be sent for a stream in the "idle" state.
1250 If a RST_STREAM frame identifying an idle stream is received, the
1251 recipient MUST treat this as a connection error (Section 5.4.1) of
1252 type PROTOCOL_ERROR.
1254 6.5. SETTINGS
1256 The SETTINGS frame (type=0x4) conveys configuration parameters that
1257 affect how endpoints communicate. The parameters are either
1258 constraints on peer behavior or preferences.
1260 Settings are not negotiated. Settings describe characteristics of
1261 the sending peer, which are used by the receiving peer. Different
1262 values for the same setting can be advertised by each peer. For
1263 example, a client might set a high initial flow control window,
1264 whereas a server might set a lower value to conserve resources.
1266 SETTINGS frames MUST be sent at the start of a connection, and MAY be
1267 sent at any other time by either endpoint over the lifetime of the
1268 connection.
1270 Implementations MUST support all of the settings defined by this
1271 specification and MAY support additional settings defined by
1272 extensions. Unsupported or unrecognized settings MUST be ignored.
1273 New settings MUST NOT be defined or implemented in a way that
1274 requires endpoints to understand them in order to communicate
1275 successfully.
1277 Each setting in a SETTINGS frame replaces the existing value for that
1278 setting. Settings are processed in the order in which they appear,
1279 and a receiver of a SETTINGS frame does not need to maintain any
1280 state other than the current value of settings. Therefore, the value
1281 of a setting is the last value that is seen by a receiver. This
1282 permits the inclusion of the same settings multiple times in the same
1283 SETTINGS frame, though doing so does nothing other than waste
1284 connection capacity.
1286 The SETTINGS frame defines the following flag:
1288 ACK (0x1): Bit 1 being set indicates that this frame acknowledges
1289 receipt and application of the peer's SETTINGS frame. When this
1290 bit is set, the payload of the SETTINGS frame MUST be empty.
1291 Receipt of a SETTINGS frame with the ACK flag set and a length
1292 field value other than 0 MUST be treated as a connection error
1293 (Section 5.4.1) of type FRAME_SIZE_ERROR. For more info, see
1294 Settings Synchronization (Section 6.5.3).
1296 SETTINGS frames always apply to a connection, never a single stream.
1297 The stream identifier for a settings frame MUST be zero. If an
1298 endpoint receives a SETTINGS frame whose stream identifier field is
1299 anything other than 0x0, the endpoint MUST respond with a connection
1300 error (Section 5.4.1) of type PROTOCOL_ERROR.
1302 The SETTINGS frame affects connection state. A badly formed or
1303 incomplete SETTINGS frame MUST be treated as a connection error
1304 (Section 5.4.1) of type PROTOCOL_ERROR.
1306 6.5.1. Setting Format
1308 The payload of a SETTINGS frame consists of zero or more settings.
1309 Each setting consists of an 8-bit reserved field, an unsigned 24-bit
1310 setting identifier, and an unsigned 32-bit value.
1312 0 1 2 3
1313 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1314 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1315 | Reserved (8) | Setting Identifier (24) |
1316 +---------------+-----------------------------------------------+
1317 | Value (32) |
1318 +---------------------------------------------------------------+
1320 Setting Format
1322 6.5.2. Defined Settings
1324 The following settings are defined:
1326 SETTINGS_HEADER_TABLE_SIZE (1): Allows the sender to inform the
1327 remote endpoint of the size of the header compression table used
1328 to decode header blocks. The space available for encoding cannot
1329 be changed; it is determined by the setting sent by the peer that
1330 receives the header blocks. The initial value is 4,096 bytes.
1332 SETTINGS_ENABLE_PUSH (2): This setting can be use to disable server
1333 push (Section 8.2). An endpoint MUST NOT send a PUSH_PROMISE
1334 frame if it receives this setting set to a value of 0. The
1335 initial value is 1, which indicates that push is permitted.
1337 SETTINGS_MAX_CONCURRENT_STREAMS (4): Indicates the maximum number of
1338 concurrent streams that the sender will allow. This limit is
1339 directional: it applies to the number of streams that the sender
1340 permits the receiver to create. Initially there is no limit to
1341 this value. It is recommended that this value be no smaller than
1342 100, so as to not unnecessarily limit parallelism.
1344 SETTINGS_INITIAL_WINDOW_SIZE (7): Indicates the sender's initial
1345 window size (in bytes) for stream level flow control.
1347 This settings affects the window size of all streams, including
1348 existing streams, see Section 6.9.2.
1350 SETTINGS_FLOW_CONTROL_OPTIONS (10): Indicates flow control options.
1351 The least significant bit (0x1) of the value is set to indicate
1352 that the sender has disabled all flow control. This bit cannot be
1353 cleared once set, see Section 6.9.4.
1355 All bits other than the least significant are reserved.
1357 6.5.3. Settings Synchronization
1359 Most values in SETTINGS benefit from or require an understanding of
1360 when the peer has received and applied the changed setting values.
1361 In order to provide such synchronization timepoints, the recipient of
1362 a SETTINGS frame in which the ACK flag is not set MUST apply the
1363 updated settings as soon as possible upon receipt.
1365 The values in the SETTINGS frame MUST be applied in the order they
1366 appear, with no other frame processing between values. Once all
1367 values have been applied, the recipient MUST immediately emit a
1368 SETTINGS frame with the ACK flag set. The sender of altered settings
1369 applies changes upon receiving a SETTINGS frame with the ACK flag
1370 set.
1372 If the sender of a SETTINGS frame does not receive an acknowledgement
1373 within a reasonable amount of time, it MAY issue a connection error
1374 (Section 5.4.1) of type SETTINGS_TIMEOUT.
1376 6.6. PUSH_PROMISE
1378 The PUSH_PROMISE frame (type=0x5) is used to notify the peer endpoint
1379 in advance of streams the sender intends to initiate. The
1380 PUSH_PROMISE frame includes the unsigned 31-bit identifier of the
1381 stream the endpoint plans to create along with a set of headers that
1382 provide additional context for the stream. Section 8.2 contains a
1383 thorough description of the use of PUSH_PROMISE frames.
1385 PUSH_PROMISE MUST NOT be sent if the SETTINGS_ENABLE_PUSH setting of
1386 the peer endpoint is set to 0.
1388 0 1 2 3
1389 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1390 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1391 |X| Promised-Stream-ID (31) |
1392 +-+-------------------------------------------------------------+
1393 | Header Block Fragment (*) ...
1394 +---------------------------------------------------------------+
1396 PUSH_PROMISE Payload Format
1398 The payload of a PUSH_PROMISE includes a "Promised-Stream-ID". This
1399 unsigned 31-bit integer identifies the stream the endpoint intends to
1400 start sending frames for. The promised stream identifier MUST be a
1401 valid choice for the next stream sent by the sender (see new stream
1402 identifier (Section 5.1.1)).
1404 Following the "Promised-Stream-ID" is a header block fragment
1405 (Section 4.3).
1407 PUSH_PROMISE frames MUST be associated with an existing, peer-
1408 initiated stream. If the stream identifier field specifies the value
1409 0x0, a recipient MUST respond with a connection error (Section 5.4.1)
1410 of type PROTOCOL_ERROR.
1412 The PUSH_PROMISE frame defines the following flags:
1414 END_PUSH_PROMISE (0x4): Bit 3 being set indicates that this frame
1415 contains an entire header block (Section 4.3) and is not followed
1416 by any CONTINUATION frames.
1418 A PUSH_PROMISE frame without the END_PUSH_PROMISE flag set MUST be
1419 followed by a CONTINUATION frame for the same stream. A receiver
1420 MUST treat the receipt of any other type of frame or a frame on a
1421 different stream as a connection error (Section 5.4.1) of type
1422 PROTOCOL_ERROR.
1424 Promised streams are not required to be used in order promised. The
1425 PUSH_PROMISE only reserves stream identifiers for later use.
1427 Recipients of PUSH_PROMISE frames can choose to reject promised
1428 streams by returning a RST_STREAM referencing the promised stream
1429 identifier back to the sender of the PUSH_PROMISE.
1431 The PUSH_PROMISE frame modifies the connection state as defined in
1432 Section 4.3.
1434 A PUSH_PROMISE frame modifies the connection state in two ways. The
1435 inclusion of a header block (Section 4.3) potentially modifies the
1436 compression state. PUSH_PROMISE also reserves a stream for later
1437 use, causing the promised stream to enter the "reserved" state. A
1438 sender MUST NOT send a PUSH_PROMISE on a stream unless that stream is
1439 either "open" or "half closed (remote)"; the sender MUST ensure that
1440 the promised stream is a valid choice for a new stream identifier
1441 (Section 5.1.1) (that is, the promised stream MUST be in the "idle"
1442 state).
1444 Since PUSH_PROMISE reserves a stream, ignoring a PUSH_PROMISE frame
1445 causes the stream state to become indeterminate. A receiver MUST
1446 treat the receipt of a PUSH_PROMISE on a stream that is neither
1447 "open" nor "half-closed (local)" as a connection error
1448 (Section 5.4.1) of type PROTOCOL_ERROR. Similarly, a receiver MUST
1449 treat the receipt of a PUSH_PROMISE that promises an illegal stream
1450 identifier (Section 5.1.1) (that is, an identifier for a stream that
1451 is not currently in the "idle" state) as a connection error
1452 (Section 5.4.1) of type PROTOCOL_ERROR, unless the receiver recently
1453 sent a RST_STREAM frame to cancel the associated stream (see
1454 Section 5.1).
1456 6.7. PING
1458 The PING frame (type=0x6) is a mechanism for measuring a minimal
1459 round-trip time from the sender, as well as determining whether an
1460 idle connection is still functional. PING frames can be sent from
1461 any endpoint.
1463 0 1 2 3
1464 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1465 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1466 | |
1467 | Opaque Data (64) |
1468 | |
1469 +---------------------------------------------------------------+
1471 PING Payload Format
1473 In addition to the frame header, PING frames MUST contain 8 octets of
1474 data in the payload. A sender can include any value it chooses and
1475 use those bytes in any fashion.
1477 Receivers of a PING frame that does not include a ACK flag MUST send
1478 a PING frame with the ACK flag set in response, with an identical
1479 payload. PING responses SHOULD given higher priority than any other
1480 frame.
1482 The PING frame defines the following flags:
1484 ACK (0x1): Bit 1 being set indicates that this PING frame is a PING
1485 response. An endpoint MUST set this flag in PING responses. An
1486 endpoint MUST NOT respond to PING frames containing this flag.
1488 PING frames are not associated with any individual stream. If a PING
1489 frame is received with a stream identifier field value other than
1490 0x0, the recipient MUST respond with a connection error
1491 (Section 5.4.1) of type PROTOCOL_ERROR.
1493 Receipt of a PING frame with a length field value other than 8 MUST
1494 be treated as a connection error (Section 5.4.1) of type
1495 FRAME_SIZE_ERROR.
1497 6.8. GOAWAY
1499 The GOAWAY frame (type=0x7) informs the remote peer to stop creating
1500 streams on this connection. It can be sent from the client or the
1501 server. Once sent, the sender will ignore frames sent on new streams
1502 for the remainder of the connection. Receivers of a GOAWAY frame
1503 MUST NOT open additional streams on the connection, although a new
1504 connection can be established for new streams. The purpose of this
1505 frame is to allow an endpoint to gracefully stop accepting new
1506 streams (perhaps for a reboot or maintenance), while still finishing
1507 processing of previously established streams.
1509 There is an inherent race condition between an endpoint starting new
1510 streams and the remote sending a GOAWAY frame. To deal with this
1511 case, the GOAWAY contains the stream identifier of the last stream
1512 which was processed on the sending endpoint in this connection. If
1513 the receiver of the GOAWAY used streams that are newer than the
1514 indicated stream identifier, they were not processed by the sender
1515 and the receiver may treat the streams as though they had never been
1516 created at all (hence the receiver may want to re-create the streams
1517 later on a new connection).
1519 Endpoints SHOULD always send a GOAWAY frame before closing a
1520 connection so that the remote can know whether a stream has been
1521 partially processed or not. For example, if an HTTP client sends a
1522 POST at the same time that a server closes a connection, the client
1523 cannot know if the server started to process that POST request if the
1524 server does not send a GOAWAY frame to indicate where it stopped
1525 working. An endpoint might choose to close a connection without
1526 sending GOAWAY for misbehaving peers.
1528 After sending a GOAWAY frame, the sender can discard frames for new
1529 streams. However, any frames that alter connection state cannot be
1530 completely ignored. For instance, HEADERS, PUSH_PROMISE and
1531 CONTINUATION frames MUST be minimally processed to ensure a
1532 consistent compression state (see Section 4.3); similarly DATA frames
1533 MUST be counted toward the connection flow control window.
1535 0 1 2 3
1536 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1537 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1538 |X| Last-Stream-ID (31) |
1539 +-+-------------------------------------------------------------+
1540 | Error Code (32) |
1541 +---------------------------------------------------------------+
1542 | Additional Debug Data (*) |
1543 +---------------------------------------------------------------+
1545 GOAWAY Payload Format
1547 The GOAWAY frame does not define any flags.
1549 The GOAWAY frame applies to the connection, not a specific stream.
1550 The stream identifier MUST be zero.
1552 The last stream identifier in the GOAWAY frame contains the highest
1553 numbered stream identifier for which the sender of the GOAWAY frame
1554 has received frames on and might have taken some action on. All
1555 streams up to and including the identified stream might have been
1556 processed in some way. The last stream identifier is set to 0 if no
1557 streams were processed.
1559 Note: In this case, "processed" means that some data from the
1560 stream was passed to some higher layer of software that might have
1561 taken some action as a result.
1563 If a connection terminates without a GOAWAY frame, this value is
1564 effectively the highest stream identifier.
1566 On streams with lower or equal numbered identifiers that were not
1567 closed completely prior to the connection being closed, re-attempting
1568 requests, transactions, or any protocol activity is not possible
1569 (with the exception of idempotent actions like HTTP GET, PUT, or
1570 DELETE). Any protocol activity that uses higher numbered streams can
1571 be safely retried using a new connection.
1573 Activity on streams numbered lower or equal to the last stream
1574 identifier might still complete successfully. The sender of a GOAWAY
1575 frame might gracefully shut down a connection by sending a GOAWAY
1576 frame, maintaining the connection in an open state until all in-
1577 progress streams complete.
1579 The last stream ID MUST be 0 if no streams were acted upon.
1581 The GOAWAY frame also contains a 32-bit error code (Section 7) that
1582 contains the reason for closing the connection.
1584 Endpoints MAY append opaque data to the payload of any GOAWAY frame.
1585 Additional debug data is intended for diagnostic purposes only and
1586 carries no semantic value. Debug data MUST NOT be persistently
1587 stored, since it could contain sensitive information.
1589 6.9. WINDOW_UPDATE
1591 The WINDOW_UPDATE frame (type=0x9) is used to implement flow control.
1593 Flow control operates at two levels: on each individual stream and on
1594 the entire connection.
1596 Both types of flow control are hop by hop; that is, only between the
1597 two endpoints. Intermediaries do not forward WINDOW_UPDATE frames
1598 between dependent connections. However, throttling of data transfer
1599 by any receiver can indirectly cause the propagation of flow control
1600 information toward the original sender.
1602 Flow control only applies to frames that are identified as being
1603 subject to flow control. Of the frame types defined in this
1604 document, this includes only DATA frame. Frames that are exempt from
1605 flow control MUST be accepted and processed, unless the receiver is
1606 unable to assign resources to handling the frame. A receiver MAY
1607 respond with a stream error (Section 5.4.2) or connection error
1608 (Section 5.4.1) of type FLOW_CONTROL_ERROR if it is unable accept a
1609 frame.
1611 0 1 2 3
1612 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1613 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1614 |X| Window Size Increment (31) |
1615 +-+-------------------------------------------------------------+
1617 WINDOW_UPDATE Payload Format
1619 The payload of a WINDOW_UPDATE frame is one reserved bit, plus an
1620 unsigned 31-bit integer indicating the number of bytes that the
1621 sender can transmit in addition to the existing flow control window.
1622 The legal range for the increment to the flow control window is 1 to
1623 2^31 - 1 (0x7fffffff) bytes.
1625 The WINDOW_UPDATE frame does not define any flags.
1627 The WINDOW_UPDATE frame can be specific to a stream or to the entire
1628 connection. In the former case, the frame's stream identifier
1629 indicates the affected stream; in the latter, the value "0" indicates
1630 that the entire connection is the subject of the frame.
1632 WINDOW_UPDATE can be sent by a peer that has sent a frame bearing the
1633 END_STREAM flag. This means that a receiver could receive a
1634 WINDOW_UPDATE frame on a "half closed (remote)" or "closed" stream.
1635 A receiver MUST NOT treat this as an error, see Section 5.1.
1637 A receiver that receives a flow controlled frame MUST always account
1638 for its contribution against the connection flow control window,
1639 unless the receiver treats this as a connection error
1640 (Section 5.4.1). This is necessary even if the frame is in error.
1641 Since the sender counts the frame toward the flow control window, if
1642 the receiver does not, the flow control window at sender and receiver
1643 can become different.
1645 6.9.1. The Flow Control Window
1647 Flow control in HTTP/2.0 is implemented using a window kept by each
1648 sender on every stream. The flow control window is a simple integer
1649 value that indicates how many bytes of data the sender is permitted
1650 to transmit; as such, its size is a measure of the buffering
1651 capability of the receiver.
1653 Two flow control windows are applicable: the stream flow control
1654 window and the connection flow control window. The sender MUST NOT
1655 send a flow controlled frame with a length that exceeds the space
1656 available in either of the flow control windows advertised by the
1657 receiver. Frames with zero length with the END_STREAM flag set (for
1658 example, an empty data frame) MAY be sent if there is no available
1659 space in either flow control window.
1661 For flow control calculations, the 8 byte frame header is not
1662 counted.
1664 After sending a flow controlled frame, the sender reduces the space
1665 available in both windows by the length of the transmitted frame.
1667 The receiver of a frame sends a WINDOW_UPDATE frame as it consumes
1668 data and frees up space in flow control windows. Separate
1669 WINDOW_UPDATE frames are sent for the stream and connection level
1670 flow control windows.
1672 A sender that receives a WINDOW_UPDATE frame updates the
1673 corresponding window by the amount specified in the frame.
1675 A sender MUST NOT allow a flow control window to exceed 2^31 - 1
1676 bytes. If a sender receives a WINDOW_UPDATE that causes a flow
1677 control window to exceed this maximum it MUST terminate either the
1678 stream or the connection, as appropriate. For streams, the sender
1679 sends a RST_STREAM with the error code of FLOW_CONTROL_ERROR code;
1680 for the connection, a GOAWAY frame with a FLOW_CONTROL_ERROR code.
1682 Flow controlled frames from the sender and WINDOW_UPDATE frames from
1683 the receiver are completely asynchronous with respect to each other.
1684 This property allows a receiver to aggressively update the window
1685 size kept by the sender to prevent streams from stalling.
1687 6.9.2. Initial Flow Control Window Size
1689 When a HTTP/2.0 connection is first established, new streams are
1690 created with an initial flow control window size of 65,535 bytes.
1691 The connection flow control window is 65,535 bytes. Both endpoints
1692 can adjust the initial window size for new streams by including a
1693 value for SETTINGS_INITIAL_WINDOW_SIZE in the SETTINGS frame that
1694 forms part of the connection header.
1696 Prior to receiving a SETTINGS frame that sets a value for
1697 SETTINGS_INITIAL_WINDOW_SIZE, an endpoint can only use the default
1698 initial window size when sending flow controlled frames. Similarly,
1699 the connection flow control window is set to the default initial
1700 window size until a WINDOW_UPDATE frame is received.
1702 A SETTINGS frame can alter the initial flow control window size for
1703 all current streams. When the value of SETTINGS_INITIAL_WINDOW_SIZE
1704 changes, a receiver MUST adjust the size of all stream flow control
1705 windows that it maintains by the difference between the new value and
1706 the old value. A SETTINGS frame cannot alter the connection flow
1707 control window.
1709 A change to SETTINGS_INITIAL_WINDOW_SIZE could cause the available
1710 space in a flow control window to become negative. A sender MUST
1711 track the negative flow control window, and MUST NOT send new flow
1712 controlled frames until it receives WINDOW_UPDATE frames that cause
1713 the flow control window to become positive.
1715 For example, if the client sends 60KB immediately on connection
1716 establishment, and the server sets the initial window size to be
1717 16KB, the client will recalculate the available flow control window
1718 to be -44KB on receipt of the SETTINGS frame. The client retains a
1719 negative flow control window until WINDOW_UPDATE frames restore the
1720 window to being positive, after which the client can resume sending.
1722 6.9.3. Reducing the Stream Window Size
1724 A receiver that wishes to use a smaller flow control window than the
1725 current size can send a new SETTINGS frame. However, the receiver
1726 MUST be prepared to receive data that exceeds this window size, since
1727 the sender might send data that exceeds the lower limit prior to
1728 processing the SETTINGS frame.
1730 A receiver has two options for handling streams that exceed flow
1731 control limits:
1733 1. The receiver can immediately send RST_STREAM with
1734 FLOW_CONTROL_ERROR error code for the affected streams.
1736 2. The receiver can accept the streams and tolerate the resulting
1737 head of line blocking, sending WINDOW_UPDATE frames as it
1738 consumes data.
1740 If a receiver decides to accept streams, both sides MUST recompute
1741 the available flow control window based on the initial window size
1742 sent in the SETTINGS.
1744 6.9.4. Ending Flow Control
1746 After a receiver reads in a frame that marks the end of a stream (for
1747 example, a data stream with a END_STREAM flag set), it MUST cease
1748 transmission of WINDOW_UPDATE frames for that stream. A sender is
1749 not obligated to maintain the available flow control window for
1750 streams that it is no longer sending on.
1752 Flow control can be disabled for the entire connection using the
1753 SETTINGS_FLOW_CONTROL_OPTIONS setting. This setting ends all forms
1754 of flow control. An implementation that does not wish to perform
1755 flow control can use this in the initial SETTINGS exchange.
1757 Flow control cannot be enabled again once disabled. Any attempt to
1758 re-enable flow control - by sending a WINDOW_UPDATE or by clearing
1759 the bits on the SETTINGS_FLOW_CONTROL_OPTIONS setting - MUST be
1760 rejected with a FLOW_CONTROL_ERROR error code.
1762 6.10. CONTINUATION
1764 The CONTINUATION frame (type=0xA) is used to continue a sequence of
1765 header block fragments (Section 4.3). Any number of CONTINUATION
1766 frames can be sent on an existing stream, as long as the preceding
1767 frame on the same stream is one of HEADERS, PUSH_PROMISE or
1768 CONTINUATION without the END_HEADERS or END_PUSH_PROMISE flag set.
1770 0 1 2 3
1771 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1772 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1773 | Header Block Fragment (*) ...
1774 +---------------------------------------------------------------+
1776 CONTINUATION Frame Payload
1778 The CONTINUATION frame defines the following flags:
1780 END_HEADERS (0x4): Bit 3 being set indicates that this frame ends a
1781 header block (Section 4.3).
1783 If the END_HEADERS bit is not set, this frame MUST be followed by
1784 another CONTINUATION frame. A receiver MUST treat the receipt of
1785 any other type of frame or a frame on a different stream as a
1786 connection error (Section 5.4.1) of type PROTOCOL_ERROR.
1788 The payload of a CONTINUATION frame contains a header block fragment
1789 (Section 4.3).
1791 The CONTINUATION frame changes the connection state as defined in
1792 Section 4.3.
1794 CONTINUATION frames MUST be associated with a stream. If a
1795 CONTINUATION frame is received whose stream identifier field is 0x0,
1796 the recipient MUST respond with a connection error (Section 5.4.1) of
1797 type PROTOCOL_ERROR.
1799 A CONTINUATION frame MUST be preceded by a HEADERS, PUSH_PROMISE or
1800 CONTINUATION frame without the END_HEADERS flag set. A recipient
1801 that observes violation of this rule MUST respond with a connection
1802 error (Section 5.4.1) of type PROTOCOL_ERROR.
1804 7. Error Codes
1806 Error codes are 32-bit fields that are used in RST_STREAM and GOAWAY
1807 frames to convey the reasons for the stream or connection error.
1809 Error codes share a common code space. Some error codes only apply
1810 to specific conditions and have no defined semantics in certain frame
1811 types.
1813 The following error codes are defined:
1815 NO_ERROR (0): The associated condition is not as a result of an
1816 error. For example, a GOAWAY might include this code to indicate
1817 graceful shutdown of a connection.
1819 PROTOCOL_ERROR (1): The endpoint detected an unspecific protocol
1820 error. This error is for use when a more specific error code is
1821 not available.
1823 INTERNAL_ERROR (2): The endpoint encountered an unexpected internal
1824 error.
1826 FLOW_CONTROL_ERROR (3): The endpoint detected that its peer violated
1827 the flow control protocol.
1829 SETTINGS_TIMEOUT (4): The endpoint sent a SETTINGS frame, but did
1830 not receive a response in a timely manner. See Settings
1831 Synchronization (Section 6.5.3).
1833 STREAM_CLOSED (5): The endpoint received a frame after a stream was
1834 half closed.
1836 FRAME_SIZE_ERROR (6): The endpoint received a frame that was larger
1837 than the maximum size that it supports.
1839 REFUSED_STREAM (7): The endpoint refuses the stream prior to
1840 performing any application processing, see Section 8.1.4 for
1841 details.
1843 CANCEL (8): Used by the endpoint to indicate that the stream is no
1844 longer needed.
1846 COMPRESSION_ERROR (9): The endpoint is unable to maintain the
1847 compression context for the connection.
1849 CONNECT_ERROR (10): The connection established in response to a
1850 CONNECT request (Section 8.3) was reset or abnormally closed.
1852 ENHANCE_YOUR_CALM (420): The endpoint detected that its peer is
1853 exhibiting a behavior over a given amount of time that has caused
1854 it to refuse to process further frames.
1856 8. HTTP Message Exchanges
1858 HTTP/2.0 is intended to be as compatible as possible with current
1859 web-based applications. This means that, from the perspective of the
1860 server business logic or application API, the features of HTTP are
1861 unchanged. To achieve this, all of the application request and
1862 response header semantics are preserved, although the syntax of
1863 conveying those semantics has changed. Thus, the rules from HTTP/1.1
1864 ([HTTP-p1], [HTTP-p2], [HTTP-p4], [HTTP-p5], [HTTP-p6], and
1865 [HTTP-p7]) apply with the changes in the sections below.
1867 8.1. HTTP Request/Response Exchange
1869 A client sends an HTTP request on a new stream, using a previously
1870 unused stream identifier (Section 5.1.1). A server sends an HTTP
1871 response on the same stream as the request.
1873 An HTTP request or response each consist of:
1875 1. a HEADERS frame;
1877 2. one contiguous sequence of zero or more CONTINUATION frames;
1879 3. zero or more DATA frames; and
1881 4. optionally, a contiguous sequence that starts with a HEADERS
1882 frame, followed by zero or more CONTINUATION frames.
1884 The last frame in the sequence bears an END_STREAM flag, though a
1885 HEADERS frame bearing the END_STREAM flag can be followed by
1886 CONTINUATION frames that carry any remaining portions of the header
1887 block.
1889 Other frames MAY be interspersed with these frames, but those frames
1890 do not carry HTTP semantics. In particular, HEADERS frames (and any
1891 CONTINUATION frames that follow) other than the first and optional
1892 last frames in this sequence do not carry HTTP semantics.
1894 Trailing header fields are carried in a header block that also
1895 terminates the stream. That is, a sequence starting with a HEADERS
1896 frame, followed by zero or more CONTINUATION frames, where the
1897 HEADERS frame bears an END_STREAM flag. Header blocks after the
1898 first that do not terminate the stream are not part of an HTTP
1899 request or response.
1901 An HTTP request/response exchange fully consumes a single stream. A
1902 request starts with the HEADERS frame that puts the stream into an
1903 "open" state and ends with a frame bearing END_STREAM, which causes
1904 the stream to become "half closed" for the client. A response starts
1905 with a HEADERS frame and ends with a frame bearing END_STREAM, which
1906 places the stream in the "closed" state.
1908 8.1.1. Informational Responses
1910 The 1xx series of HTTP response status codes ([HTTP-p2], Section 6.2)
1911 are not supported in HTTP/2.0.
1913 The most common use case for 1xx is using a Expect header field with
1914 a "100-continue" token (colloquially, "Expect/continue") to indicate
1915 that the client expects a 100 (Continue) non-final response status
1916 code, receipt of which indicates that the client should continue
1917 sending the request body if it has not already done so.
1919 Typically, Expect/continue is used by clients wishing to avoid
1920 sending a large amount of data in a request body, only to have the
1921 request rejected by the origin server.
1923 HTTP/2.0 does not enable the Expect/continue mechanism; if the server
1924 sends a final status code to reject the request, it can do so without
1925 making the underlying connection unusable.
1927 Note that this means HTTP/2.0 clients sending requests with bodies
1928 may waste at least one round trip of sent data when the request is
1929 rejected. This can be mitigated by restricting the amount of data
1930 sent for the first round trip by bandwidth-constrained clients, in
1931 anticipation of a final status code.
1933 Other defined 1xx status codes are not applicable to HTTP/2.0; the
1934 semantics of 101 (Switching Protocols) is better expressed using a
1935 distinct frame type, since they apply to the entire connection, not
1936 just one stream. Likewise, 102 (Processing) is no longer necessary,
1937 because HTTP/2.0 has a separate means of keeping the connection
1938 alive.
1940 This difference between protocol versions necessitates special
1941 handling by intermediaries that translate between them:
1943 o An intermediary that gateways HTTP/1.1 to HTTP/2.0 MUST generate a
1944 100 (Continue) response if a received request includes and Expect
1945 header field with a "100-continue" token ([HTTP-p2], Section
1946 5.1.1), unless it can immediately generate a final status code.
1947 It MUST NOT forward the "100-continue" expectation in the request
1948 header fields.
1950 o An intermediary that gateways HTTP/2.0 to HTTP/1.1 MAY add an
1951 Expect header field with a "100-continue" expectation when
1952 forwarding a request that has a body; see [HTTP-p2], Section 5.1.1
1953 for specific requirements.
1955 o An intermediary that gateways HTTP/2.0 to HTTP/1.1 MUST discard
1956 all other 1xx informational responses.
1958 8.1.2. Examples
1960 This section shows HTTP/1.1 requests and responses, with
1961 illustrations of equivalent HTTP/2.0 requests and responses.
1963 An HTTP GET request includes request header fields and no body and is
1964 therefore transmitted as a single contiguous sequence of HEADERS
1965 frames containing the serialized block of request header fields. The
1966 last HEADERS frame in the sequence has both the END_HEADERS and
1967 END_STREAM flag set:
1969 GET /resource HTTP/1.1 HEADERS
1970 Host: example.org ==> + END_STREAM
1971 Accept: image/jpeg + END_HEADERS
1972 :method = GET
1973 :scheme = https
1974 :authority = example.org
1975 :path = /resource
1976 accept = image/jpeg
1978 Similarly, a response that includes only response header fields is
1979 transmitted as a sequence of HEADERS frames containing the serialized
1980 block of response header fields. The last HEADERS frame in the
1981 sequence has both the END_HEADERS and END_STREAM flag set:
1983 HTTP/1.1 204 No Content HEADERS
1984 Content-Length: 0 ===> + END_STREAM
1985 + END_HEADERS
1986 :status = 204
1987 content-length: 0
1989 An HTTP POST request that includes request header fields and payload
1990 data is transmitted as one HEADERS frame, followed by zero or more
1991 CONTINUATION frames, containing the request header fields followed by
1992 one or more DATA frames, with the last CONTINUATION (or HEADERS)
1993 frame having the END_HEADERS flag set and the final DATA frame having
1994 the END_STREAM flag set:
1996 POST /resource HTTP/1.1 HEADERS
1997 Host: example.org ==> - END_STREAM
1998 Content-Type: image/jpeg + END_HEADERS
1999 Content-Length: 123 :method = POST
2000 :scheme = https
2001 {binary data} :authority = example.org
2002 :path = /resource
2003 content-type = image/jpeg
2004 content-length = 123
2006 DATA
2007 + END_STREAM
2008 {binary data}
2010 A response that includes header fields and payload data is
2011 transmitted as a HEADERS frame, followed by zero or more CONTINUATION
2012 frames, followed by one or more DATA frames, with the last DATA frame
2013 in the sequence having the END_STREAM flag set:
2015 HTTP/1.1 200 OK HEADERS
2016 Content-Type: image/jpeg ==> - END_STREAM
2017 Content-Length: 123 + END_HEADERS
2018 :status = 200
2019 {binary data} content-type = image/jpeg
2020 content-length = 123
2022 DATA
2023 + END_STREAM
2024 {binary data}
2026 Trailing header fields are sent as a header block after both the
2027 request or response header block and all the DATA frames have been
2028 sent. The sequence of HEADERS/CONTINUATION frames that bears the
2029 trailers includes a terminal frame that has both END_HEADERS and
2030 END_STREAM flags set.
2032 HTTP/1.1 200 OK HEADERS
2033 Content-Type: image/jpeg ===> - END_STREAM
2034 Content-Length: 123 + END_HEADERS
2035 Transfer-Encoding: chunked :status = 200
2036 TE: trailers content-length = 123
2037 123 content-type = image/jpeg
2038 {binary data}
2039 0 DATA
2040 Foo: bar - END_STREAM
2041 {binary data}
2043 HEADERS
2044 + END_STREAM
2045 + END_HEADERS
2046 foo: bar
2048 8.1.3. HTTP Header Fields
2050 HTTP/2.0 request and response header fields carry information as a
2051 series of key-value pairs. This includes the target URI for the
2052 request, the status code for the response, as well as HTTP header
2053 fields.
2055 HTTP header field names are strings of ASCII characters that are
2056 compared in a case-insensitive fashion. Header field names MUST be
2057 converted to lowercase prior to their encoding in HTTP/2.0. A
2058 request or response containing uppercase header field names MUST be
2059 treated as malformed (Section 8.1.3.5).
2061 The semantics of HTTP header fields are not altered by this
2062 specification, though header fields relating to connection management
2063 or request framing are no longer necessary. An HTTP/2.0 request or
2064 response MUST NOT include any of the following header fields:
2065 Connection, Keep-Alive, Proxy-Connection, TE, Transfer-Encoding, and
2066 Upgrade. A request or response containing these header fields MUST
2067 be treated as malformed (Section 8.1.3.5).
2069 Note: HTTP/2.0 purposefully does not support upgrade from HTTP/2.0
2070 to another protocol. The handshake methods described in Section 3
2071 are sufficient to negotiate the use of alternative protocols.
2073 8.1.3.1. Request Header Fields
2075 HTTP/2.0 defines a number of header fields starting with a colon ':'
2076 character that carry information about the request target:
2078 o The ":method" header field includes the HTTP method ([HTTP-p2],
2079 Section 4).
2081 o The ":scheme" header field includes the scheme portion of the
2082 target URI ([RFC3986], Section 3.1).
2084 o The ":authority" header field includes the authority portion of
2085 the target URI ([RFC3986], Section 3.2).
2087 To ensure that the HTTP/1.1 request line can be reproduced
2088 accurately, this header field MUST be omitted when translating
2089 from an HTTP/1.1 request that has a request target in origin or
2090 asterisk form (see [HTTP-p1], Section 5.3). Clients that generate
2091 HTTP/2.0 requests directly SHOULD instead omit the "Host" header
2092 field. An intermediary that converts a request to HTTP/1.1 MUST
2093 create a "Host" header field if one is not present in a request by
2094 copying the value of the ":authority" header field.
2096 o The ":path" header field includes the path and query parts of the
2097 target URI (the "path-absolute" production from [RFC3986] and
2098 optionally a '?' character followed by the "query" production, see
2099 [RFC3986], Section 3.3 and [RFC3986], Section 3.4). This field
2100 MUST NOT be empty; URIs that do not contain a path component MUST
2101 include a value of '/', unless the request is an OPTIONS in
2102 asterisk form, in which case the ":path" header field MUST include
2103 '*'.
2105 All HTTP/2.0 requests MUST include exactly one valid value for all of
2106 these header fields, unless this is a CONNECT request (Section 8.3).
2107 An HTTP request that omits mandatory header fields is malformed
2108 (Section 8.1.3.5).
2110 Header field names that contain a colon are only valid in the
2111 HTTP/2.0 context. These are not HTTP header fields. Implementations
2112 MUST NOT generate header fields that start with a colon, but they
2113 MUST ignore any header field that starts with a colon. In
2114 particular, header fields with names starting with a colon MUST NOT
2115 be exposed as HTTP header fields.
2117 HTTP/2.0 does not define a way to carry the version identifier that
2118 is included in the HTTP/1.1 request line.
2120 8.1.3.2. Response Header Fields
2122 A single ":status" header field is defined that carries the HTTP
2123 status code field (see [HTTP-p2], Section 6). This header field MUST
2124 be included in all responses, otherwise the response is malformed
2125 (Section 8.1.3.5).
2127 HTTP/2.0 does not define a way to carry the version or reason phrase
2128 that is included in an HTTP/1.1 status line.
2130 8.1.3.3. Header Field Ordering
2132 HTTP Header Compression [COMPRESSION] does not preserve the order of
2133 header fields. The relative order of header fields with different
2134 names is not important. However, the same header field can be
2135 repeated to form a comma-separated list (see [HTTP-p1], Section
2136 3.2.2), where the relative order of header field values is
2137 significant. This repetition can occur either as a single header
2138 field with a comma-separated list of values, or as several header
2139 fields with a single value, or any combination thereof.
2141 To preserve the order of a comma-separated list, the ordered values
2142 for a single header field name appearing in different header fields
2143 are concatenated into a single value. A zero-valued octet (0x0) is
2144 used to delimit multiple values.
2146 After decompression, header fields that have values containing zero
2147 octets (0x0) MUST be split into multiple header fields before being
2148 processed.
2150 Header fields containing multiple values MUST be concatenated into a
2151 single value unless the ordering of that header field is known to be
2152 not significant.
2154 The special case of "set-cookie" - which does not form a comma-
2155 separated list, but can have multiple values - does not depend on
2156 ordering. The "set-cookie" header field MAY be encoded as multiple
2157 header field values, or as a single concatenated value.
2159 8.1.3.4. Compressing the Cookie Header Field
2161 The Cookie header field [COOKIE] can carry a significant amount of
2162 redundant data.
2164 The Cookie header field uses a semi-colon (";") to delimit cookie-
2165 pairs (or "crumbs"). This header field doesn't follow the list
2166 construction rules in HTTP (see [HTTP-p1], Section 3.2.2), which
2167 prevents cookie-pairs from being separated into different name-value
2168 pairs. This can significantly reduce compression efficiency as
2169 individual cookie-pairs are updated.
2171 To allow for better compression efficiency, the Cookie header field
2172 MAY be split into separate header fields, each with one or more
2173 cookie-pairs. If there are multiple Cookie header fields after
2174 decompression, these MUST be concatenated into a single octet string
2175 using the two octet delimiter of 0x3B, 0x20 (the ASCII string "; ").
2177 8.1.3.5. Malformed Requests and Responses
2179 A malformed request or response is one that uses a valid sequence of
2180 HTTP/2.0 frames, but is otherwise invalid due to the presence of
2181 prohibited header fields, the absence of mandatory header fields, or
2182 the inclusion of uppercase header field names.
2184 A request or response that includes an entity body can include a
2185 "content-length" header field. A request or response is also
2186 malformed if the value of a "content-length" header field does not
2187 equal the sum of the DATA frame payload lengths that form the body.
2189 Intermediaries that process HTTP requests or responses (i.e., all
2190 intermediaries other than those acting as tunnels) MUST NOT forward a
2191 malformed request or response.
2193 Implementations that detect malformed requests or responses need to
2194 ensure that the stream ends. For malformed requests, a server MAY
2195 send an HTTP response to prior to closing or resetting the stream.
2196 Clients MUST NOT accept a malformed response.
2198 8.1.4. Request Reliability Mechanisms in HTTP/2.0
2200 In HTTP/1.1, an HTTP client is unable to retry a non-idempotent
2201 request when an error occurs, because there is no means to determine
2202 the nature of the error. It is possible that some server processing
2203 occurred prior to the error, which could result in undesirable
2204 effects if the request were reattempted.
2206 HTTP/2.0 provides two mechanisms for providing a guarantee to a
2207 client that a request has not been processed:
2209 o The GOAWAY frame indicates the highest stream number that might
2210 have been processed. Requests on streams with higher numbers are
2211 therefore guaranteed to be safe to retry.
2213 o The REFUSED_STREAM error code can be included in a RST_STREAM
2214 frame to indicate that the stream is being closed prior to any
2215 processing having occurred. Any request that was sent on the
2216 reset stream can be safely retried.
2218 Clients MUST NOT treat requests that have not been processed as
2219 having failed. Clients MAY automatically retry these requests,
2220 including those with non-idempotent methods.
2222 A server MUST NOT indicate that a stream has not been processed
2223 unless it can guarantee that fact. If frames that are on a stream
2224 are passed to the application layer for any stream, then
2225 REFUSED_STREAM MUST NOT be used for that stream, and a GOAWAY frame
2226 MUST include a stream identifier that is greater than or equal to the
2227 given stream identifier.
2229 In addition to these mechanisms, the PING frame provides a way for a
2230 client to easily test a connection. Connections that remain idle can
2231 become broken as some middleboxes (for instance, network address
2232 translators, or load balancers) silently discard connection bindings.
2233 The PING frame allows a client to safely test whether a connection is
2234 still active without sending a request.
2236 8.2. Server Push
2238 HTTP/2.0 enables a server to pre-emptively send (or "push") multiple
2239 associated resources to a client in response to a single request.
2240 This feature becomes particularly helpful when the server knows the
2241 client will need to have those resources available in order to fully
2242 process the originally requested resource.
2244 Pushing additional resources is optional, and is negotiated only
2245 between individual endpoints. The SETTINGS_ENABLE_PUSH setting can
2246 be set to 0 to indicate that server push is disabled. Even if
2247 enabled, an intermediary could receive pushed resources from the
2248 server but could choose not to forward those on to the client. How
2249 to make use of the pushed resources is up to that intermediary.
2250 Equally, the intermediary might choose to push additional resources
2251 to the client, without any action taken by the server.
2253 A server can only push requests that are safe (see [HTTP-p2], Section
2254 4.2.1), cacheable (see [HTTP-p6], Section 3) and do not include a
2255 request body.
2257 8.2.1. Push Requests
2259 Server push is semantically equivalent to a server responding to a
2260 request. The PUSH_PROMISE frame, or frames, sent by the server
2261 includes a header block that contains a complete set of request
2262 header fields that the server attributes to the request. It is not
2263 possible to push a response to a request that includes a request
2264 body.
2266 Pushed resources are always associated with an explicit request from
2267 a client. The PUSH_PROMISE frames sent by the server are sent on the
2268 stream created for the original request. The PUSH_PROMISE frame
2269 includes a promised stream identifier, chosen from the stream
2270 identifiers available to the server (see Section 5.1.1).
2272 The header fields in PUSH_PROMISE and any subsequent CONTINUATION
2273 frames MUST be a valid and complete set of request header fields
2274 (Section 8.1.3.1). The server MUST include a method in the ":method"
2275 header field that is safe and cacheable. If a client receives a
2276 PUSH_PROMISE that does not include a complete and valid set of header
2277 fields, or the ":method" header field identifies a method that is not
2278 safe, it MUST respond with a stream error (Section 5.4.2) of type
2279 PROTOCOL_ERROR.
2281 The server SHOULD send PUSH_PROMISE (Section 6.6) frames prior to
2282 sending any frames that reference the promised resources. This
2283 avoids a race where clients issue requests for resources prior to
2284 receiving any PUSH_PROMISE frames.
2286 For example, if the server receives a request for a document
2287 containing embedded links to multiple image files, and the server
2288 chooses to push those additional images to the client, sending push
2289 promises before the DATA frames that contain the image links ensure
2290 that the client is able to see the promises before discovering the
2291 resources. Similarly, if the server pushes resources referenced by
2292 the header block (for instance, in Link header fields), sending the
2293 push promises before sending the header block ensures that clients do
2294 not request those resources.
2296 PUSH_PROMISE frames MUST NOT be sent by the client. PUSH_PROMISE
2297 frames can be sent by the server on any stream that was opened by the
2298 client. They MUST be sent on a stream that is in either the "open"
2299 or "half closed (remote)" state to the server. PUSH_PROMISE frames
2300 are interspersed with the frames that comprise a response, though
2301 they cannot be interspersed with HEADERS and CONTINUATION frames that
2302 comprise a single header block.
2304 8.2.2. Push Responses
2306 After sending the PUSH_PROMISE frame, the server can begin delivering
2307 the pushed resource as a response (Section 8.1.3.2) on a server-
2308 initiated stream that uses the promised stream identifier. The
2309 server uses this stream to transmit an HTTP response, using the same
2310 sequence of frames as defined in Section 8.1. This stream becomes
2311 "half closed" to the client (Section 5.1) after the initial HEADERS
2312 frame is sent.
2314 Once a client receives a PUSH_PROMISE frame and chooses to accept the
2315 pushed resource, the client SHOULD NOT issue any requests for the
2316 promised resource until after the promised stream has closed.
2318 If the client determines, for any reason, that it does not wish to
2319 receive the pushed resource from the server, or if the server takes
2320 too long to begin sending the promised resource, the client can send
2321 an RST_STREAM frame, using either the CANCEL or REFUSED_STREAM codes,
2322 and referencing the pushed stream's identifier.
2324 A client can use the SETTINGS_MAX_CONCURRENT_STREAMS setting to limit
2325 the number of resources that can be concurrently pushed by a server.
2326 Advertising a SETTINGS_MAX_CONCURRENT_STREAMS value of zero disables
2327 server push by preventing the server from creating the necessary
2328 streams. This does not prohibit a server from sending PUSH_PROMISE
2329 frames; clients need to reset any promised streams that are not
2330 wanted.
2332 Clients receiving a pushed response MUST validate that the server is
2333 authorized to push the resource using the same-origin policy
2334 ([RFC6454], Section 3). For example, a HTTP/2.0 connection to
2335 "example.com" is generally [[anchor15: Ed: weaselly use of
2336 "generally", needs better definition]] not permitted to push a
2337 response for "www.example.org".
2339 8.3. The CONNECT Method
2341 The HTTP pseudo-method CONNECT ([HTTP-p2], Section 4.3.6) is used to
2342 convert an HTTP/1.1 connection into a tunnel to a remote host.
2343 CONNECT is primarily used with HTTP proxies to established a TLS
2344 session with a server for the purposes of interacting with "https"
2345 resources.
2347 In HTTP/2.0, the CONNECT method is used to establish a tunnel over a
2348 single HTTP/2.0 stream to a remote host. The HTTP header field
2349 mapping works as mostly as defined in Request Header Fields
2350 (Section 8.1.3.1), with a few differences. Specifically:
2352 o The ":method" header field is set to "CONNECT".
2354 o The ":scheme" and ":path" header fields MUST be omitted.
2356 o The ":authority" header field contains the host and port to
2357 connect to (equivalent to the authority-form of the request-target
2358 of CONNECT requests, see [HTTP-p1], Section 5.3).
2360 A proxy that supports CONNECT, establishes a TCP connection [TCP] to
2361 the server identified in the ":authority" header field. Once this
2362 connection is successfully established, the proxy sends a HEADERS
2363 frame containing a 2xx series status code, as defined in [HTTP-p2],
2364 Section 4.3.6.
2366 After the initial HEADERS frame sent by each peer, all subsequent
2367 DATA frames correspond to data sent on the TCP connection. The
2368 payload of any DATA frames sent by the client are transmitted by the
2369 proxy to the TCP server; data received from the TCP server is
2370 assembled into DATA frames by the proxy. Frame types other than DATA
2371 or stream management frames (RST_STREAM, WINDOW_UPDATE, and PRIORITY)
2372 MUST NOT be sent on a connected stream, and MUST be treated as a
2373 stream error (Section 5.4.2) if received.
2375 The TCP connection can be closed by either peer. The END_STREAM flag
2376 on a DATA frame is treated as being equivalent to the TCP FIN bit. A
2377 client is expected to send a DATA frame with the END_STREAM flag set
2378 after receiving a frame bearing the END_STREAM flag. A proxy that
2379 receives a DATA frame with the END_STREAM flag set sends the attached
2380 data with the FIN bit set on the last TCP segment. A proxy that
2381 receives a TCP segment with the FIN bit set sends a DATA frame with
2382 the END_STREAM flag set. Note that the final TCP segment or DATA
2383 frame could be empty.
2385 A TCP connection error is signaled with RST_STREAM. A proxy treats
2386 any error in the TCP connection, which includes receiving a TCP
2387 segment with the RST bit set, as a stream error (Section 5.4.2) of
2388 type CONNECT_ERROR. Correspondingly, a proxy MUST send a TCP segment
2389 with the RST bit set if it detects an error with the stream or the
2390 HTTP/2.0 connection.
2392 9. Additional HTTP Requirements/Considerations
2394 This section outlines attributes of the HTTP protocol that improve
2395 interoperability, reduce exposure to known security vulnerabilities,
2396 or reduce the potential for implementation variation.
2398 9.1. Connection Management
2400 HTTP/2.0 connections are persistent. For best performance, it is
2401 expected clients will not close connections until it is determined
2402 that no further communication with a server is necessary (for
2403 example, when a user navigates away from a particular web page), or
2404 until the server closes the connection.
2406 Clients SHOULD NOT open more than one HTTP/2.0 connection to a given
2407 origin ([RFC6454]) concurrently. A client can create additional
2408 connections as replacements, either to replace connections that are
2409 near to exhausting the available stream identifiers (Section 5.1.1),
2410 or to replace connections that have encountered errors
2411 (Section 5.4.1).
2413 Servers are encouraged to maintain open connections for as long as
2414 possible, but are permitted to terminate idle connections if
2415 necessary. When either endpoint chooses to close the transport-level
2416 TCP connection, the terminating endpoint SHOULD first send a GOAWAY
2417 (Section 6.8) frame so that both endpoints can reliably determine
2418 whether previously sent frames have been processed and gracefully
2419 complete or terminate any necessary remaining tasks.
2421 9.2. Use of TLS Features
2423 Implementations of HTTP/2.0 MUST support TLS 1.1 [TLS11]. [[anchor18:
2424 The working group intends to require at least the use of TLS 1.2
2425 [TLS12] prior to publication of this document; negotiating TLS 1.1 is
2426 permitted to enable the creation of interoperable implementations of
2427 early drafts.]]
2429 The TLS implementation MUST support the Server Name Indication (SNI)
2430 [TLS-EXT] extension to TLS. HTTP/2.0 clients MUST indicate the
2431 target domain name when negotiating TLS.
2433 A server that receives a TLS handshake that does not include either
2434 TLS 1.1 or SNI, MUST NOT negotiate HTTP/2.0. Removing HTTP/2.0
2435 protocols from consideration could result in the removal of all
2436 protocols from the set of protocols offered by the client. This
2437 causes protocol negotiation failure, as described in Section 3.2 of
2438 [TLSALPN].
2440 Implementations are encouraged not to negotiate TLS cipher suites
2441 with known vulnerabilities, such as [RC4].
2443 9.3. GZip Content-Encoding
2445 Clients MUST support gzip compression for HTTP response bodies.
2446 Regardless of the value of the accept-encoding header field, a server
2447 MAY send responses with gzip or deflate encoding. A compressed
2448 response MUST still bear an appropriate content-encoding header
2449 field.
2451 10. Security Considerations
2452 10.1. Server Authority and Same-Origin
2454 This specification uses the same-origin policy ([RFC6454], Section 3)
2455 to determine whether an origin server is permitted to provide
2456 content.
2458 A server that is contacted using TLS is authenticated based on the
2459 certificate that it offers in the TLS handshake (see [RFC2818],
2460 Section 3). A server is considered authoritative for an "https"
2461 resource if it has been successfully authenticated for the domain
2462 part of the origin of the resource that it is providing.
2464 A server is considered authoritative for an "http" resource if the
2465 connection is established to a resolved IP address for the domain in
2466 the origin of the resource.
2468 A client MUST NOT use, in any way, resources provided by a server
2469 that is not authoritative for those resources.
2471 10.2. Cross-Protocol Attacks
2473 When using TLS, we believe that HTTP/2.0 introduces no new cross-
2474 protocol attacks. TLS encrypts the contents of all transmission
2475 (except the handshake itself), making it difficult for attackers to
2476 control the data which could be used in a cross-protocol attack.
2477 [[anchor21: Issue: This is no longer true]]
2479 10.3. Intermediary Encapsulation Attacks
2481 HTTP/2.0 header field names and values are encoded as sequences of
2482 octets with a length prefix. This enables HTTP/2.0 to carry any
2483 string of octets as the name or value of a header field. An
2484 intermediary that translates HTTP/2.0 requests or responses into
2485 HTTP/1.1 directly could permit the creation of corrupted HTTP/1.1
2486 messages. An attacker might exploit this behavior to cause the
2487 intermediary to create HTTP/1.1 messages with illegal header fields,
2488 extra header fields, or even new messages that are entirely
2489 falsified.
2491 An intermediary that performs translation into HTTP/1.1 cannot alter
2492 the semantics of requests or responses. In particular, header field
2493 names or values that contain characters not permitted by HTTP/1.1,
2494 including carriage return (U+000D) or line feed (U+000A) MUST NOT be
2495 translated verbatim, as stipulated in [HTTP-p1], Section 3.2.4.
2497 Translation from HTTP/1.x to HTTP/2.0 does not produce the same
2498 opportunity to an attacker. Intermediaries that perform translation
2499 to HTTP/2.0 MUST remove any instances of the "obs-fold" production
2500 from header field values.
2502 10.4. Cacheability of Pushed Resources
2504 Pushed resources are responses without an explicit request; the
2505 request for a pushed resource is synthesized from the request that
2506 triggered the push, plus resource identification information provided
2507 by the server. Request header fields are necessary for HTTP cache
2508 control validations (such as the Vary header field) to work. For
2509 this reason, caches MUST associate the request header fields from the
2510 PUSH_PROMISE frame with the response headers and content delivered on
2511 the pushed stream. This includes the Cookie header field.
2513 Caching resources that are pushed is possible, based on the guidance
2514 provided by the origin server in the Cache-Control header field.
2515 However, this can cause issues if a single server hosts more than one
2516 tenant. For example, a server might offer multiple users each a
2517 small portion of its URI space.
2519 Where multiple tenants share space on the same server, that server
2520 MUST ensure that tenants are not able to push representations of
2521 resources that they do not have authority over. Failure to enforce
2522 this would allow a tenant to provide a representation that would be
2523 served out of cache, overriding the actual representation that the
2524 authoritative tenant provides.
2526 Pushed resources for which an origin server is not authoritative are
2527 never cached or used.
2529 10.5. Denial of Service Considerations
2531 An HTTP/2.0 connection can demand a greater commitment of resources
2532 to operate than a HTTP/1.1 connection. The use of header compression
2533 and flow control require that an implementation commit resources for
2534 storing a greater amount of state. Settings for these features
2535 ensure that memory commitments for these features are strictly
2536 bounded. Processing capacity cannot be guarded in the same fashion.
2538 The SETTINGS frame can be abused to cause a peer to expend additional
2539 processing time. This might be done by pointlessly changing
2540 settings, setting multiple undefined settings, or changing the same
2541 setting multiple times in the same frame. Similarly, WINDOW_UPDATE
2542 or PRIORITY frames can be abused to cause an unnecessary waste of
2543 resources.
2545 Large numbers of small or empty frames can be abused to cause a peer
2546 to expend time processing frame headers. Note however that some uses
2547 are entirely legitimate, such as the sending of an empty DATA frame
2548 to end a stream.
2550 Header compression also offers some opportunities to waste processing
2551 resources, see [COMPRESSION] for more details on potential abuses.
2553 In all these cases, there are legitimate reasons to use these
2554 protocol mechanisms. These features become a burden only when they
2555 are used unnecessarily or to excess.
2557 An endpoint that doesn't monitor this behavior exposes itself to a
2558 risk of denial of service attack. Implementations SHOULD track the
2559 use of these types of frames and set limits on their use. An
2560 endpoint MAY treat activity that is suspicious as a connection error
2561 (Section 5.4.1) of type ENHANCE_YOUR_CALM.
2563 11. Privacy Considerations
2565 HTTP/2.0 aims to keep connections open longer between clients and
2566 servers in order to reduce the latency when a user makes a request.
2567 The maintenance of these connections over time could be used to
2568 expose private information. For example, a user using a browser
2569 hours after the previous user stopped using that browser may be able
2570 to learn about what the previous user was doing. This is a problem
2571 with HTTP in its current form as well, however the short lived
2572 connections make it less of a risk.
2574 12. IANA Considerations
2576 A string for identifying HTTP/2.0 is entered into the "Application
2577 Layer Protocol Negotiation (ALPN) Protocol IDs" registry established
2578 in [TLSALPN].
2580 This document establishes registries for frame types, error codes and
2581 settings. These new registries are entered in a new "Hypertext
2582 Transfer Protocol (HTTP) 2.0 Parameters" section.
2584 This document registers the "HTTP2-Settings" header field for use in
2585 HTTP.
2587 12.1. Registration of HTTP/2.0 Identification String
2589 This document creates a registration for the identification of
2590 HTTP/2.0 in the "Application Layer Protocol Negotiation (ALPN)
2591 Protocol IDs" registry established in [TLSALPN].
2593 Protocol: HTTP/2.0
2595 Identification Sequence: 0x48 0x54 0x54 0x50 0x2f 0x32 0x2e 0x30
2596 ("HTTP/2.0")
2598 Specification: This document (RFCXXXX)
2600 12.2. Frame Type Registry
2602 This document establishes a registry for HTTP/2.0 frame types. The
2603 "HTTP/2.0 Frame Type" registry operates under the "IETF Review"
2604 policy [RFC5226].
2606 Frame types are an 8-bit value. When reviewing new frame type
2607 registrations, special attention is advised for any frame type-
2608 specific flags that are defined. Frame flags can interact with
2609 existing flags and could prevent the creation of globally applicable
2610 flags.
2612 Initial values for the "HTTP/2.0 Frame Type" registry are shown in
2613 Table 1.
2615 +--------+---------------+---------------------------+--------------+
2616 | Frame | Name | Flags | Section |
2617 | Type | | | |
2618 +--------+---------------+---------------------------+--------------+
2619 | 0 | DATA | END_STREAM(1) | Section 6.1 |
2620 | 1 | HEADERS | END_STREAM(1), | Section 6.2 |
2621 | | | END_HEADERS(4), | |
2622 | | | PRIORITY(8) | |
2623 | 2 | PRIORITY | - | Section 6.3 |
2624 | 3 | RST_STREAM | - | Section 6.4 |
2625 | 4 | SETTINGS | ACK(1) | Section 6.5 |
2626 | 5 | PUSH_PROMISE | END_PUSH_PROMISE(4) | Section 6.6 |
2627 | 6 | PING | ACK(1) | Section 6.7 |
2628 | 7 | GOAWAY | - | Section 6.8 |
2629 | 9 | WINDOW_UPDATE | - | Section 6.9 |
2630 | 10 | CONTINUATION | END_HEADERS(4) | Section 6.10 |
2631 +--------+---------------+---------------------------+--------------+
2633 Table 1
2635 12.3. Error Code Registry
2637 This document establishes a registry for HTTP/2.0 error codes. The
2638 "HTTP/2.0 Error Code" registry manages a 32-bit space. The "HTTP/2.0
2639 Error Code" registry operates under the "Expert Review" policy
2640 [RFC5226].
2642 Registrations for error codes are required to include a description
2643 of the error code. An expert reviewer is advised to examine new
2644 registrations for possible duplication with existing error codes.
2645 Use of existing registrations is to be encouraged, but not mandated.
2647 New registrations are advised to provide the following information:
2649 Error Code: The 32-bit error code value.
2651 Name: A name for the error code. Specifying an error code name is
2652 optional.
2654 Description: A description of the conditions where the error code is
2655 applicable.
2657 Specification: An optional reference for a specification that
2658 defines the error code.
2660 An initial set of error code registrations can be found in Section 7.
2662 12.4. Settings Registry
2664 This document establishes a registry for HTTP/2.0 settings. The
2665 "HTTP/2.0 Settings" registry manages a 24-bit space. The "HTTP/2.0
2666 Settings" registry operates under the "Expert Review" policy
2667 [RFC5226].
2669 Registrations for settings are required to include a description of
2670 the setting. An expert reviewer is advised to examine new
2671 registrations for possible duplication with existing settings. Use
2672 of existing registrations is to be encouraged, but not mandated.
2674 New registrations are advised to provide the following information:
2676 Setting: The 24-bit setting value.
2678 Name: A name for the setting. Specifying a name is optional.
2680 Flags: Any setting-specific flags that apply, including their value
2681 and semantics.
2683 Description: A description of the setting. This might include the
2684 range of values, any applicable units and how to act upon a value
2685 when it is provided.
2687 Specification: An optional reference for a specification that
2688 defines the setting.
2690 An initial set of settings registrations can be found in
2691 Section 6.5.2.
2693 12.5. HTTP2-Settings Header Field Registration
2695 This section registers the "HTTP2-Settings" header field in the
2696 Permanent Message Header Field Registry [BCP90].
2698 Header field name: HTTP2-Settings
2700 Applicable protocol: http
2702 Status: standard
2704 Author/Change controller: IETF
2706 Specification document(s): Section 3.2.1 of this document
2708 Related information: This header field is only used by an HTTP/2.0
2709 client for Upgrade-based negotiation.
2711 13. Acknowledgements
2713 This document includes substantial input from the following
2714 individuals:
2716 o Adam Langley, Wan-Teh Chang, Jim Morrison, Mark Nottingham, Alyssa
2717 Wilk, Costin Manolache, William Chan, Vitaliy Lvin, Joe Chan, Adam
2718 Barth, Ryan Hamilton, Gavin Peters, Kent Alstad, Kevin Lindsay,
2719 Paul Amer, Fan Yang, Jonathan Leighton (SPDY contributors).
2721 o Gabriel Montenegro and Willy Tarreau (Upgrade mechanism)
2723 o William Chan, Salvatore Loreto, Osama Mazahir, Gabriel Montenegro,
2724 Jitu Padhye, Roberto Peon, Rob Trace (Flow control)
2726 o Mark Nottingham, Julian Reschke, James Snell, Jeff Pinner, Mike
2727 Bishop, Herve Ruellan (Substantial editorial contributions)
2729 14. References
2731 14.1. Normative References
2733 [COMPRESSION] Ruellan, H. and R. Peon, "HPACK - Header Compression
2734 for HTTP/2.0",
2735 draft-ietf-httpbis-header-compression-05 (work in
2736 progress), December 2013.
2738 [COOKIE] Barth, A., "HTTP State Management Mechanism",
2739 RFC 6265, April 2011.
2741 [HTTP-p1] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext
2742 Transfer Protocol (HTTP/1.1): Message Syntax and
2743 Routing", draft-ietf-httpbis-p1-messaging-25 (work in
2744 progress), November 2013.
2746 [HTTP-p2] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext
2747 Transfer Protocol (HTTP/1.1): Semantics and Content",
2748 draft-ietf-httpbis-p2-semantics-25 (work in progress),
2749 November 2013.
2751 [HTTP-p4] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext
2752 Transfer Protocol (HTTP/1.1): Conditional Requests",
2753 draft-ietf-httpbis-p4-conditional-25 (work in
2754 progress), November 2013.
2756 [HTTP-p5] Fielding, R., Ed., Lafon, Y., Ed., and J. Reschke,
2757 Ed., "Hypertext Transfer Protocol (HTTP/1.1): Range
2758 Requests", draft-ietf-httpbis-p5-range-25 (work in
2759 progress), November 2013.
2761 [HTTP-p6] Fielding, R., Ed., Nottingham, M., Ed., and J.
2762 Reschke, Ed., "Hypertext Transfer Protocol (HTTP/1.1):
2763 Caching", draft-ietf-httpbis-p6-cache-25 (work in
2764 progress), November 2013.
2766 [HTTP-p7] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext
2767 Transfer Protocol (HTTP/1.1): Authentication",
2768 draft-ietf-httpbis-p7-auth-25 (work in progress),
2769 November 2013.
2771 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
2772 Requirement Levels", BCP 14, RFC 2119, March 1997.
2774 [RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000.
2776 [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter,
2777 "Uniform Resource Identifier (URI): Generic Syntax",
2778 STD 66, RFC 3986, January 2005.
2780 [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data
2781 Encodings", RFC 4648, October 2006.
2783 [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing
2784 an IANA Considerations Section in RFCs", BCP 26,
2785 RFC 5226, May 2008.
2787 [RFC5234] Crocker, D. and P. Overell, "Augmented BNF for Syntax
2788 Specifications: ABNF", STD 68, RFC 5234, January 2008.
2790 [RFC6454] Barth, A., "The Web Origin Concept", RFC 6454,
2791 December 2011.
2793 [TCP] Postel, J., "Transmission Control Protocol", STD 7,
2794 RFC 793, September 1981.
2796 [TLS-EXT] Eastlake, D., "Transport Layer Security (TLS)
2797 Extensions: Extension Definitions", RFC 6066,
2798 January 2011.
2800 [TLS11] Dierks, T. and E. Rescorla, "The Transport Layer
2801 Security (TLS) Protocol Version 1.1", RFC 4346,
2802 April 2006.
2804 [TLS12] Dierks, T. and E. Rescorla, "The Transport Layer
2805 Security (TLS) Protocol Version 1.2", RFC 5246,
2806 August 2008.
2808 [TLSALPN] Friedl, S., Popov, A., Langley, A., and E. Stephan,
2809 "Transport Layer Security (TLS) Application Layer
2810 Protocol Negotiation Extension",
2811 draft-ietf-tls-applayerprotoneg-02 (work in progress),
2812 September 2013.
2814 14.2. Informative References
2816 [BCP90] Klyne, G., Nottingham, M., and J. Mogul, "Registration
2817 Procedures for Message Header Fields", BCP 90,
2818 RFC 3864, September 2004.
2820 [RC4] Rivest, R., "The RC4 encryption algorithm", RSA Data
2821 Security, Inc. , March 1992.
2823 [RFC1323] Jacobson, V., Braden, B., and D. Borman, "TCP
2824 Extensions for High Performance", RFC 1323, May 1992.
2826 [TALKING] Huang, L-S., Chen, E., Barth, A., Rescorla, E., and C.
2827 Jackson, "Talking to Yourself for Fun and Profit",
2828 2011, .
2830 Appendix A. Change Log (to be removed by RFC Editor before publication)
2832 A.1. Since draft-ietf-httpbis-http2-08
2834 Added cookie crumbling for more efficient header compression.
2836 Added header field ordering with the value-concatenation mechanism.
2838 A.2. Since draft-ietf-httpbis-http2-07
2840 Marked draft for implementation.
2842 A.3. Since draft-ietf-httpbis-http2-06
2844 Adding definition for CONNECT method.
2846 Constraining the use of push to safe, cacheable methods with no
2847 request body.
2849 Changing from :host to :authority to remove any potential confusion.
2851 Adding setting for header compression table size.
2853 Adding settings acknowledgement.
2855 Removing unnecessary and potentially problematic flags from
2856 CONTINUATION.
2858 Added denial of service considerations.
2860 A.4. Since draft-ietf-httpbis-http2-05
2862 Marking the draft ready for implementation.
2864 Renumbering END_PUSH_PROMISE flag.
2866 Editorial clarifications and changes.
2868 A.5. Since draft-ietf-httpbis-http2-04
2870 Added CONTINUATION frame for HEADERS and PUSH_PROMISE.
2872 PUSH_PROMISE is no longer implicitly prohibited if
2873 SETTINGS_MAX_CONCURRENT_STREAMS is zero.
2875 Push expanded to allow all safe methods without a request body.
2877 Clarified the use of HTTP header fields in requests and responses.
2879 Prohibited HTTP/1.1 hop-by-hop header fields.
2881 Requiring that intermediaries not forward requests with missing or
2882 illegal routing :-headers.
2884 Clarified requirements around handling different frames after stream
2885 close, stream reset and GOAWAY.
2887 Added more specific prohibitions for sending of different frame types
2888 in various stream states.
2890 Making the last received setting value the effective value.
2892 Clarified requirements on TLS version, extension and ciphers.
2894 A.6. Since draft-ietf-httpbis-http2-03
2896 Committed major restructuring atrocities.
2898 Added reference to first header compression draft.
2900 Added more formal description of frame lifecycle.
2902 Moved END_STREAM (renamed from FINAL) back to HEADERS/DATA.
2904 Removed HEADERS+PRIORITY, added optional priority to HEADERS frame.
2906 Added PRIORITY frame.
2908 A.7. Since draft-ietf-httpbis-http2-02
2910 Added continuations to frames carrying header blocks.
2912 Replaced use of "session" with "connection" to avoid confusion with
2913 other HTTP stateful concepts, like cookies.
2915 Removed "message".
2917 Switched to TLS ALPN from NPN.
2919 Editorial changes.
2921 A.8. Since draft-ietf-httpbis-http2-01
2923 Added IANA considerations section for frame types, error codes and
2924 settings.
2926 Removed data frame compression.
2928 Added PUSH_PROMISE.
2930 Added globally applicable flags to framing.
2932 Removed zlib-based header compression mechanism.
2934 Updated references.
2936 Clarified stream identifier reuse.
2938 Removed CREDENTIALS frame and associated mechanisms.
2940 Added advice against naive implementation of flow control.
2942 Added session header section.
2944 Restructured frame header. Removed distinction between data and
2945 control frames.
2947 Altered flow control properties to include session-level limits.
2949 Added note on cacheability of pushed resources and multiple tenant
2950 servers.
2952 Changed protocol label form based on discussions.
2954 A.9. Since draft-ietf-httpbis-http2-00
2956 Changed title throughout.
2958 Removed section on Incompatibilities with SPDY draft#2.
2960 Changed INTERNAL_ERROR on GOAWAY to have a value of 2 .
2963 Replaced abstract and introduction.
2965 Added section on starting HTTP/2.0, including upgrade mechanism.
2967 Removed unused references.
2969 Added flow control principles (Section 5.2.1) based on .
2972 A.10. Since draft-mbelshe-httpbis-spdy-00
2974 Adopted as base for draft-ietf-httpbis-http2.
2976 Updated authors/editors list.
2978 Added status note.
2980 Authors' Addresses
2982 Mike Belshe
2983 Twist
2985 EMail: mbelshe@chromium.org
2987 Roberto Peon
2988 Google, Inc
2990 EMail: fenix@google.com
2992 Martin Thomson (editor)
2993 Microsoft
2994 3210 Porter Drive
2995 Palo Alto 94304
2996 US
2998 EMail: martin.thomson@gmail.com
3000 Alexey Melnikov (editor)
3001 Isode Ltd
3002 5 Castle Business Village
3003 36 Station Road
3004 Hampton, Middlesex TW12 2BX
3005 UK
3007 EMail: Alexey.Melnikov@isode.com