idnits 2.17.1
draft-ietf-httpbis-http2-11.txt:
Checking boilerplate required by RFC 5378 and the IETF Trust (see
https://trustee.ietf.org/license-info):
----------------------------------------------------------------------------
No issues found here.
Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
----------------------------------------------------------------------------
No issues found here.
Checking nits according to https://www.ietf.org/id-info/checklist :
----------------------------------------------------------------------------
No issues found here.
Miscellaneous warnings:
----------------------------------------------------------------------------
== The copyright year in the IETF Trust and authors Copyright Line does not
match the current year
-- The document date (April 3, 2014) is 3677 days in the past. Is this
intentional?
Checking references for intended status: Proposed Standard
----------------------------------------------------------------------------
(See RFCs 3967 and 4897 for information about using normative references
to lower-maturity documents in RFCs)
== Outdated reference: A later version (-14) exists of
draft-ietf-httpbis-alt-svc-01
== Outdated reference: A later version (-12) exists of
draft-ietf-httpbis-header-compression-07
-- Possible downref: Non-RFC (?) normative reference: ref. 'HTTP-p6'
** Obsolete normative reference: RFC 2818 (Obsoleted by RFC 9110)
** Obsolete normative reference: RFC 5226 (Obsoleted by RFC 8126)
** Obsolete normative reference: RFC 793 (ref. 'TCP') (Obsoleted by RFC
9293)
** Obsolete normative reference: RFC 5246 (ref. 'TLS12') (Obsoleted by RFC
8446)
-- Obsolete informational reference (is this intentional?): RFC 1323
(Obsoleted by RFC 7323)
Summary: 4 errors (**), 0 flaws (~~), 3 warnings (==), 3 comments (--).
Run idnits with the --verbose option for more detailed information about
the items above.
--------------------------------------------------------------------------------
2 HTTPbis Working Group M. Belshe
3 Internet-Draft Twist
4 Intended status: Standards Track R. Peon
5 Expires: October 5, 2014 Google, Inc
6 M. Thomson, Ed.
7 Mozilla
8 April 3, 2014
10 Hypertext Transfer Protocol version 2
11 draft-ietf-httpbis-http2-11
13 Abstract
15 This specification describes an optimized expression of the syntax of
16 the Hypertext Transfer Protocol (HTTP). HTTP/2 enables a more
17 efficient use of network resources and a reduced perception of
18 latency by introducing header field compression and allowing multiple
19 concurrent messages on the same connection. It also introduces
20 unsolicited push of representations from servers to clients.
22 This document is an alternative to, but does not obsolete, the
23 HTTP/1.1 message syntax. HTTP's existing semantics remain unchanged.
25 Editorial Note (To be removed by RFC Editor)
27 Discussion of this draft takes place on the HTTPBIS working group
28 mailing list (ietf-http-wg@w3.org), which is archived at
29 .
31 Working Group information can be found at
32 ; that specific to HTTP/2 are at
33 .
35 The changes in this draft are summarized in Appendix A.
37 Status of This Memo
39 This Internet-Draft is submitted in full conformance with the
40 provisions of BCP 78 and BCP 79.
42 Internet-Drafts are working documents of the Internet Engineering
43 Task Force (IETF). Note that other groups may also distribute
44 working documents as Internet-Drafts. The list of current Internet-
45 Drafts is at http://datatracker.ietf.org/drafts/current/.
47 Internet-Drafts are draft documents valid for a maximum of six months
48 and may be updated, replaced, or obsoleted by other documents at any
49 time. It is inappropriate to use Internet-Drafts as reference
50 material or to cite them other than as "work in progress."
52 This Internet-Draft will expire on October 5, 2014.
54 Copyright Notice
56 Copyright (c) 2014 IETF Trust and the persons identified as the
57 document authors. All rights reserved.
59 This document is subject to BCP 78 and the IETF Trust's Legal
60 Provisions Relating to IETF Documents
61 (http://trustee.ietf.org/license-info) in effect on the date of
62 publication of this document. Please review these documents
63 carefully, as they describe your rights and restrictions with respect
64 to this document. Code Components extracted from this document must
65 include Simplified BSD License text as described in Section 4.e of
66 the Trust Legal Provisions and are provided without warranty as
67 described in the Simplified BSD License.
69 Table of Contents
71 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 5
72 2. HTTP/2 Protocol Overview . . . . . . . . . . . . . . . . . . . 5
73 2.1. Document Organization . . . . . . . . . . . . . . . . . . 6
74 2.2. Conventions and Terminology . . . . . . . . . . . . . . . 7
75 3. Starting HTTP/2 . . . . . . . . . . . . . . . . . . . . . . . 8
76 3.1. HTTP/2 Version Identification . . . . . . . . . . . . . . 8
77 3.2. Starting HTTP/2 for "http" URIs . . . . . . . . . . . . . 9
78 3.2.1. HTTP2-Settings Header Field . . . . . . . . . . . . . 10
79 3.3. Starting HTTP/2 for "https" URIs . . . . . . . . . . . . . 11
80 3.4. Starting HTTP/2 with Prior Knowledge . . . . . . . . . . . 11
81 3.5. HTTP/2 Connection Preface . . . . . . . . . . . . . . . . 11
82 4. HTTP Frames . . . . . . . . . . . . . . . . . . . . . . . . . 12
83 4.1. Frame Format . . . . . . . . . . . . . . . . . . . . . . . 12
84 4.2. Frame Size . . . . . . . . . . . . . . . . . . . . . . . . 14
85 4.3. Header Compression and Decompression . . . . . . . . . . . 14
86 5. Streams and Multiplexing . . . . . . . . . . . . . . . . . . . 15
87 5.1. Stream States . . . . . . . . . . . . . . . . . . . . . . 16
88 5.1.1. Stream Identifiers . . . . . . . . . . . . . . . . . . 20
89 5.1.2. Stream Concurrency . . . . . . . . . . . . . . . . . . 20
90 5.2. Flow Control . . . . . . . . . . . . . . . . . . . . . . . 21
91 5.2.1. Flow Control Principles . . . . . . . . . . . . . . . 21
92 5.2.2. Appropriate Use of Flow Control . . . . . . . . . . . 22
93 5.3. Stream priority . . . . . . . . . . . . . . . . . . . . . 23
94 5.3.1. Priority Groups and Weighting . . . . . . . . . . . . 23
95 5.3.2. Stream Dependencies . . . . . . . . . . . . . . . . . 24
96 5.3.3. Reprioritization . . . . . . . . . . . . . . . . . . . 25
97 5.3.4. Prioritization State Management . . . . . . . . . . . 25
98 5.3.5. Default Priorities . . . . . . . . . . . . . . . . . . 26
99 5.4. Error Handling . . . . . . . . . . . . . . . . . . . . . . 26
100 5.4.1. Connection Error Handling . . . . . . . . . . . . . . 27
101 5.4.2. Stream Error Handling . . . . . . . . . . . . . . . . 27
102 5.4.3. Connection Termination . . . . . . . . . . . . . . . . 28
103 6. Frame Definitions . . . . . . . . . . . . . . . . . . . . . . 28
104 6.1. DATA . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
105 6.2. HEADERS . . . . . . . . . . . . . . . . . . . . . . . . . 30
106 6.3. PRIORITY . . . . . . . . . . . . . . . . . . . . . . . . . 32
107 6.4. RST_STREAM . . . . . . . . . . . . . . . . . . . . . . . . 34
108 6.5. SETTINGS . . . . . . . . . . . . . . . . . . . . . . . . . 35
109 6.5.1. SETTINGS Format . . . . . . . . . . . . . . . . . . . 36
110 6.5.2. Defined SETTINGS Parameters . . . . . . . . . . . . . 36
111 6.5.3. Settings Synchronization . . . . . . . . . . . . . . . 37
112 6.6. PUSH_PROMISE . . . . . . . . . . . . . . . . . . . . . . . 37
113 6.7. PING . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
114 6.8. GOAWAY . . . . . . . . . . . . . . . . . . . . . . . . . . 41
115 6.9. WINDOW_UPDATE . . . . . . . . . . . . . . . . . . . . . . 43
116 6.9.1. The Flow Control Window . . . . . . . . . . . . . . . 44
117 6.9.2. Initial Flow Control Window Size . . . . . . . . . . . 45
118 6.9.3. Reducing the Stream Window Size . . . . . . . . . . . 46
119 6.10. CONTINUATION . . . . . . . . . . . . . . . . . . . . . . . 46
120 6.11. ALTSVC . . . . . . . . . . . . . . . . . . . . . . . . . . 47
121 7. Error Codes . . . . . . . . . . . . . . . . . . . . . . . . . 49
122 8. HTTP Message Exchanges . . . . . . . . . . . . . . . . . . . . 50
123 8.1. HTTP Request/Response Exchange . . . . . . . . . . . . . . 51
124 8.1.1. Informational Responses . . . . . . . . . . . . . . . 52
125 8.1.2. Examples . . . . . . . . . . . . . . . . . . . . . . . 53
126 8.1.3. HTTP Header Fields . . . . . . . . . . . . . . . . . . 55
127 8.1.4. Request Reliability Mechanisms in HTTP/2 . . . . . . . 59
128 8.2. Server Push . . . . . . . . . . . . . . . . . . . . . . . 60
129 8.2.1. Push Requests . . . . . . . . . . . . . . . . . . . . 60
130 8.2.2. Push Responses . . . . . . . . . . . . . . . . . . . . 61
131 8.3. The CONNECT Method . . . . . . . . . . . . . . . . . . . . 62
132 9. Additional HTTP Requirements/Considerations . . . . . . . . . 63
133 9.1. Connection Management . . . . . . . . . . . . . . . . . . 63
134 9.2. Use of TLS Features . . . . . . . . . . . . . . . . . . . 64
135 9.3. GZip Content-Encoding . . . . . . . . . . . . . . . . . . 65
136 10. Security Considerations . . . . . . . . . . . . . . . . . . . 65
137 10.1. Server Authority . . . . . . . . . . . . . . . . . . . . . 65
138 10.2. Cross-Protocol Attacks . . . . . . . . . . . . . . . . . . 66
139 10.3. Intermediary Encapsulation Attacks . . . . . . . . . . . . 66
140 10.4. Cacheability of Pushed Responses . . . . . . . . . . . . . 67
141 10.5. Denial of Service Considerations . . . . . . . . . . . . . 67
142 10.6. Use of Compression . . . . . . . . . . . . . . . . . . . . 68
143 10.7. Use of Padding . . . . . . . . . . . . . . . . . . . . . . 68
144 10.8. Privacy Considerations . . . . . . . . . . . . . . . . . . 69
146 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 69
147 11.1. Registration of HTTP/2 Identification String . . . . . . . 70
148 11.2. Error Code Registry . . . . . . . . . . . . . . . . . . . 70
149 11.3. HTTP2-Settings Header Field Registration . . . . . . . . . 71
150 11.4. PRI Method Registration . . . . . . . . . . . . . . . . . 71
151 12. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 71
152 13. References . . . . . . . . . . . . . . . . . . . . . . . . . . 72
153 13.1. Normative References . . . . . . . . . . . . . . . . . . . 72
154 13.2. Informative References . . . . . . . . . . . . . . . . . . 74
155 Appendix A. Change Log (to be removed by RFC Editor before
156 publication) . . . . . . . . . . . . . . . . . . . . 74
157 A.1. Since draft-ietf-httpbis-http2-10 . . . . . . . . . . . . 74
158 A.2. Since draft-ietf-httpbis-http2-09 . . . . . . . . . . . . 75
159 A.3. Since draft-ietf-httpbis-http2-08 . . . . . . . . . . . . 75
160 A.4. Since draft-ietf-httpbis-http2-07 . . . . . . . . . . . . 75
161 A.5. Since draft-ietf-httpbis-http2-06 . . . . . . . . . . . . 75
162 A.6. Since draft-ietf-httpbis-http2-05 . . . . . . . . . . . . 76
163 A.7. Since draft-ietf-httpbis-http2-04 . . . . . . . . . . . . 76
164 A.8. Since draft-ietf-httpbis-http2-03 . . . . . . . . . . . . 76
165 A.9. Since draft-ietf-httpbis-http2-02 . . . . . . . . . . . . 77
166 A.10. Since draft-ietf-httpbis-http2-01 . . . . . . . . . . . . 77
167 A.11. Since draft-ietf-httpbis-http2-00 . . . . . . . . . . . . 78
168 A.12. Since draft-mbelshe-httpbis-spdy-00 . . . . . . . . . . . 78
170 1. Introduction
172 The Hypertext Transfer Protocol (HTTP) is a wildly successful
173 protocol. However, the HTTP/1.1 message format ([HTTP-p1], Section
174 3) was designed to be implemented with the tools at hand in the
175 1990s, not modern Web application performance. As such it has
176 several characteristics that have a negative overall effect on
177 application performance today.
179 In particular, HTTP/1.0 only allows one request to be outstanding at
180 a time on a given connection. HTTP/1.1 pipelining only partially
181 addressed request concurrency and suffers from head-of-line blocking.
182 Therefore, clients that need to make many requests typically use
183 multiple connections to a server in order to reduce latency.
185 Furthermore, HTTP/1.1 header fields are often repetitive and verbose,
186 which, in addition to generating more or larger network packets, can
187 cause the small initial TCP congestion window to quickly fill. This
188 can result in excessive latency when multiple requests are made on a
189 single new TCP connection.
191 This document addresses these issues by defining an optimized mapping
192 of HTTP's semantics to an underlying connection. Specifically, it
193 allows interleaving of request and response messages on the same
194 connection and uses an efficient coding for HTTP header fields. It
195 also allows prioritization of requests, letting more important
196 requests complete more quickly, further improving performance.
198 The resulting protocol is designed to be more friendly to the
199 network, because fewer TCP connections can be used in comparison to
200 HTTP/1.x. This means less competition with other flows, and longer-
201 lived connections, which in turn leads to better utilization of
202 available network capacity.
204 Finally, this encapsulation also enables more scalable processing of
205 messages through use of binary message framing.
207 2. HTTP/2 Protocol Overview
209 HTTP/2 provides an optimized transport for HTTP semantics. HTTP/2
210 supports all of the core features of HTTP/1.1, but aims to be more
211 efficient in several ways.
213 The basic protocol unit in HTTP/2 is a frame (Section 4.1). Each
214 frame has a different type and purpose. For example, HEADERS and
215 DATA frames form the basis of HTTP requests and responses
216 (Section 8.1); other frame types like SETTINGS, WINDOW_UPDATE, and
217 PUSH_PROMISE are used in support of other HTTP/2 features.
219 Multiplexing of requests is achieved by having each HTTP request-
220 response exchanged assigned to a single stream (Section 5). Streams
221 are largely independent of each other, so a blocked or stalled
222 request does not prevent progress on other requests.
224 Flow control and prioritization ensure that it is possible to
225 properly use multiplexed streams. Flow control (Section 5.2) helps
226 to ensure that only data that can be used by a receiver is
227 transmitted. Prioritization (Section 5.3) ensures that limited
228 resources can be directed to the most important requests first.
230 HTTP/2 adds a new interaction mode, whereby a server can push
231 responses to a client (Section 8.2). Server push allows a server to
232 speculatively send a client data that the server anticipates the
233 client will need, trading off some network usage against a potential
234 latency gain. The server does this by synthesizing a request, which
235 it sends as a PUSH_PROMISE frame. The server is then able to send a
236 response to the synthetic request on an separate stream.
238 Frames that contain HTTP header fields are compressed (Section 4.3).
239 HTTP requests can be highly redundant, so compression can reduce the
240 size of requests and responses significantly.
242 HTTP/2 also supports HTTP Alternative Services (see [ALT-SVC]) using
243 the ALTSVC frame type (Section 6.11), to allow servers more control
244 over traffic to them.
246 2.1. Document Organization
248 The HTTP/2 specification is split into four parts:
250 o Starting HTTP/2 (Section 3) covers how an HTTP/2 connection is
251 initiated.
253 o The framing (Section 4) and streams (Section 5) layers describe
254 the way HTTP/2 frames are structured and formed into multiplexed
255 streams.
257 o Frame (Section 6) and error (Section 7) definitions include
258 details of the frame and error types used in HTTP/2.
260 o HTTP mappings (Section 8) and additional requirements (Section 9)
261 describe how HTTP semantics are expressed using frames and
262 streams.
264 While some of the frame and stream layer concepts are isolated from
265 HTTP, the intent is not to define a completely generic framing layer.
266 The framing and streams layers are tailored to the needs of the HTTP
267 protocol and server push.
269 2.2. Conventions and Terminology
271 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
272 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
273 document are to be interpreted as described in RFC 2119 [RFC2119].
275 All numeric values are in network byte order. Values are unsigned
276 unless otherwise indicated. Literal values are provided in decimal
277 or hexadecimal as appropriate. Hexadecimal literals are prefixed
278 with "0x" to distinguish them from decimal literals.
280 The following terms are used:
282 client: The endpoint initiating the HTTP/2 connection.
284 connection: A transport-level connection between two endpoints.
286 connection error: An error that affects the entire HTTP/2
287 connection.
289 endpoint: Either the client or server of the connection.
291 frame: The smallest unit of communication within an HTTP/2
292 connection, consisting of a header and a variable-length sequence
293 of bytes structured according to the frame type.
295 intermediary: A "proxy", "gateway" or other intermediary as defined
296 in Section 2.3 of [HTTP-p1].
298 peer: An endpoint. When discussing a particular endpoint, "peer"
299 refers to the endpoint that is remote to the primary subject of
300 discussion.
302 receiver: An endpoint that is receiving frames.
304 sender: An endpoint that is transmitting frames.
306 server: The endpoint which did not initiate the HTTP/2 connection.
308 stream: A bi-directional flow of frames across a virtual channel
309 within the HTTP/2 connection.
311 stream error: An error on the individual HTTP/2 stream.
313 3. Starting HTTP/2
315 An HTTP/2 connection is an application level protocol running on top
316 of a TCP connection ([TCP]). The client is the TCP connection
317 initiator.
319 HTTP/2 uses the same "http" and "https" URI schemes used by HTTP/1.1.
320 HTTP/2 shares the same default port numbers: 80 for "http" URIs and
321 443 for "https" URIs. As a result, implementations processing
322 requests for target resource URIs like "http://example.org/foo" or
323 "https://example.com/bar" are required to first discover whether the
324 upstream server (the immediate peer to which the client wishes to
325 establish a connection) supports HTTP/2.
327 The means by which support for HTTP/2 is determined is different for
328 "http" and "https" URIs. Discovery for "http" URIs is described in
329 Section 3.2. Discovery for "https" URIs is described in Section 3.3.
331 3.1. HTTP/2 Version Identification
333 The protocol defined in this document has two identifiers.
335 o The string "h2" identifies the protocol where HTTP/2 uses TLS
336 [TLS12]. This identifier is used in the TLS application layer
337 protocol negotiation extension [TLSALPN] field and any place that
338 HTTP/2 over TLS is identified.
340 When serialised into an ALPN protocol identifier (which is a
341 sequence of octets), the HTTP/2 protocol identifier string is
342 encoded using UTF-8 [UTF-8].
344 o The string "h2c" identifies the protocol where HTTP/2 is run over
345 cleartext TCP. This identifier is used in the HTTP/1.1 Upgrade
346 header field and any place that HTTP/2 over TCP is identified.
348 Negotiating "h2" or "h2c" implies the use of the transport, security,
349 framing and message semantics described in this document.
351 [[anchor3: RFC Editor's Note: please remove the remainder of this
352 section prior to the publication of a final version of this
353 document.]]
355 Only implementations of the final, published RFC can identify
356 themselves as "h2" or "h2c". Until such an RFC exists,
357 implementations MUST NOT identify themselves using these strings.
359 Examples and text throughout the rest of this document use "h2" as a
360 matter of editorial convenience only. Implementations of draft
361 versions MUST NOT identify using this string.
363 Implementations of draft versions of the protocol MUST add the string
364 "-" and the corresponding draft number to the identifier. For
365 example, draft-ietf-httpbis-http2-11 over TLS is identified using the
366 string "h2-11".
368 Non-compatible experiments that are based on these draft versions
369 MUST append the string "-" and an experiment name to the identifier.
370 For example, an experimental implementation of packet mood-based
371 encoding based on draft-ietf-httpbis-http2-09 might identify itself
372 as "h2-09-emo". Note that any label MUST conform to the "token"
373 syntax defined in Section 3.2.6 of [HTTP-p1]. Experimenters are
374 encouraged to coordinate their experiments on the ietf-http-wg@w3.org
375 mailing list.
377 3.2. Starting HTTP/2 for "http" URIs
379 A client that makes a request to an "http" URI without prior
380 knowledge about support for HTTP/2 uses the HTTP Upgrade mechanism
381 (Section 6.7 of [HTTP-p1]). The client makes an HTTP/1.1 request
382 that includes an Upgrade header field identifying HTTP/2 with the
383 "h2c" token. The HTTP/1.1 request MUST include exactly one HTTP2-
384 Settings (Section 3.2.1) header field.
386 For example:
388 GET /default.htm HTTP/1.1
389 Host: server.example.com
390 Connection: Upgrade, HTTP2-Settings
391 Upgrade: h2c
392 HTTP2-Settings:
394 Requests that contain an entity body MUST be sent in their entirety
395 before the client can send HTTP/2 frames. This means that a large
396 request entity can block the use of the connection until it is
397 completely sent.
399 If concurrency of an initial request with subsequent requests is
400 important, a small request can be used to perform the upgrade to
401 HTTP/2, at the cost of an additional round-trip.
403 A server that does not support HTTP/2 can respond to the request as
404 though the Upgrade header field were absent:
406 HTTP/1.1 200 OK
407 Content-Length: 243
408 Content-Type: text/html
410 ...
412 A server that supports HTTP/2 can accept the upgrade with a 101
413 (Switching Protocols) response. After the empty line that terminates
414 the 101 response, the server can begin sending HTTP/2 frames. These
415 frames MUST include a response to the request that initiated the
416 Upgrade.
418 HTTP/1.1 101 Switching Protocols
419 Connection: Upgrade
420 Upgrade: h2
422 [ HTTP/2 connection ...
424 The first HTTP/2 frame sent by the server is a SETTINGS frame
425 (Section 6.5). Upon receiving the 101 response, the client sends a
426 connection preface (Section 3.5), which includes a SETTINGS frame.
428 The HTTP/1.1 request that is sent prior to upgrade is assigned stream
429 identifier 1 and is assigned default priority values (Section 5.3.5).
430 Stream 1 is implicitly half closed from the client toward the server,
431 since the request is completed as an HTTP/1.1 request. After
432 commencing the HTTP/2 connection, stream 1 is used for the response.
434 3.2.1. HTTP2-Settings Header Field
436 A request that upgrades from HTTP/1.1 to HTTP/2 MUST include exactly
437 one "HTTP2-Settings" header field. The "HTTP2-Settings" header field
438 is a hop-by-hop header field that includes parameters that govern the
439 HTTP/2 connection, provided in anticipation of the server accepting
440 the request to upgrade. A server MUST reject an attempt to upgrade
441 if this header field is not present.
443 HTTP2-Settings = token68
445 The content of the "HTTP2-Settings" header field is the payload of a
446 SETTINGS frame (Section 6.5), encoded as a base64url string (that is,
447 the URL- and filename-safe Base64 encoding described in Section 5 of
448 [RFC4648], with any trailing '=' characters omitted). The ABNF
449 [RFC5234] production for "token68" is defined in Section 2.1 of
450 [HTTP-p7].
452 As a hop-by-hop header field, the "Connection" header field MUST
453 include a value of "HTTP2-Settings" in addition to "Upgrade" when
454 upgrading to HTTP/2.
456 A server decodes and interprets these values as it would any other
457 SETTINGS frame. Acknowledgement of the SETTINGS parameters
458 (Section 6.5.3) is not necessary, since a 101 response serves as
459 implicit acknowledgment. Providing these values in the Upgrade
460 request ensures that the protocol does not require default values for
461 the above SETTINGS parameters, and gives a client an opportunity to
462 provide other parameters prior to receiving any frames from the
463 server.
465 3.3. Starting HTTP/2 for "https" URIs
467 A client that makes a request to an "https" URI without prior
468 knowledge about support for HTTP/2 uses TLS [TLS12] with the
469 application layer protocol negotiation extension [TLSALPN].
471 Once TLS negotiation is complete, both the client and the server send
472 a connection preface (Section 3.5).
474 3.4. Starting HTTP/2 with Prior Knowledge
476 A client can learn that a particular server supports HTTP/2 by other
477 means. For example, [ALT-SVC] describes a mechanism for advertising
478 this capability in an HTTP header field; the ALTSVC frame
479 (Section 6.11) describes a similar mechanism in HTTP/2.
481 A client MAY immediately send HTTP/2 frames to a server that is known
482 to support HTTP/2, after the connection preface (Section 3.5). A
483 server can identify such a connection by the use of the "PRI" method
484 in the connection preface. This only affects the resolution of
485 "http" URIs; servers supporting HTTP/2 are required to support
486 protocol negotiation in TLS [TLSALPN] for "https" URIs.
488 Prior support for HTTP/2 is not a strong signal that a given server
489 will support HTTP/2 for future connections. It is possible for
490 server configurations to change; for configurations to differ between
491 instances in clustered server; or network conditions to change.
493 3.5. HTTP/2 Connection Preface
495 Upon establishment of a TCP connection and determination that HTTP/2
496 will be used by both peers, each endpoint MUST send a connection
497 preface as a final confirmation and to establish the initial SETTINGS
498 parameters for the HTTP/2 connection.
500 The client connection preface starts with a sequence of 24 octets,
501 which in hex notation are:
503 0x505249202a20485454502f322e300d0a0d0a534d0d0a0d0a
505 (the string "PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n"). This sequence is
506 followed by a SETTINGS frame (Section 6.5). The SETTINGS frame MAY
507 be empty. The client sends the client connection preface immediately
508 upon receipt of a 101 Switching Protocols response (indicating a
509 successful upgrade), or as the first application data octets of a TLS
510 connection. If starting an HTTP/2 connection with prior knowledge of
511 server support for the protocol, the client connection preface is
512 sent upon connection establishment.
514 The client connection preface is selected so that a large
515 proportion of HTTP/1.1 or HTTP/1.0 servers and intermediaries do
516 not attempt to process further frames. Note that this does not
517 address the concerns raised in [TALKING].
519 The server connection preface consists of a potentially empty
520 SETTINGS frame (Section 6.5) that MUST be the first frame the server
521 sends in the HTTP/2 connection.
523 To avoid unnecessary latency, clients are permitted to send
524 additional frames to the server immediately after sending the client
525 connection preface, without waiting to receive the server connection
526 preface. It is important to note, however, that the server
527 connection preface SETTINGS frame might include parameters that
528 necessarily alter how a client is expected to communicate with the
529 server. Upon receiving the SETTINGS frame, the client is expected to
530 honor any parameters established.
532 Clients and servers MUST terminate the TCP connection if either peer
533 does not begin with a valid connection preface. A GOAWAY frame
534 (Section 6.8) MAY be omitted if it is clear that the peer is not
535 using HTTP/2.
537 4. HTTP Frames
539 Once the HTTP/2 connection is established, endpoints can begin
540 exchanging frames.
542 4.1. Frame Format
544 All frames begin with an 8-octet header followed by a payload of
545 between 0 and 16,383 octets.
547 0 1 2 3
548 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
549 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
550 | R | Length (14) | Type (8) | Flags (8) |
551 +-+-+-----------+---------------+-------------------------------+
552 |R| Stream Identifier (31) |
553 +-+-------------------------------------------------------------+
554 | Frame Payload (0...) ...
555 +---------------------------------------------------------------+
557 Frame Header
559 The fields of the frame header are defined as:
561 R: A reserved 2-bit field. The semantics of these bits are undefined
562 and the bits MUST remain unset (0) when sending and MUST be
563 ignored when receiving.
565 Length: The length of the frame payload expressed as an unsigned 14-
566 bit integer. The 8 octets of the frame header are not included in
567 this value.
569 Type: The 8-bit type of the frame. The frame type determines how
570 the remainder of the frame header and payload are interpreted.
571 Implementations MUST treat the receipt of an unknown frame type
572 (any frame types not defined in this document) as a connection
573 error (Section 5.4.1) of type PROTOCOL_ERROR.
575 Flags: An 8-bit field reserved for frame-type specific boolean
576 flags.
578 Flags are assigned semantics specific to the indicated frame type.
579 Flags that have no defined semantics for a particular frame type
580 MUST be ignored, and MUST be left unset (0) when sending.
582 R: A reserved 1-bit field. The semantics of this bit are undefined
583 and the bit MUST remain unset (0) when sending and MUST be ignored
584 when receiving.
586 Stream Identifier: A 31-bit stream identifier (see Section 5.1.1).
587 The value 0 is reserved for frames that are associated with the
588 connection as a whole as opposed to an individual stream.
590 The structure and content of the frame payload is dependent entirely
591 on the frame type.
593 4.2. Frame Size
595 The maximum size of a frame payload varies by frame type. The
596 absolute maximum size of a frame payload is 2^14-1 (16,383) octets,
597 meaning that the maximum frame size is 16,391 octets. All
598 implementations SHOULD be capable of receiving and minimally
599 processing frames up to this maximum size.
601 Certain frame types, such as PING (see Section 6.7), impose
602 additional limits on the amount of payload data allowed. Likewise,
603 additional size limits can be set by specific application uses (see
604 Section 9).
606 If a frame size exceeds any defined limit, or is too small to contain
607 mandatory frame data, the endpoint MUST send a FRAME_SIZE_ERROR
608 error. A frame size error in a frame that could alter the state of
609 the entire connection MUST be treated as a connection error
610 (Section 5.4.1); this includes any frame carrying a header block
611 (Section 4.3) (that is, HEADERS, PUSH_PROMISE, and CONTINUATION),
612 SETTINGS, and any WINDOW_UPDATE frame with a stream identifier of 0.
614 4.3. Header Compression and Decompression
616 A header field in HTTP/2 is a name-value pair with one or more
617 associated values. They are used within HTTP request and response
618 messages as well as server push operations (see Section 8.2).
620 Header sets are collections of zero or more header fields. When
621 transmitted over a connection, a header set is serialized into a
622 header block using HTTP Header Compression [COMPRESSION]. The
623 serialized header block is then divided into one or more octet
624 sequences, called header block fragments, and transmitted within the
625 payload of HEADERS (Section 6.2), PUSH_PROMISE (Section 6.6) or
626 CONTINUATION (Section 6.10) frames.
628 HTTP Header Compression does not preserve the relative ordering of
629 header fields. Header fields with multiple values are encoded into a
630 single header field using a special delimiter; see Section 8.1.3.3.
632 The Cookie header field [COOKIE] is treated specially by the HTTP
633 mapping; see Section 8.1.3.4.
635 A receiving endpoint reassembles the header block by concatenating
636 its fragments, then decompresses the block to reconstruct the header
637 set.
639 A complete header block consists of either:
641 o a single HEADERS or PUSH_PROMISE frame, with the END_HEADERS flag
642 set, or
644 o a HEADERS or PUSH_PROMISE frame with the END_HEADERS flag cleared
645 and one or more CONTINUATION frames, where the last CONTINUATION
646 frame has the END_HEADERS flag set.
648 Header compression is stateful, using a single compression context
649 for the entire connection. Each header block is processed as a
650 discrete unit. Header blocks MUST be transmitted as a contiguous
651 sequence of frames, with no interleaved frames of any other type or
652 from any other stream. The last frame in a sequence of HEADERS or
653 CONTINUATION frames MUST have the END_HEADERS flag set. The last
654 frame in a sequence of PUSH_PROMISE or CONTINUATION frames MUST have
655 the END_HEADERS flag set.
657 Header block fragments can only be sent as the payload of HEADERS,
658 PUSH_PROMISE or CONTINUATION frames, because these frames carry data
659 that can modify the compression context maintained by a receiver. An
660 endpoint receiving HEADERS, PUSH_PROMISE or CONTINUATION frames MUST
661 reassemble header blocks and perform decompression even if the frames
662 are to be discarded. A receiver MUST terminate the connection with a
663 connection error (Section 5.4.1) of type COMPRESSION_ERROR if it does
664 not decompress a header block.
666 5. Streams and Multiplexing
668 A "stream" is an independent, bi-directional sequence of frames
669 exchanged between the client and server within an HTTP/2 connection.
670 Streams have several important characteristics:
672 o A single HTTP/2 connection can contain multiple concurrently open
673 streams, with either endpoint interleaving frames from multiple
674 streams.
676 o Streams can be established and used unilaterally or shared by
677 either the client or server.
679 o Streams can be closed by either endpoint.
681 o The order in which frames are sent within a stream is significant.
682 Recipients process frames in the order they are received.
684 o Streams are identified by an integer. Stream identifiers are
685 assigned to streams by the endpoint initiating the stream.
687 5.1. Stream States
689 The lifecycle of a stream is shown in Figure 1.
691 +--------+
692 PP | | PP
693 ,--------| idle |--------.
694 / | | \
695 v +--------+ v
696 +----------+ | +----------+
697 | | | H | |
698 ,---| reserved | | | reserved |---.
699 | | (local) | v | (remote) | |
700 | +----------+ +--------+ +----------+ |
701 | | ES | | ES | |
702 | | H ,-------| open |-------. | H |
703 | | / | | \ | |
704 | v v +--------+ v v |
705 | +----------+ | +----------+ |
706 | | half | | | half | |
707 | | closed | | R | closed | |
708 | | (remote) | | | (local) | |
709 | +----------+ | +----------+ |
710 | | v | |
711 | | ES / R +--------+ ES / R | |
712 | `----------->| |<-----------' |
713 | R | closed | R |
714 `-------------------->| |<--------------------'
715 +--------+
717 H: HEADERS frame (with implied CONTINUATIONs)
718 PP: PUSH_PROMISE frame (with implied CONTINUATIONs)
719 ES: END_STREAM flag
720 R: RST_STREAM frame
722 Figure 1: Stream States
724 Both endpoints have a subjective view of the state of a stream that
725 could be different when frames are in transit. Endpoints do not
726 coordinate the creation of streams; they are created unilaterally by
727 either endpoint. The negative consequences of a mismatch in states
728 are limited to the "closed" state after sending RST_STREAM, where
729 frames might be received for some time after closing.
731 Streams have the following states:
733 idle:
734 All streams start in the "idle" state. In this state, no frames
735 have been exchanged.
737 The following transitions are valid from this state:
739 * Sending or receiving a HEADERS frame causes the stream to
740 become "open". The stream identifier is selected as described
741 in Section 5.1.1. The same HEADERS frame can also cause a
742 stream to immediately become "half closed".
744 * Sending a PUSH_PROMISE frame marks the associated stream for
745 later use. The stream state for the reserved stream
746 transitions to "reserved (local)".
748 * Receiving a PUSH_PROMISE frame marks the associated stream as
749 reserved by the remote peer. The state of the stream becomes
750 "reserved (remote)".
752 reserved (local):
753 A stream in the "reserved (local)" state is one that has been
754 promised by sending a PUSH_PROMISE frame. A PUSH_PROMISE frame
755 reserves an idle stream by associating the stream with an open
756 stream that was initiated by the remote peer (see Section 8.2).
758 In this state, only the following transitions are possible:
760 * The endpoint can send a HEADERS frame. This causes the stream
761 to open in a "half closed (remote)" state.
763 * Either endpoint can send a RST_STREAM frame to cause the stream
764 to become "closed". This releases the stream reservation.
766 An endpoint MUST NOT send frames other than HEADERS or RST_STREAM
767 in this state.
769 A PRIORITY frame MAY be received in this state. Receiving any
770 frames other than RST_STREAM, or PRIORITY MUST be treated as a
771 connection error (Section 5.4.1) of type PROTOCOL_ERROR.
773 reserved (remote):
774 A stream in the "reserved (remote)" state has been reserved by a
775 remote peer.
777 In this state, only the following transitions are possible:
779 * Receiving a HEADERS frame causes the stream to transition to
780 "half closed (local)".
782 * Either endpoint can send a RST_STREAM frame to cause the stream
783 to become "closed". This releases the stream reservation.
785 An endpoint MAY send a PRIORITY frame in this state to
786 reprioritize the reserved stream. An endpoint MUST NOT send any
787 other type of frame other than RST_STREAM or PRIORITY.
789 Receiving any other type of frame other than HEADERS or RST_STREAM
790 MUST be treated as a connection error (Section 5.4.1) of type
791 PROTOCOL_ERROR.
793 open:
794 A stream in the "open" state may be used by both peers to send
795 frames of any type. In this state, sending peers observe
796 advertised stream level flow control limits (Section 5.2).
798 From this state either endpoint can send a frame with an
799 END_STREAM flag set, which causes the stream to transition into
800 one of the "half closed" states: an endpoint sending an END_STREAM
801 flag causes the stream state to become "half closed (local)"; an
802 endpoint receiving an END_STREAM flag causes the stream state to
803 become "half closed (remote)". A HEADERS frame bearing an
804 END_STREAM flag can be followed by CONTINUATION frames.
806 Either endpoint can send a RST_STREAM frame from this state,
807 causing it to transition immediately to "closed".
809 half closed (local):
810 A stream that is in the "half closed (local)" state cannot be used
811 for sending frames.
813 A stream transitions from this state to "closed" when a frame that
814 contains an END_STREAM flag is received, or when either peer sends
815 a RST_STREAM frame. A HEADERS frame bearing an END_STREAM flag
816 can be followed by CONTINUATION frames.
818 A receiver can ignore WINDOW_UPDATE or PRIORITY frames in this
819 state. These frame types might arrive for a short period after a
820 frame bearing the END_STREAM flag is sent.
822 half closed (remote):
823 A stream that is "half closed (remote)" is no longer being used by
824 the peer to send frames. In this state, an endpoint is no longer
825 obligated to maintain a receiver flow control window if it
826 performs flow control.
828 If an endpoint receives additional frames for a stream that is in
829 this state, other than CONTINUATION frames, it MUST respond with a
830 stream error (Section 5.4.2) of type STREAM_CLOSED.
832 A stream can transition from this state to "closed" by sending a
833 frame that contains an END_STREAM flag, or when either peer sends
834 a RST_STREAM frame.
836 closed:
837 The "closed" state is the terminal state.
839 An endpoint MUST NOT send frames on a closed stream. An endpoint
840 that receives any frame after receiving a RST_STREAM MUST treat
841 that as a stream error (Section 5.4.2) of type STREAM_CLOSED.
842 Similarly, an endpoint that receives any frames after receiving a
843 DATA frame with the END_STREAM flag set, or any frames except a
844 CONTINUATION frame after receiving a HEADERS frame with an
845 END_STREAM flag set MUST treat that as a stream error
846 (Section 5.4.2) of type STREAM_CLOSED.
848 WINDOW_UPDATE, PRIORITY, or RST_STREAM frames can be received in
849 this state for a short period after a DATA or HEADERS frame
850 containing an END_STREAM flag is sent. Until the remote peer
851 receives and processes the frame bearing the END_STREAM flag, it
852 might send frame of any of these types. Endpoints MUST ignore
853 WINDOW_UPDATE, PRIORITY, or RST_STREAM frames received in this
854 state, though endpoints MAY choose to treat frames that arrive a
855 significant time after sending END_STREAM as a connection error
856 (Section 5.4.1) of type PROTOCOL_ERROR.
858 If this state is reached as a result of sending a RST_STREAM
859 frame, the peer that receives the RST_STREAM might have already
860 sent - or enqueued for sending - frames on the stream that cannot
861 be withdrawn. An endpoint MUST ignore frames that it receives on
862 closed streams after it has sent a RST_STREAM frame. An endpoint
863 MAY choose to limit the period over which it ignores frames and
864 treat frames that arrive after this time as being in error.
866 Flow controlled frames (i.e., DATA) received after sending
867 RST_STREAM are counted toward the connection flow control window.
868 Even though these frames might be ignored, because they are sent
869 before the sender receives the RST_STREAM, the sender will
870 consider the frames to count against the flow control window.
872 An endpoint might receive a PUSH_PROMISE frame after it sends
873 RST_STREAM. PUSH_PROMISE causes a stream to become "reserved"
874 even if the associated stream has been reset. Therefore, a
875 RST_STREAM is needed to close an unwanted promised streams.
877 In the absence of more specific guidance elsewhere in this document,
878 implementations SHOULD treat the receipt of a message that is not
879 expressly permitted in the description of a state as a connection
880 error (Section 5.4.1) of type PROTOCOL_ERROR.
882 5.1.1. Stream Identifiers
884 Streams are identified with an unsigned 31-bit integer. Streams
885 initiated by a client MUST use odd-numbered stream identifiers; those
886 initiated by the server MUST use even-numbered stream identifiers. A
887 stream identifier of zero (0x0) is used for connection control
888 messages; the stream identifier zero MUST NOT be used to establish a
889 new stream.
891 HTTP/1.1 requests that are upgraded to HTTP/2 (see Section 3.2) are
892 responded to with a stream identifier of one (0x1). After the
893 upgrade completes, stream 0x1 is "half closed (local)" to the client.
894 Therefore, stream 0x1 cannot be selected as a new stream identifier
895 by a client that upgrades from HTTP/1.1.
897 The identifier of a newly established stream MUST be numerically
898 greater than all streams that the initiating endpoint has opened or
899 reserved. This governs streams that are opened using a HEADERS frame
900 and streams that are reserved using PUSH_PROMISE. An endpoint that
901 receives an unexpected stream identifier MUST respond with a
902 connection error (Section 5.4.1) of type PROTOCOL_ERROR.
904 The first use of a new stream identifier implicitly closes all
905 streams in the "idle" state that might have been initiated by that
906 peer with a lower-valued stream identifier. For example, if a client
907 sends a HEADERS frame on stream 7 without ever sending a frame on
908 stream 5, then stream 5 transitions to the "closed" state when the
909 first frame for stream 7 is sent or received.
911 Stream identifiers cannot be reused. Long-lived connections can
912 result in endpoint exhausting the available range of stream
913 identifiers. A client that is unable to establish a new stream
914 identifier can establish a new connection for new streams.
916 5.1.2. Stream Concurrency
918 A peer can limit the number of concurrently active streams using the
919 SETTINGS_MAX_CONCURRENT_STREAMS parameters within a SETTINGS frame.
920 The maximum concurrent streams setting is specific to each endpoint
921 and applies only to the peer that receives the setting. That is,
922 clients specify the maximum number of concurrent streams the server
923 can initiate, and servers specify the maximum number of concurrent
924 streams the client can initiate. Endpoints MUST NOT exceed the limit
925 set by their peer.
927 Streams that are in the "open" state, or either of the "half closed"
928 states count toward the maximum number of streams that an endpoint is
929 permitted to open. Streams in any of these three states count toward
930 the limit advertised in the SETTINGS_MAX_CONCURRENT_STREAMS setting
931 (see Section 6.5.2).
933 An endpoint that receives a HEADERS frame that causes their
934 advertised concurrent stream limit to be exceeded MUST treat this as
935 a stream error (Section 5.4.2).
937 Streams in either of the "reserved" states do not count as open.
939 5.2. Flow Control
941 Using streams for multiplexing introduces contention over use of the
942 TCP connection, resulting in blocked streams. A flow control scheme
943 ensures that streams on the same connection do not destructively
944 interfere with each other. Flow control is used for both individual
945 streams and for the connection as a whole.
947 HTTP/2 provides for flow control through use of the WINDOW_UPDATE
948 frame type.
950 5.2.1. Flow Control Principles
952 HTTP/2 stream flow control aims to allow for future improvements to
953 flow control algorithms without requiring protocol changes. Flow
954 control in HTTP/2 has the following characteristics:
956 1. Flow control is hop-by-hop, not end-to-end.
958 2. Flow control is based on window update frames. Receivers
959 advertise how many bytes they are prepared to receive on a stream
960 and for the entire connection. This is a credit-based scheme.
962 3. Flow control is directional with overall control provided by the
963 receiver. A receiver MAY choose to set any window size that it
964 desires for each stream and for the entire connection. A sender
965 MUST respect flow control limits imposed by a receiver. Clients,
966 servers and intermediaries all independently advertise their flow
967 control window as a receiver and abide by the flow control limits
968 set by their peer when sending.
970 4. The initial value for the flow control window is 65,535 bytes for
971 both new streams and the overall connection.
973 5. The frame type determines whether flow control applies to a
974 frame. Of the frames specified in this document, only DATA
975 frames are subject to flow control; all other frame types do not
976 consume space in the advertised flow control window. This
977 ensures that important control frames are not blocked by flow
978 control.
980 6. Flow control cannot be disabled.
982 7. HTTP/2 standardizes only the format of the WINDOW_UPDATE frame
983 (Section 6.9). This does not stipulate how a receiver decides
984 when to send this frame or the value that it sends. Nor does it
985 specify how a sender chooses to send packets. Implementations
986 are able to select any algorithm that suits their needs.
988 Implementations are also responsible for managing how requests and
989 responses are sent based on priority; choosing how to avoid head of
990 line blocking for requests; and managing the creation of new streams.
991 Algorithm choices for these could interact with any flow control
992 algorithm.
994 5.2.2. Appropriate Use of Flow Control
996 Flow control is defined to protect endpoints that are operating under
997 resource constraints. For example, a proxy needs to share memory
998 between many connections, and also might have a slow upstream
999 connection and a fast downstream one. Flow control addresses cases
1000 where the receiver is unable process data on one stream, yet wants to
1001 continue to process other streams in the same connection.
1003 Deployments that do not require this capability can advertise a flow
1004 control window of the maximum size, incrementing the available space
1005 when new data is received. Sending data is always subject to the
1006 flow control window advertised by the receiver.
1008 Deployments with constrained resources (for example, memory) MAY
1009 employ flow control to limit the amount of memory a peer can consume.
1010 Note, however, that this can lead to suboptimal use of available
1011 network resources if flow control is enabled without knowledge of the
1012 bandwidth-delay product (see [RFC1323]).
1014 Even with full awareness of the current bandwidth-delay product,
1015 implementation of flow control can be difficult. When using flow
1016 control, the receiver MUST read from the TCP receive buffer in a
1017 timely fashion. Failure to do so could lead to a deadlock when
1018 critical frames, such as WINDOW_UPDATE, are not available to HTTP/2.
1019 However, flow control can ensure that constrained resources are
1020 protected without any reduction in connection utilization.
1022 5.3. Stream priority
1024 A client can assign a priority for a new stream by including
1025 prioritization information in the HEADERS frame (Section 6.2) that
1026 opens the stream. For an existing stream, the PRIORITY frame
1027 (Section 6.3) can be used to change the priority.
1029 The purpose of prioritization is to allow an endpoint to express how
1030 it would prefer its peer allocate resources when managing concurrent
1031 streams. Most importantly, priority can be used to select streams
1032 for transmitting frames when there is limited capacity for sending.
1034 Each stream is prioritized into a group. Each group is identified
1035 using an identifier that is selected by the client. Each group is
1036 assigned a relative weight, a number that is used to determine the
1037 relative proportion of available resources that are assigned to that
1038 group.
1040 Within a priority group, streams can also be marked as being
1041 dependent on the completion of other streams.
1043 Explicitly setting the priority for a stream is input to a
1044 prioritization process. It does not guarantee any particular
1045 processing or transmission order for the stream relative to any other
1046 stream. An endpoint cannot force a peer to process concurrent
1047 streams in a particular order using priority. Expressing priority is
1048 therefore only ever a suggestion.
1050 Prioritization information can be specified explicitly for streams as
1051 they are created using the HEADERS frame, or changed using the
1052 PRIORITY frame. Providing prioritization information is optional, so
1053 default values are used if no explicit indicator is provided
1054 (Section 5.3.5).
1056 Explicit prioritization information can be provided for a stream to
1057 either allocate the stream to a priority group (Section 5.3.1), or to
1058 create a dependency on another stream (Section 5.3.2).
1060 5.3.1. Priority Groups and Weighting
1062 All streams are assigned a priority group. Each priority group is
1063 allocated a 31-bit identifier and an integer weight between 1 to 256
1064 (inclusive).
1066 Specifying a priority group and weight for a stream causes the stream
1067 to be assigned to the identified priority group and for the weight
1068 for the group to be changed to the new value.
1070 Resources are divided proportionally between priority groups based on
1071 their weight. For example, a priority group with weight 4 ideally
1072 receives one third of the resources allocated to a stream with weight
1073 12.
1075 5.3.2. Stream Dependencies
1077 Each stream can be given an explicit dependency on another stream.
1078 Including a dependency expresses a preference to allocate resources
1079 to the identified stream rather than to the dependent stream.
1081 A stream that is dependent on another stream becomes part of the
1082 priority group of the stream it depends on. It belongs to the same
1083 dependency tree as the stream it depends on.
1085 A stream that is assigned directly to a priority group is not
1086 dependent on any other stream. It is the root of a dependency tree
1087 inside its priority group.
1089 When assigning a dependency on another stream, by default, the stream
1090 is added as a new dependency of the stream it depends on. For
1091 example, if streams B and C are dependent on stream A, and if stream
1092 D is created with a dependency on stream A, this results in a
1093 dependency order of A followed by B, C, and D.
1095 A A
1096 / \ ==> /|\
1097 B C B D C
1099 Example of Default Dependency Creation
1101 An exclusive flag allows for the insertion of a new level of
1102 dependencies. The exclusive flag causes the stream to become the
1103 sole dependency of the stream it depends on, causing other
1104 dependencies to become dependencies of the stream. In the previous
1105 example, if stream D is created with an exclusive dependency on
1106 stream A, this results in a dependency order of A followed by D
1107 followed by B and C.
1109 A
1110 A |
1111 / \ ==> D
1112 B C / \
1113 B C
1115 Example of Exclusive Dependency Creation
1117 Streams are ordered into several dependency trees within their
1118 priority group. Each dependency tree within a priority group SHOULD
1119 be allocated the same amount of resources.
1121 Inside a dependency tree, a dependent stream SHOULD only be allocated
1122 resources if the streams that it depends on are either closed, or it
1123 is not possible to make progress on them.
1125 Streams with the same dependencies SHOULD be allocated the same
1126 amount of resources. Thus, if streams B and C depend on stream A,
1127 and if no progress can be made on A, streams B and C are given an
1128 equal share of resources.
1130 A stream MUST NOT depend on itself. An endpoint MAY either treat
1131 this as a stream error (Section 5.4.2) of type PROTOCOL_ERROR, or
1132 assign default priority values (Section 5.3.5) to the stream.
1134 5.3.3. Reprioritization
1136 Stream priorities are changed using the PRIORITY frame. Setting a
1137 priority group and weight causes a stream to become part of the
1138 identified group, and not dependent on any other stream. Setting a
1139 dependency causes a stream to become dependent on the identified
1140 stream, which can cause the reprioritized stream to move to a new
1141 priority group.
1143 All streams that are dependent on a reprioritized stream move with
1144 it. Setting a dependency with the exclusive flag for a reprioritized
1145 stream moves all the dependencies of the stream it depends on to
1146 become dependencies of the reprioritized stream.
1148 5.3.4. Prioritization State Management
1150 When a stream is closed, its dependencies can be moved to become
1151 dependent on the stream the closed stream depends on, if any, or to
1152 become new dependency tree roots otherwise.
1154 It is possible for a stream to become closed while prioritization
1155 information that creates a dependency on that stream is in transit.
1156 If a stream identified in a dependency has been closed and any
1157 associated priority information destroyed then the dependent stream
1158 is instead assigned a default priority. This potentially creates
1159 suboptimal prioritization, since the stream can be given an effective
1160 priority that is higher than expressed by a peer.
1162 To avoid this problem, endpoints SHOULD maintain prioritization state
1163 for closed streams for a period after streams close. This could
1164 create an large state burden for an endpoint, so this state MAY be
1165 limited. The amount of additional state an endpoint maintains could
1166 be dependent on load; under high load, prioritization state can be
1167 discarded to limit resource commitments. In extreme cases, an
1168 endpoint could even discard prioritization state for active or
1169 reserved streams.
1171 An endpoint SHOULD retain stream prioritization state for at least
1172 one round trip, though maintaining state over longer periods reduces
1173 the chance that default values have to be assigned to streams. An
1174 endpoint MAY apply a fixed upper limit on the number of closed
1175 streams for which prioritization state is tracked to limit state
1176 exposure. If a fixed limit is applied, endpoints SHOULD maintain
1177 state for at least as many streams as allowed by their setting for
1178 SETTINGS_MAX_CONCURRENT_STREAMS.
1180 An endpoint receiving a PRIORITY frame that changes the priority of a
1181 closed stream SHOULD alter the weight of the priority group, or the
1182 dependencies of the streams that depend on it, if it has retained
1183 enough state to do so.
1185 Priority group information is part of the priority state of a stream.
1186 Priority groups that contain only closed streams can be assigned a
1187 weight of zero.
1189 The number of priority groups cannot exceed the number of non-closed
1190 streams. This includes streams in the "reserved" state. Priority
1191 state size for peer-initiated streams is limited by the value of
1192 SETTINGS_MAX_CONCURRENT_STREAMS. Reserved streams do not count
1193 toward the concurrent stream limit of either peer, but only the
1194 endpoint that creates the reservation needs to maintain priority
1195 information. Thus, the total amount of priority state for non-closed
1196 streams can be limited by an endpoint.
1198 5.3.5. Default Priorities
1200 Providing priority information is optional. Streams are assigned to
1201 a priority group with an identifier equal to the stream identifier
1202 and a weight of 16.
1204 Pushed streams (Section 8.2) initially depend on their associated
1205 stream.
1207 5.4. Error Handling
1209 HTTP/2 framing permits two classes of error:
1211 o An error condition that renders the entire connection unusable is
1212 a connection error.
1214 o An error in an individual stream is a stream error.
1216 A list of error codes is included in Section 7.
1218 5.4.1. Connection Error Handling
1220 A connection error is any error which prevents further processing of
1221 the framing layer, or which corrupts any connection state.
1223 An endpoint that encounters a connection error SHOULD first send a
1224 GOAWAY frame (Section 6.8) with the stream identifier of the last
1225 stream that it successfully received from its peer. The GOAWAY frame
1226 includes an error code that indicates why the connection is
1227 terminating. After sending the GOAWAY frame, the endpoint MUST close
1228 the TCP connection.
1230 It is possible that the GOAWAY will not be reliably received by the
1231 receiving endpoint. In the event of a connection error, GOAWAY only
1232 provides a best-effort attempt to communicate with the peer about why
1233 the connection is being terminated.
1235 An endpoint can end a connection at any time. In particular, an
1236 endpoint MAY choose to treat a stream error as a connection error.
1237 Endpoints SHOULD send a GOAWAY frame when ending a connection, as
1238 long as circumstances permit it.
1240 5.4.2. Stream Error Handling
1242 A stream error is an error related to a specific stream identifier
1243 that does not affect processing of other streams.
1245 An endpoint that detects a stream error sends a RST_STREAM frame
1246 (Section 6.4) that contains the stream identifier of the stream where
1247 the error occurred. The RST_STREAM frame includes an error code that
1248 indicates the type of error.
1250 A RST_STREAM is the last frame that an endpoint can send on a stream.
1251 The peer that sends the RST_STREAM frame MUST be prepared to receive
1252 any frames that were sent or enqueued for sending by the remote peer.
1253 These frames can be ignored, except where they modify connection
1254 state (such as the state maintained for header compression
1255 (Section 4.3)).
1257 Normally, an endpoint SHOULD NOT send more than one RST_STREAM frame
1258 for any stream. However, an endpoint MAY send additional RST_STREAM
1259 frames if it receives frames on a closed stream after more than a
1260 round-trip time. This behavior is permitted to deal with misbehaving
1261 implementations.
1263 An endpoint MUST NOT send a RST_STREAM in response to an RST_STREAM
1264 frame, to avoid looping.
1266 5.4.3. Connection Termination
1268 If the TCP connection is torn down while streams remain in open or
1269 half closed states, then the endpoint MUST assume that those streams
1270 were abnormally interrupted and could be incomplete.
1272 6. Frame Definitions
1274 This specification defines a number of frame types, each identified
1275 by a unique 8-bit type code. Each frame type serves a distinct
1276 purpose either in the establishment and management of the connection
1277 as a whole, or of individual streams.
1279 The transmission of specific frame types can alter the state of a
1280 connection. If endpoints fail to maintain a synchronized view of the
1281 connection state, successful communication within the connection will
1282 no longer be possible. Therefore, it is important that endpoints
1283 have a shared comprehension of how the state is affected by the use
1284 any given frame.
1286 6.1. DATA
1288 DATA frames (type=0x0) convey arbitrary, variable-length sequences of
1289 octets associated with a stream. One or more DATA frames are used,
1290 for instance, to carry HTTP request or response payloads.
1292 DATA frames MAY also contain arbitrary padding. Padding can be added
1293 to DATA frames to hide the size of messages.
1295 0 1 2 3
1296 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1297 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1298 | Pad High? (8) | Pad Low? (8) |
1299 +---------------+---------------+-------------------------------+
1300 | Data (*) ...
1301 +---------------------------------------------------------------+
1302 | Padding (*) ...
1303 +---------------------------------------------------------------+
1305 DATA Frame Payload
1307 The DATA frame contains the following fields:
1309 Pad High: An 8-bit field containing an amount of padding in units of
1310 256 octets. This field is optional and is only present if the
1311 PAD_HIGH flag is set. This field, in combination with Pad Low,
1312 determines how much padding there is on a frame.
1314 Pad Low: An 8-bit field containing an amount of padding in units of
1315 single octets. This field is optional and is only present if the
1316 PAD_LOW flag is set. This field, in combination with Pad High,
1317 determines how much padding there is on a frame.
1319 Data: Application data. The amount of data is the remainder of the
1320 frame payload after subtracting the length of the other fields
1321 that are present.
1323 Padding: Padding octets that contain no application semantic value.
1324 Padding octets MUST be set to zero when sending and ignored when
1325 receiving.
1327 The DATA frame defines the following flags:
1329 END_STREAM (0x1): Bit 1 being set indicates that this frame is the
1330 last that the endpoint will send for the identified stream.
1331 Setting this flag causes the stream to enter one of the "half
1332 closed" states or the "closed" state (Section 5.1).
1334 END_SEGMENT (0x2): Bit 2 being set indicates that this frame is the
1335 last for the current segment. Intermediaries MUST NOT coalesce
1336 frames across a segment boundary and MUST preserve segment
1337 boundaries when forwarding frames.
1339 PAD_LOW (0x08): Bit 4 being set indicates that the Pad Low field is
1340 present.
1342 PAD_HIGH (0x10): Bit 5 being set indicates that the Pad High field
1343 is present. This bit MUST NOT be set unless the PAD_LOW flag is
1344 also set. Endpoints that receive a frame with PAD_HIGH set and
1345 PAD_LOW cleared MUST treat this as a connection error
1346 (Section 5.4.1) of type PROTOCOL_ERROR.
1348 DATA frames MUST be associated with a stream. If a DATA frame is
1349 received whose stream identifier field is 0x0, the recipient MUST
1350 respond with a connection error (Section 5.4.1) of type
1351 PROTOCOL_ERROR.
1353 DATA frames are subject to flow control and can only be sent when a
1354 stream is in the "open" or "half closed (remote)" states. Padding is
1355 included in flow control. If a DATA frame is received whose stream
1356 is not in "open" or "half closed (local)" state, the recipient MUST
1357 respond with a stream error (Section 5.4.2) of type STREAM_CLOSED.
1359 The total number of padding octets is determined by multiplying the
1360 value of the Pad High field by 256 and adding the value of the Pad
1361 Low field. Both Pad High and Pad Low fields assume a value of zero
1362 if absent. If the length of the padding is greater than the length
1363 of the remainder of the frame payload, the recipient MUST treat this
1364 as a connection error (Section 5.4.1) of type PROTOCOL_ERROR.
1366 Note: A frame can be increased in size by one octet by including a
1367 Pad Low field with a value of zero.
1369 Use of padding is a security feature; as such, its use demands some
1370 care, see Section 10.7.
1372 6.2. HEADERS
1374 The HEADERS frame (type=0x1) carries name-value pairs. It is used to
1375 open a stream (Section 5.1). HEADERS frames can be sent on a stream
1376 in the "open" or "half closed (remote)" states.
1378 0 1 2 3
1379 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1380 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1381 | Pad High? (8) | Pad Low? (8) |
1382 +-+-------------+---------------+-------------------------------+
1383 |R| Priority Group Identifier? (31) |
1384 +-+-------------+-----------------------------------------------+
1385 | Weight? (8) |
1386 +-+-------------+-----------------------------------------------+
1387 |E| Stream Dependency? (31) |
1388 +-+-------------------------------------------------------------+
1389 | Header Block Fragment (*) ...
1390 +---------------------------------------------------------------+
1391 | Padding (*) ...
1392 +---------------------------------------------------------------+
1394 HEADERS Frame Payload
1396 The HEADERS frame payload has the following fields:
1398 Pad High: Padding size high bits. This field is only present if the
1399 PAD_HIGH flag is set.
1401 Pad Low: Padding size low bits. This field is only present if the
1402 PAD_LOW flag is set.
1404 R: A single reserved bit. This field is optional and is only present
1405 if the PRIORITY_GROUP flag is set.
1407 Priority Group Identifier: A 31-bit identifier for a priority group,
1408 see Section 5.3. This field is optional and is only present if
1409 the PRIORITY_GROUP flag is set.
1411 Weight: An 8-bit weight for the identified priority group, see
1412 Section 5.3. This field is optional and is only present if the
1413 PRIORITY_GROUP flag is set.
1415 E: A single bit flag indicates that the stream dependency is
1416 exclusive, see Section 5.3. This field is optional and is only
1417 present if the PRIORITY_DEPENDENCY flag is set.
1419 Stream Dependency: A 31-bit stream identifier for the stream that
1420 this stream depends on, see Section 5.3. This field is optional
1421 and is only present if the PRIORITY_DEPENDENCY flag is set.
1423 Header Block Fragment: A header block fragment (Section 4.3).
1425 Padding: Padding octets.
1427 The HEADERS frame defines the following flags:
1429 END_STREAM (0x1): Bit 1 being set indicates that the header block
1430 (Section 4.3) is the last that the endpoint will send for the
1431 identified stream. Setting this flag causes the stream to enter
1432 one of "half closed" states (Section 5.1).
1434 A HEADERS frame that is followed by CONTINUATION frames carries
1435 the END_STREAM flag that signals the end of a stream. A
1436 CONTINUATION frame cannot be used to terminate a stream.
1438 END_SEGMENT (0x2): Bit 2 being set indicates that this frame is the
1439 last for the current segment. Intermediaries MUST NOT coalesce
1440 frames across a segment boundary and MUST preserve segment
1441 boundaries when forwarding frames.
1443 END_HEADERS (0x4): Bit 3 being set indicates that this frame
1444 contains an entire header block (Section 4.3) and is not followed
1445 by any CONTINUATION frames.
1447 A HEADERS frame without the END_HEADERS flag set MUST be followed
1448 by a CONTINUATION frame for the same stream. A receiver MUST
1449 treat the receipt of any other type of frame or a frame on a
1450 different stream as a connection error (Section 5.4.1) of type
1451 PROTOCOL_ERROR.
1453 PAD_LOW (0x8): Bit 4 being set indicates that the Pad Low field is
1454 present.
1456 PAD_HIGH (0x10): Bit 5 being set indicates that the Pad High field
1457 is present. This bit MUST NOT be set unless the PAD_LOW flag is
1458 also set. Endpoints that receive a frame with PAD_HIGH set and
1459 PAD_LOW cleared MUST treat this as a connection error
1460 (Section 5.4.1) of type PROTOCOL_ERROR.
1462 PRIORITY_GROUP (0x20): Bit 6 being set indicates that the Priority
1463 Group Identifier and Weight fields are present; see Section 5.3.
1465 PRIORITY_DEPENDENCY (0x40): Bit 7 being set indicates that the
1466 Exclusive Flag (E) and Stream Dependency fields are present; see
1467 Section 5.3.
1469 The payload of a HEADERS frame contains a header block fragment
1470 (Section 4.3). A header block that does not fit within a HEADERS
1471 frame is continued in a CONTINUATION frame (Section 6.10).
1473 HEADERS frames MUST be associated with a stream. If a HEADERS frame
1474 is received whose stream identifier field is 0x0, the recipient MUST
1475 respond with a connection error (Section 5.4.1) of type
1476 PROTOCOL_ERROR.
1478 A HEADERS frame MUST NOT have both the PRIORITY_GROUP and
1479 PRIORITY_DEPENDENCY flags set. Receipt of a HEADERS frame with both
1480 these flags set MUST be treated as a stream error (Section 5.4.2) of
1481 type PROTOCOL_ERROR.
1483 The HEADERS frame changes the connection state as described in
1484 Section 4.3.
1486 The HEADERS frame includes optional padding. Padding fields and
1487 flags are identical to those defined for DATA frames (Section 6.1).
1489 6.3. PRIORITY
1491 The PRIORITY frame (type=0x2) specifies the sender-advised priority
1492 of a stream (Section 5.3). It can be sent at any time for an
1493 existing stream. This enables reprioritisation of existing streams.
1495 0 1 2 3
1496 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1497 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1498 |R| Priority Group Identifier? (31) |
1499 +-+-------------+-----------------------------------------------+
1500 | Weight? (8) |
1501 +-+-------------+-----------------------------------------------+
1502 |E| Stream Dependency? (31) |
1503 +-+-------------------------------------------------------------+
1505 PRIORITY Frame Payload
1507 The payload of a PRIORITY frame contains the following fields:
1509 R: A single reserved bit. This field is optional and is only present
1510 if the PRIORITY_GROUP flag is set.
1512 Priority Group Identifier: A 31-bit identifier for a priority group,
1513 see Section 5.3. This field is optional and is only present if
1514 the PRIORITY_GROUP flag is set.
1516 Weight: An 8-bit weight for the identified priority group, see
1517 Section 5.3. This field is optional and is only present if the
1518 PRIORITY_GROUP flag is set.
1520 E: A single bit flag indicates that the stream dependency is
1521 exclusive, see Section 5.3. This field is optional and is only
1522 present if the PRIORITY_DEPENDENCY flag is set.
1524 Stream Dependency: A 31-bit stream identifier for the stream that
1525 this stream depends on, see Section 5.3. This field is optional
1526 and is only present if the PRIORITY_DEPENDENCY flag is set.
1528 The PRIORITY frame defines the following flags:
1530 PRIORITY_GROUP (0x20): Bit 6 being set indicates that the Priority
1531 Group Identifier and Weight fields are present; see Section 5.3.
1533 PRIORITY_DEPENDENCY (0x40): Bit 7 being set indicates that the
1534 Exclusive Flag (E) and Stream Dependency fields are present; see
1535 Section 5.3.
1537 A PRIORITY frame MUST have exactly one of the PRIORITY_GROUP and
1538 PRIORITY_DEPENDENCY flags set. Receipt of a PRIORITY frame with
1539 either none or both these flags set MUST be treated as a stream error
1540 (Section 5.4.2) of type PROTOCOL_ERROR.
1542 The PRIORITY frame is associated with an existing stream. If a
1543 PRIORITY frame is received with a stream identifier of 0x0, the
1544 recipient MUST respond with a connection error (Section 5.4.1) of
1545 type PROTOCOL_ERROR.
1547 The PRIORITY frame can be sent on a stream in any of the "reserved
1548 (remote)", "open", "half-closed (local)", or "half closed (remote)"
1549 states, though it cannot be sent between consecutive frames that
1550 comprise a single header block (Section 4.3). Note that this frame
1551 could arrive after processing or frame sending has completed, which
1552 would cause it to have no effect. For a stream that is in the "half
1553 closed (remote)" state, this frame can only affect processing of the
1554 stream and not frame transmission.
1556 6.4. RST_STREAM
1558 The RST_STREAM frame (type=0x3) allows for abnormal termination of a
1559 stream. When sent by the initiator of a stream, it indicates that
1560 they wish to cancel the stream or that an error condition has
1561 occurred. When sent by the receiver of a stream, it indicates that
1562 either the receiver is rejecting the stream, requesting that the
1563 stream be cancelled or that an error condition has occurred.
1565 0 1 2 3
1566 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1567 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1568 | Error Code (32) |
1569 +---------------------------------------------------------------+
1571 RST_STREAM Frame Payload
1573 The RST_STREAM frame contains a single unsigned, 32-bit integer
1574 identifying the error code (Section 7). The error code indicates why
1575 the stream is being terminated.
1577 The RST_STREAM frame does not define any flags.
1579 The RST_STREAM frame fully terminates the referenced stream and
1580 causes it to enter the closed state. After receiving a RST_STREAM on
1581 a stream, the receiver MUST NOT send additional frames for that
1582 stream. However, after sending the RST_STREAM, the sending endpoint
1583 MUST be prepared to receive and process additional frames sent on the
1584 stream that might have been sent by the peer prior to the arrival of
1585 the RST_STREAM.
1587 RST_STREAM frames MUST be associated with a stream. If a RST_STREAM
1588 frame is received with a stream identifier of 0x0, the recipient MUST
1589 treat this as a connection error (Section 5.4.1) of type
1590 PROTOCOL_ERROR.
1592 RST_STREAM frames MUST NOT be sent for a stream in the "idle" state.
1593 If a RST_STREAM frame identifying an idle stream is received, the
1594 recipient MUST treat this as a connection error (Section 5.4.1) of
1595 type PROTOCOL_ERROR.
1597 6.5. SETTINGS
1599 The SETTINGS frame (type=0x4) conveys configuration parameters (such
1600 as preferences and constraints on peer behavior) that affect how
1601 endpoints communicate, and is also used to acknowledge the receipt of
1602 those parameters. Individually, a SETTINGS parameter can also be
1603 referred to as a "setting".
1605 SETTINGS parameters are not negotiated; they describe characteristics
1606 of the sending peer, which are used by the receiving peer. Different
1607 values for the same parameter can be advertised by each peer. For
1608 example, a client might set a high initial flow control window,
1609 whereas a server might set a lower value to conserve resources.
1611 A SETTINGS frame MUST be sent by both endpoints at the start of a
1612 connection, and MAY be sent at any other time by either endpoint over
1613 the lifetime of the connection. Implementations MUST support all of
1614 the parameters defined by this specification.
1616 Each parameter in a SETTINGS frame replaces any existing value for
1617 that parameter. Parameters are processed in the order in which they
1618 appear, and a receiver of a SETTINGS frame does not need to maintain
1619 any state other than the current value of its parameters. Therefore,
1620 the value of a SETTINGS parameter is the last value that is seen by a
1621 receiver.
1623 SETTINGS parameters are acknowledged by the receiving peer. To
1624 enable this, the SETTINGS frame defines the following flag:
1626 ACK (0x1): Bit 1 being set indicates that this frame acknowledges
1627 receipt and application of the peer's SETTINGS frame. When this
1628 bit is set, the payload of the SETTINGS frame MUST be empty.
1629 Receipt of a SETTINGS frame with the ACK flag set and a length
1630 field value other than 0 MUST be treated as a connection error
1631 (Section 5.4.1) of type FRAME_SIZE_ERROR. For more info, see
1632 Settings Synchronization (Section 6.5.3).
1634 SETTINGS frames always apply to a connection, never a single stream.
1635 The stream identifier for a SETTINGS frame MUST be zero. If an
1636 endpoint receives a SETTINGS frame whose stream identifier field is
1637 anything other than 0x0, the endpoint MUST respond with a connection
1638 error (Section 5.4.1) of type PROTOCOL_ERROR.
1640 The SETTINGS frame affects connection state. A badly formed or
1641 incomplete SETTINGS frame MUST be treated as a connection error
1642 (Section 5.4.1) of type PROTOCOL_ERROR.
1644 6.5.1. SETTINGS Format
1646 The payload of a SETTINGS frame consists of zero or more parameters,
1647 each consisting of an unsigned 8-bit identifier and an unsigned 32-
1648 bit value.
1650 0 1 2 3
1651 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1652 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1653 | Identifier (8)|
1654 +---------------+-----------------------------------------------+
1655 | Value (32) |
1656 +---------------------------------------------------------------+
1658 Setting Format
1660 6.5.2. Defined SETTINGS Parameters
1662 The following parameters are defined:
1664 SETTINGS_HEADER_TABLE_SIZE (1): Allows the sender to inform the
1665 remote endpoint of the size of the header compression table used
1666 to decode header blocks. The encoder can reduce this size by
1667 using signaling specific to the header compression format inside a
1668 header block. The initial value is 4,096 bytes.
1670 SETTINGS_ENABLE_PUSH (2): This setting can be use to disable server
1671 push (Section 8.2). An endpoint MUST NOT send a PUSH_PROMISE
1672 frame if it receives this parameter set to a value of 0. An
1673 endpoint that has both set this parameter to 0 and had it
1674 acknowledged MUST treat the receipt of a PUSH_PROMISE frame as a
1675 connection error (Section 5.4.1) of type PROTOCOL_ERROR.
1677 The initial value is 1, which indicates that push is permitted.
1678 Any value other than 0 or 1 MUST be treated as a connection error
1679 (Section 5.4.1) of type PROTOCOL_ERROR.
1681 SETTINGS_MAX_CONCURRENT_STREAMS (3): Indicates the maximum number of
1682 concurrent streams that the sender will allow. This limit is
1683 directional: it applies to the number of streams that the sender
1684 permits the receiver to create. Initially there is no limit to
1685 this value. It is recommended that this value be no smaller than
1686 100, so as to not unnecessarily limit parallelism.
1688 A value of 0 for SETTINGS_MAX_CONCURRENT_STREAMS SHOULD NOT be
1689 treated as special by endpoints. A zero value does prevent the
1690 creation of new streams, however this can also happen for any
1691 limit that is exhausted with active streams. Servers SHOULD only
1692 set a zero value for short durations; if a server does not wish to
1693 accept requests, closing the connection could be preferable.
1695 SETTINGS_INITIAL_WINDOW_SIZE (4): Indicates the sender's initial
1696 window size (in bytes) for stream level flow control. The initial
1697 value is 65,535.
1699 This setting affects the window size of all streams, including
1700 existing streams, see Section 6.9.2.
1702 Values above the maximum flow control window size of 2^31 - 1 MUST
1703 be treated as a connection error (Section 5.4.1) of type
1704 FLOW_CONTROL_ERROR.
1706 An endpoint that receives a SETTINGS frame with any other identifier
1707 MUST treat this as a connection error (Section 5.4.1) of type
1708 PROTOCOL_ERROR.
1710 6.5.3. Settings Synchronization
1712 Most values in SETTINGS benefit from or require an understanding of
1713 when the peer has received and applied the changed the communicated
1714 parameter values. In order to provide such synchronization
1715 timepoints, the recipient of a SETTINGS frame in which the ACK flag
1716 is not set MUST apply the updated parameters as soon as possible upon
1717 receipt.
1719 The values in the SETTINGS frame MUST be applied in the order they
1720 appear, with no other frame processing between values. Once all
1721 values have been applied, the recipient MUST immediately emit a
1722 SETTINGS frame with the ACK flag set. Upon receiving a SETTINGS
1723 frame with the ACK flag set, the sender of the altered parameters can
1724 rely upon their application.
1726 If the sender of a SETTINGS frame does not receive an acknowledgement
1727 within a reasonable amount of time, it MAY issue a connection error
1728 (Section 5.4.1) of type SETTINGS_TIMEOUT.
1730 6.6. PUSH_PROMISE
1732 The PUSH_PROMISE frame (type=0x5) is used to notify the peer endpoint
1733 in advance of streams the sender intends to initiate. The
1734 PUSH_PROMISE frame includes the unsigned 31-bit identifier of the
1735 stream the endpoint plans to create along with a set of headers that
1736 provide additional context for the stream. Section 8.2 contains a
1737 thorough description of the use of PUSH_PROMISE frames.
1739 PUSH_PROMISE MUST NOT be sent if the SETTINGS_ENABLE_PUSH setting of
1740 the peer endpoint is set to 0.
1742 0 1 2 3
1743 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1744 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1745 | Pad High? (8) | Pad Low? (8) |
1746 +-+-------------+---------------+-------------------------------+
1747 |R| Promised Stream ID (31) |
1748 +-+-----------------------------+-------------------------------+
1749 | Header Block Fragment (*) ...
1750 +---------------------------------------------------------------+
1751 | Padding (*) ...
1752 +---------------------------------------------------------------+
1754 PUSH_PROMISE Payload Format
1756 The PUSH_PROMISE frame payload has the following fields:
1758 Pad High: Padding size high bits. This field is only present if the
1759 PAD_HIGH flag is set.
1761 Pad Low: Padding size low bits. This field is only present if the
1762 PAD_LOW flag is set.
1764 R: A single reserved bit.
1766 Promised Stream ID: This unsigned 31-bit integer identifies the
1767 stream the endpoint intends to start sending frames for. The
1768 promised stream identifier MUST be a valid choice for the next
1769 stream sent by the sender (see new stream identifier
1770 (Section 5.1.1)).
1772 Header Block Fragment: A header block fragment (Section 4.3)
1773 containing request header fields.
1775 Padding: Padding octets.
1777 The PUSH_PROMISE frame defines the following flags:
1779 END_HEADERS (0x4): Bit 3 being set indicates that this frame
1780 contains an entire header block (Section 4.3) and is not followed
1781 by any CONTINUATION frames.
1783 A PUSH_PROMISE frame without the END_HEADERS flag set MUST be
1784 followed by a CONTINUATION frame for the same stream. A receiver
1785 MUST treat the receipt of any other type of frame or a frame on a
1786 different stream as a connection error (Section 5.4.1) of type
1787 PROTOCOL_ERROR.
1789 PAD_LOW (0x8): Bit 4 being set indicates that the Pad Low field is
1790 present.
1792 PAD_HIGH (0x10): Bit 5 being set indicates that the Pad High field
1793 is present. This bit MUST NOT be set unless the PAD_LOW flag is
1794 also set. Endpoints that receive a frame with PAD_HIGH set and
1795 PAD_LOW cleared MUST treat this as a connection error
1796 (Section 5.4.1) of type PROTOCOL_ERROR.
1798 PUSH_PROMISE frames MUST be associated with an existing, peer-
1799 initiated stream. The stream identifier of a PUSH_PROMISE frame
1800 indicates the stream it is associated with. If the stream identifier
1801 field specifies the value 0x0, a recipient MUST respond with a
1802 connection error (Section 5.4.1) of type PROTOCOL_ERROR.
1804 Promised streams are not required to be used in order promised. The
1805 PUSH_PROMISE only reserves stream identifiers for later use.
1807 Recipients of PUSH_PROMISE frames can choose to reject promised
1808 streams by returning a RST_STREAM referencing the promised stream
1809 identifier back to the sender of the PUSH_PROMISE.
1811 The PUSH_PROMISE frame modifies the connection state as defined in
1812 Section 4.3.
1814 A PUSH_PROMISE frame modifies the connection state in two ways. The
1815 inclusion of a header block (Section 4.3) potentially modifies the
1816 state maintained for header compression. PUSH_PROMISE also reserves
1817 a stream for later use, causing the promised stream to enter the
1818 "reserved" state. A sender MUST NOT send a PUSH_PROMISE on a stream
1819 unless that stream is either "open" or "half closed (remote)"; the
1820 sender MUST ensure that the promised stream is a valid choice for a
1821 new stream identifier (Section 5.1.1) (that is, the promised stream
1822 MUST be in the "idle" state).
1824 Since PUSH_PROMISE reserves a stream, ignoring a PUSH_PROMISE frame
1825 causes the stream state to become indeterminate. A receiver MUST
1826 treat the receipt of a PUSH_PROMISE on a stream that is neither
1827 "open" nor "half-closed (local)" as a connection error
1828 (Section 5.4.1) of type PROTOCOL_ERROR. Similarly, a receiver MUST
1829 treat the receipt of a PUSH_PROMISE that promises an illegal stream
1830 identifier (Section 5.1.1) (that is, an identifier for a stream that
1831 is not currently in the "idle" state) as a connection error
1832 (Section 5.4.1) of type PROTOCOL_ERROR.
1834 The PUSH_PROMISE frame includes optional padding. Padding fields and
1835 flags are identical to those defined for DATA frames (Section 6.1).
1837 6.7. PING
1839 The PING frame (type=0x6) is a mechanism for measuring a minimal
1840 round-trip time from the sender, as well as determining whether an
1841 idle connection is still functional. PING frames can be sent from
1842 any endpoint.
1844 0 1 2 3
1845 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1846 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1847 | |
1848 | Opaque Data (64) |
1849 | |
1850 +---------------------------------------------------------------+
1852 PING Payload Format
1854 In addition to the frame header, PING frames MUST contain 8 octets of
1855 data in the payload. A sender can include any value it chooses and
1856 use those bytes in any fashion.
1858 Receivers of a PING frame that does not include a ACK flag MUST send
1859 a PING frame with the ACK flag set in response, with an identical
1860 payload. PING responses SHOULD be given higher priority than any
1861 other frame.
1863 The PING frame defines the following flags:
1865 ACK (0x1): Bit 1 being set indicates that this PING frame is a PING
1866 response. An endpoint MUST set this flag in PING responses. An
1867 endpoint MUST NOT respond to PING frames containing this flag.
1869 PING frames are not associated with any individual stream. If a PING
1870 frame is received with a stream identifier field value other than
1871 0x0, the recipient MUST respond with a connection error
1872 (Section 5.4.1) of type PROTOCOL_ERROR.
1874 Receipt of a PING frame with a length field value other than 8 MUST
1875 be treated as a connection error (Section 5.4.1) of type
1876 FRAME_SIZE_ERROR.
1878 6.8. GOAWAY
1880 The GOAWAY frame (type=0x7) informs the remote peer to stop creating
1881 streams on this connection. GOAWAY can be sent by either the client
1882 or the server. Once sent, the sender will ignore frames sent on new
1883 streams for the remainder of the connection. Receivers of a GOAWAY
1884 frame MUST NOT open additional streams on the connection, although a
1885 new connection can be established for new streams. The purpose of
1886 this frame is to allow an endpoint to gracefully stop accepting new
1887 streams (perhaps for a reboot or maintenance), while still finishing
1888 processing of previously established streams.
1890 There is an inherent race condition between an endpoint starting new
1891 streams and the remote sending a GOAWAY frame. To deal with this
1892 case, the GOAWAY contains the stream identifier of the last stream
1893 which was processed on the sending endpoint in this connection. If
1894 the receiver of the GOAWAY used streams that are newer than the
1895 indicated stream identifier, they were not processed by the sender
1896 and the receiver may treat the streams as though they had never been
1897 created at all (hence the receiver may want to re-create the streams
1898 later on a new connection).
1900 Endpoints SHOULD always send a GOAWAY frame before closing a
1901 connection so that the remote can know whether a stream has been
1902 partially processed or not. For example, if an HTTP client sends a
1903 POST at the same time that a server closes a connection, the client
1904 cannot know if the server started to process that POST request if the
1905 server does not send a GOAWAY frame to indicate where it stopped
1906 working. An endpoint might choose to close a connection without
1907 sending GOAWAY for misbehaving peers.
1909 After sending a GOAWAY frame, the sender can discard frames for new
1910 streams. However, any frames that alter connection state cannot be
1911 completely ignored. For instance, HEADERS, PUSH_PROMISE and
1912 CONTINUATION frames MUST be minimally processed to ensure the state
1913 maintained for header compression is consistent (see Section 4.3);
1914 similarly DATA frames MUST be counted toward the connection flow
1915 control window.
1917 0 1 2 3
1918 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1919 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1920 |R| Last-Stream-ID (31) |
1921 +-+-------------------------------------------------------------+
1922 | Error Code (32) |
1923 +---------------------------------------------------------------+
1924 | Additional Debug Data (*) |
1925 +---------------------------------------------------------------+
1926 GOAWAY Payload Format
1928 The GOAWAY frame does not define any flags.
1930 The GOAWAY frame applies to the connection, not a specific stream.
1931 An endpoint MUST treat a GOAWAY frame with a stream identifier other
1932 than 0x0 as a connection error (Section 5.4.1) of type
1933 PROTOCOL_ERROR.
1935 The last stream identifier in the GOAWAY frame contains the highest
1936 numbered stream identifier for which the sender of the GOAWAY frame
1937 has received frames and might have taken some action on. All streams
1938 up to and including the identified stream might have been processed
1939 in some way. The last stream identifier is set to 0 if no streams
1940 were processed.
1942 Note: In this case, "processed" means that some data from the
1943 stream was passed to some higher layer of software that might have
1944 taken some action as a result.
1946 If a connection terminates without a GOAWAY frame, this value is
1947 effectively the highest stream identifier.
1949 On streams with lower or equal numbered identifiers that were not
1950 closed completely prior to the connection being closed, re-attempting
1951 requests, transactions, or any protocol activity is not possible
1952 (with the exception of idempotent actions like HTTP GET, PUT, or
1953 DELETE). Any protocol activity that uses higher numbered streams can
1954 be safely retried using a new connection.
1956 Activity on streams numbered lower or equal to the last stream
1957 identifier might still complete successfully. The sender of a GOAWAY
1958 frame might gracefully shut down a connection by sending a GOAWAY
1959 frame, maintaining the connection in an open state until all in-
1960 progress streams complete.
1962 The last stream ID MUST be 0 if no streams were acted upon.
1964 If an endpoint maintains the connection and continues to exchange
1965 frames, ignored frames MUST be counted toward flow control limits
1966 (Section 5.2) or update header compression state (Section 4.3).
1967 Otherwise, flow control or header compression state can become
1968 unsynchronized.
1970 The GOAWAY frame also contains a 32-bit error code (Section 7) that
1971 contains the reason for closing the connection.
1973 Endpoints MAY append opaque data to the payload of any GOAWAY frame.
1975 Additional debug data is intended for diagnostic purposes only and
1976 carries no semantic value. Debug information could contain security-
1977 or privacy-sensitive data. Logged or otherwise persistently stored
1978 debug data MUST have adequate safeguards to prevent unauthorized
1979 access.
1981 6.9. WINDOW_UPDATE
1983 The WINDOW_UPDATE frame (type=0x8) is used to implement flow control;
1984 see Section 5.2 for an overview.
1986 Flow control operates at two levels: on each individual stream and on
1987 the entire connection.
1989 Both types of flow control are hop-by-hop; that is, only between the
1990 two endpoints. Intermediaries do not forward WINDOW_UPDATE frames
1991 between dependent connections. However, throttling of data transfer
1992 by any receiver can indirectly cause the propagation of flow control
1993 information toward the original sender.
1995 Flow control only applies to frames that are identified as being
1996 subject to flow control. Of the frame types defined in this
1997 document, this includes only DATA frame. Frames that are exempt from
1998 flow control MUST be accepted and processed, unless the receiver is
1999 unable to assign resources to handling the frame. A receiver MAY
2000 respond with a stream error (Section 5.4.2) or connection error
2001 (Section 5.4.1) of type FLOW_CONTROL_ERROR if it is unable accept a
2002 frame.
2004 0 1 2 3
2005 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
2006 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2007 |R| Window Size Increment (31) |
2008 +-+-------------------------------------------------------------+
2010 WINDOW_UPDATE Payload Format
2012 The payload of a WINDOW_UPDATE frame is one reserved bit, plus an
2013 unsigned 31-bit integer indicating the number of bytes that the
2014 sender can transmit in addition to the existing flow control window.
2015 The legal range for the increment to the flow control window is 1 to
2016 2^31 - 1 (0x7fffffff) bytes.
2018 The WINDOW_UPDATE frame does not define any flags.
2020 The WINDOW_UPDATE frame can be specific to a stream or to the entire
2021 connection. In the former case, the frame's stream identifier
2022 indicates the affected stream; in the latter, the value "0" indicates
2023 that the entire connection is the subject of the frame.
2025 WINDOW_UPDATE can be sent by a peer that has sent a frame bearing the
2026 END_STREAM flag. This means that a receiver could receive a
2027 WINDOW_UPDATE frame on a "half closed (remote)" or "closed" stream.
2028 A receiver MUST NOT treat this as an error, see Section 5.1.
2030 A receiver that receives a flow controlled frame MUST always account
2031 for its contribution against the connection flow control window,
2032 unless the receiver treats this as a connection error
2033 (Section 5.4.1). This is necessary even if the frame is in error.
2034 Since the sender counts the frame toward the flow control window, if
2035 the receiver does not, the flow control window at sender and receiver
2036 can become different.
2038 6.9.1. The Flow Control Window
2040 Flow control in HTTP/2 is implemented using a window kept by each
2041 sender on every stream. The flow control window is a simple integer
2042 value that indicates how many bytes of data the sender is permitted
2043 to transmit; as such, its size is a measure of the buffering
2044 capability of the receiver.
2046 Two flow control windows are applicable: the stream flow control
2047 window and the connection flow control window. The sender MUST NOT
2048 send a flow controlled frame with a length that exceeds the space
2049 available in either of the flow control windows advertised by the
2050 receiver. Frames with zero length with the END_STREAM flag set (for
2051 example, an empty data frame) MAY be sent if there is no available
2052 space in either flow control window.
2054 For flow control calculations, the 8 byte frame header is not
2055 counted.
2057 After sending a flow controlled frame, the sender reduces the space
2058 available in both windows by the length of the transmitted frame.
2060 The receiver of a frame sends a WINDOW_UPDATE frame as it consumes
2061 data and frees up space in flow control windows. Separate
2062 WINDOW_UPDATE frames are sent for the stream and connection level
2063 flow control windows.
2065 A sender that receives a WINDOW_UPDATE frame updates the
2066 corresponding window by the amount specified in the frame.
2068 A sender MUST NOT allow a flow control window to exceed 2^31 - 1
2069 bytes. If a sender receives a WINDOW_UPDATE that causes a flow
2070 control window to exceed this maximum it MUST terminate either the
2071 stream or the connection, as appropriate. For streams, the sender
2072 sends a RST_STREAM with the error code of FLOW_CONTROL_ERROR code;
2073 for the connection, a GOAWAY frame with a FLOW_CONTROL_ERROR code.
2075 Flow controlled frames from the sender and WINDOW_UPDATE frames from
2076 the receiver are completely asynchronous with respect to each other.
2077 This property allows a receiver to aggressively update the window
2078 size kept by the sender to prevent streams from stalling.
2080 6.9.2. Initial Flow Control Window Size
2082 When an HTTP/2 connection is first established, new streams are
2083 created with an initial flow control window size of 65,535 bytes.
2084 The connection flow control window is 65,535 bytes. Both endpoints
2085 can adjust the initial window size for new streams by including a
2086 value for SETTINGS_INITIAL_WINDOW_SIZE in the SETTINGS frame that
2087 forms part of the connection preface. The connection flow control
2088 window initial size cannot be changed.
2090 Prior to receiving a SETTINGS frame that sets a value for
2091 SETTINGS_INITIAL_WINDOW_SIZE, an endpoint can only use the default
2092 initial window size when sending flow controlled frames. Similarly,
2093 the connection flow control window is set to the default initial
2094 window size until a WINDOW_UPDATE frame is received.
2096 A SETTINGS frame can alter the initial flow control window size for
2097 all current streams. When the value of SETTINGS_INITIAL_WINDOW_SIZE
2098 changes, a receiver MUST adjust the size of all stream flow control
2099 windows that it maintains by the difference between the new value and
2100 the old value. A SETTINGS frame cannot alter the connection flow
2101 control window.
2103 An endpoint MUST treat a change to SETTINGS_INITIAL_WINDOW_SIZE that
2104 causes any flow control window to exceed the maximum size as a
2105 connection error (Section 5.4.1) of type FLOW_CONTROL_ERROR.
2107 A change to SETTINGS_INITIAL_WINDOW_SIZE can cause the available
2108 space in a flow control window to become negative. A sender MUST
2109 track the negative flow control window, and MUST NOT send new flow
2110 controlled frames until it receives WINDOW_UPDATE frames that cause
2111 the flow control window to become positive.
2113 For example, if the client sends 60KB immediately on connection
2114 establishment, and the server sets the initial window size to be
2115 16KB, the client will recalculate the available flow control window
2116 to be -44KB on receipt of the SETTINGS frame. The client retains a
2117 negative flow control window until WINDOW_UPDATE frames restore the
2118 window to being positive, after which the client can resume sending.
2120 6.9.3. Reducing the Stream Window Size
2122 A receiver that wishes to use a smaller flow control window than the
2123 current size can send a new SETTINGS frame. However, the receiver
2124 MUST be prepared to receive data that exceeds this window size, since
2125 the sender might send data that exceeds the lower limit prior to
2126 processing the SETTINGS frame.
2128 After sending a SETTINGS frame that reduces the initial flow control
2129 window size, a receiver has two options for handling streams that
2130 exceed flow control limits:
2132 1. The receiver can immediately send RST_STREAM with
2133 FLOW_CONTROL_ERROR error code for the affected streams.
2135 2. The receiver can accept the streams and tolerate the resulting
2136 head of line blocking, sending WINDOW_UPDATE frames as it
2137 consumes data.
2139 6.10. CONTINUATION
2141 The CONTINUATION frame (type=0x9) is used to continue a sequence of
2142 header block fragments (Section 4.3). Any number of CONTINUATION
2143 frames can be sent on an existing stream, as long as the preceding
2144 frame is on the same stream and is a HEADERS, PUSH_PROMISE or
2145 CONTINUATION frame without the END_HEADERS flag set.
2147 0 1 2 3
2148 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
2149 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2150 | Pad High? (8) | Pad Low? (8) |
2151 +---------------+---------------+-------------------------------+
2152 | Header Block Fragment (*) ...
2153 +---------------------------------------------------------------+
2154 | Padding (*) ...
2155 +---------------------------------------------------------------+
2157 CONTINUATION Frame Payload
2159 The CONTINUATION frame payload has the following fields:
2161 Pad High: Padding size high bits. This field is only present if the
2162 PAD_HIGH flag is set.
2164 Pad Low: Padding size low bits. This field is only present if the
2165 PAD_LOW flag is set.
2167 Header Block Fragment: A header block fragment (Section 4.3).
2169 Padding: Padding octets.
2171 The CONTINUATION frame defines the following flags:
2173 END_HEADERS (0x4): Bit 3 being set indicates that this frame ends a
2174 header block (Section 4.3).
2176 If the END_HEADERS bit is not set, this frame MUST be followed by
2177 another CONTINUATION frame. A receiver MUST treat the receipt of
2178 any other type of frame or a frame on a different stream as a
2179 connection error (Section 5.4.1) of type PROTOCOL_ERROR.
2181 PAD_LOW (0x8): Bit 4 being set indicates that the Pad Low field is
2182 present.
2184 PAD_HIGH (0x10): Bit 5 being set indicates that the Pad High field
2185 is present. This bit MUST NOT be set unless the PAD_LOW flag is
2186 also set. Endpoints that receive a frame with PAD_HIGH set and
2187 PAD_LOW cleared MUST treat this as a connection error
2188 (Section 5.4.1) of type PROTOCOL_ERROR.
2190 The payload of a CONTINUATION frame contains a header block fragment
2191 (Section 4.3).
2193 The CONTINUATION frame changes the connection state as defined in
2194 Section 4.3.
2196 CONTINUATION frames MUST be associated with a stream. If a
2197 CONTINUATION frame is received whose stream identifier field is 0x0,
2198 the recipient MUST respond with a connection error (Section 5.4.1) of
2199 type PROTOCOL_ERROR.
2201 A CONTINUATION frame MUST be preceded by a HEADERS, PUSH_PROMISE or
2202 CONTINUATION frame without the END_HEADERS flag set. A recipient
2203 that observes violation of this rule MUST respond with a connection
2204 error (Section 5.4.1) of type PROTOCOL_ERROR.
2206 The CONTINUATION frame includes optional padding. Padding fields and
2207 flags are identical to those defined for DATA frames (Section 6.1).
2209 6.11. ALTSVC
2211 The ALTSVC frame (type=0xA) advertises the availability of an
2212 alternative service to the client. It can be sent at any time for an
2213 existing client-initiated stream or stream 0, and is intended to
2214 allow servers to load balance or otherwise segment traffic; see
2216 [ALT-SVC] for details (in particular, Section 2.4, which outlines
2217 client handling of alternative services).
2219 An ALTSVC frame on a client-initiated stream indicates that the
2220 conveyed alternative service is associated with the origin of that
2221 stream.
2223 An ALTSVC frame on stream 0 indicates that the conveyed alternative
2224 service is associated with the origin contained in the Origin field
2225 of the frame. An association with an origin that the client does not
2226 consider authoritative for the current connection MUST be ignored.
2228 0 1 2 3
2229 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
2230 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2231 | Max-Age (32) |
2232 +-------------------------------+----------------+--------------+
2233 | Port (16) | Reserved (8) | PID_LEN (8) |
2234 +-------------------------------+----------------+--------------+
2235 | Protocol-ID (*) |
2236 +---------------+-----------------------------------------------+
2237 | HOST_LEN (8) | Host (*) ...
2238 +---------------+-----------------------------------------------+
2239 | Origin? (*) ...
2240 +---------------------------------------------------------------+
2242 The ALTSVC frame contains the following fields:
2244 Max-Age: An unsigned, 32-bit integer indicating the freshness
2245 lifetime of the alternative service association, as per [ALT-SVC],
2246 Section 2.2.
2248 Port: An unsigned, 16-bit integer indicating the port that the
2249 alternative service is available upon.
2251 Reserved: For future use. Senders MUST set these bits to '0', and
2252 recipients MUST ignore them.
2254 PID_LEN: An unsigned, 8-bit integer indicating the length, in
2255 octets, of the PROTOCOL-ID field.
2257 Protocol-ID: A sequence of bytes (length determined by PID_LEN)
2258 containing the ALPN protocol identifier of the alternative
2259 service.
2261 HOST_LEN: An unsigned, 8-bit integer indicating the length, in
2262 octets, of the Host field.
2264 Host: A sequence of characters (length determined by HOST_LEN)
2265 containing an ASCII string indicating the host that the
2266 alternative service is available upon. An internationalized
2267 domain name [IDNA] MUST be expressed using A-labels.
2269 Origin: An optional sequence of characters (length determined by
2270 subtracting the length of all preceding fields from the frame
2271 length) containing ASCII serialisation of an origin ([RFC6454],
2272 Section 6.2) that the alternate service is applicable to.
2274 The ALTSVC frame does not define any flags.
2276 The ALTSVC frame is intended for receipt by clients; a server that
2277 receives an ALTSVC frame MUST treat it as a connection error of type
2278 PROTOCOL_ERROR.
2280 The ALTSVC frame is processed hop-by-hop. An intermediary MUST NOT
2281 forward ALTSVC frames, though it can use the information contained in
2282 ALTSVC frames in forming new ALTSVC frames to send to its own
2283 clients.
2285 7. Error Codes
2287 Error codes are 32-bit fields that are used in RST_STREAM and GOAWAY
2288 frames to convey the reasons for the stream or connection error.
2290 Error codes share a common code space. Some error codes only apply
2291 to specific conditions and have no defined semantics in certain frame
2292 types.
2294 The following error codes are defined:
2296 NO_ERROR (0): The associated condition is not as a result of an
2297 error. For example, a GOAWAY might include this code to indicate
2298 graceful shutdown of a connection.
2300 PROTOCOL_ERROR (1): The endpoint detected an unspecific protocol
2301 error. This error is for use when a more specific error code is
2302 not available.
2304 INTERNAL_ERROR (2): The endpoint encountered an unexpected internal
2305 error.
2307 FLOW_CONTROL_ERROR (3): The endpoint detected that its peer violated
2308 the flow control protocol.
2310 SETTINGS_TIMEOUT (4): The endpoint sent a SETTINGS frame, but did
2311 not receive a response in a timely manner. See Settings
2312 Synchronization (Section 6.5.3).
2314 STREAM_CLOSED (5): The endpoint received a frame after a stream was
2315 half closed.
2317 FRAME_SIZE_ERROR (6): The endpoint received a frame that was larger
2318 than the maximum size that it supports.
2320 REFUSED_STREAM (7): The endpoint refuses the stream prior to
2321 performing any application processing, see Section 8.1.4 for
2322 details.
2324 CANCEL (8): Used by the endpoint to indicate that the stream is no
2325 longer needed.
2327 COMPRESSION_ERROR (9): The endpoint is unable to maintain the
2328 compression context for the connection.
2330 CONNECT_ERROR (10): The connection established in response to a
2331 CONNECT request (Section 8.3) was reset or abnormally closed.
2333 ENHANCE_YOUR_CALM (11): The endpoint detected that its peer is
2334 exhibiting a behavior over a given amount of time that has caused
2335 it to refuse to process further frames.
2337 INADEQUATE_SECURITY (12): The underlying transport has properties
2338 that do not meet the minimum requirements imposed by this document
2339 (see Section 9.2) or the endpoint.
2341 8. HTTP Message Exchanges
2343 HTTP/2 is intended to be as compatible as possible with current uses
2344 of HTTP. This means that, from the perspective of the server and
2345 client applications, the features of the protocol are unchanged. To
2346 achieve this, all request and response semantics are preserved,
2347 although the syntax of conveying those semantics has changed.
2349 Thus, the specification and requirements of HTTP/1.1 Semantics and
2350 Content [HTTP-p2], Conditional Requests [HTTP-p4], Range Requests
2351 [HTTP-p5], Caching [HTTP-p6] and Authentication [HTTP-p7] are
2352 applicable to HTTP/2. Selected portions of HTTP/1.1 Message Syntax
2353 and Routing [HTTP-p1], such as the HTTP and HTTPS URI schemes, are
2354 also applicable in HTTP/2, but the expression of those semantics for
2355 this protocol are defined in the sections below.
2357 8.1. HTTP Request/Response Exchange
2359 A client sends an HTTP request on a new stream, using a previously
2360 unused stream identifier (Section 5.1.1). A server sends an HTTP
2361 response on the same stream as the request.
2363 An HTTP message (request or response) consists of:
2365 1. one HEADERS frame, followed by zero or more CONTINUATION frames
2366 (containing the message headers; see [HTTP-p1], Section 3.2), and
2368 2. zero or more DATA frames (containing the message payload; see
2369 [HTTP-p1], Section 3.3), and
2371 3. optionally, one HEADERS frame, followed by zero or more
2372 CONTINUATION frames (containing the trailer-part, if present; see
2373 [HTTP-p1], Section 4.1.2).
2375 The last frame in the sequence bears an END_STREAM flag, though a
2376 HEADERS frame bearing the END_STREAM flag can be followed by
2377 CONTINUATION frames that carry any remaining portions of the header
2378 block.
2380 Other frames (from any stream) MUST NOT occur between either HEADERS
2381 frame and the following CONTINUATION frames (if present), nor between
2382 CONTINUATION frames.
2384 Otherwise, frames MAY be interspersed on the stream between these
2385 frames, but those frames do not carry HTTP semantics. In particular,
2386 HEADERS frames (and any CONTINUATION frames that follow) other than
2387 the first and optional last frames in this sequence do not carry HTTP
2388 semantics.
2390 Trailing header fields are carried in a header block that also
2391 terminates the stream. That is, a sequence starting with a HEADERS
2392 frame, followed by zero or more CONTINUATION frames, where the
2393 HEADERS frame bears an END_STREAM flag. Header blocks after the
2394 first that do not terminate the stream are not part of an HTTP
2395 request or response.
2397 An HTTP request/response exchange fully consumes a single stream. A
2398 request starts with the HEADERS frame that puts the stream into an
2399 "open" state and ends with a frame bearing END_STREAM, which causes
2400 the stream to become "half closed" for the client. A response starts
2401 with a HEADERS frame and ends with a frame bearing END_STREAM,
2402 optionally followed by CONTINUATION frames, which places the stream
2403 in the "closed" state.
2405 8.1.1. Informational Responses
2407 The 1xx series of HTTP response status codes ([HTTP-p2], Section 6.2)
2408 are not supported in HTTP/2.
2410 The most common use case for 1xx is using an Expect header field with
2411 a "100-continue" token (colloquially, "Expect/continue") to indicate
2412 that the client expects a 100 (Continue) non-final response status
2413 code, receipt of which indicates that the client should continue
2414 sending the request body if it has not already done so.
2416 Typically, Expect/continue is used by clients wishing to avoid
2417 sending a large amount of data in a request body, only to have the
2418 request rejected by the origin server (thus leaving the connection
2419 potentially unusable).
2421 HTTP/2 does not enable the Expect/continue mechanism; if the server
2422 sends a final status code to reject the request, it can do so without
2423 making the underlying connection unusable.
2425 Note that this means HTTP/2 clients sending requests with bodies may
2426 waste at least one round trip of sent data when the request is
2427 rejected. This can be mitigated by restricting the amount of data
2428 sent for the first round trip by bandwidth-constrained clients, in
2429 anticipation of a final status code.
2431 Other defined 1xx status codes are not applicable to HTTP/2. For
2432 example, the semantics of 101 (Switching Protocols) aren't suitable
2433 to a multiplexed protocol. Likewise, 102 (Processing) is no longer
2434 necessary, because HTTP/2 has a separate means of keeping the
2435 connection alive.
2437 This difference between protocol versions necessitates special
2438 handling by intermediaries that translate between them:
2440 o An intermediary that gateways HTTP/1.1 to HTTP/2 MUST generate a
2441 100 (Continue) response if a received request includes and Expect
2442 header field with a "100-continue" token ([HTTP-p2], Section
2443 5.1.1), unless it can immediately generate a final status code.
2444 It MUST NOT forward the "100-continue" expectation in the request
2445 header fields.
2447 o An intermediary that gateways HTTP/2 to HTTP/1.1 MAY add an Expect
2448 header field with a "100-continue" expectation when forwarding a
2449 request that has a body; see [HTTP-p2], Section 5.1.1 for specific
2450 requirements.
2452 o An intermediary that gateways HTTP/2 to HTTP/1.1 MUST discard all
2453 other 1xx informational responses.
2455 8.1.2. Examples
2457 This section shows HTTP/1.1 requests and responses, with
2458 illustrations of equivalent HTTP/2 requests and responses.
2460 An HTTP GET request includes request header fields and no body and is
2461 therefore transmitted as a single HEADERS frame, followed by zero or
2462 more CONTINUATION frames containing the serialized block of request
2463 header fields. The last HEADERS frame in the sequence has both the
2464 END_HEADERS and END_STREAM flags set:
2466 GET /resource HTTP/1.1 HEADERS
2467 Host: example.org ==> + END_STREAM
2468 Accept: image/jpeg + END_HEADERS
2469 :method = GET
2470 :scheme = https
2471 :path = /resource
2472 host = example.org
2473 accept = image/jpeg
2475 Similarly, a response that includes only response header fields is
2476 transmitted as a HEADERS frame (again, followed by zero or more
2477 CONTINUATION frames) containing the serialized block of response
2478 header fields. The last HEADERS frame in the sequence has both the
2479 END_HEADERS and END_STREAM flag set:
2481 HTTP/1.1 304 Not Modified HEADERS
2482 ETag: "xyzzy" ==> + END_STREAM
2483 Expires: Thu, 23 Jan ... + END_HEADERS
2484 :status = 304
2485 etag: "xyzzy"
2486 expires: Thu, 23 Jan ...
2488 An HTTP POST request that includes request header fields and payload
2489 data is transmitted as one HEADERS frame, followed by zero or more
2490 CONTINUATION frames containing the request header fields, followed by
2491 one or more DATA frames, with the last CONTINUATION (or HEADERS)
2492 frame having the END_HEADERS flag set and the final DATA frame having
2493 the END_STREAM flag set:
2495 POST /resource HTTP/1.1 HEADERS
2496 Host: example.org ==> - END_STREAM
2497 Content-Type: image/jpeg + END_HEADERS
2498 Content-Length: 123 :method = POST
2499 :scheme = https
2500 {binary data} :path = /resource
2501 :authority = example.org
2502 content-type = image/jpeg
2503 content-length = 123
2505 DATA
2506 + END_STREAM
2507 {binary data}
2509 A response that includes header fields and payload data is
2510 transmitted as a HEADERS frame, followed by zero or more CONTINUATION
2511 frames, followed by one or more DATA frames, with the last DATA frame
2512 in the sequence having the END_STREAM flag set:
2514 HTTP/1.1 200 OK HEADERS
2515 Content-Type: image/jpeg ==> - END_STREAM
2516 Content-Length: 123 + END_HEADERS
2517 :status = 200
2518 {binary data} content-type = image/jpeg
2519 content-length = 123
2521 DATA
2522 + END_STREAM
2523 {binary data}
2525 Trailing header fields are sent as a header block after both the
2526 request or response header block and all the DATA frames have been
2527 sent. The sequence of HEADERS/CONTINUATION frames that bears the
2528 trailers includes a terminal frame that has both END_HEADERS and
2529 END_STREAM flags set.
2531 HTTP/1.1 200 OK HEADERS
2532 Content-Type: image/jpeg ==> - END_STREAM
2533 Transfer-Encoding: chunked + END_HEADERS
2534 Trailer: Foo :status = 200
2535 content-length = 123
2536 123 content-type = image/jpeg
2537 {binary data} trailer = Foo
2538 0
2539 Foo: bar DATA
2540 - END_STREAM
2541 {binary data}
2543 HEADERS
2544 + END_STREAM
2545 + END_HEADERS
2546 foo: bar
2548 8.1.3. HTTP Header Fields
2550 HTTP header fields carry information as a series of key-value pairs.
2551 For a listing of registered HTTP headers, see the Message Header
2552 Field Registry maintained at
2553 .
2555 While HTTP/1.x used the message start-line (see [HTTP-p1], Section
2556 3.1) to convey the target URI and method of the request, and the
2557 status code for the response, HTTP/2 uses special pseudo-headers
2558 beginning with ":" for these tasks.
2560 Just as in HTTP/1.x, header field names are strings of ASCII
2561 characters that are compared in a case-insensitive fashion. However,
2562 header field names MUST be converted to lowercase prior to their
2563 encoding in HTTP/2. A request or response containing uppercase
2564 header field names MUST be treated as malformed (Section 8.1.3.5).
2566 HTTP/2 does not use the Connection header field to indicate "hop-by-
2567 hop" header fields; in this protocol, connection-specific metadata is
2568 conveyed by other means. As such, a HTTP/2 message containing
2569 Connection MUST be treated as malformed (Section 8.1.3.5).
2571 This means that an intermediary transforming an HTTP/1.x message to
2572 HTTP/2 will need to remove any header fields nominated by the
2573 Connection header field, along with the Connection header field
2574 itself. Such intermediaries SHOULD also remove other connection-
2575 specific header fields, such as Keep-Alive, Proxy-Connection,
2576 Transfer-Encoding and Upgrade, even if they are not nominated by
2577 Connection.
2579 One exception to this is the TE header field, which MAY be present in
2580 an HTTP/2 request, but when it is MUST NOT contain any value other
2581 than "trailers".
2583 Note: HTTP/2 purposefully does not support upgrade to another
2584 protocol. The handshake methods described in Section 3 are
2585 believed sufficient to negotiate the use of alternative protocols.
2587 8.1.3.1. Request Header Fields
2589 HTTP/2 defines a number of header fields starting with a colon ':'
2590 character that carry information about the request target:
2592 o The ":method" header field includes the HTTP method ([HTTP-p2],
2593 Section 4).
2595 o The ":scheme" header field includes the scheme portion of the
2596 target URI ([RFC3986], Section 3.1).
2598 ":scheme" is not restricted to "http" and "https" schemed URIs. A
2599 proxy or gateway can translate requests for non-HTTP schemes,
2600 enabling the use of HTTP to interact with non-HTTP services.
2602 o The ":authority" header field includes the authority portion of
2603 the target URI ([RFC3986], Section 3.2). The authority MUST NOT
2604 include the deprecated "userinfo" subcomponent for "http" or
2605 "https" schemed URIs.
2607 To ensure that the HTTP/1.1 request line can be reproduced
2608 accurately, this header field MUST be omitted when translating
2609 from an HTTP/1.1 request that has a request target in origin or
2610 asterisk form (see [HTTP-p1], Section 5.3). Clients that generate
2611 HTTP/2 requests directly SHOULD instead omit the "Host" header
2612 field. An intermediary that converts an HTTP/2 request to
2613 HTTP/1.1 MUST create a "Host" header field if one is not present
2614 in a request by copying the value of the ":authority" header
2615 field.
2617 o The ":path" header field includes the path and query parts of the
2618 target URI (the "path-absolute" production from [RFC3986] and
2619 optionally a '?' character followed by the "query" production, see
2620 [RFC3986], Section 3.3 and [RFC3986], Section 3.4). This field
2621 MUST NOT be empty; URIs that do not contain a path component MUST
2622 include a value of '/', unless the request is an OPTIONS request
2623 in asterisk form, in which case the ":path" header field MUST
2624 include '*'.
2626 All HTTP/2 requests MUST include exactly one valid value for the
2627 ":method", ":scheme", and ":path" header fields, unless this is a
2628 CONNECT request (Section 8.3). An HTTP request that omits mandatory
2629 header fields is malformed (Section 8.1.3.5).
2631 Header field names that start with a colon are only valid in the
2632 HTTP/2 context. These are not HTTP header fields. Implementations
2633 MUST NOT generate header fields that start with a colon, but they
2634 MUST ignore any header field that starts with a colon. In
2635 particular, header fields with names starting with a colon MUST NOT
2636 be exposed as HTTP header fields.
2638 HTTP/2 does not define a way to carry the version identifier that is
2639 included in the HTTP/1.1 request line.
2641 8.1.3.2. Response Header Fields
2643 A single ":status" header field is defined that carries the HTTP
2644 status code field (see [HTTP-p2], Section 6). This header field MUST
2645 be included in all responses, otherwise the response is malformed
2646 (Section 8.1.3.5).
2648 HTTP/2 does not define a way to carry the version or reason phrase
2649 that is included in an HTTP/1.1 status line.
2651 8.1.3.3. Header Field Ordering
2653 HTTP Header Compression [COMPRESSION] does not preserve the order of
2654 header fields, because the relative order of header fields with
2655 different names is not important. However, the same header field can
2656 be repeated to form a list (see [HTTP-p1], Section 3.2.2), where the
2657 relative order of header field values is significant. This
2658 repetition can occur either as a single header field with a comma-
2659 separated list of values, or as several header fields with a single
2660 value, or any combination thereof. Therefore, in the latter case,
2661 ordering needs to be preserved before compression takes place.
2663 To preserve the order of multiple occurrences of a header field with
2664 the same name, its ordered values are concatenated into a single
2665 value using a zero-valued octet (0x0) to delimit them.
2667 After decompression, header fields that have values containing zero
2668 octets (0x0) MUST be split into multiple header fields before being
2669 processed.
2671 For example, the following HTTP/1.x header block:
2673 Content-Type: text/html
2674 Cache-Control: max-age=60, private
2675 Cache-Control: must-revalidate
2677 contains three Cache-Control directives; two in the first Cache-
2678 Control header field, and the last one in the second Cache-Control
2679 field. Before compression, they would need to be converted to a form
2680 similar to this (with 0x0 represented as "\0"):
2682 cache-control: max-age=60, private\0must-revalidate
2683 content-type: text/html
2685 Note here that the ordering between Content-Type and Cache-Control is
2686 not preserved, but the relative ordering of the Cache-Control
2687 directives -- as well as the fact that the first two were comma-
2688 separated, while the last was on a different line -- is.
2690 Header fields containing multiple values MUST be concatenated into a
2691 single value unless the ordering of that header field is known to be
2692 insignificant.
2694 The special case of "set-cookie" - which does not form a comma-
2695 separated list, but can have multiple values - does not depend on
2696 ordering. The "set-cookie" header field MAY be encoded as multiple
2697 header field values, or as a single concatenated value.
2699 8.1.3.4. Compressing the Cookie Header Field
2701 The Cookie header field [COOKIE] can carry a significant amount of
2702 redundant data.
2704 The Cookie header field uses a semi-colon (";") to delimit cookie-
2705 pairs (or "crumbs"). This header field doesn't follow the list
2706 construction rules in HTTP (see [HTTP-p1], Section 3.2.2), which
2707 prevents cookie-pairs from being separated into different name-value
2708 pairs. This can significantly reduce compression efficiency as
2709 individual cookie-pairs are updated.
2711 To allow for better compression efficiency, the Cookie header field
2712 MAY be split into separate header fields, each with one or more
2713 cookie-pairs. If there are multiple Cookie header fields after
2714 decompression, these MUST be concatenated into a single octet string
2715 using the two octet delimiter of 0x3B, 0x20 (the ASCII string "; ").
2717 The Cookie header field MAY be split using a zero octet (0x0), as
2718 defined in Section 8.1.3.3. When decoding, zero octets MUST be
2719 replaced with the cookie delimiter ("; ").
2721 8.1.3.5. Malformed Messages
2723 A malformed request or response is one that uses a valid sequence of
2724 HTTP/2 frames, but is otherwise invalid due to the presence of
2725 prohibited header fields, the absence of mandatory header fields, or
2726 the inclusion of uppercase header field names.
2728 A request or response that includes an entity body can include a
2729 "content-length" header field. A request or response is also
2730 malformed if the value of a "content-length" header field does not
2731 equal the sum of the DATA frame payload lengths that form the body.
2733 Intermediaries that process HTTP requests or responses (i.e., all
2734 intermediaries other than those acting as tunnels) MUST NOT forward a
2735 malformed request or response.
2737 Implementations that detect malformed requests or responses need to
2738 ensure that the stream ends. For malformed requests, a server MAY
2739 send an HTTP response prior to closing or resetting the stream.
2740 Clients MUST NOT accept a malformed response. Note that these
2741 requirements are intended to protect against several types of common
2742 attacks against HTTP; they are deliberately strict, because being
2743 permissive can expose implementations to these vulnerabilites.
2745 8.1.4. Request Reliability Mechanisms in HTTP/2
2747 In HTTP/1.1, an HTTP client is unable to retry a non-idempotent
2748 request when an error occurs, because there is no means to determine
2749 the nature of the error. It is possible that some server processing
2750 occurred prior to the error, which could result in undesirable
2751 effects if the request were reattempted.
2753 HTTP/2 provides two mechanisms for providing a guarantee to a client
2754 that a request has not been processed:
2756 o The GOAWAY frame indicates the highest stream number that might
2757 have been processed. Requests on streams with higher numbers are
2758 therefore guaranteed to be safe to retry.
2760 o The REFUSED_STREAM error code can be included in a RST_STREAM
2761 frame to indicate that the stream is being closed prior to any
2762 processing having occurred. Any request that was sent on the
2763 reset stream can be safely retried.
2765 Requests that have not been processed have not failed; clients MAY
2766 automatically retry them, even those with non-idempotent methods.
2768 A server MUST NOT indicate that a stream has not been processed
2769 unless it can guarantee that fact. If frames that are on a stream
2770 are passed to the application layer for any stream, then
2771 REFUSED_STREAM MUST NOT be used for that stream, and a GOAWAY frame
2772 MUST include a stream identifier that is greater than or equal to the
2773 given stream identifier.
2775 In addition to these mechanisms, the PING frame provides a way for a
2776 client to easily test a connection. Connections that remain idle can
2777 become broken as some middleboxes (for instance, network address
2778 translators, or load balancers) silently discard connection bindings.
2779 The PING frame allows a client to safely test whether a connection is
2780 still active without sending a request.
2782 8.2. Server Push
2784 HTTP/2 enables a server to pre-emptively send (or "push") one or more
2785 associated responses to a client in response to a single request.
2786 This feature becomes particularly helpful when the server knows the
2787 client will need to have those responses available in order to fully
2788 process the response to the original request.
2790 Pushing additional responses is optional, and is negotiated between
2791 individual endpoints. The SETTINGS_ENABLE_PUSH setting can be set to
2792 0 to indicate that server push is disabled.
2794 Because pushing responses is effectively hop-by-hop, an intermediary
2795 could receive pushed responses from the server and choose not to
2796 forward those on to the client. In other words, how to make use of
2797 the pushed responses is up to that intermediary. Equally, the
2798 intermediary might choose to push additional responses to the client,
2799 without any action taken by the server.
2801 A client cannot push. Thus, servers MUST treat the receipt of a
2802 PUSH_PROMISE frame as a connection error (Section 5.4.1). Clients
2803 MUST reject any attempt to change the SETTINGS_ENABLE_PUSH setting to
2804 a value other than "0" by treating the message as a connection error
2805 (Section 5.4.1) of type PROTOCOL_ERROR.
2807 A server can only push responses that are cacheable (see [HTTP-p6],
2808 Section 3); promised requests MUST be safe (see [HTTP-p2], Section
2809 4.2.1) and MUST NOT include a request body.
2811 8.2.1. Push Requests
2813 Server push is semantically equivalent to a server responding to a
2814 request; however, in this case that request is also sent by the
2815 server, as a PUSH_PROMISE frame.
2817 The PUSH_PROMISE frame includes a header block that contains a
2818 complete set of request header fields that the server attributes to
2819 the request. It is not possible to push a response to a request that
2820 includes a request body.
2822 Pushed responses are always associated with an explicit request from
2823 the client. The PUSH_PROMISE frames sent by the server are sent on
2824 that explicit request's stream. The PUSH_PROMISE frame also includes
2825 a promised stream identifier, chosen from the stream identifiers
2826 available to the server (see Section 5.1.1).
2828 The header fields in PUSH_PROMISE and any subsequent CONTINUATION
2829 frames MUST be a valid and complete set of request header fields
2830 (Section 8.1.3.1). The server MUST include a method in the ":method"
2831 header field that is safe and cacheable. If a client receives a
2832 PUSH_PROMISE that does not include a complete and valid set of header
2833 fields, or the ":method" header field identifies a method that is not
2834 safe, it MUST respond with a stream error (Section 5.4.2) of type
2835 PROTOCOL_ERROR.
2837 The server SHOULD send PUSH_PROMISE (Section 6.6) frames prior to
2838 sending any frames that reference the promised responses. This
2839 avoids a race where clients issue requests prior to receiving any
2840 PUSH_PROMISE frames.
2842 For example, if the server receives a request for a document
2843 containing embedded links to multiple image files, and the server
2844 chooses to push those additional images to the client, sending push
2845 promises before the DATA frames that contain the image links ensures
2846 that the client is able to see the promises before discovering
2847 embedded links. Similarly, if the server pushes responses referenced
2848 by the header block (for instance, in Link header fields), sending
2849 the push promises before sending the header block ensures that
2850 clients do not request them.
2852 PUSH_PROMISE frames MUST NOT be sent by the client. PUSH_PROMISE
2853 frames can be sent by the server on any stream that was opened by the
2854 client. They MUST be sent on a stream that is in either the "open"
2855 or "half closed (remote)" state to the server. PUSH_PROMISE frames
2856 are interspersed with the frames that comprise a response, though
2857 they cannot be interspersed with HEADERS and CONTINUATION frames that
2858 comprise a single header block.
2860 8.2.2. Push Responses
2862 After sending the PUSH_PROMISE frame, the server can begin delivering
2863 the pushed response as a response (Section 8.1.3.2) on a server-
2864 initiated stream that uses the promised stream identifier. The
2865 server uses this stream to transmit an HTTP response, using the same
2866 sequence of frames as defined in Section 8.1. This stream becomes
2867 "half closed" to the client (Section 5.1) after the initial HEADERS
2868 frame is sent.
2870 Once a client receives a PUSH_PROMISE frame and chooses to accept the
2871 pushed response, the client SHOULD NOT issue any requests for the
2872 promised response until after the promised stream has closed.
2874 If the client determines, for any reason, that it does not wish to
2875 receive the pushed response from the server, or if the server takes
2876 too long to begin sending the promised response, the client can send
2877 an RST_STREAM frame, using either the CANCEL or REFUSED_STREAM codes,
2878 and referencing the pushed stream's identifier.
2880 A client can use the SETTINGS_MAX_CONCURRENT_STREAMS setting to limit
2881 the number of responses that can be concurrently pushed by a server.
2882 Advertising a SETTINGS_MAX_CONCURRENT_STREAMS value of zero disables
2883 server push by preventing the server from creating the necessary
2884 streams. This does not prohibit a server from sending PUSH_PROMISE
2885 frames; clients need to reset any promised streams that are not
2886 wanted.
2888 Clients receiving a pushed response MUST validate that the server is
2889 authorized to provide the response, see Section 10.1. For example,
2890 an server that offers a certificate for only the "example.com" DNS-ID
2891 or Common Name is not permitted to push a response for
2892 "https://www.example.org/doc".
2894 8.3. The CONNECT Method
2896 In HTTP/1.x, the pseudo-method CONNECT ([HTTP-p2], Section 4.3.6) is
2897 used to convert an HTTP connection into a tunnel to a remote host.
2898 CONNECT is primarily used with HTTP proxies to establish a TLS
2899 session with an origin server for the purposes of interacting with
2900 "https" resources.
2902 In HTTP/2, the CONNECT method is used to establish a tunnel over a
2903 single HTTP/2 stream to a remote host, for similar purposes. The
2904 HTTP header field mapping works as mostly as defined in Request
2905 Header Fields (Section 8.1.3.1), with a few differences.
2906 Specifically:
2908 o The ":method" header field is set to "CONNECT".
2910 o The ":scheme" and ":path" header fields MUST be omitted.
2912 o The ":authority" header field contains the host and port to
2913 connect to (equivalent to the authority-form of the request-target
2914 of CONNECT requests, see [HTTP-p1], Section 5.3).
2916 A proxy that supports CONNECT establishes a TCP connection [TCP] to
2917 the server identified in the ":authority" header field. Once this
2918 connection is successfully established, the proxy sends a HEADERS
2919 frame containing a 2xx series status code to the client, as defined
2920 in [HTTP-p2], Section 4.3.6.
2922 After the initial HEADERS frame sent by each peer, all subsequent
2923 DATA frames correspond to data sent on the TCP connection. The
2924 payload of any DATA frames sent by the client are transmitted by the
2925 proxy to the TCP server; data received from the TCP server is
2926 assembled into DATA frames by the proxy. Frame types other than DATA
2927 or stream management frames (RST_STREAM, WINDOW_UPDATE, and PRIORITY)
2928 MUST NOT be sent on a connected stream, and MUST be treated as a
2929 stream error (Section 5.4.2) if received.
2931 The TCP connection can be closed by either peer. The END_STREAM flag
2932 on a DATA frame is treated as being equivalent to the TCP FIN bit. A
2933 client is expected to send a DATA frame with the END_STREAM flag set
2934 after receiving a frame bearing the END_STREAM flag. A proxy that
2935 receives a DATA frame with the END_STREAM flag set sends the attached
2936 data with the FIN bit set on the last TCP segment. A proxy that
2937 receives a TCP segment with the FIN bit set sends a DATA frame with
2938 the END_STREAM flag set. Note that the final TCP segment or DATA
2939 frame could be empty.
2941 A TCP connection error is signaled with RST_STREAM. A proxy treats
2942 any error in the TCP connection, which includes receiving a TCP
2943 segment with the RST bit set, as a stream error (Section 5.4.2) of
2944 type CONNECT_ERROR. Correspondingly, a proxy MUST send a TCP segment
2945 with the RST bit set if it detects an error with the stream or the
2946 HTTP/2 connection.
2948 9. Additional HTTP Requirements/Considerations
2950 This section outlines attributes of the HTTP protocol that improve
2951 interoperability, reduce exposure to known security vulnerabilities,
2952 or reduce the potential for implementation variation.
2954 9.1. Connection Management
2956 HTTP/2 connections are persistent. For best performance, it is
2957 expected clients will not close connections until it is determined
2958 that no further communication with a server is necessary (for
2959 example, when a user navigates away from a particular web page), or
2960 until the server closes the connection.
2962 Clients SHOULD NOT open more than one HTTP/2 connection to a given
2963 destination, where a destination is the IP address and port that is
2964 derived from a URI, a selected alternative service [ALT-SVC], or a
2965 configured proxy. A client can create additional connections as
2966 replacements, either to replace connections that are near to
2967 exhausting the available stream identifier space (Section 5.1.1), or
2968 to replace connections that have encountered errors (Section 5.4.1).
2970 A client MAY open multiple connections to the same IP address and TCP
2971 port using different Server Name Indication [TLS-EXT] values or to
2972 provide different TLS client certificates, but SHOULD avoid creating
2973 multiple connections with the same configuration. [[anchor15: Need
2974 more text on how client certificates relate here, see issue #363.]]
2976 Clients MAY use a single server connection to send requests for URIs
2977 with multiple different authority components as long as the server is
2978 authoritative (Section 10.1).
2980 Servers are encouraged to maintain open connections for as long as
2981 possible, but are permitted to terminate idle connections if
2982 necessary. When either endpoint chooses to close the transport-level
2983 TCP connection, the terminating endpoint SHOULD first send a GOAWAY
2984 (Section 6.8) frame so that both endpoints can reliably determine
2985 whether previously sent frames have been processed and gracefully
2986 complete or terminate any necessary remaining tasks.
2988 9.2. Use of TLS Features
2990 Implementations of HTTP/2 MUST support TLS 1.2 [TLS12]. The general
2991 TLS usage guidance in [TLSBCP] SHOULD be followed, with some
2992 additional restrictions that are specific to HTTP/2.
2994 The TLS implementation MUST support the Server Name Indication (SNI)
2995 [TLS-EXT] extension to TLS. HTTP/2 clients MUST indicate the target
2996 domain name when negotiating TLS.
2998 The TLS implementation MUST disable compression. TLS compression can
2999 lead to the exposure of information that would not otherwise be
3000 revealed [RFC3749]. Generic compression is unnecessary since HTTP/2
3001 provides compression features that are more aware of context and
3002 therefore likely to be more appropriate for use for performance,
3003 security or other reasons.
3005 Implementations MUST negotiate - and therefore use - ephemeral cipher
3006 suites, such as ephemeral Diffie-Hellman (DHE) or the elliptic curve
3007 variant (ECDHE) with a minimum size of 2048 bits (DHE) or security
3008 level of 128 bits (ECDHE). Clients MUST accept DHE sizes of up to
3009 4096 bits.
3011 Implementations are encouraged not to negotiate TLS cipher suites
3012 with known vulnerabilities, such as [RC4].
3014 An implementation that negotiates a TLS connection that does not meet
3015 the requirements in this section, or any policy-based constraints,
3016 SHOULD NOT negotiate HTTP/2. Removing HTTP/2 protocols from
3017 consideration could result in the removal of all protocols from the
3018 set of protocols offered by the client. This causes protocol
3019 negotiation failure, as described in Section 3.2 of [TLSALPN].
3021 Due to implementation limitations, it might not be possible to fail
3022 TLS negotiation based on all of these requirements. An endpoint MUST
3023 terminate an HTTP/2 connection that is opened on a TLS session that
3024 does not meet these minimum requirements with a connection error
3025 (Section 5.4.1) of type INADEQUATE_SECURITY.
3027 9.3. GZip Content-Encoding
3029 Clients MUST support gzip compression for HTTP response bodies.
3030 Regardless of the value of the accept-encoding header field, a server
3031 MAY send responses with gzip encoding. A compressed response MUST
3032 still bear an appropriate content-encoding header field.
3034 This effectively changes the implicit value of the Accept-Encoding
3035 header field ([HTTP-p2], Section 5.3.4) from "identity" to "identity,
3036 gzip", however gzip encoding cannot be suppressed by including
3037 ";q=0". Intermediaries that perform translation from HTTP/2 to
3038 HTTP/1.1 MUST decompress payloads unless the request includes an
3039 Accept-Encoding value that includes "gzip".
3041 10. Security Considerations
3043 10.1. Server Authority
3045 A client is only able to accept HTTP/2 responses from servers that
3046 are authoritative for those resources. This is particularly
3047 important for server push (Section 8.2), where the client validates
3048 the PUSH_PROMISE before accepting the response.
3050 HTTP/2 relies on the HTTP/1.1 definition of authority for determining
3051 whether a server is authoritative in providing a given response, see
3052 [HTTP-p1], Section 9.1). This relies on local name resolution for
3053 the "http" URI scheme, and the offered server identity for the
3054 "https" scheme (see [RFC2818], Section 3).
3056 A client MUST NOT use, in any way, resources provided by a server
3057 that is not authoritative for those resources.
3059 10.2. Cross-Protocol Attacks
3061 In a cross-protocol attack, an attacker causes a client to initiate a
3062 transaction in one protocol toward a server that understands a
3063 different protocol. An attacker might be able to cause the
3064 transaction to appear as valid transaction in the second protocol.
3065 In combination with the capabilities of the web context, this can be
3066 used to interact with poorly protected servers in private networks.
3068 Completing a TLS handshake with an ALPN identifier for HTTP/2 can be
3069 considered sufficient. ALPN provides a positive indication that a
3070 server is willing to proceed with HTTP/2, which prevents attacks on
3071 other TLS-based protocols.
3073 The encryption in TLS makes it difficult for attackers to control the
3074 data which could be used in a cross-protocol attack on a cleartext
3075 protocol.
3077 The cleartext version of HTTP/2 has minimal protection against cross-
3078 protocol attacks. The connection preface (Section 3.5) contains a
3079 string that is designed to confuse HTTP/1.1 servers, but no special
3080 protection is offered for other protocols. A server that is willing
3081 to ignore parts of an HTTP/1.1 request containing an Upgrade header
3082 field could be exposed to a cross-protocol attack.
3084 10.3. Intermediary Encapsulation Attacks
3086 HTTP/2 header field names and values are encoded as sequences of
3087 octets with a length prefix. This enables HTTP/2 to carry any string
3088 of octets as the name or value of a header field. An intermediary
3089 that translates HTTP/2 requests or responses into HTTP/1.1 directly
3090 could permit the creation of corrupted HTTP/1.1 messages. An
3091 attacker might exploit this behavior to cause the intermediary to
3092 create HTTP/1.1 messages with illegal header fields, extra header
3093 fields, or even new messages that are entirely falsified.
3095 Header field names or values that contain characters not permitted by
3096 HTTP/1.1, including carriage return (U+000D) or line feed (U+000A)
3097 MUST NOT be translated verbatim by an intermediary, as stipulated in
3098 [HTTP-p1], Section 3.2.4.
3100 Translation from HTTP/1.x to HTTP/2 does not produce the same
3101 opportunity to an attacker. Intermediaries that perform translation
3102 to HTTP/2 MUST remove any instances of the "obs-fold" production from
3103 header field values.
3105 10.4. Cacheability of Pushed Responses
3107 Pushed responses do not have an explicit request from the client; the
3108 request is provided by the server in the PUSH_PROMISE frame.
3110 Caching responses that are pushed is possible based on the guidance
3111 provided by the origin server in the Cache-Control header field.
3112 However, this can cause issues if a single server hosts more than one
3113 tenant. For example, a server might offer multiple users each a
3114 small portion of its URI space.
3116 Where multiple tenants share space on the same server, that server
3117 MUST ensure that tenants are not able to push representations of
3118 resources that they do not have authority over. Failure to enforce
3119 this would allow a tenant to provide a representation that would be
3120 served out of cache, overriding the actual representation that the
3121 authoritative tenant provides.
3123 Pushed responses for which an origin server is not authoritative (see
3124 Section 10.1) are never cached or used.
3126 10.5. Denial of Service Considerations
3128 An HTTP/2 connection can demand a greater commitment of resources to
3129 operate than a HTTP/1.1 connection. The use of header compression
3130 and flow control depend on a commitment of resources for storing a
3131 greater amount of state. Settings for these features ensure that
3132 memory commitments for these features are strictly bounded.
3133 Processing capacity cannot be guarded in the same fashion.
3135 The SETTINGS frame can be abused to cause a peer to expend additional
3136 processing time. This might be done by pointlessly changing SETTINGS
3137 parameters, setting multiple undefined parameters, or changing the
3138 same setting multiple times in the same frame. WINDOW_UPDATE or
3139 PRIORITY frames can be abused to cause an unnecessary waste of
3140 resources. A server might erroneously issue ALTSVC frames for
3141 origins on which it cannot be authoritative to generate excess work
3142 for clients.
3144 Large numbers of small or empty frames can be abused to cause a peer
3145 to expend time processing frame headers. Note however that some uses
3146 are entirely legitimate, such as the sending of an empty DATA frame
3147 to end a stream.
3149 Header compression also offers some opportunities to waste processing
3150 resources; see [COMPRESSION] for more details on potential abuses.
3152 Limits in SETTINGS parameters cannot be reduced instantaneously,
3153 which leaves an endpoint exposed to behavior from a peer that could
3154 exceed the new limits. In particular, immediately after establishing
3155 a connection, limits set by a server are not known to clients and
3156 could be exceeded without being an obvious protocol violation.
3158 All these features - i.e., SETTINGS changes, small frames, header
3159 compression - have legitimate uses. These features become a burden
3160 only when they are used unnecessarily or to excess.
3162 An endpoint that doesn't monitor this behavior exposes itself to a
3163 risk of denial of service attack. Implementations SHOULD track the
3164 use of these features and set limits on their use. An endpoint MAY
3165 treat activity that is suspicious as a connection error
3166 (Section 5.4.1) of type ENHANCE_YOUR_CALM.
3168 10.6. Use of Compression
3170 HTTP/2 enables greater use of compression for both header fields
3171 (Section 4.3) and response bodies (Section 9.3). Compression can
3172 allow an attacker to recover secret data when it is compressed in the
3173 same context as data under attacker control.
3175 There are demonstrable attacks on compression that exploit the
3176 characteristics of the web (e.g., [BREACH]). The attacker induces
3177 multiple requests containing varying plaintext, observing the length
3178 of the resulting ciphertext in each, which reveals a shorter length
3179 when a guess about the secret is correct.
3181 Implementations communicating on a secure channel MUST NOT compress
3182 content that includes both confidential and attacker-controlled data
3183 unless separate compression dictionaries are used for each source of
3184 data. Compression MUST NOT be used if the source of data cannot be
3185 reliably determined.
3187 Further considerations regarding the compression of header fields are
3188 described in [COMPRESSION].
3190 10.7. Use of Padding
3192 Padding within HTTP/2 is not intended as a replacement for general
3193 purpose padding, such as might be provided by TLS [TLS12]. Redundant
3194 padding could even be counterproductive. Correct application can
3195 depend on having specific knowledge of the data that is being padded.
3197 To mitigate attacks that rely on compression, disabling compression
3198 might be preferable to padding as a countermeasure.
3200 Padding can be used to obscure the exact size of frame content, and
3201 is provided to mitigate specific attacks within HTTP. For example,
3202 attacks where compressed content includes both attacker-controlled
3203 plaintext and secret data (see for example, [BREACH]).
3205 Use of padding can result in less protection than might seem
3206 immediately obvious. At best, padding only makes it more difficult
3207 for an attacker to infer length information by increasing the number
3208 of frames an attacker has to observe. Incorrectly implemented
3209 padding schemes can be easily defeated. In particular, randomized
3210 padding with a predictable distribution provides very little
3211 protection; or padding payloads to a fixed size exposes information
3212 as payload sizes cross the fixed size boundary, which could be
3213 possible if an attacker can control plaintext.
3215 Intermediaries SHOULD NOT remove padding, though an intermediary MAY
3216 remove padding and add differing amounts if the intent is to improve
3217 the protections padding affords.
3219 10.8. Privacy Considerations
3221 Several characteristics of HTTP/2 provide an observer an opportunity
3222 to correlate actions of a single client or server over time. This
3223 includes the value of settings, the manner in which flow control
3224 windows are managed, the way priorities are allocated to streams,
3225 timing of reactions to stimulus, and handling of any optional
3226 features.
3228 As far as this creates observable differences in behavior, they could
3229 be used as a basis for fingerprinting a specific client, as defined
3230 in .
3232 11. IANA Considerations
3234 A string for identifying HTTP/2 is entered into the "Application
3235 Layer Protocol Negotiation (ALPN) Protocol IDs" registry established
3236 in [TLSALPN].
3238 This document establishes a registry for error codes. This new
3239 registry is entered into a new "Hypertext Transfer Protocol (HTTP) 2
3240 Parameters" section.
3242 This document registers the "HTTP2-Settings" header field for use in
3243 HTTP.
3245 This document registers the "PRI" method for use in HTTP, to avoid
3246 collisions with the connection preface (Section 3.5).
3248 11.1. Registration of HTTP/2 Identification String
3250 This document creates two registrations for the identification of
3251 HTTP/2 in the "Application Layer Protocol Negotiation (ALPN) Protocol
3252 IDs" registry established in [TLSALPN].
3254 The "h2" string identifies HTTP/2 when used over TLS:
3256 Protocol: HTTP/2 over TLS
3258 Identification Sequence: 0x68 0x32 ("h2")
3260 Specification: This document (RFCXXXX)
3262 The "h2c" string identifies HTTP/2 when used over cleartext TCP:
3264 Protocol: HTTP/2 over TCP
3266 Identification Sequence: 0x68 0x32 0x63 ("h2c")
3268 Specification: This document (RFCXXXX)
3270 11.2. Error Code Registry
3272 This document establishes a registry for HTTP/2 error codes. The
3273 "HTTP/2 Error Code" registry manages a 32-bit space. The "HTTP/2
3274 Error Code" registry operates under the "Expert Review" policy
3275 [RFC5226].
3277 Registrations for error codes are required to include a description
3278 of the error code. An expert reviewer is advised to examine new
3279 registrations for possible duplication with existing error codes.
3280 Use of existing registrations is to be encouraged, but not mandated.
3282 New registrations are advised to provide the following information:
3284 Error Code: The 32-bit error code value.
3286 Name: A name for the error code. Specifying an error code name is
3287 optional.
3289 Description: A description of the conditions where the error code is
3290 applicable.
3292 Specification: An optional reference for a specification that
3293 defines the error code.
3295 An initial set of error code registrations can be found in Section 7.
3297 11.3. HTTP2-Settings Header Field Registration
3299 This section registers the "HTTP2-Settings" header field in the
3300 Permanent Message Header Field Registry [BCP90].
3302 Header field name: HTTP2-Settings
3304 Applicable protocol: http
3306 Status: standard
3308 Author/Change controller: IETF
3310 Specification document(s): Section 3.2.1 of this document
3312 Related information: This header field is only used by an HTTP/2
3313 client for Upgrade-based negotiation.
3315 11.4. PRI Method Registration
3317 This section registers the "PRI" method in the HTTP Method Registry
3318 [HTTP-p2].
3320 Method Name: PRI
3322 Safe No
3324 Idempotent No
3326 Specification document(s) Section 3.5 of this document
3328 Related information: This method is never used by an actual client.
3329 This method will appear to be used when an HTTP/1.1 server or
3330 intermediary attempts to parse an HTTP/2 connection preface.
3332 12. Acknowledgements
3334 This document includes substantial input from the following
3335 individuals:
3337 o Adam Langley, Wan-Teh Chang, Jim Morrison, Mark Nottingham, Alyssa
3338 Wilk, Costin Manolache, William Chan, Vitaliy Lvin, Joe Chan, Adam
3339 Barth, Ryan Hamilton, Gavin Peters, Kent Alstad, Kevin Lindsay,
3340 Paul Amer, Fan Yang, Jonathan Leighton (SPDY contributors).
3342 o Gabriel Montenegro and Willy Tarreau (Upgrade mechanism).
3344 o William Chan, Salvatore Loreto, Osama Mazahir, Gabriel Montenegro,
3345 Jitu Padhye, Roberto Peon, Rob Trace (Flow control).
3347 o Mark Nottingham, Julian Reschke, James Snell, Jeff Pinner, Mike
3348 Bishop, Herve Ruellan (Substantial editorial contributions).
3350 o Alexey Melnikov was an editor of this document during 2013.
3352 o A substantial proportion of Martin's contribution was supported by
3353 Microsoft during his employment there.
3355 13. References
3357 13.1. Normative References
3359 [ALT-SVC] Nottingham, M., McManus, P., and J. Reschke, "HTTP
3360 Alternative Services", draft-ietf-httpbis-alt-svc-01
3361 (work in progress), April 2014.
3363 [COMPRESSION] Ruellan, H. and R. Peon, "HPACK - Header Compression
3364 for HTTP/2", draft-ietf-httpbis-header-compression-07
3365 (work in progress), April 2014.
3367 [COOKIE] Barth, A., "HTTP State Management Mechanism",
3368 RFC 6265, April 2011.
3370 [HTTP-p1] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext
3371 Transfer Protocol (HTTP/1.1): Message Syntax and
3372 Routing", draft-ietf-httpbis-p1-messaging-26 (work in
3373 progress), February 2014.
3375 [HTTP-p2] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext
3376 Transfer Protocol (HTTP/1.1): Semantics and Content",
3377 draft-ietf-httpbis-p2-semantics-26 (work in progress),
3378 February 2014.
3380 [HTTP-p4] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext
3381 Transfer Protocol (HTTP/1.1): Conditional Requests",
3382 draft-ietf-httpbis-p4-conditional-26 (work in
3383 progress), February 2014.
3385 [HTTP-p5] Fielding, R., Ed., Lafon, Y., Ed., and J. Reschke,
3386 Ed., "Hypertext Transfer Protocol (HTTP/1.1): Range
3387 Requests", draft-ietf-httpbis-p5-range-26 (work in
3388 progress), February 2014.
3390 [HTTP-p6] Fielding, R., Ed., Nottingham, M., Ed., and J.
3391 Reschke, Ed., "Hypertext Transfer Protocol (HTTP/1.1):
3393 Caching", draft-ietf-httpbis-p6-cache-26 (work in
3394 progress), February 2014.
3396 [HTTP-p7] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext
3397 Transfer Protocol (HTTP/1.1): Authentication",
3398 draft-ietf-httpbis-p7-auth-26 (work in progress),
3399 February 2014.
3401 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
3402 Requirement Levels", BCP 14, RFC 2119, March 1997.
3404 [RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000.
3406 [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter,
3407 "Uniform Resource Identifier (URI): Generic Syntax",
3408 STD 66, RFC 3986, January 2005.
3410 [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data
3411 Encodings", RFC 4648, October 2006.
3413 [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing
3414 an IANA Considerations Section in RFCs", BCP 26,
3415 RFC 5226, May 2008.
3417 [RFC5234] Crocker, D. and P. Overell, "Augmented BNF for Syntax
3418 Specifications: ABNF", STD 68, RFC 5234, January 2008.
3420 [RFC6454] Barth, A., "The Web Origin Concept", RFC 6454,
3421 December 2011.
3423 [TCP] Postel, J., "Transmission Control Protocol", STD 7,
3424 RFC 793, September 1981.
3426 [TLS-EXT] Eastlake, D., "Transport Layer Security (TLS)
3427 Extensions: Extension Definitions", RFC 6066,
3428 January 2011.
3430 [TLS12] Dierks, T. and E. Rescorla, "The Transport Layer
3431 Security (TLS) Protocol Version 1.2", RFC 5246,
3432 August 2008.
3434 [TLSALPN] Friedl, S., Popov, A., Langley, A., and E. Stephan,
3435 "Transport Layer Security (TLS) Application Layer
3436 Protocol Negotiation Extension",
3437 draft-ietf-tls-applayerprotoneg-05 (work in progress),
3438 March 2014.
3440 [UTF-8] Yergeau, F., "UTF-8, a transformation format of ISO
3441 10646", STD 63, RFC 3629, November 2003.
3443 13.2. Informative References
3445 [BCP90] Klyne, G., Nottingham, M., and J. Mogul, "Registration
3446 Procedures for Message Header Fields", BCP 90,
3447 RFC 3864, September 2004.
3449 [BREACH] Gluck, Y., Harris, N., and A. Prado, "BREACH: Reviving
3450 the CRIME Attack", July 2013, .
3454 [IDNA] Klensin, J., "Internationalized Domain Names for
3455 Applications (IDNA): Definitions and Document
3456 Framework", RFC 5890, August 2010.
3458 [RC4] Rivest, R., "The RC4 encryption algorithm", RSA Data
3459 Security, Inc. , March 1992.
3461 [RFC1323] Jacobson, V., Braden, B., and D. Borman, "TCP
3462 Extensions for High Performance", RFC 1323, May 1992.
3464 [RFC3749] Hollenbeck, S., "Transport Layer Security Protocol
3465 Compression Methods", RFC 3749, May 2004.
3467 [TALKING] Huang, L-S., Chen, E., Barth, A., Rescorla, E., and C.
3468 Jackson, "Talking to Yourself for Fun and Profit",
3469 2011, .
3471 [TLSBCP] Sheffer, Y., Holz, R., and P. Saint-Andre,
3472 "Recommendations for Secure Use of TLS and DTLS",
3473 draft-sheffer-tls-bcp-02 (work in progress),
3474 February 2014.
3476 Appendix A. Change Log (to be removed by RFC Editor before publication)
3478 A.1. Since draft-ietf-httpbis-http2-10
3480 Changed "connection header" to "connection preface" to avoid
3481 confusion.
3483 Added dependency-based stream prioritization.
3485 Added "h2c" identifier to distinguish between cleartext and secured
3486 HTTP/2.
3488 Adding missing padding to PUSH_PROMISE.
3490 Integrate ALTSVC frame and supporting text.
3492 Dropping requirement on "deflate" Content-Encoding.
3494 Improving security considerations around use of compression.
3496 A.2. Since draft-ietf-httpbis-http2-09
3498 Adding padding for data frames.
3500 Renumbering frame types, error codes, and settings.
3502 Adding INADEQUATE_SECURITY error code.
3504 Updating TLS usage requirements to 1.2; forbidding TLS compression.
3506 Removing extensibility for frames and settings.
3508 Changing setting identifier size.
3510 Removing the ability to disable flow control.
3512 Changing the protocol identification token to "h2".
3514 Changing the use of :authority to make it optional and to allow
3515 userinfo in non-HTTP cases.
3517 Allowing split on 0x0 for Cookie.
3519 Reserved PRI method in HTTP/1.1 to avoid possible future collisions.
3521 A.3. Since draft-ietf-httpbis-http2-08
3523 Added cookie crumbling for more efficient header compression.
3525 Added header field ordering with the value-concatenation mechanism.
3527 A.4. Since draft-ietf-httpbis-http2-07
3529 Marked draft for implementation.
3531 A.5. Since draft-ietf-httpbis-http2-06
3533 Adding definition for CONNECT method.
3535 Constraining the use of push to safe, cacheable methods with no
3536 request body.
3538 Changing from :host to :authority to remove any potential confusion.
3540 Adding setting for header compression table size.
3542 Adding settings acknowledgement.
3544 Removing unnecessary and potentially problematic flags from
3545 CONTINUATION.
3547 Added denial of service considerations.
3549 A.6. Since draft-ietf-httpbis-http2-05
3551 Marking the draft ready for implementation.
3553 Renumbering END_PUSH_PROMISE flag.
3555 Editorial clarifications and changes.
3557 A.7. Since draft-ietf-httpbis-http2-04
3559 Added CONTINUATION frame for HEADERS and PUSH_PROMISE.
3561 PUSH_PROMISE is no longer implicitly prohibited if
3562 SETTINGS_MAX_CONCURRENT_STREAMS is zero.
3564 Push expanded to allow all safe methods without a request body.
3566 Clarified the use of HTTP header fields in requests and responses.
3567 Prohibited HTTP/1.1 hop-by-hop header fields.
3569 Requiring that intermediaries not forward requests with missing or
3570 illegal routing :-headers.
3572 Clarified requirements around handling different frames after stream
3573 close, stream reset and GOAWAY.
3575 Added more specific prohibitions for sending of different frame types
3576 in various stream states.
3578 Making the last received setting value the effective value.
3580 Clarified requirements on TLS version, extension and ciphers.
3582 A.8. Since draft-ietf-httpbis-http2-03
3584 Committed major restructuring atrocities.
3586 Added reference to first header compression draft.
3588 Added more formal description of frame lifecycle.
3590 Moved END_STREAM (renamed from FINAL) back to HEADERS/DATA.
3592 Removed HEADERS+PRIORITY, added optional priority to HEADERS frame.
3594 Added PRIORITY frame.
3596 A.9. Since draft-ietf-httpbis-http2-02
3598 Added continuations to frames carrying header blocks.
3600 Replaced use of "session" with "connection" to avoid confusion with
3601 other HTTP stateful concepts, like cookies.
3603 Removed "message".
3605 Switched to TLS ALPN from NPN.
3607 Editorial changes.
3609 A.10. Since draft-ietf-httpbis-http2-01
3611 Added IANA considerations section for frame types, error codes and
3612 settings.
3614 Removed data frame compression.
3616 Added PUSH_PROMISE.
3618 Added globally applicable flags to framing.
3620 Removed zlib-based header compression mechanism.
3622 Updated references.
3624 Clarified stream identifier reuse.
3626 Removed CREDENTIALS frame and associated mechanisms.
3628 Added advice against naive implementation of flow control.
3630 Added session header section.
3632 Restructured frame header. Removed distinction between data and
3633 control frames.
3635 Altered flow control properties to include session-level limits.
3637 Added note on cacheability of pushed resources and multiple tenant
3638 servers.
3640 Changed protocol label form based on discussions.
3642 A.11. Since draft-ietf-httpbis-http2-00
3644 Changed title throughout.
3646 Removed section on Incompatibilities with SPDY draft#2.
3648 Changed INTERNAL_ERROR on GOAWAY to have a value of 2 .
3651 Replaced abstract and introduction.
3653 Added section on starting HTTP/2.0, including upgrade mechanism.
3655 Removed unused references.
3657 Added flow control principles (Section 5.2.1) based on .
3660 A.12. Since draft-mbelshe-httpbis-spdy-00
3662 Adopted as base for draft-ietf-httpbis-http2.
3664 Updated authors/editors list.
3666 Added status note.
3668 Authors' Addresses
3670 Mike Belshe
3671 Twist
3673 EMail: mbelshe@chromium.org
3675 Roberto Peon
3676 Google, Inc
3678 EMail: fenix@google.com
3679 Martin Thomson (editor)
3680 Mozilla
3681 Suite 300
3682 650 Castro Street
3683 Mountain View, CA 94041
3684 US
3686 EMail: martin.thomson@gmail.com