idnits 2.17.1 draft-ietf-httpbis-p4-conditional-11.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document seems to contain a disclaimer for pre-RFC5378 work, and may have content which was first submitted before 10 November 2008. The disclaimer is necessary when there are original authors that you have been unable to contact, or if some do not wish to grant the BCP78 rights to the IETF Trust. If you are able to get all authors (current and original) to grant those rights, you can and should remove the disclaimer; otherwise, the disclaimer is needed and you can ignore this comment. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (August 4, 2010) is 5013 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-26) exists of draft-ietf-httpbis-p1-messaging-11 == Outdated reference: A later version (-20) exists of draft-ietf-httpbis-p3-payload-11 == Outdated reference: A later version (-26) exists of draft-ietf-httpbis-p5-range-11 == Outdated reference: A later version (-26) exists of draft-ietf-httpbis-p6-cache-11 -- Obsolete informational reference (is this intentional?): RFC 2616 (Obsoleted by RFC 7230, RFC 7231, RFC 7232, RFC 7233, RFC 7234, RFC 7235) Summary: 0 errors (**), 0 flaws (~~), 5 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 HTTPbis Working Group R. Fielding, Ed. 3 Internet-Draft Day Software 4 Obsoletes: 2616 (if approved) J. Gettys 5 Intended status: Standards Track Alcatel-Lucent 6 Expires: February 5, 2011 J. Mogul 7 HP 8 H. Frystyk 9 Microsoft 10 L. Masinter 11 Adobe Systems 12 P. Leach 13 Microsoft 14 T. Berners-Lee 15 W3C/MIT 16 Y. Lafon, Ed. 17 W3C 18 J. Reschke, Ed. 19 greenbytes 20 August 4, 2010 22 HTTP/1.1, part 4: Conditional Requests 23 draft-ietf-httpbis-p4-conditional-11 25 Abstract 27 The Hypertext Transfer Protocol (HTTP) is an application-level 28 protocol for distributed, collaborative, hypermedia information 29 systems. HTTP has been in use by the World Wide Web global 30 information initiative since 1990. This document is Part 4 of the 31 seven-part specification that defines the protocol referred to as 32 "HTTP/1.1" and, taken together, obsoletes RFC 2616. Part 4 defines 33 request header fields for indicating conditional requests and the 34 rules for constructing responses to those requests. 36 Editorial Note (To be removed by RFC Editor) 38 Discussion of this draft should take place on the HTTPBIS working 39 group mailing list (ietf-http-wg@w3.org). The current issues list is 40 at and related 41 documents (including fancy diffs) can be found at 42 . 44 The changes in this draft are summarized in Appendix C.12. 46 Status of This Memo 48 This Internet-Draft is submitted in full conformance with the 49 provisions of BCP 78 and BCP 79. 51 Internet-Drafts are working documents of the Internet Engineering 52 Task Force (IETF). Note that other groups may also distribute 53 working documents as Internet-Drafts. The list of current Internet- 54 Drafts is at http://datatracker.ietf.org/drafts/current/. 56 Internet-Drafts are draft documents valid for a maximum of six months 57 and may be updated, replaced, or obsoleted by other documents at any 58 time. It is inappropriate to use Internet-Drafts as reference 59 material or to cite them other than as "work in progress." 61 This Internet-Draft will expire on February 5, 2011. 63 Copyright Notice 65 Copyright (c) 2010 IETF Trust and the persons identified as the 66 document authors. All rights reserved. 68 This document is subject to BCP 78 and the IETF Trust's Legal 69 Provisions Relating to IETF Documents 70 (http://trustee.ietf.org/license-info) in effect on the date of 71 publication of this document. Please review these documents 72 carefully, as they describe your rights and restrictions with respect 73 to this document. Code Components extracted from this document must 74 include Simplified BSD License text as described in Section 4.e of 75 the Trust Legal Provisions and are provided without warranty as 76 described in the Simplified BSD License. 78 This document may contain material from IETF Documents or IETF 79 Contributions published or made publicly available before November 80 10, 2008. The person(s) controlling the copyright in some of this 81 material may not have granted the IETF Trust the right to allow 82 modifications of such material outside the IETF Standards Process. 83 Without obtaining an adequate license from the person(s) controlling 84 the copyright in such materials, this document may not be modified 85 outside the IETF Standards Process, and derivative works of it may 86 not be created outside the IETF Standards Process, except to format 87 it for publication as an RFC or to translate it into languages other 88 than English. 90 Table of Contents 92 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 93 1.1. Requirements . . . . . . . . . . . . . . . . . . . . . . . 4 94 1.2. Syntax Notation . . . . . . . . . . . . . . . . . . . . . 4 95 1.2.1. Core Rules . . . . . . . . . . . . . . . . . . . . . . 5 96 1.2.2. ABNF Rules defined in other Parts of the 97 Specification . . . . . . . . . . . . . . . . . . . . 5 98 2. Entity-Tags . . . . . . . . . . . . . . . . . . . . . . . . . 5 99 2.1. Example: Entity-tags varying on Content-Negotiated 100 Resources . . . . . . . . . . . . . . . . . . . . . . . . 6 101 3. Status Code Definitions . . . . . . . . . . . . . . . . . . . 7 102 3.1. 304 Not Modified . . . . . . . . . . . . . . . . . . . . . 7 103 3.2. 412 Precondition Failed . . . . . . . . . . . . . . . . . 7 104 4. Weak and Strong Validators . . . . . . . . . . . . . . . . . . 8 105 5. Rules for When to Use Entity-tags and Last-Modified Dates . . 10 106 6. Header Field Definitions . . . . . . . . . . . . . . . . . . . 12 107 6.1. ETag . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 108 6.2. If-Match . . . . . . . . . . . . . . . . . . . . . . . . . 13 109 6.3. If-Modified-Since . . . . . . . . . . . . . . . . . . . . 14 110 6.4. If-None-Match . . . . . . . . . . . . . . . . . . . . . . 16 111 6.5. If-Unmodified-Since . . . . . . . . . . . . . . . . . . . 17 112 6.6. Last-Modified . . . . . . . . . . . . . . . . . . . . . . 18 113 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 18 114 7.1. Status Code Registration . . . . . . . . . . . . . . . . . 19 115 7.2. Header Field Registration . . . . . . . . . . . . . . . . 19 116 8. Security Considerations . . . . . . . . . . . . . . . . . . . 19 117 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 19 118 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 19 119 10.1. Normative References . . . . . . . . . . . . . . . . . . . 19 120 10.2. Informative References . . . . . . . . . . . . . . . . . . 20 121 Appendix A. Changes from RFC 2616 . . . . . . . . . . . . . . . . 20 122 Appendix B. Collected ABNF . . . . . . . . . . . . . . . . . . . 21 123 Appendix C. Change Log (to be removed by RFC Editor before 124 publication) . . . . . . . . . . . . . . . . . . . . 21 125 C.1. Since RFC2616 . . . . . . . . . . . . . . . . . . . . . . 21 126 C.2. Since draft-ietf-httpbis-p4-conditional-00 . . . . . . . . 22 127 C.3. Since draft-ietf-httpbis-p4-conditional-01 . . . . . . . . 22 128 C.4. Since draft-ietf-httpbis-p4-conditional-02 . . . . . . . . 22 129 C.5. Since draft-ietf-httpbis-p4-conditional-03 . . . . . . . . 22 130 C.6. Since draft-ietf-httpbis-p4-conditional-04 . . . . . . . . 23 131 C.7. Since draft-ietf-httpbis-p4-conditional-05 . . . . . . . . 23 132 C.8. Since draft-ietf-httpbis-p4-conditional-06 . . . . . . . . 23 133 C.9. Since draft-ietf-httpbis-p4-conditional-07 . . . . . . . . 23 134 C.10. Since draft-ietf-httpbis-p4-conditional-08 . . . . . . . . 23 135 C.11. Since draft-ietf-httpbis-p4-conditional-09 . . . . . . . . 23 136 C.12. Since draft-ietf-httpbis-p4-conditional-10 . . . . . . . . 24 137 Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 139 1. Introduction 141 This document defines HTTP/1.1 response metadata for indicating 142 potential changes to payload content, including modification time 143 stamps and opaque entity-tags, and the HTTP conditional request 144 mechanisms that allow preconditions to be placed on a request method. 145 Conditional GET requests allow for efficient cache updates. Other 146 conditional request methods are used to protect against overwriting 147 or misunderstanding the state of a resource that has been changed 148 unbeknownst to the requesting client. 150 This document is currently disorganized in order to minimize the 151 changes between drafts and enable reviewers to see the smaller errata 152 changes. The next draft will reorganize the sections to better 153 reflect the content. In particular, the sections on resource 154 metadata will be discussed first and then followed by each 155 conditional request-header, concluding with a definition of 156 precedence and the expectation of ordering strong validator checks 157 before weak validator checks. It is likely that more content from 158 [Part6] will migrate to this part, where appropriate. The current 159 mess reflects how widely dispersed these topics and associated 160 requirements had become in [RFC2616]. 162 1.1. Requirements 164 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 165 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 166 document are to be interpreted as described in [RFC2119]. 168 An implementation is not compliant if it fails to satisfy one or more 169 of the "MUST" or "REQUIRED" level requirements for the protocols it 170 implements. An implementation that satisfies all the "MUST" or 171 "REQUIRED" level and all the "SHOULD" level requirements for its 172 protocols is said to be "unconditionally compliant"; one that 173 satisfies all the "MUST" level requirements but not all the "SHOULD" 174 level requirements for its protocols is said to be "conditionally 175 compliant". 177 1.2. Syntax Notation 179 This specification uses the ABNF syntax defined in Section 1.2 of 180 [Part1] (which extends the syntax defined in [RFC5234] with a list 181 rule). Appendix B shows the collected ABNF, with the list rule 182 expanded. 184 The following core rules are included by reference, as defined in 185 [RFC5234], Appendix B.1: ALPHA (letters), CR (carriage return), CRLF 186 (CR LF), CTL (controls), DIGIT (decimal 0-9), DQUOTE (double quote), 187 HEXDIG (hexadecimal 0-9/A-F/a-f), LF (line feed), OCTET (any 8-bit 188 sequence of data), SP (space), VCHAR (any visible USASCII character), 189 and WSP (whitespace). 191 1.2.1. Core Rules 193 The core rules below are defined in Section 1.2.2 of [Part1]: 195 quoted-string = 196 OWS = 198 1.2.2. ABNF Rules defined in other Parts of the Specification 200 The ABNF rules below are defined in other parts: 202 HTTP-date = 204 2. Entity-Tags 206 Entity-tags are used for comparing two or more representations of the 207 same resource. HTTP/1.1 uses entity-tags in the ETag (Section 6.1), 208 If-Match (Section 6.2), If-None-Match (Section 6.4), and If-Range 209 (Section 5.3 of [Part5]) header fields. The definition of how they 210 are used and compared as cache validators is in Section 4. An 211 entity-tag consists of an opaque quoted string, possibly prefixed by 212 a weakness indicator. 214 entity-tag = [ weak ] opaque-tag 215 weak = %x57.2F ; "W/", case-sensitive 216 opaque-tag = quoted-string 218 A "strong entity-tag" MAY be shared by two representations of a 219 resource only if they are equivalent by octet equality. 221 A "weak entity-tag", indicated by the "W/" prefix, MAY be shared by 222 two representations of a resource only if the representations are 223 equivalent and could be substituted for each other with no 224 significant change in semantics. A weak entity-tag can only be used 225 for weak comparison. 227 An entity-tag MUST be unique across all versions of all 228 representations associated with a particular resource. A given 229 entity-tag value MAY be used for representations obtained by requests 230 on different URIs. The use of the same entity-tag value in 231 conjunction with representations obtained by requests on different 232 URIs does not imply the equivalence of those representations. 234 2.1. Example: Entity-tags varying on Content-Negotiated Resources 236 Consider a resource that is subject to content negotiation (Section 5 237 of [Part3]), and where the representations returned upon a GET 238 request vary based on the Accept-Encoding request header field 239 (Section 6.3 of [Part3]): 241 >> Request: 243 GET /index HTTP/1.1 244 Host: www.example.com 245 Accept-Encoding: gzip 247 In this case, the response might or might not use the gzip content 248 coding. If it does not, the response might look like: 250 >> Response: 252 HTTP/1.1 200 OK 253 Date: Thu, 26 Mar 2010 00:05:00 GMT 254 ETag: "123-a" 255 Content-Length: 70 256 Vary: Accept-Encoding 257 Content-Type: text/plain 259 Hello World! 260 Hello World! 261 Hello World! 262 Hello World! 263 Hello World! 265 An alternative representation that does use gzip content coding would 266 be: 268 >> Response: 270 HTTP/1.1 200 OK 271 Date: Thu, 26 Mar 2010 00:05:00 GMT 272 ETag: "123-b" 273 Content-Length: 43 274 Vary: Accept-Encoding 275 Content-Type: text/plain 276 Content-Encoding: gzip 278 ...binary data... 280 Note: Content codings are a property of the representation, so 281 therefore an entity-tag of an encoded representation must be 282 distinct from an unencoded representation to prevent conflicts 283 during cache updates and range requests. In contrast, transfer 284 codings (Section 6.2 of [Part1]) apply only during message 285 transfer and do not require distinct entity-tags. 287 3. Status Code Definitions 289 3.1. 304 Not Modified 291 If the client has performed a conditional GET request and access is 292 allowed, but the document has not been modified, the server SHOULD 293 respond with this status code. The 304 response MUST NOT contain a 294 message-body, and thus is always terminated by the first empty line 295 after the header fields. 297 A 304 response MUST include a Date header field (Section 9.3 of 298 [Part1]) unless its omission is required by Section 9.3.1 of [Part1]. 299 If a 200 response to the same request would have included any of the 300 header fields Cache-Control, Content-Location, ETag, Expires, Last- 301 Modified, or Vary, then those same header fields MUST be sent in a 302 304 response. 304 Since the goal of a 304 response is to minimize information transfer 305 when the recipient already has one or more cached representations, 306 the response SHOULD NOT include representation metadata other than 307 the above listed fields unless said metadata exists for the purpose 308 of guiding cache updates (e.g., future HTTP extensions). 310 If a 304 response includes an entity-tag that indicates a 311 representation not currently cached, then the recipient MUST NOT use 312 the 304 to update its own cache. If that conditional request 313 originated with an outbound client, such as a user agent with its own 314 cache sending a conditional GET to a shared proxy, then the 304 315 response MAY be forwarded to the outbound client. Otherwise, 316 disregard the response and repeat the request without the 317 conditional. 319 If a cache uses a received 304 response to update a cache entry, the 320 cache MUST update the entry to reflect any new field values given in 321 the response. 323 3.2. 412 Precondition Failed 325 The precondition given in one or more of the request-header fields 326 evaluated to false when it was tested on the server. This response 327 code allows the client to place preconditions on the current resource 328 metadata (header field data) and thus prevent the requested method 329 from being applied to a resource other than the one intended. 331 4. Weak and Strong Validators 333 Since both origin servers and caches will compare two validators to 334 decide if they represent the same or different representations, one 335 normally would expect that if the representation (including both 336 representation header fields and representation body) changes in any 337 way, then the associated validator would change as well. If this is 338 true, then we call this validator a "strong validator". 340 However, there might be cases when a server prefers to change the 341 validator only on semantically significant changes, and not when 342 insignificant aspects of the representation change. A validator that 343 does not always change when the representation changes is a "weak 344 validator". 346 An entity-tag is normally a strong validator, but the protocol 347 provides a mechanism to tag an entity-tag as "weak". One can think 348 of a strong validator as one that changes whenever the sequence of 349 bits in a representation changes, while a weak value changes whenever 350 the meaning of a representation changes. Alternatively, one can 351 think of a strong validator as part of an identifier for a specific 352 representation, whereas a weak validator is part of an identifier for 353 a set of semantically equivalent representations. 355 Note: One example of a strong validator is an integer that is 356 incremented in stable storage every time a representation is 357 changed. 359 A representation's modification time, if defined with only one- 360 second resolution, could be a weak validator, since it is possible 361 that the representation might be modified twice during a single 362 second. 364 Support for weak validators is optional. However, weak validators 365 allow for more efficient caching of equivalent objects; for 366 example, a hit counter on a site is probably good enough if it is 367 updated every few days or weeks, and any value during that period 368 is likely "good enough" to be equivalent. 370 A "use" of a validator is either when a client generates a request 371 and includes the validator in a validating header field, or when a 372 server compares two validators. 374 Strong validators are usable in any context. Weak validators are 375 only usable in contexts that do not depend on exact equality of a 376 representation. For example, either kind is usable for a normal 377 conditional GET. However, only a strong validator is usable for a 378 sub-range retrieval, since otherwise the client might end up with an 379 internally inconsistent representation. 381 Clients MUST NOT use weak validators in range requests ([Part5]). 383 The only function that HTTP/1.1 defines on validators is comparison. 384 There are two validator comparison functions, depending on whether 385 the comparison context allows the use of weak validators or not: 387 o The strong comparison function: in order to be considered equal, 388 both opaque-tags MUST be identical character-by-character, and 389 both MUST NOT be weak. 391 o The weak comparison function: in order to be considered equal, 392 both opaque-tags MUST be identical character-by-character, but 393 either or both of them MAY be tagged as "weak" without affecting 394 the result. 396 The example below shows the results for a set of entity-tag pairs, 397 and both the weak and strong comparison function results: 399 +--------+--------+-------------------+-----------------+ 400 | ETag 1 | ETag 2 | Strong Comparison | Weak Comparison | 401 +--------+--------+-------------------+-----------------+ 402 | W/"1" | W/"1" | no match | match | 403 | W/"1" | W/"2" | no match | no match | 404 | W/"1" | "1" | no match | match | 405 | "1" | "1" | match | match | 406 +--------+--------+-------------------+-----------------+ 408 An entity-tag is strong unless it is explicitly tagged as weak. 409 Section 2 gives the syntax for entity-tags. 411 A Last-Modified time, when used as a validator in a request, is 412 implicitly weak unless it is possible to deduce that it is strong, 413 using the following rules: 415 o The validator is being compared by an origin server to the actual 416 current validator for the representation and, 418 o That origin server reliably knows that the associated 419 representation did not change twice during the second covered by 420 the presented validator. 422 or 423 o The validator is about to be used by a client in an If-Modified- 424 Since or If-Unmodified-Since header, because the client has a 425 cache entry for the associated representation, and 427 o That cache entry includes a Date value, which gives the time when 428 the origin server sent the original response, and 430 o The presented Last-Modified time is at least 60 seconds before the 431 Date value. 433 or 435 o The validator is being compared by an intermediate cache to the 436 validator stored in its cache entry for the representation, and 438 o That cache entry includes a Date value, which gives the time when 439 the origin server sent the original response, and 441 o The presented Last-Modified time is at least 60 seconds before the 442 Date value. 444 This method relies on the fact that if two different responses were 445 sent by the origin server during the same second, but both had the 446 same Last-Modified time, then at least one of those responses would 447 have a Date value equal to its Last-Modified time. The arbitrary 60- 448 second limit guards against the possibility that the Date and Last- 449 Modified values are generated from different clocks, or at somewhat 450 different times during the preparation of the response. An 451 implementation MAY use a value larger than 60 seconds, if it is 452 believed that 60 seconds is too short. 454 If a client wishes to perform a sub-range retrieval on a value for 455 which it has only a Last-Modified time and no opaque validator, it 456 MAY do this only if the Last-Modified time is strong in the sense 457 described here. 459 A cache or origin server receiving a conditional range request 460 ([Part5]) MUST use the strong comparison function to evaluate the 461 condition. 463 These rules allow HTTP/1.1 caches and clients to safely perform sub- 464 range retrievals on values that have been obtained from HTTP/1.0 465 servers. 467 5. Rules for When to Use Entity-tags and Last-Modified Dates 469 We adopt a set of rules and recommendations for origin servers, 470 clients, and caches regarding when various validator types ought to 471 be used, and for what purposes. 473 HTTP/1.1 origin servers: 475 o SHOULD send an entity-tag validator unless it is not feasible to 476 generate one. 478 o MAY send a weak entity-tag instead of a strong entity-tag, if 479 performance considerations support the use of weak entity-tags, or 480 if it is unfeasible to send a strong entity-tag. 482 o SHOULD send a Last-Modified value if it is feasible to send one, 483 unless the risk of a breakdown in semantic transparency that could 484 result from using this date in an If-Modified-Since header would 485 lead to serious problems. 487 In other words, the preferred behavior for an HTTP/1.1 origin server 488 is to send both a strong entity-tag and a Last-Modified value. 490 In order to be legal, a strong entity-tag MUST change whenever the 491 associated representation changes in any way. A weak entity-tag 492 SHOULD change whenever the associated representation changes in a 493 semantically significant way. 495 Note: In order to provide semantically transparent caching, an 496 origin server must avoid reusing a specific strong entity-tag 497 value for two different representations, or reusing a specific 498 weak entity-tag value for two semantically different 499 representations. Cache entries might persist for arbitrarily long 500 periods, regardless of expiration times, so it might be 501 inappropriate to expect that a cache will never again attempt to 502 validate an entry using a validator that it obtained at some point 503 in the past. 505 HTTP/1.1 clients: 507 o MUST use that entity-tag in any cache-conditional request (using 508 If-Match or If-None-Match) if an entity-tag has been provided by 509 the origin server. 511 o SHOULD use the Last-Modified value in non-subrange cache- 512 conditional requests (using If-Modified-Since) if only a Last- 513 Modified value has been provided by the origin server. 515 o MAY use the Last-Modified value in subrange cache-conditional 516 requests (using If-Unmodified-Since) if only a Last-Modified value 517 has been provided by an HTTP/1.0 origin server. The user agent 518 SHOULD provide a way to disable this, in case of difficulty. 520 o SHOULD use both validators in cache-conditional requests if both 521 an entity-tag and a Last-Modified value have been provided by the 522 origin server. This allows both HTTP/1.0 and HTTP/1.1 caches to 523 respond appropriately. 525 An HTTP/1.1 origin server, upon receiving a conditional request that 526 includes both a Last-Modified date (e.g., in an If-Modified-Since or 527 If-Unmodified-Since header field) and one or more entity-tags (e.g., 528 in an If-Match, If-None-Match, or If-Range header field) as cache 529 validators, MUST NOT return a response status code of 304 (Not 530 Modified) unless doing so is consistent with all of the conditional 531 header fields in the request. 533 An HTTP/1.1 caching proxy, upon receiving a conditional request that 534 includes both a Last-Modified date and one or more entity-tags as 535 cache validators, MUST NOT return a locally cached response to the 536 client unless that cached response is consistent with all of the 537 conditional header fields in the request. 539 Note: The general principle behind these rules is that HTTP/1.1 540 servers and clients ought to transmit as much non-redundant 541 information as is available in their responses and requests. 542 HTTP/1.1 systems receiving this information will make the most 543 conservative assumptions about the validators they receive. 545 HTTP/1.0 clients and caches will ignore entity-tags. Generally, 546 last-modified values received or used by these systems will 547 support transparent and efficient caching, and so HTTP/1.1 origin 548 servers should provide Last-Modified values. In those rare cases 549 where the use of a Last-Modified value as a validator by an 550 HTTP/1.0 system could result in a serious problem, then HTTP/1.1 551 origin servers should not provide one. 553 6. Header Field Definitions 555 This section defines the syntax and semantics of HTTP/1.1 header 556 fields related to conditional requests. 558 6.1. ETag 560 The "ETag" response-header field provides the current value of the 561 entity-tag (see Section 2) for one representation of the target 562 resource. An entity-tag is intended for use as a resource-local 563 identifier for differentiating between representations of the same 564 resource that vary over time or via content negotiation (see 565 Section 4). 567 ETag = "ETag" ":" OWS ETag-v 568 ETag-v = entity-tag 570 Examples: 572 ETag: "xyzzy" 573 ETag: W/"xyzzy" 574 ETag: "" 576 An entity-tag provides an "opaque" cache validator that allows for 577 more reliable validation than modification dates in situations where 578 it is inconvenient to store modification dates, where the one-second 579 resolution of HTTP date values is not sufficient, or where the origin 580 server wishes to avoid certain paradoxes that might arise from the 581 use of modification dates. 583 The principle behind entity-tags is that only the service author 584 knows the semantics of a resource well enough to select an 585 appropriate cache validation mechanism, and the specification of any 586 validator comparison function more complex than byte-equality would 587 open up a can of worms. Thus, comparisons of any other headers 588 (except Last-Modified, for compatibility with HTTP/1.0) are never 589 used for purposes of validating a cache entry. 591 6.2. If-Match 593 The "If-Match" request-header field is used to make a request method 594 conditional. A client that has one or more representations 595 previously obtained from the resource can verify that one of those 596 representations is current by including a list of their associated 597 entity-tags in the If-Match header field. 599 This allows efficient updates of cached information with a minimum 600 amount of transaction overhead. It is also used when updating 601 resources, to prevent inadvertent modification of the wrong version 602 of a resource. As a special case, the value "*" matches any current 603 representation of the resource. 605 If-Match = "If-Match" ":" OWS If-Match-v 606 If-Match-v = "*" / 1#entity-tag 608 If any of the entity-tags match the entity-tag of the representation 609 that would have been returned in the response to a similar GET 610 request (without the If-Match header) on that resource, or if "*" is 611 given and any current representation exists for that resource, then 612 the server MAY perform the requested method as if the If-Match header 613 field did not exist. 615 If none of the entity-tags match, or if "*" is given and no current 616 representation exists, the server MUST NOT perform the requested 617 method, and MUST return a 412 (Precondition Failed) response. This 618 behavior is most useful when the client wants to prevent an updating 619 method, such as PUT, from modifying a resource that has changed since 620 the client last retrieved it. 622 If the request would, without the If-Match header field, result in 623 anything other than a 2xx or 412 status code, then the If-Match 624 header MUST be ignored. 626 The meaning of "If-Match: *" is that the method SHOULD be performed 627 if the representation selected by the origin server (or by a cache, 628 possibly using the Vary mechanism, see Section 3.5 of [Part6]) 629 exists, and MUST NOT be performed if the representation does not 630 exist. 632 A request intended to update a resource (e.g., a PUT) MAY include an 633 If-Match header field to signal that the request method MUST NOT be 634 applied if the representation corresponding to the If-Match value (a 635 single entity-tag) is no longer a representation of that resource. 636 This allows the user to indicate that they do not wish the request to 637 be successful if the resource has been changed without their 638 knowledge. Examples: 640 If-Match: "xyzzy" 641 If-Match: "xyzzy", "r2d2xxxx", "c3piozzzz" 642 If-Match: * 644 The result of a request having both an If-Match header field and 645 either an If-None-Match or an If-Modified-Since header fields is 646 undefined by this specification. 648 6.3. If-Modified-Since 650 The "If-Modified-Since" request-header field is used to make a 651 request method conditional by date: if the representation that would 652 have been transferred in a 200 response to a GET request has not been 653 modified since the time specified in this field, then do not perform 654 the method; instead, respond as detailed below. 656 If-Modified-Since = "If-Modified-Since" ":" OWS 657 If-Modified-Since-v 658 If-Modified-Since-v = HTTP-date 660 An example of the field is: 662 If-Modified-Since: Sat, 29 Oct 1994 19:43:31 GMT 664 A GET method with an If-Modified-Since header and no Range header 665 requests that the representation be transferred only if it has been 666 modified since the date given by the If-Modified-Since header. The 667 algorithm for determining this includes the following cases: 669 1. If the request would normally result in anything other than a 200 670 (OK) status code, or if the passed If-Modified-Since date is 671 invalid, the response is exactly the same as for a normal GET. A 672 date which is later than the server's current time is invalid. 674 2. If the representation has been modified since the If-Modified- 675 Since date, the response is exactly the same as for a normal GET. 677 3. If the representation has not been modified since a valid If- 678 Modified-Since date, the server SHOULD return a 304 (Not 679 Modified) response. 681 The purpose of this feature is to allow efficient updates of cached 682 information with a minimum amount of transaction overhead. 684 Note: The Range request-header field modifies the meaning of If- 685 Modified-Since; see Section 5.4 of [Part5] for full details. 687 Note: If-Modified-Since times are interpreted by the server, whose 688 clock might not be synchronized with the client. 690 Note: When handling an If-Modified-Since header field, some 691 servers will use an exact date comparison function, rather than a 692 less-than function, for deciding whether to send a 304 (Not 693 Modified) response. To get best results when sending an If- 694 Modified-Since header field for cache validation, clients are 695 advised to use the exact date string received in a previous Last- 696 Modified header field whenever possible. 698 Note: If a client uses an arbitrary date in the If-Modified-Since 699 header instead of a date taken from the Last-Modified header for 700 the same request, the client needs to be aware that this date is 701 interpreted in the server's understanding of time. Unsynchronized 702 clocks and rounding problems, due to the different encodings of 703 time between the client and server, are concerns. This includes 704 the possibility of race conditions if the document has changed 705 between the time it was first requested and the If-Modified-Since 706 date of a subsequent request, and the possibility of clock-skew- 707 related problems if the If-Modified-Since date is derived from the 708 client's clock without correction to the server's clock. 709 Corrections for different time bases between client and server are 710 at best approximate due to network latency. 712 The result of a request having both an If-Modified-Since header field 713 and either an If-Match or an If-Unmodified-Since header fields is 714 undefined by this specification. 716 6.4. If-None-Match 718 The "If-None-Match" request-header field is used to make a request 719 method conditional. A client that has one or more representations 720 previously obtained from the resource can verify that none of those 721 representations is current by including a list of their associated 722 entity-tags in the If-None-Match header field. 724 This allows efficient updates of cached information with a minimum 725 amount of transaction overhead. It is also used to prevent a method 726 (e.g., PUT) from inadvertently modifying an existing resource when 727 the client believes that the resource does not exist. 729 As a special case, the value "*" matches any current representation 730 of the resource. 732 If-None-Match = "If-None-Match" ":" OWS If-None-Match-v 733 If-None-Match-v = "*" / 1#entity-tag 735 If any of the entity-tags match the entity-tag of the representation 736 that would have been returned in the response to a similar GET 737 request (without the If-None-Match header) on that resource, or if 738 "*" is given and any current representation exists for that resource, 739 then the server MUST NOT perform the requested method, unless 740 required to do so because the resource's modification date fails to 741 match that supplied in an If-Modified-Since header field in the 742 request. Instead, if the request method was GET or HEAD, the server 743 SHOULD respond with a 304 (Not Modified) response, including the 744 cache-related header fields (particularly ETag) of one of the 745 representations that matched. For all other request methods, the 746 server MUST respond with a 412 (Precondition Failed) status code. 748 If none of the entity-tags match, then the server MAY perform the 749 requested method as if the If-None-Match header field did not exist, 750 but MUST also ignore any If-Modified-Since header field(s) in the 751 request. That is, if no entity-tags match, then the server MUST NOT 752 return a 304 (Not Modified) response. 754 If the request would, without the If-None-Match header field, result 755 in anything other than a 2xx or 304 status code, then the If-None- 756 Match header MUST be ignored. (See Section 5 for a discussion of 757 server behavior when both If-Modified-Since and If-None-Match appear 758 in the same request.) 759 The meaning of "If-None-Match: *" is that the method MUST NOT be 760 performed if the representation selected by the origin server (or by 761 a cache, possibly using the Vary mechanism, see Section 3.5 of 762 [Part6]) exists, and SHOULD be performed if the representation does 763 not exist. This feature is intended to be useful in preventing races 764 between PUT operations. 766 Examples: 768 If-None-Match: "xyzzy" 769 If-None-Match: W/"xyzzy" 770 If-None-Match: "xyzzy", "r2d2xxxx", "c3piozzzz" 771 If-None-Match: W/"xyzzy", W/"r2d2xxxx", W/"c3piozzzz" 772 If-None-Match: * 774 The result of a request having both an If-None-Match header field and 775 either an If-Match or an If-Unmodified-Since header fields is 776 undefined by this specification. 778 6.5. If-Unmodified-Since 780 The "If-Unmodified-Since" request-header field is used to make a 781 request method conditional. If the representation that would have 782 been transferred in a 200 response to a GET request on the same 783 resource has not been modified since the time specified in this 784 field, the server SHOULD perform the requested operation as if the 785 If-Unmodified-Since header were not present. 787 If the representation has been modified since the specified time, the 788 server MUST NOT perform the requested operation, and MUST return a 789 412 (Precondition Failed). 791 If-Unmodified-Since = "If-Unmodified-Since" ":" OWS 792 If-Unmodified-Since-v 793 If-Unmodified-Since-v = HTTP-date 795 An example of the field is: 797 If-Unmodified-Since: Sat, 29 Oct 1994 19:43:31 GMT 799 If the request normally (i.e., without the If-Unmodified-Since 800 header) would result in anything other than a 2xx or 412 status code, 801 the If-Unmodified-Since header SHOULD be ignored. 803 If the specified date is invalid, the header is ignored. 805 The result of a request having both an If-Unmodified-Since header 806 field and either an If-None-Match or an If-Modified-Since header 807 fields is undefined by this specification. 809 6.6. Last-Modified 811 The "Last-Modified" header field indicates the date and time at which 812 the origin server believes the representation was last modified. 814 Last-Modified = "Last-Modified" ":" OWS Last-Modified-v 815 Last-Modified-v = HTTP-date 817 An example of its use is 819 Last-Modified: Tue, 15 Nov 1994 12:45:26 GMT 821 The exact meaning of this header field depends on the implementation 822 of the origin server and the nature of the original resource. For 823 files, it might be just the file system last-modified time. For 824 representations with dynamically included parts, it might be the most 825 recent of the set of last-modify times for its component parts. For 826 database gateways, it might be the last-update time stamp of the 827 record. For virtual objects, it might be the last time the internal 828 state changed. 830 An origin server MUST NOT send a Last-Modified date which is later 831 than the server's time of message origination. In such cases, where 832 the resource's last modification would indicate some time in the 833 future, the server MUST replace that date with the message 834 origination date. 836 An origin server SHOULD obtain the Last-Modified value of the 837 representation as close as possible to the time that it generates the 838 Date value of its response. This allows a recipient to make an 839 accurate assessment of the representation's modification time, 840 especially if the representation changes near the time that the 841 response is generated. 843 HTTP/1.1 servers SHOULD send Last-Modified whenever feasible. 845 The Last-Modified header field value is often used as a cache 846 validator. In simple terms, a cache entry is considered to be valid 847 if the representation has not been modified since the Last-Modified 848 value. 850 7. IANA Considerations 851 7.1. Status Code Registration 853 The HTTP Status Code Registry located at 854 shall be updated 855 with the registrations below: 857 +-------+---------------------+-------------+ 858 | Value | Description | Reference | 859 +-------+---------------------+-------------+ 860 | 304 | Not Modified | Section 3.1 | 861 | 412 | Precondition Failed | Section 3.2 | 862 +-------+---------------------+-------------+ 864 7.2. Header Field Registration 866 The Message Header Field Registry located at shall be 868 updated with the permanent registrations below (see [RFC3864]): 870 +---------------------+----------+----------+-------------+ 871 | Header Field Name | Protocol | Status | Reference | 872 +---------------------+----------+----------+-------------+ 873 | ETag | http | standard | Section 6.1 | 874 | If-Match | http | standard | Section 6.2 | 875 | If-Modified-Since | http | standard | Section 6.3 | 876 | If-None-Match | http | standard | Section 6.4 | 877 | If-Unmodified-Since | http | standard | Section 6.5 | 878 | Last-Modified | http | standard | Section 6.6 | 879 +---------------------+----------+----------+-------------+ 881 The change controller is: "IETF (iesg@ietf.org) - Internet 882 Engineering Task Force". 884 8. Security Considerations 886 No additional security considerations have been identified beyond 887 those applicable to HTTP in general [Part1]. 889 9. Acknowledgments 891 10. References 893 10.1. Normative References 895 [Part1] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H., 896 Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed., 897 and J. Reschke, Ed., "HTTP/1.1, part 1: URIs, Connections, 898 and Message Parsing", draft-ietf-httpbis-p1-messaging-11 899 (work in progress), August 2010. 901 [Part3] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H., 902 Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed., 903 and J. Reschke, Ed., "HTTP/1.1, part 3: Message Payload 904 and Content Negotiation", draft-ietf-httpbis-p3-payload-11 905 (work in progress), August 2010. 907 [Part5] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H., 908 Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed., 909 and J. Reschke, Ed., "HTTP/1.1, part 5: Range Requests and 910 Partial Responses", draft-ietf-httpbis-p5-range-11 (work 911 in progress), August 2010. 913 [Part6] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H., 914 Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed., 915 Nottingham, M., Ed., and J. Reschke, Ed., "HTTP/1.1, part 916 6: Caching", draft-ietf-httpbis-p6-cache-11 (work in 917 progress), August 2010. 919 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 920 Requirement Levels", BCP 14, RFC 2119, March 1997. 922 [RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax 923 Specifications: ABNF", STD 68, RFC 5234, January 2008. 925 10.2. Informative References 927 [RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., 928 Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext 929 Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999. 931 [RFC3864] Klyne, G., Nottingham, M., and J. Mogul, "Registration 932 Procedures for Message Header Fields", BCP 90, RFC 3864, 933 September 2004. 935 Appendix A. Changes from RFC 2616 937 Allow weak entity-tags in all requests except range requests 938 (Sections 4 and 6.4). 940 Appendix B. Collected ABNF 942 ETag = "ETag:" OWS ETag-v 943 ETag-v = entity-tag 945 HTTP-date = 947 If-Match = "If-Match:" OWS If-Match-v 948 If-Match-v = "*" / ( *( "," OWS ) entity-tag *( OWS "," [ OWS 949 entity-tag ] ) ) 950 If-Modified-Since = "If-Modified-Since:" OWS If-Modified-Since-v 951 If-Modified-Since-v = HTTP-date 952 If-None-Match = "If-None-Match:" OWS If-None-Match-v 953 If-None-Match-v = "*" / ( *( "," OWS ) entity-tag *( OWS "," [ OWS 954 entity-tag ] ) ) 955 If-Unmodified-Since = "If-Unmodified-Since:" OWS 956 If-Unmodified-Since-v 957 If-Unmodified-Since-v = HTTP-date 959 Last-Modified = "Last-Modified:" OWS Last-Modified-v 960 Last-Modified-v = HTTP-date 962 OWS = 964 entity-tag = [ weak ] opaque-tag 966 opaque-tag = quoted-string 968 quoted-string = 970 weak = %x57.2F ; W/ 972 ABNF diagnostics: 974 ; ETag defined but not used 975 ; If-Match defined but not used 976 ; If-Modified-Since defined but not used 977 ; If-None-Match defined but not used 978 ; If-Unmodified-Since defined but not used 979 ; Last-Modified defined but not used 981 Appendix C. Change Log (to be removed by RFC Editor before publication) 983 C.1. Since RFC2616 985 Extracted relevant partitions from [RFC2616]. 987 C.2. Since draft-ietf-httpbis-p4-conditional-00 989 Closed issues: 991 o : "Normative and 992 Informative references" 994 Other changes: 996 o Move definitions of 304 and 412 condition codes from Part2. 998 C.3. Since draft-ietf-httpbis-p4-conditional-01 1000 Ongoing work on ABNF conversion 1001 (): 1003 o Add explicit references to BNF syntax and rules imported from 1004 other parts of the specification. 1006 C.4. Since draft-ietf-httpbis-p4-conditional-02 1008 Closed issues: 1010 o : "Weak ETags on 1011 non-GET requests" 1013 Ongoing work on IANA Message Header Registration 1014 (): 1016 o Reference RFC 3984, and update header registrations for headers 1017 defined in this document. 1019 C.5. Since draft-ietf-httpbis-p4-conditional-03 1021 Closed issues: 1023 o : "Examples for 1024 ETag matching" 1026 o : "'entity 1027 value' undefined" 1029 o : "bogus 2068 1030 Date header reference" 1032 C.6. Since draft-ietf-httpbis-p4-conditional-04 1034 Ongoing work on ABNF conversion 1035 (): 1037 o Use "/" instead of "|" for alternatives. 1039 o Introduce new ABNF rules for "bad" whitespace ("BWS"), optional 1040 whitespace ("OWS") and required whitespace ("RWS"). 1042 o Rewrite ABNFs to spell out whitespace rules, factor out header 1043 value format definitions. 1045 C.7. Since draft-ietf-httpbis-p4-conditional-05 1047 Final work on ABNF conversion 1048 (): 1050 o Add appendix containing collected and expanded ABNF, reorganize 1051 ABNF introduction. 1053 C.8. Since draft-ietf-httpbis-p4-conditional-06 1055 Closed issues: 1057 o : "case- 1058 sensitivity of etag weakness indicator" 1060 C.9. Since draft-ietf-httpbis-p4-conditional-07 1062 Closed issues: 1064 o : "Weak ETags on 1065 non-GET requests" (If-Match still was defined to require strong 1066 matching) 1068 o : "move IANA 1069 registrations for optional status codes" 1071 C.10. Since draft-ietf-httpbis-p4-conditional-08 1073 No significant changes. 1075 C.11. Since draft-ietf-httpbis-p4-conditional-09 1077 No significant changes. 1079 C.12. Since draft-ietf-httpbis-p4-conditional-10 1081 Closed issues: 1083 o : "Clarify 1084 'Requested Variant'" 1086 o : "Clarify 1087 entity / representation / variant terminology" 1089 o : "consider 1090 removing the 'changes from 2068' sections" 1092 Index 1094 3 1095 304 Not Modified (status code) 7 1097 4 1098 412 Precondition Failed (status code) 7 1100 E 1101 ETag header 12 1103 G 1104 Grammar 1105 entity-tag 5 1106 ETag 12 1107 ETag-v 12 1108 If-Match 13 1109 If-Match-v 13 1110 If-Modified-Since 14 1111 If-Modified-Since-v 14 1112 If-None-Match 16 1113 If-None-Match-v 16 1114 If-Unmodified-Since 17 1115 If-Unmodified-Since-v 17 1116 Last-Modified 18 1117 Last-Modified-v 18 1118 opaque-tag 5 1119 weak 5 1121 H 1122 Headers 1123 ETag 12 1124 If-Match 13 1125 If-Modified-Since 14 1126 If-None-Match 16 1127 If-Unmodified-Since 17 1128 Last-Modified 18 1130 I 1131 If-Match header 13 1132 If-Modified-Since header 14 1133 If-None-Match header 16 1134 If-Unmodified-Since header 17 1136 L 1137 Last-Modified header 18 1139 S 1140 Status Codes 1141 304 Not Modified 7 1142 412 Precondition Failed 7 1144 Authors' Addresses 1146 Roy T. Fielding (editor) 1147 Day Software 1148 23 Corporate Plaza DR, Suite 280 1149 Newport Beach, CA 92660 1150 USA 1152 Phone: +1-949-706-5300 1153 Fax: +1-949-706-5305 1154 EMail: fielding@gbiv.com 1155 URI: http://roy.gbiv.com/ 1157 Jim Gettys 1158 Alcatel-Lucent Bell Labs 1159 21 Oak Knoll Road 1160 Carlisle, MA 01741 1161 USA 1163 EMail: jg@freedesktop.org 1164 URI: http://gettys.wordpress.com/ 1165 Jeffrey C. Mogul 1166 Hewlett-Packard Company 1167 HP Labs, Large Scale Systems Group 1168 1501 Page Mill Road, MS 1177 1169 Palo Alto, CA 94304 1170 USA 1172 EMail: JeffMogul@acm.org 1174 Henrik Frystyk Nielsen 1175 Microsoft Corporation 1176 1 Microsoft Way 1177 Redmond, WA 98052 1178 USA 1180 EMail: henrikn@microsoft.com 1182 Larry Masinter 1183 Adobe Systems, Incorporated 1184 345 Park Ave 1185 San Jose, CA 95110 1186 USA 1188 EMail: LMM@acm.org 1189 URI: http://larry.masinter.net/ 1191 Paul J. Leach 1192 Microsoft Corporation 1193 1 Microsoft Way 1194 Redmond, WA 98052 1196 EMail: paulle@microsoft.com 1198 Tim Berners-Lee 1199 World Wide Web Consortium 1200 MIT Computer Science and Artificial Intelligence Laboratory 1201 The Stata Center, Building 32 1202 32 Vassar Street 1203 Cambridge, MA 02139 1204 USA 1206 EMail: timbl@w3.org 1207 URI: http://www.w3.org/People/Berners-Lee/ 1208 Yves Lafon (editor) 1209 World Wide Web Consortium 1210 W3C / ERCIM 1211 2004, rte des Lucioles 1212 Sophia-Antipolis, AM 06902 1213 France 1215 EMail: ylafon@w3.org 1216 URI: http://www.raubacapeu.net/people/yves/ 1218 Julian F. Reschke (editor) 1219 greenbytes GmbH 1220 Hafenweg 16 1221 Muenster, NW 48155 1222 Germany 1224 Phone: +49 251 2807760 1225 Fax: +49 251 2807761 1226 EMail: julian.reschke@greenbytes.de 1227 URI: http://greenbytes.de/tech/webdav/