idnits 2.17.1 draft-ietf-httpbis-p4-conditional-12.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document seems to contain a disclaimer for pre-RFC5378 work, and may have content which was first submitted before 10 November 2008. The disclaimer is necessary when there are original authors that you have been unable to contact, or if some do not wish to grant the BCP78 rights to the IETF Trust. If you are able to get all authors (current and original) to grant those rights, you can and should remove the disclaimer; otherwise, the disclaimer is needed and you can ignore this comment. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (October 25, 2010) is 4925 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-26) exists of draft-ietf-httpbis-p1-messaging-12 == Outdated reference: A later version (-20) exists of draft-ietf-httpbis-p3-payload-12 == Outdated reference: A later version (-26) exists of draft-ietf-httpbis-p5-range-12 == Outdated reference: A later version (-26) exists of draft-ietf-httpbis-p6-cache-12 -- Obsolete informational reference (is this intentional?): RFC 2616 (Obsoleted by RFC 7230, RFC 7231, RFC 7232, RFC 7233, RFC 7234, RFC 7235) Summary: 0 errors (**), 0 flaws (~~), 5 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 HTTPbis Working Group R. Fielding, Ed. 3 Internet-Draft Day Software 4 Obsoletes: 2616 (if approved) J. Gettys 5 Intended status: Standards Track Alcatel-Lucent 6 Expires: April 28, 2011 J. Mogul 7 HP 8 H. Frystyk 9 Microsoft 10 L. Masinter 11 Adobe Systems 12 P. Leach 13 Microsoft 14 T. Berners-Lee 15 W3C/MIT 16 Y. Lafon, Ed. 17 W3C 18 J. Reschke, Ed. 19 greenbytes 20 October 25, 2010 22 HTTP/1.1, part 4: Conditional Requests 23 draft-ietf-httpbis-p4-conditional-12 25 Abstract 27 The Hypertext Transfer Protocol (HTTP) is an application-level 28 protocol for distributed, collaborative, hypermedia information 29 systems. HTTP has been in use by the World Wide Web global 30 information initiative since 1990. This document is Part 4 of the 31 seven-part specification that defines the protocol referred to as 32 "HTTP/1.1" and, taken together, obsoletes RFC 2616. Part 4 defines 33 request header fields for indicating conditional requests and the 34 rules for constructing responses to those requests. 36 Editorial Note (To be removed by RFC Editor) 38 Discussion of this draft should take place on the HTTPBIS working 39 group mailing list (ietf-http-wg@w3.org). The current issues list is 40 at and related 41 documents (including fancy diffs) can be found at 42 . 44 The changes in this draft are summarized in Appendix C.13. 46 Status of This Memo 48 This Internet-Draft is submitted in full conformance with the 49 provisions of BCP 78 and BCP 79. 51 Internet-Drafts are working documents of the Internet Engineering 52 Task Force (IETF). Note that other groups may also distribute 53 working documents as Internet-Drafts. The list of current Internet- 54 Drafts is at http://datatracker.ietf.org/drafts/current/. 56 Internet-Drafts are draft documents valid for a maximum of six months 57 and may be updated, replaced, or obsoleted by other documents at any 58 time. It is inappropriate to use Internet-Drafts as reference 59 material or to cite them other than as "work in progress." 61 This Internet-Draft will expire on April 28, 2011. 63 Copyright Notice 65 Copyright (c) 2010 IETF Trust and the persons identified as the 66 document authors. All rights reserved. 68 This document is subject to BCP 78 and the IETF Trust's Legal 69 Provisions Relating to IETF Documents 70 (http://trustee.ietf.org/license-info) in effect on the date of 71 publication of this document. Please review these documents 72 carefully, as they describe your rights and restrictions with respect 73 to this document. Code Components extracted from this document must 74 include Simplified BSD License text as described in Section 4.e of 75 the Trust Legal Provisions and are provided without warranty as 76 described in the Simplified BSD License. 78 This document may contain material from IETF Documents or IETF 79 Contributions published or made publicly available before November 80 10, 2008. The person(s) controlling the copyright in some of this 81 material may not have granted the IETF Trust the right to allow 82 modifications of such material outside the IETF Standards Process. 83 Without obtaining an adequate license from the person(s) controlling 84 the copyright in such materials, this document may not be modified 85 outside the IETF Standards Process, and derivative works of it may 86 not be created outside the IETF Standards Process, except to format 87 it for publication as an RFC or to translate it into languages other 88 than English. 90 Table of Contents 92 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 5 93 1.1. Requirements . . . . . . . . . . . . . . . . . . . . . . . 5 94 1.2. Syntax Notation . . . . . . . . . . . . . . . . . . . . . 5 95 1.2.1. Core Rules . . . . . . . . . . . . . . . . . . . . . . 6 96 1.2.2. ABNF Rules defined in other Parts of the 97 Specification . . . . . . . . . . . . . . . . . . . . 6 98 2. Entity-Tags . . . . . . . . . . . . . . . . . . . . . . . . . 6 99 2.1. Example: Entity-tags varying on Content-Negotiated 100 Resources . . . . . . . . . . . . . . . . . . . . . . . . 7 101 3. Status Code Definitions . . . . . . . . . . . . . . . . . . . 8 102 3.1. 304 Not Modified . . . . . . . . . . . . . . . . . . . . . 8 103 3.2. 412 Precondition Failed . . . . . . . . . . . . . . . . . 8 104 4. Weak and Strong Validators . . . . . . . . . . . . . . . . . . 9 105 5. Rules for When to Use Entity-tags and Last-Modified Dates . . 11 106 6. Header Field Definitions . . . . . . . . . . . . . . . . . . . 13 107 6.1. ETag . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 108 6.2. If-Match . . . . . . . . . . . . . . . . . . . . . . . . . 14 109 6.3. If-Modified-Since . . . . . . . . . . . . . . . . . . . . 15 110 6.4. If-None-Match . . . . . . . . . . . . . . . . . . . . . . 17 111 6.5. If-Unmodified-Since . . . . . . . . . . . . . . . . . . . 18 112 6.6. Last-Modified . . . . . . . . . . . . . . . . . . . . . . 19 113 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 19 114 7.1. Status Code Registration . . . . . . . . . . . . . . . . . 20 115 7.2. Header Field Registration . . . . . . . . . . . . . . . . 20 116 8. Security Considerations . . . . . . . . . . . . . . . . . . . 20 117 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 20 118 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 20 119 10.1. Normative References . . . . . . . . . . . . . . . . . . . 20 120 10.2. Informative References . . . . . . . . . . . . . . . . . . 21 121 Appendix A. Changes from RFC 2616 . . . . . . . . . . . . . . . . 21 122 Appendix B. Collected ABNF . . . . . . . . . . . . . . . . . . . 22 123 Appendix C. Change Log (to be removed by RFC Editor before 124 publication) . . . . . . . . . . . . . . . . . . . . 22 125 C.1. Since RFC 2616 . . . . . . . . . . . . . . . . . . . . . . 22 126 C.2. Since draft-ietf-httpbis-p4-conditional-00 . . . . . . . . 23 127 C.3. Since draft-ietf-httpbis-p4-conditional-01 . . . . . . . . 23 128 C.4. Since draft-ietf-httpbis-p4-conditional-02 . . . . . . . . 23 129 C.5. Since draft-ietf-httpbis-p4-conditional-03 . . . . . . . . 23 130 C.6. Since draft-ietf-httpbis-p4-conditional-04 . . . . . . . . 24 131 C.7. Since draft-ietf-httpbis-p4-conditional-05 . . . . . . . . 24 132 C.8. Since draft-ietf-httpbis-p4-conditional-06 . . . . . . . . 24 133 C.9. Since draft-ietf-httpbis-p4-conditional-07 . . . . . . . . 24 134 C.10. Since draft-ietf-httpbis-p4-conditional-08 . . . . . . . . 24 135 C.11. Since draft-ietf-httpbis-p4-conditional-09 . . . . . . . . 24 136 C.12. Since draft-ietf-httpbis-p4-conditional-10 . . . . . . . . 25 137 C.13. Since draft-ietf-httpbis-p4-conditional-11 . . . . . . . . 25 139 Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 141 1. Introduction 143 This document defines HTTP/1.1 response metadata for indicating 144 potential changes to payload content, including modification time 145 stamps and opaque entity-tags, and the HTTP conditional request 146 mechanisms that allow preconditions to be placed on a request method. 147 Conditional GET requests allow for efficient cache updates. Other 148 conditional request methods are used to protect against overwriting 149 or misunderstanding the state of a resource that has been changed 150 unbeknownst to the requesting client. 152 This document is currently disorganized in order to minimize the 153 changes between drafts and enable reviewers to see the smaller errata 154 changes. A future draft will reorganize the sections to better 155 reflect the content. In particular, the sections on resource 156 metadata will be discussed first and then followed by each 157 conditional request-header field, concluding with a definition of 158 precedence and the expectation of ordering strong validator checks 159 before weak validator checks. It is likely that more content from 160 [Part6] will migrate to this part, where appropriate. The current 161 mess reflects how widely dispersed these topics and associated 162 requirements had become in [RFC2616]. 164 1.1. Requirements 166 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 167 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 168 document are to be interpreted as described in [RFC2119]. 170 An implementation is not compliant if it fails to satisfy one or more 171 of the "MUST" or "REQUIRED" level requirements for the protocols it 172 implements. An implementation that satisfies all the "MUST" or 173 "REQUIRED" level and all the "SHOULD" level requirements for its 174 protocols is said to be "unconditionally compliant"; one that 175 satisfies all the "MUST" level requirements but not all the "SHOULD" 176 level requirements for its protocols is said to be "conditionally 177 compliant". 179 1.2. Syntax Notation 181 This specification uses the ABNF syntax defined in Section 1.2 of 182 [Part1] (which extends the syntax defined in [RFC5234] with a list 183 rule). Appendix B shows the collected ABNF, with the list rule 184 expanded. 186 The following core rules are included by reference, as defined in 187 [RFC5234], Appendix B.1: ALPHA (letters), CR (carriage return), CRLF 188 (CR LF), CTL (controls), DIGIT (decimal 0-9), DQUOTE (double quote), 189 HEXDIG (hexadecimal 0-9/A-F/a-f), LF (line feed), OCTET (any 8-bit 190 sequence of data), SP (space), VCHAR (any visible USASCII character), 191 and WSP (whitespace). 193 1.2.1. Core Rules 195 The core rules below are defined in Section 1.2.2 of [Part1]: 197 quoted-string = 198 OWS = 200 1.2.2. ABNF Rules defined in other Parts of the Specification 202 The ABNF rules below are defined in other parts: 204 HTTP-date = 206 2. Entity-Tags 208 Entity-tags are used for comparing two or more representations of the 209 same resource. HTTP/1.1 uses entity-tags in the ETag (Section 6.1), 210 If-Match (Section 6.2), If-None-Match (Section 6.4), and If-Range 211 (Section 5.3 of [Part5]) header fields. The definition of how they 212 are used and compared as cache validators is in Section 4. An 213 entity-tag consists of an opaque quoted string, possibly prefixed by 214 a weakness indicator. 216 entity-tag = [ weak ] opaque-tag 217 weak = %x57.2F ; "W/", case-sensitive 218 opaque-tag = quoted-string 220 A "strong entity-tag" MAY be shared by two representations of a 221 resource only if they are equivalent by octet equality. 223 A "weak entity-tag", indicated by the "W/" prefix, MAY be shared by 224 two representations of a resource only if the representations are 225 equivalent and could be substituted for each other with no 226 significant change in semantics. A weak entity-tag can only be used 227 for weak comparison. 229 An entity-tag MUST be unique across all versions of all 230 representations associated with a particular resource. A given 231 entity-tag value MAY be used for representations obtained by requests 232 on different URIs. The use of the same entity-tag value in 233 conjunction with representations obtained by requests on different 234 URIs does not imply the equivalence of those representations. 236 2.1. Example: Entity-tags varying on Content-Negotiated Resources 238 Consider a resource that is subject to content negotiation (Section 5 239 of [Part3]), and where the representations returned upon a GET 240 request vary based on the Accept-Encoding request header field 241 (Section 6.3 of [Part3]): 243 >> Request: 245 GET /index HTTP/1.1 246 Host: www.example.com 247 Accept-Encoding: gzip 249 In this case, the response might or might not use the gzip content 250 coding. If it does not, the response might look like: 252 >> Response: 254 HTTP/1.1 200 OK 255 Date: Thu, 26 Mar 2010 00:05:00 GMT 256 ETag: "123-a" 257 Content-Length: 70 258 Vary: Accept-Encoding 259 Content-Type: text/plain 261 Hello World! 262 Hello World! 263 Hello World! 264 Hello World! 265 Hello World! 267 An alternative representation that does use gzip content coding would 268 be: 270 >> Response: 272 HTTP/1.1 200 OK 273 Date: Thu, 26 Mar 2010 00:05:00 GMT 274 ETag: "123-b" 275 Content-Length: 43 276 Vary: Accept-Encoding 277 Content-Type: text/plain 278 Content-Encoding: gzip 280 ...binary data... 282 Note: Content codings are a property of the representation, so 283 therefore an entity-tag of an encoded representation must be 284 distinct from an unencoded representation to prevent conflicts 285 during cache updates and range requests. In contrast, transfer 286 codings (Section 6.2 of [Part1]) apply only during message 287 transfer and do not require distinct entity-tags. 289 3. Status Code Definitions 291 3.1. 304 Not Modified 293 If the client has performed a conditional GET request and access is 294 allowed, but the document has not been modified, the server SHOULD 295 respond with this status code. The 304 response MUST NOT contain a 296 message-body, and thus is always terminated by the first empty line 297 after the header fields. 299 A 304 response MUST include a Date header field (Section 9.3 of 300 [Part1]) unless its omission is required by Section 9.3.1 of [Part1]. 301 If a 200 response to the same request would have included any of the 302 header fields Cache-Control, Content-Location, ETag, Expires, Last- 303 Modified, or Vary, then those same header fields MUST be sent in a 304 304 response. 306 Since the goal of a 304 response is to minimize information transfer 307 when the recipient already has one or more cached representations, 308 the response SHOULD NOT include representation metadata other than 309 the above listed fields unless said metadata exists for the purpose 310 of guiding cache updates (e.g., future HTTP extensions). 312 If a 304 response includes an entity-tag that indicates a 313 representation not currently cached, then the recipient MUST NOT use 314 the 304 to update its own cache. If that conditional request 315 originated with an outbound client, such as a user agent with its own 316 cache sending a conditional GET to a shared proxy, then the 304 317 response MAY be forwarded to the outbound client. Otherwise, 318 disregard the response and repeat the request without the 319 conditional. 321 If a cache uses a received 304 response to update a cache entry, the 322 cache MUST update the entry to reflect any new field values given in 323 the response. 325 3.2. 412 Precondition Failed 327 The precondition given in one or more of the request-header fields 328 evaluated to false when it was tested on the server. This response 329 code allows the client to place preconditions on the current resource 330 metadata (header field data) and thus prevent the requested method 331 from being applied to a resource other than the one intended. 333 4. Weak and Strong Validators 335 Since both origin servers and caches will compare two validators to 336 decide if they represent the same or different representations, one 337 normally would expect that if the representation (including both 338 representation header fields and representation body) changes in any 339 way, then the associated validator would change as well. If this is 340 true, then we call this validator a "strong validator". 342 However, there might be cases when a server prefers to change the 343 validator only on semantically significant changes, and not when 344 insignificant aspects of the representation change. A validator that 345 does not always change when the representation changes is a "weak 346 validator". 348 An entity-tag is normally a strong validator, but the protocol 349 provides a mechanism to tag an entity-tag as "weak". One can think 350 of a strong validator as one that changes whenever the sequence of 351 bits in a representation changes, while a weak value changes whenever 352 the meaning of a representation changes. Alternatively, one can 353 think of a strong validator as part of an identifier for a specific 354 representation, whereas a weak validator is part of an identifier for 355 a set of semantically equivalent representations. 357 Note: One example of a strong validator is an integer that is 358 incremented in stable storage every time a representation is 359 changed. 361 A representation's modification time, if defined with only one- 362 second resolution, could be a weak validator, since it is possible 363 that the representation might be modified twice during a single 364 second. 366 Support for weak validators is optional. However, weak validators 367 allow for more efficient caching of equivalent objects; for 368 example, a hit counter on a site is probably good enough if it is 369 updated every few days or weeks, and any value during that period 370 is likely "good enough" to be equivalent. 372 A "use" of a validator is either when a client generates a request 373 and includes the validator in a validating header field, or when a 374 server compares two validators. 376 Strong validators are usable in any context. Weak validators are 377 only usable in contexts that do not depend on exact equality of a 378 representation. For example, either kind is usable for a normal 379 conditional GET. However, only a strong validator is usable for a 380 sub-range retrieval, since otherwise the client might end up with an 381 internally inconsistent representation. 383 Clients MUST NOT use weak validators in range requests ([Part5]). 385 The only function that HTTP/1.1 defines on validators is comparison. 386 There are two validator comparison functions, depending on whether 387 the comparison context allows the use of weak validators or not: 389 o The strong comparison function: in order to be considered equal, 390 both opaque-tags MUST be identical character-by-character, and 391 both MUST NOT be weak. 393 o The weak comparison function: in order to be considered equal, 394 both opaque-tags MUST be identical character-by-character, but 395 either or both of them MAY be tagged as "weak" without affecting 396 the result. 398 The example below shows the results for a set of entity-tag pairs, 399 and both the weak and strong comparison function results: 401 +--------+--------+-------------------+-----------------+ 402 | ETag 1 | ETag 2 | Strong Comparison | Weak Comparison | 403 +--------+--------+-------------------+-----------------+ 404 | W/"1" | W/"1" | no match | match | 405 | W/"1" | W/"2" | no match | no match | 406 | W/"1" | "1" | no match | match | 407 | "1" | "1" | match | match | 408 +--------+--------+-------------------+-----------------+ 410 An entity-tag is strong unless it is explicitly tagged as weak. 411 Section 2 gives the syntax for entity-tags. 413 A Last-Modified time, when used as a validator in a request, is 414 implicitly weak unless it is possible to deduce that it is strong, 415 using the following rules: 417 o The validator is being compared by an origin server to the actual 418 current validator for the representation and, 420 o That origin server reliably knows that the associated 421 representation did not change twice during the second covered by 422 the presented validator. 424 or 425 o The validator is about to be used by a client in an If-Modified- 426 Since or If-Unmodified-Since header field, because the client has 427 a cache entry for the associated representation, and 429 o That cache entry includes a Date value, which gives the time when 430 the origin server sent the original response, and 432 o The presented Last-Modified time is at least 60 seconds before the 433 Date value. 435 or 437 o The validator is being compared by an intermediate cache to the 438 validator stored in its cache entry for the representation, and 440 o That cache entry includes a Date value, which gives the time when 441 the origin server sent the original response, and 443 o The presented Last-Modified time is at least 60 seconds before the 444 Date value. 446 This method relies on the fact that if two different responses were 447 sent by the origin server during the same second, but both had the 448 same Last-Modified time, then at least one of those responses would 449 have a Date value equal to its Last-Modified time. The arbitrary 60- 450 second limit guards against the possibility that the Date and Last- 451 Modified values are generated from different clocks, or at somewhat 452 different times during the preparation of the response. An 453 implementation MAY use a value larger than 60 seconds, if it is 454 believed that 60 seconds is too short. 456 If a client wishes to perform a sub-range retrieval on a value for 457 which it has only a Last-Modified time and no opaque validator, it 458 MAY do this only if the Last-Modified time is strong in the sense 459 described here. 461 A cache or origin server receiving a conditional range request 462 ([Part5]) MUST use the strong comparison function to evaluate the 463 condition. 465 These rules allow HTTP/1.1 caches and clients to safely perform sub- 466 range retrievals on values that have been obtained from HTTP/1.0 467 servers. 469 5. Rules for When to Use Entity-tags and Last-Modified Dates 471 We adopt a set of rules and recommendations for origin servers, 472 clients, and caches regarding when various validator types ought to 473 be used, and for what purposes. 475 HTTP/1.1 origin servers: 477 o SHOULD send an entity-tag validator unless it is not feasible to 478 generate one. 480 o MAY send a weak entity-tag instead of a strong entity-tag, if 481 performance considerations support the use of weak entity-tags, or 482 if it is unfeasible to send a strong entity-tag. 484 o SHOULD send a Last-Modified value if it is feasible to send one, 485 unless the risk of a breakdown in semantic transparency that could 486 result from using this date in an If-Modified-Since header field 487 would lead to serious problems. 489 In other words, the preferred behavior for an HTTP/1.1 origin server 490 is to send both a strong entity-tag and a Last-Modified value. 492 In order to be legal, a strong entity-tag MUST change whenever the 493 associated representation changes in any way. A weak entity-tag 494 SHOULD change whenever the associated representation changes in a 495 semantically significant way. 497 Note: In order to provide semantically transparent caching, an 498 origin server must avoid reusing a specific strong entity-tag 499 value for two different representations, or reusing a specific 500 weak entity-tag value for two semantically different 501 representations. Cache entries might persist for arbitrarily long 502 periods, regardless of expiration times, so it might be 503 inappropriate to expect that a cache will never again attempt to 504 validate an entry using a validator that it obtained at some point 505 in the past. 507 HTTP/1.1 clients: 509 o MUST use that entity-tag in any cache-conditional request (using 510 If-Match or If-None-Match) if an entity-tag has been provided by 511 the origin server. 513 o SHOULD use the Last-Modified value in non-subrange cache- 514 conditional requests (using If-Modified-Since) if only a Last- 515 Modified value has been provided by the origin server. 517 o MAY use the Last-Modified value in subrange cache-conditional 518 requests (using If-Unmodified-Since) if only a Last-Modified value 519 has been provided by an HTTP/1.0 origin server. The user agent 520 SHOULD provide a way to disable this, in case of difficulty. 522 o SHOULD use both validators in cache-conditional requests if both 523 an entity-tag and a Last-Modified value have been provided by the 524 origin server. This allows both HTTP/1.0 and HTTP/1.1 caches to 525 respond appropriately. 527 An HTTP/1.1 origin server, upon receiving a conditional request that 528 includes both a Last-Modified date (e.g., in an If-Modified-Since or 529 If-Unmodified-Since header field) and one or more entity-tags (e.g., 530 in an If-Match, If-None-Match, or If-Range header field) as cache 531 validators, MUST NOT return a response status code of 304 (Not 532 Modified) unless doing so is consistent with all of the conditional 533 header fields in the request. 535 An HTTP/1.1 caching proxy, upon receiving a conditional request that 536 includes both a Last-Modified date and one or more entity-tags as 537 cache validators, MUST NOT return a locally cached response to the 538 client unless that cached response is consistent with all of the 539 conditional header fields in the request. 541 Note: The general principle behind these rules is that HTTP/1.1 542 servers and clients ought to transmit as much non-redundant 543 information as is available in their responses and requests. 544 HTTP/1.1 systems receiving this information will make the most 545 conservative assumptions about the validators they receive. 547 HTTP/1.0 clients and caches will ignore entity-tags. Generally, 548 last-modified values received or used by these systems will 549 support transparent and efficient caching, and so HTTP/1.1 origin 550 servers should provide Last-Modified values. In those rare cases 551 where the use of a Last-Modified value as a validator by an 552 HTTP/1.0 system could result in a serious problem, then HTTP/1.1 553 origin servers should not provide one. 555 6. Header Field Definitions 557 This section defines the syntax and semantics of HTTP/1.1 header 558 fields related to conditional requests. 560 6.1. ETag 562 The "ETag" response-header field provides the current value of the 563 entity-tag (see Section 2) for one representation of the target 564 resource. An entity-tag is intended for use as a resource-local 565 identifier for differentiating between representations of the same 566 resource that vary over time or via content negotiation (see 567 Section 4). 569 ETag = "ETag" ":" OWS ETag-v 570 ETag-v = entity-tag 572 Examples: 574 ETag: "xyzzy" 575 ETag: W/"xyzzy" 576 ETag: "" 578 An entity-tag provides an "opaque" cache validator that allows for 579 more reliable validation than modification dates in situations where 580 it is inconvenient to store modification dates, where the one-second 581 resolution of HTTP date values is not sufficient, or where the origin 582 server wishes to avoid certain paradoxes that might arise from the 583 use of modification dates. 585 The principle behind entity-tags is that only the service author 586 knows the semantics of a resource well enough to select an 587 appropriate cache validation mechanism, and the specification of any 588 validator comparison function more complex than byte-equality would 589 open up a can of worms. Thus, comparisons of any other header fields 590 (except Last-Modified, for compatibility with HTTP/1.0) are never 591 used for purposes of validating a cache entry. 593 6.2. If-Match 595 The "If-Match" request-header field is used to make a request method 596 conditional. A client that has one or more representations 597 previously obtained from the resource can verify that one of those 598 representations is current by including a list of their associated 599 entity-tags in the If-Match header field. 601 This allows efficient updates of cached information with a minimum 602 amount of transaction overhead. It is also used when updating 603 resources, to prevent inadvertent modification of the wrong version 604 of a resource. As a special case, the value "*" matches any current 605 representation of the resource. 607 If-Match = "If-Match" ":" OWS If-Match-v 608 If-Match-v = "*" / 1#entity-tag 610 If any of the entity-tags match the entity-tag of the representation 611 that would have been returned in the response to a similar GET 612 request (without the If-Match header field) on that resource, or if 613 "*" is given and any current representation exists for that resource, 614 then the server MAY perform the requested method as if the If-Match 615 header field did not exist. 617 If none of the entity-tags match, or if "*" is given and no current 618 representation exists, the server MUST NOT perform the requested 619 method, and MUST return a 412 (Precondition Failed) response. This 620 behavior is most useful when the client wants to prevent an updating 621 method, such as PUT, from modifying a resource that has changed since 622 the client last retrieved it. 624 If the request would, without the If-Match header field, result in 625 anything other than a 2xx or 412 status code, then the If-Match 626 header field MUST be ignored. 628 The meaning of "If-Match: *" is that the method SHOULD be performed 629 if the representation selected by the origin server (or by a cache, 630 possibly using the Vary mechanism, see Section 3.5 of [Part6]) 631 exists, and MUST NOT be performed if the representation does not 632 exist. 634 A request intended to update a resource (e.g., a PUT) MAY include an 635 If-Match header field to signal that the request method MUST NOT be 636 applied if the representation corresponding to the If-Match value (a 637 single entity-tag) is no longer a representation of that resource. 638 This allows the user to indicate that they do not wish the request to 639 be successful if the resource has been changed without their 640 knowledge. Examples: 642 If-Match: "xyzzy" 643 If-Match: "xyzzy", "r2d2xxxx", "c3piozzzz" 644 If-Match: * 646 The result of a request having both an If-Match header field and 647 either an If-None-Match or an If-Modified-Since header fields is 648 undefined by this specification. 650 6.3. If-Modified-Since 652 The "If-Modified-Since" request-header field is used to make a 653 request method conditional by date: if the representation that would 654 have been transferred in a 200 response to a GET request has not been 655 modified since the time specified in this field, then do not perform 656 the method; instead, respond as detailed below. 658 If-Modified-Since = "If-Modified-Since" ":" OWS 659 If-Modified-Since-v 660 If-Modified-Since-v = HTTP-date 662 An example of the field is: 664 If-Modified-Since: Sat, 29 Oct 1994 19:43:31 GMT 666 A GET method with an If-Modified-Since header field and no Range 667 header field requests that the representation be transferred only if 668 it has been modified since the date given by the If-Modified-Since 669 header field. The algorithm for determining this includes the 670 following cases: 672 1. If the request would normally result in anything other than a 200 673 (OK) status code, or if the passed If-Modified-Since date is 674 invalid, the response is exactly the same as for a normal GET. A 675 date which is later than the server's current time is invalid. 677 2. If the representation has been modified since the If-Modified- 678 Since date, the response is exactly the same as for a normal GET. 680 3. If the representation has not been modified since a valid If- 681 Modified-Since date, the server SHOULD return a 304 (Not 682 Modified) response. 684 The purpose of this feature is to allow efficient updates of cached 685 information with a minimum amount of transaction overhead. 687 Note: The Range request-header field modifies the meaning of If- 688 Modified-Since; see Section 5.4 of [Part5] for full details. 690 Note: If-Modified-Since times are interpreted by the server, whose 691 clock might not be synchronized with the client. 693 Note: When handling an If-Modified-Since header field, some 694 servers will use an exact date comparison function, rather than a 695 less-than function, for deciding whether to send a 304 (Not 696 Modified) response. To get best results when sending an If- 697 Modified-Since header field for cache validation, clients are 698 advised to use the exact date string received in a previous Last- 699 Modified header field whenever possible. 701 Note: If a client uses an arbitrary date in the If-Modified-Since 702 header field instead of a date taken from the Last-Modified header 703 field for the same request, the client needs to be aware that this 704 date is interpreted in the server's understanding of time. 705 Unsynchronized clocks and rounding problems, due to the different 706 encodings of time between the client and server, are concerns. 707 This includes the possibility of race conditions if the document 708 has changed between the time it was first requested and the If- 709 Modified-Since date of a subsequent request, and the possibility 710 of clock-skew-related problems if the If-Modified-Since date is 711 derived from the client's clock without correction to the server's 712 clock. Corrections for different time bases between client and 713 server are at best approximate due to network latency. 715 The result of a request having both an If-Modified-Since header field 716 and either an If-Match or an If-Unmodified-Since header fields is 717 undefined by this specification. 719 6.4. If-None-Match 721 The "If-None-Match" request-header field is used to make a request 722 method conditional. A client that has one or more representations 723 previously obtained from the resource can verify that none of those 724 representations is current by including a list of their associated 725 entity-tags in the If-None-Match header field. 727 This allows efficient updates of cached information with a minimum 728 amount of transaction overhead. It is also used to prevent a method 729 (e.g., PUT) from inadvertently modifying an existing resource when 730 the client believes that the resource does not exist. 732 As a special case, the value "*" matches any current representation 733 of the resource. 735 If-None-Match = "If-None-Match" ":" OWS If-None-Match-v 736 If-None-Match-v = "*" / 1#entity-tag 738 If any of the entity-tags match the entity-tag of the representation 739 that would have been returned in the response to a similar GET 740 request (without the If-None-Match header field) on that resource, or 741 if "*" is given and any current representation exists for that 742 resource, then the server MUST NOT perform the requested method, 743 unless required to do so because the resource's modification date 744 fails to match that supplied in an If-Modified-Since header field in 745 the request. Instead, if the request method was GET or HEAD, the 746 server SHOULD respond with a 304 (Not Modified) response, including 747 the cache-related header fields (particularly ETag) of one of the 748 representations that matched. For all other request methods, the 749 server MUST respond with a 412 (Precondition Failed) status code. 751 If none of the entity-tags match, then the server MAY perform the 752 requested method as if the If-None-Match header field did not exist, 753 but MUST also ignore any If-Modified-Since header field(s) in the 754 request. That is, if no entity-tags match, then the server MUST NOT 755 return a 304 (Not Modified) response. 757 If the request would, without the If-None-Match header field, result 758 in anything other than a 2xx or 304 status code, then the If-None- 759 Match header field MUST be ignored. (See Section 5 for a discussion 760 of server behavior when both If-Modified-Since and If-None-Match 761 appear in the same request.) 762 The meaning of "If-None-Match: *" is that the method MUST NOT be 763 performed if the representation selected by the origin server (or by 764 a cache, possibly using the Vary mechanism, see Section 3.5 of 765 [Part6]) exists, and SHOULD be performed if the representation does 766 not exist. This feature is intended to be useful in preventing races 767 between PUT operations. 769 Examples: 771 If-None-Match: "xyzzy" 772 If-None-Match: W/"xyzzy" 773 If-None-Match: "xyzzy", "r2d2xxxx", "c3piozzzz" 774 If-None-Match: W/"xyzzy", W/"r2d2xxxx", W/"c3piozzzz" 775 If-None-Match: * 777 The result of a request having both an If-None-Match header field and 778 either an If-Match or an If-Unmodified-Since header fields is 779 undefined by this specification. 781 6.5. If-Unmodified-Since 783 The "If-Unmodified-Since" request-header field is used to make a 784 request method conditional. If the representation that would have 785 been transferred in a 200 response to a GET request on the same 786 resource has not been modified since the time specified in this 787 field, the server SHOULD perform the requested operation as if the 788 If-Unmodified-Since header field were not present. 790 If the representation has been modified since the specified time, the 791 server MUST NOT perform the requested operation, and MUST return a 792 412 (Precondition Failed). 794 If-Unmodified-Since = "If-Unmodified-Since" ":" OWS 795 If-Unmodified-Since-v 796 If-Unmodified-Since-v = HTTP-date 798 An example of the field is: 800 If-Unmodified-Since: Sat, 29 Oct 1994 19:43:31 GMT 802 If the request normally (i.e., without the If-Unmodified-Since header 803 field) would result in anything other than a 2xx or 412 status code, 804 the If-Unmodified-Since header field SHOULD be ignored. 806 If the specified date is invalid, the header field is ignored. 808 The result of a request having both an If-Unmodified-Since header 809 field and either an If-None-Match or an If-Modified-Since header 810 fields is undefined by this specification. 812 6.6. Last-Modified 814 The "Last-Modified" header field indicates the date and time at which 815 the origin server believes the representation was last modified. 817 Last-Modified = "Last-Modified" ":" OWS Last-Modified-v 818 Last-Modified-v = HTTP-date 820 An example of its use is 822 Last-Modified: Tue, 15 Nov 1994 12:45:26 GMT 824 The exact meaning of this header field depends on the implementation 825 of the origin server and the nature of the original resource. For 826 files, it might be just the file system last-modified time. For 827 representations with dynamically included parts, it might be the most 828 recent of the set of last-modify times for its component parts. For 829 database gateways, it might be the last-update time stamp of the 830 record. For virtual objects, it might be the last time the internal 831 state changed. 833 An origin server MUST NOT send a Last-Modified date which is later 834 than the server's time of message origination. In such cases, where 835 the resource's last modification would indicate some time in the 836 future, the server MUST replace that date with the message 837 origination date. 839 An origin server SHOULD obtain the Last-Modified value of the 840 representation as close as possible to the time that it generates the 841 Date value of its response. This allows a recipient to make an 842 accurate assessment of the representation's modification time, 843 especially if the representation changes near the time that the 844 response is generated. 846 HTTP/1.1 servers SHOULD send Last-Modified whenever feasible. 848 The Last-Modified header field value is often used as a cache 849 validator. In simple terms, a cache entry is considered to be valid 850 if the representation has not been modified since the Last-Modified 851 value. 853 7. IANA Considerations 854 7.1. Status Code Registration 856 The HTTP Status Code Registry located at 857 shall be updated 858 with the registrations below: 860 +-------+---------------------+-------------+ 861 | Value | Description | Reference | 862 +-------+---------------------+-------------+ 863 | 304 | Not Modified | Section 3.1 | 864 | 412 | Precondition Failed | Section 3.2 | 865 +-------+---------------------+-------------+ 867 7.2. Header Field Registration 869 The Message Header Field Registry located at shall be 871 updated with the permanent registrations below (see [RFC3864]): 873 +---------------------+----------+----------+-------------+ 874 | Header Field Name | Protocol | Status | Reference | 875 +---------------------+----------+----------+-------------+ 876 | ETag | http | standard | Section 6.1 | 877 | If-Match | http | standard | Section 6.2 | 878 | If-Modified-Since | http | standard | Section 6.3 | 879 | If-None-Match | http | standard | Section 6.4 | 880 | If-Unmodified-Since | http | standard | Section 6.5 | 881 | Last-Modified | http | standard | Section 6.6 | 882 +---------------------+----------+----------+-------------+ 884 The change controller is: "IETF (iesg@ietf.org) - Internet 885 Engineering Task Force". 887 8. Security Considerations 889 No additional security considerations have been identified beyond 890 those applicable to HTTP in general [Part1]. 892 9. Acknowledgments 894 10. References 896 10.1. Normative References 898 [Part1] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H., 899 Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed., 900 and J. Reschke, Ed., "HTTP/1.1, part 1: URIs, Connections, 901 and Message Parsing", draft-ietf-httpbis-p1-messaging-12 902 (work in progress), October 2010. 904 [Part3] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H., 905 Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed., 906 and J. Reschke, Ed., "HTTP/1.1, part 3: Message Payload 907 and Content Negotiation", draft-ietf-httpbis-p3-payload-12 908 (work in progress), October 2010. 910 [Part5] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H., 911 Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed., 912 and J. Reschke, Ed., "HTTP/1.1, part 5: Range Requests and 913 Partial Responses", draft-ietf-httpbis-p5-range-12 (work 914 in progress), October 2010. 916 [Part6] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H., 917 Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed., 918 Nottingham, M., Ed., and J. Reschke, Ed., "HTTP/1.1, part 919 6: Caching", draft-ietf-httpbis-p6-cache-12 (work in 920 progress), October 2010. 922 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 923 Requirement Levels", BCP 14, RFC 2119, March 1997. 925 [RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax 926 Specifications: ABNF", STD 68, RFC 5234, January 2008. 928 10.2. Informative References 930 [RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., 931 Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext 932 Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999. 934 [RFC3864] Klyne, G., Nottingham, M., and J. Mogul, "Registration 935 Procedures for Message Header Fields", BCP 90, RFC 3864, 936 September 2004. 938 Appendix A. Changes from RFC 2616 940 Allow weak entity-tags in all requests except range requests 941 (Sections 4 and 6.4). 943 Appendix B. Collected ABNF 945 ETag = "ETag:" OWS ETag-v 946 ETag-v = entity-tag 948 HTTP-date = 950 If-Match = "If-Match:" OWS If-Match-v 951 If-Match-v = "*" / ( *( "," OWS ) entity-tag *( OWS "," [ OWS 952 entity-tag ] ) ) 953 If-Modified-Since = "If-Modified-Since:" OWS If-Modified-Since-v 954 If-Modified-Since-v = HTTP-date 955 If-None-Match = "If-None-Match:" OWS If-None-Match-v 956 If-None-Match-v = "*" / ( *( "," OWS ) entity-tag *( OWS "," [ OWS 957 entity-tag ] ) ) 958 If-Unmodified-Since = "If-Unmodified-Since:" OWS 959 If-Unmodified-Since-v 960 If-Unmodified-Since-v = HTTP-date 962 Last-Modified = "Last-Modified:" OWS Last-Modified-v 963 Last-Modified-v = HTTP-date 965 OWS = 967 entity-tag = [ weak ] opaque-tag 969 opaque-tag = quoted-string 971 quoted-string = 973 weak = %x57.2F ; W/ 975 ABNF diagnostics: 977 ; ETag defined but not used 978 ; If-Match defined but not used 979 ; If-Modified-Since defined but not used 980 ; If-None-Match defined but not used 981 ; If-Unmodified-Since defined but not used 982 ; Last-Modified defined but not used 984 Appendix C. Change Log (to be removed by RFC Editor before publication) 986 C.1. Since RFC 2616 988 Extracted relevant partitions from [RFC2616]. 990 C.2. Since draft-ietf-httpbis-p4-conditional-00 992 Closed issues: 994 o : "Normative and 995 Informative references" 997 Other changes: 999 o Move definitions of 304 and 412 condition codes from Part2. 1001 C.3. Since draft-ietf-httpbis-p4-conditional-01 1003 Ongoing work on ABNF conversion 1004 (): 1006 o Add explicit references to BNF syntax and rules imported from 1007 other parts of the specification. 1009 C.4. Since draft-ietf-httpbis-p4-conditional-02 1011 Closed issues: 1013 o : "Weak ETags on 1014 non-GET requests" 1016 Ongoing work on IANA Message Header Field Registration 1017 (): 1019 o Reference RFC 3984, and update header field registrations for 1020 header fields defined in this document. 1022 C.5. Since draft-ietf-httpbis-p4-conditional-03 1024 Closed issues: 1026 o : "Examples for 1027 ETag matching" 1029 o : "'entity 1030 value' undefined" 1032 o : "bogus 2068 1033 Date header reference" 1035 C.6. Since draft-ietf-httpbis-p4-conditional-04 1037 Ongoing work on ABNF conversion 1038 (): 1040 o Use "/" instead of "|" for alternatives. 1042 o Introduce new ABNF rules for "bad" whitespace ("BWS"), optional 1043 whitespace ("OWS") and required whitespace ("RWS"). 1045 o Rewrite ABNFs to spell out whitespace rules, factor out header 1046 field value format definitions. 1048 C.7. Since draft-ietf-httpbis-p4-conditional-05 1050 Final work on ABNF conversion 1051 (): 1053 o Add appendix containing collected and expanded ABNF, reorganize 1054 ABNF introduction. 1056 C.8. Since draft-ietf-httpbis-p4-conditional-06 1058 Closed issues: 1060 o : "case- 1061 sensitivity of etag weakness indicator" 1063 C.9. Since draft-ietf-httpbis-p4-conditional-07 1065 Closed issues: 1067 o : "Weak ETags on 1068 non-GET requests" (If-Match still was defined to require strong 1069 matching) 1071 o : "move IANA 1072 registrations for optional status codes" 1074 C.10. Since draft-ietf-httpbis-p4-conditional-08 1076 No significant changes. 1078 C.11. Since draft-ietf-httpbis-p4-conditional-09 1080 No significant changes. 1082 C.12. Since draft-ietf-httpbis-p4-conditional-10 1084 Closed issues: 1086 o : "Clarify 1087 'Requested Variant'" 1089 o : "Clarify 1090 entity / representation / variant terminology" 1092 o : "consider 1093 removing the 'changes from 2068' sections" 1095 C.13. Since draft-ietf-httpbis-p4-conditional-11 1097 None. 1099 Index 1101 3 1102 304 Not Modified (status code) 8 1104 4 1105 412 Precondition Failed (status code) 8 1107 E 1108 ETag header 13 1110 G 1111 Grammar 1112 entity-tag 6 1113 ETag 13 1114 ETag-v 13 1115 If-Match 14 1116 If-Match-v 14 1117 If-Modified-Since 15 1118 If-Modified-Since-v 15 1119 If-None-Match 17 1120 If-None-Match-v 17 1121 If-Unmodified-Since 18 1122 If-Unmodified-Since-v 18 1123 Last-Modified 19 1124 Last-Modified-v 19 1125 opaque-tag 6 1126 weak 6 1128 H 1129 Headers 1130 ETag 13 1131 If-Match 14 1132 If-Modified-Since 15 1133 If-None-Match 17 1134 If-Unmodified-Since 18 1135 Last-Modified 19 1137 I 1138 If-Match header 14 1139 If-Modified-Since header 15 1140 If-None-Match header 17 1141 If-Unmodified-Since header 18 1143 L 1144 Last-Modified header 19 1146 S 1147 Status Codes 1148 304 Not Modified 8 1149 412 Precondition Failed 8 1151 Authors' Addresses 1153 Roy T. Fielding (editor) 1154 Day Software 1155 23 Corporate Plaza DR, Suite 280 1156 Newport Beach, CA 92660 1157 USA 1159 Phone: +1-949-706-5300 1160 Fax: +1-949-706-5305 1161 EMail: fielding@gbiv.com 1162 URI: http://roy.gbiv.com/ 1164 Jim Gettys 1165 Alcatel-Lucent Bell Labs 1166 21 Oak Knoll Road 1167 Carlisle, MA 01741 1168 USA 1170 EMail: jg@freedesktop.org 1171 URI: http://gettys.wordpress.com/ 1172 Jeffrey C. Mogul 1173 Hewlett-Packard Company 1174 HP Labs, Large Scale Systems Group 1175 1501 Page Mill Road, MS 1177 1176 Palo Alto, CA 94304 1177 USA 1179 EMail: JeffMogul@acm.org 1181 Henrik Frystyk Nielsen 1182 Microsoft Corporation 1183 1 Microsoft Way 1184 Redmond, WA 98052 1185 USA 1187 EMail: henrikn@microsoft.com 1189 Larry Masinter 1190 Adobe Systems, Incorporated 1191 345 Park Ave 1192 San Jose, CA 95110 1193 USA 1195 EMail: LMM@acm.org 1196 URI: http://larry.masinter.net/ 1198 Paul J. Leach 1199 Microsoft Corporation 1200 1 Microsoft Way 1201 Redmond, WA 98052 1203 EMail: paulle@microsoft.com 1205 Tim Berners-Lee 1206 World Wide Web Consortium 1207 MIT Computer Science and Artificial Intelligence Laboratory 1208 The Stata Center, Building 32 1209 32 Vassar Street 1210 Cambridge, MA 02139 1211 USA 1213 EMail: timbl@w3.org 1214 URI: http://www.w3.org/People/Berners-Lee/ 1215 Yves Lafon (editor) 1216 World Wide Web Consortium 1217 W3C / ERCIM 1218 2004, rte des Lucioles 1219 Sophia-Antipolis, AM 06902 1220 France 1222 EMail: ylafon@w3.org 1223 URI: http://www.raubacapeu.net/people/yves/ 1225 Julian F. Reschke (editor) 1226 greenbytes GmbH 1227 Hafenweg 16 1228 Muenster, NW 48155 1229 Germany 1231 Phone: +49 251 2807760 1232 Fax: +49 251 2807761 1233 EMail: julian.reschke@greenbytes.de 1234 URI: http://greenbytes.de/tech/webdav/