idnits 2.17.1 draft-ietf-httpbis-p4-conditional-13.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document seems to contain a disclaimer for pre-RFC5378 work, and may have content which was first submitted before 10 November 2008. The disclaimer is necessary when there are original authors that you have been unable to contact, or if some do not wish to grant the BCP78 rights to the IETF Trust. If you are able to get all authors (current and original) to grant those rights, you can and should remove the disclaimer; otherwise, the disclaimer is needed and you can ignore this comment. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (March 14, 2011) is 4791 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-26) exists of draft-ietf-httpbis-p1-messaging-13 == Outdated reference: A later version (-20) exists of draft-ietf-httpbis-p3-payload-13 == Outdated reference: A later version (-26) exists of draft-ietf-httpbis-p5-range-13 == Outdated reference: A later version (-26) exists of draft-ietf-httpbis-p6-cache-13 -- Obsolete informational reference (is this intentional?): RFC 2616 (Obsoleted by RFC 7230, RFC 7231, RFC 7232, RFC 7233, RFC 7234, RFC 7235) Summary: 0 errors (**), 0 flaws (~~), 5 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 HTTPbis Working Group R. Fielding, Ed. 3 Internet-Draft Adobe 4 Obsoletes: 2616 (if approved) J. Gettys 5 Intended status: Standards Track Alcatel-Lucent 6 Expires: September 15, 2011 J. Mogul 7 HP 8 H. Frystyk 9 Microsoft 10 L. Masinter 11 Adobe 12 P. Leach 13 Microsoft 14 T. Berners-Lee 15 W3C/MIT 16 Y. Lafon, Ed. 17 W3C 18 J. Reschke, Ed. 19 greenbytes 20 March 14, 2011 22 HTTP/1.1, part 4: Conditional Requests 23 draft-ietf-httpbis-p4-conditional-13 25 Abstract 27 The Hypertext Transfer Protocol (HTTP) is an application-level 28 protocol for distributed, collaborative, hypermedia information 29 systems. HTTP has been in use by the World Wide Web global 30 information initiative since 1990. This document is Part 4 of the 31 seven-part specification that defines the protocol referred to as 32 "HTTP/1.1" and, taken together, obsoletes RFC 2616. Part 4 defines 33 request header fields for indicating conditional requests and the 34 rules for constructing responses to those requests. 36 Editorial Note (To be removed by RFC Editor) 38 Discussion of this draft should take place on the HTTPBIS working 39 group mailing list (ietf-http-wg@w3.org). The current issues list is 40 at and related 41 documents (including fancy diffs) can be found at 42 . 44 The changes in this draft are summarized in Appendix C.14. 46 Status of This Memo 48 This Internet-Draft is submitted in full conformance with the 49 provisions of BCP 78 and BCP 79. 51 Internet-Drafts are working documents of the Internet Engineering 52 Task Force (IETF). Note that other groups may also distribute 53 working documents as Internet-Drafts. The list of current Internet- 54 Drafts is at http://datatracker.ietf.org/drafts/current/. 56 Internet-Drafts are draft documents valid for a maximum of six months 57 and may be updated, replaced, or obsoleted by other documents at any 58 time. It is inappropriate to use Internet-Drafts as reference 59 material or to cite them other than as "work in progress." 61 This Internet-Draft will expire on September 15, 2011. 63 Copyright Notice 65 Copyright (c) 2011 IETF Trust and the persons identified as the 66 document authors. All rights reserved. 68 This document is subject to BCP 78 and the IETF Trust's Legal 69 Provisions Relating to IETF Documents 70 (http://trustee.ietf.org/license-info) in effect on the date of 71 publication of this document. Please review these documents 72 carefully, as they describe your rights and restrictions with respect 73 to this document. Code Components extracted from this document must 74 include Simplified BSD License text as described in Section 4.e of 75 the Trust Legal Provisions and are provided without warranty as 76 described in the Simplified BSD License. 78 This document may contain material from IETF Documents or IETF 79 Contributions published or made publicly available before November 80 10, 2008. The person(s) controlling the copyright in some of this 81 material may not have granted the IETF Trust the right to allow 82 modifications of such material outside the IETF Standards Process. 83 Without obtaining an adequate license from the person(s) controlling 84 the copyright in such materials, this document may not be modified 85 outside the IETF Standards Process, and derivative works of it may 86 not be created outside the IETF Standards Process, except to format 87 it for publication as an RFC or to translate it into languages other 88 than English. 90 Table of Contents 92 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 5 93 1.1. Requirements . . . . . . . . . . . . . . . . . . . . . . . 5 94 1.2. Syntax Notation . . . . . . . . . . . . . . . . . . . . . 5 95 1.2.1. Core Rules . . . . . . . . . . . . . . . . . . . . . . 6 96 1.2.2. ABNF Rules defined in other Parts of the 97 Specification . . . . . . . . . . . . . . . . . . . . 6 98 2. Entity-Tags . . . . . . . . . . . . . . . . . . . . . . . . . 6 99 2.1. Example: Entity-tags varying on Content-Negotiated 100 Resources . . . . . . . . . . . . . . . . . . . . . . . . 7 101 3. Status Code Definitions . . . . . . . . . . . . . . . . . . . 8 102 3.1. 304 Not Modified . . . . . . . . . . . . . . . . . . . . . 8 103 3.2. 412 Precondition Failed . . . . . . . . . . . . . . . . . 8 104 4. Weak and Strong Validators . . . . . . . . . . . . . . . . . . 9 105 5. Rules for When to Use Entity-tags and Last-Modified Dates . . 11 106 6. Header Field Definitions . . . . . . . . . . . . . . . . . . . 13 107 6.1. ETag . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 108 6.2. If-Match . . . . . . . . . . . . . . . . . . . . . . . . . 14 109 6.3. If-Modified-Since . . . . . . . . . . . . . . . . . . . . 15 110 6.4. If-None-Match . . . . . . . . . . . . . . . . . . . . . . 17 111 6.5. If-Unmodified-Since . . . . . . . . . . . . . . . . . . . 18 112 6.6. Last-Modified . . . . . . . . . . . . . . . . . . . . . . 19 113 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 19 114 7.1. Status Code Registration . . . . . . . . . . . . . . . . . 19 115 7.2. Header Field Registration . . . . . . . . . . . . . . . . 20 116 8. Security Considerations . . . . . . . . . . . . . . . . . . . 20 117 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 20 118 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 20 119 10.1. Normative References . . . . . . . . . . . . . . . . . . . 20 120 10.2. Informative References . . . . . . . . . . . . . . . . . . 21 121 Appendix A. Changes from RFC 2616 . . . . . . . . . . . . . . . . 21 122 Appendix B. Collected ABNF . . . . . . . . . . . . . . . . . . . 22 123 Appendix C. Change Log (to be removed by RFC Editor before 124 publication) . . . . . . . . . . . . . . . . . . . . 22 125 C.1. Since RFC 2616 . . . . . . . . . . . . . . . . . . . . . . 22 126 C.2. Since draft-ietf-httpbis-p4-conditional-00 . . . . . . . . 23 127 C.3. Since draft-ietf-httpbis-p4-conditional-01 . . . . . . . . 23 128 C.4. Since draft-ietf-httpbis-p4-conditional-02 . . . . . . . . 23 129 C.5. Since draft-ietf-httpbis-p4-conditional-03 . . . . . . . . 23 130 C.6. Since draft-ietf-httpbis-p4-conditional-04 . . . . . . . . 24 131 C.7. Since draft-ietf-httpbis-p4-conditional-05 . . . . . . . . 24 132 C.8. Since draft-ietf-httpbis-p4-conditional-06 . . . . . . . . 24 133 C.9. Since draft-ietf-httpbis-p4-conditional-07 . . . . . . . . 24 134 C.10. Since draft-ietf-httpbis-p4-conditional-08 . . . . . . . . 24 135 C.11. Since draft-ietf-httpbis-p4-conditional-09 . . . . . . . . 24 136 C.12. Since draft-ietf-httpbis-p4-conditional-10 . . . . . . . . 25 137 C.13. Since draft-ietf-httpbis-p4-conditional-11 . . . . . . . . 25 138 C.14. Since draft-ietf-httpbis-p4-conditional-12 . . . . . . . . 25 139 Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 141 1. Introduction 143 This document defines HTTP/1.1 response metadata for indicating 144 potential changes to payload content, including modification time 145 stamps and opaque entity-tags, and the HTTP conditional request 146 mechanisms that allow preconditions to be placed on a request method. 147 Conditional GET requests allow for efficient cache updates. Other 148 conditional request methods are used to protect against overwriting 149 or misunderstanding the state of a resource that has been changed 150 unbeknownst to the requesting client. 152 This document is currently disorganized in order to minimize the 153 changes between drafts and enable reviewers to see the smaller errata 154 changes. A future draft will reorganize the sections to better 155 reflect the content. In particular, the sections on resource 156 metadata will be discussed first and then followed by each 157 conditional request header field, concluding with a definition of 158 precedence and the expectation of ordering strong validator checks 159 before weak validator checks. It is likely that more content from 160 [Part6] will migrate to this part, where appropriate. The current 161 mess reflects how widely dispersed these topics and associated 162 requirements had become in [RFC2616]. 164 1.1. Requirements 166 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 167 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 168 document are to be interpreted as described in [RFC2119]. 170 An implementation is not compliant if it fails to satisfy one or more 171 of the "MUST" or "REQUIRED" level requirements for the protocols it 172 implements. An implementation that satisfies all the "MUST" or 173 "REQUIRED" level and all the "SHOULD" level requirements for its 174 protocols is said to be "unconditionally compliant"; one that 175 satisfies all the "MUST" level requirements but not all the "SHOULD" 176 level requirements for its protocols is said to be "conditionally 177 compliant". 179 1.2. Syntax Notation 181 This specification uses the ABNF syntax defined in Section 1.2 of 182 [Part1] (which extends the syntax defined in [RFC5234] with a list 183 rule). Appendix B shows the collected ABNF, with the list rule 184 expanded. 186 The following core rules are included by reference, as defined in 187 [RFC5234], Appendix B.1: ALPHA (letters), CR (carriage return), CRLF 188 (CR LF), CTL (controls), DIGIT (decimal 0-9), DQUOTE (double quote), 189 HEXDIG (hexadecimal 0-9/A-F/a-f), LF (line feed), OCTET (any 8-bit 190 sequence of data), SP (space), VCHAR (any visible USASCII character), 191 and WSP (whitespace). 193 1.2.1. Core Rules 195 The core rules below are defined in Section 1.2.2 of [Part1]: 197 quoted-string = 198 OWS = 200 1.2.2. ABNF Rules defined in other Parts of the Specification 202 The ABNF rules below are defined in other parts: 204 HTTP-date = 206 2. Entity-Tags 208 Entity-tags are used for comparing two or more representations of the 209 same resource. HTTP/1.1 uses entity-tags in the ETag (Section 6.1), 210 If-Match (Section 6.2), If-None-Match (Section 6.4), and If-Range 211 (Section 5.3 of [Part5]) header fields. The definition of how they 212 are used and compared as cache validators is in Section 4. An 213 entity-tag consists of an opaque quoted string, possibly prefixed by 214 a weakness indicator. 216 entity-tag = [ weak ] opaque-tag 217 weak = %x57.2F ; "W/", case-sensitive 218 opaque-tag = quoted-string 220 A "strong entity-tag" MAY be shared by two representations of a 221 resource only if they are equivalent by octet equality. 223 A "weak entity-tag", indicated by the "W/" prefix, MAY be shared by 224 two representations of a resource only if the representations are 225 equivalent and could be substituted for each other with no 226 significant change in semantics. A weak entity-tag can only be used 227 for weak comparison. 229 An entity-tag MUST be unique across all versions of all 230 representations associated with a particular resource. A given 231 entity-tag value MAY be used for representations obtained by requests 232 on different URIs. The use of the same entity-tag value in 233 conjunction with representations obtained by requests on different 234 URIs does not imply the equivalence of those representations. 236 2.1. Example: Entity-tags varying on Content-Negotiated Resources 238 Consider a resource that is subject to content negotiation (Section 5 239 of [Part3]), and where the representations returned upon a GET 240 request vary based on the Accept-Encoding request header field 241 (Section 6.3 of [Part3]): 243 >> Request: 245 GET /index HTTP/1.1 246 Host: www.example.com 247 Accept-Encoding: gzip 249 In this case, the response might or might not use the gzip content 250 coding. If it does not, the response might look like: 252 >> Response: 254 HTTP/1.1 200 OK 255 Date: Thu, 26 Mar 2010 00:05:00 GMT 256 ETag: "123-a" 257 Content-Length: 70 258 Vary: Accept-Encoding 259 Content-Type: text/plain 261 Hello World! 262 Hello World! 263 Hello World! 264 Hello World! 265 Hello World! 267 An alternative representation that does use gzip content coding would 268 be: 270 >> Response: 272 HTTP/1.1 200 OK 273 Date: Thu, 26 Mar 2010 00:05:00 GMT 274 ETag: "123-b" 275 Content-Length: 43 276 Vary: Accept-Encoding 277 Content-Type: text/plain 278 Content-Encoding: gzip 280 ...binary data... 282 Note: Content codings are a property of the representation, so 283 therefore an entity-tag of an encoded representation must be 284 distinct from an unencoded representation to prevent conflicts 285 during cache updates and range requests. In contrast, transfer 286 codings (Section 6.2 of [Part1]) apply only during message 287 transfer and do not require distinct entity-tags. 289 3. Status Code Definitions 291 3.1. 304 Not Modified 293 If the client has performed a conditional GET request and access is 294 allowed, but the document has not been modified, the server SHOULD 295 respond with this status code. The 304 response MUST NOT contain a 296 message-body, and thus is always terminated by the first empty line 297 after the header fields. 299 A 304 response MUST include a Date header field (Section 9.3 of 300 [Part1]) unless its omission is required by Section 9.3.1 of [Part1]. 301 If a 200 response to the same request would have included any of the 302 header fields Cache-Control, Content-Location, ETag, Expires, Last- 303 Modified, or Vary, then those same header fields MUST be sent in a 304 304 response. 306 Since the goal of a 304 response is to minimize information transfer 307 when the recipient already has one or more cached representations, 308 the response SHOULD NOT include representation metadata other than 309 the above listed fields unless said metadata exists for the purpose 310 of guiding cache updates (e.g., future HTTP extensions). 312 If a 304 response includes an entity-tag that indicates a 313 representation not currently cached, then the recipient MUST NOT use 314 the 304 to update its own cache. If that conditional request 315 originated with an outbound client, such as a user agent with its own 316 cache sending a conditional GET to a shared proxy, then the 304 317 response MAY be forwarded to the outbound client. Otherwise, 318 disregard the response and repeat the request without the 319 conditional. 321 If a cache uses a received 304 response to update a cache entry, the 322 cache MUST update the entry to reflect any new field values given in 323 the response. 325 3.2. 412 Precondition Failed 327 The precondition given in one or more of the header fields evaluated 328 to false when it was tested on the server. This response code allows 329 the client to place preconditions on the current resource metadata 330 (header field data) and thus prevent the requested method from being 331 applied to a resource other than the one intended. 333 4. Weak and Strong Validators 335 Since both origin servers and caches will compare two validators to 336 decide if they represent the same or different representations, one 337 normally would expect that if the representation (including both 338 representation header fields and representation body) changes in any 339 way, then the associated validator would change as well. If this is 340 true, then we call this validator a "strong validator". 342 However, there might be cases when a server prefers to change the 343 validator only on semantically significant changes, and not when 344 insignificant aspects of the representation change. A validator that 345 does not always change when the representation changes is a "weak 346 validator". 348 An entity-tag is normally a strong validator, but the protocol 349 provides a mechanism to tag an entity-tag as "weak". One can think 350 of a strong validator as one that changes whenever the sequence of 351 bits in a representation changes, while a weak value changes whenever 352 the meaning of a representation changes. Alternatively, one can 353 think of a strong validator as part of an identifier for a specific 354 representation, whereas a weak validator is part of an identifier for 355 a set of semantically equivalent representations. 357 Note: One example of a strong validator is an integer that is 358 incremented in stable storage every time a representation is 359 changed. 361 A representation's modification time, if defined with only one- 362 second resolution, could be a weak validator, since it is possible 363 that the representation might be modified twice during a single 364 second. 366 Support for weak validators is optional. However, weak validators 367 allow for more efficient caching of equivalent objects; for 368 example, a hit counter on a site is probably good enough if it is 369 updated every few days or weeks, and any value during that period 370 is likely "good enough" to be equivalent. 372 A "use" of a validator is either when a client generates a request 373 and includes the validator in a validating header field, or when a 374 server compares two validators. 376 Strong validators are usable in any context. Weak validators are 377 only usable in contexts that do not depend on exact equality of a 378 representation. For example, either kind is usable for a normal 379 conditional GET. However, only a strong validator is usable for a 380 sub-range retrieval, since otherwise the client might end up with an 381 internally inconsistent representation. 383 Clients MUST NOT use weak validators in range requests ([Part5]). 385 The only function that HTTP/1.1 defines on validators is comparison. 386 There are two validator comparison functions, depending on whether 387 the comparison context allows the use of weak validators or not: 389 o The strong comparison function: in order to be considered equal, 390 both opaque-tags MUST be identical character-by-character, and 391 both MUST NOT be weak. 393 o The weak comparison function: in order to be considered equal, 394 both opaque-tags MUST be identical character-by-character, but 395 either or both of them MAY be tagged as "weak" without affecting 396 the result. 398 The example below shows the results for a set of entity-tag pairs, 399 and both the weak and strong comparison function results: 401 +--------+--------+-------------------+-----------------+ 402 | ETag 1 | ETag 2 | Strong Comparison | Weak Comparison | 403 +--------+--------+-------------------+-----------------+ 404 | W/"1" | W/"1" | no match | match | 405 | W/"1" | W/"2" | no match | no match | 406 | W/"1" | "1" | no match | match | 407 | "1" | "1" | match | match | 408 +--------+--------+-------------------+-----------------+ 410 An entity-tag is strong unless it is explicitly tagged as weak. 411 Section 2 gives the syntax for entity-tags. 413 A Last-Modified time, when used as a validator in a request, is 414 implicitly weak unless it is possible to deduce that it is strong, 415 using the following rules: 417 o The validator is being compared by an origin server to the actual 418 current validator for the representation and, 420 o That origin server reliably knows that the associated 421 representation did not change twice during the second covered by 422 the presented validator. 424 or 425 o The validator is about to be used by a client in an If-Modified- 426 Since or If-Unmodified-Since header field, because the client has 427 a cache entry for the associated representation, and 429 o That cache entry includes a Date value, which gives the time when 430 the origin server sent the original response, and 432 o The presented Last-Modified time is at least 60 seconds before the 433 Date value. 435 or 437 o The validator is being compared by an intermediate cache to the 438 validator stored in its cache entry for the representation, and 440 o That cache entry includes a Date value, which gives the time when 441 the origin server sent the original response, and 443 o The presented Last-Modified time is at least 60 seconds before the 444 Date value. 446 This method relies on the fact that if two different responses were 447 sent by the origin server during the same second, but both had the 448 same Last-Modified time, then at least one of those responses would 449 have a Date value equal to its Last-Modified time. The arbitrary 60- 450 second limit guards against the possibility that the Date and Last- 451 Modified values are generated from different clocks, or at somewhat 452 different times during the preparation of the response. An 453 implementation MAY use a value larger than 60 seconds, if it is 454 believed that 60 seconds is too short. 456 If a client wishes to perform a sub-range retrieval on a value for 457 which it has only a Last-Modified time and no opaque validator, it 458 MAY do this only if the Last-Modified time is strong in the sense 459 described here. 461 A cache or origin server receiving a conditional range request 462 ([Part5]) MUST use the strong comparison function to evaluate the 463 condition. 465 These rules allow HTTP/1.1 caches and clients to safely perform sub- 466 range retrievals on values that have been obtained from HTTP/1.0 467 servers. 469 5. Rules for When to Use Entity-tags and Last-Modified Dates 471 We adopt a set of rules and recommendations for origin servers, 472 clients, and caches regarding when various validator types ought to 473 be used, and for what purposes. 475 HTTP/1.1 origin servers: 477 o SHOULD send an entity-tag validator unless it is not feasible to 478 generate one. 480 o MAY send a weak entity-tag instead of a strong entity-tag, if 481 performance considerations support the use of weak entity-tags, or 482 if it is unfeasible to send a strong entity-tag. 484 o SHOULD send a Last-Modified value if it is feasible to send one, 485 unless the risk of a breakdown in semantic transparency that could 486 result from using this date in an If-Modified-Since header field 487 would lead to serious problems. 489 In other words, the preferred behavior for an HTTP/1.1 origin server 490 is to send both a strong entity-tag and a Last-Modified value. 492 In order to be legitimate, a strong entity-tag MUST change whenever 493 the associated representation changes in any way. A weak entity-tag 494 SHOULD change whenever the associated representation changes in a 495 semantically significant way. 497 Note: In order to provide semantically transparent caching, an 498 origin server must avoid reusing a specific strong entity-tag 499 value for two different representations, or reusing a specific 500 weak entity-tag value for two semantically different 501 representations. Cache entries might persist for arbitrarily long 502 periods, regardless of expiration times, so it might be 503 inappropriate to expect that a cache will never again attempt to 504 validate an entry using a validator that it obtained at some point 505 in the past. 507 HTTP/1.1 clients: 509 o MUST use that entity-tag in any cache-conditional request (using 510 If-Match or If-None-Match) if an entity-tag has been provided by 511 the origin server. 513 o SHOULD use the Last-Modified value in non-subrange cache- 514 conditional requests (using If-Modified-Since) if only a Last- 515 Modified value has been provided by the origin server. 517 o MAY use the Last-Modified value in subrange cache-conditional 518 requests (using If-Unmodified-Since) if only a Last-Modified value 519 has been provided by an HTTP/1.0 origin server. The user agent 520 SHOULD provide a way to disable this, in case of difficulty. 522 o SHOULD use both validators in cache-conditional requests if both 523 an entity-tag and a Last-Modified value have been provided by the 524 origin server. This allows both HTTP/1.0 and HTTP/1.1 caches to 525 respond appropriately. 527 An HTTP/1.1 origin server, upon receiving a conditional request that 528 includes both a Last-Modified date (e.g., in an If-Modified-Since or 529 If-Unmodified-Since header field) and one or more entity-tags (e.g., 530 in an If-Match, If-None-Match, or If-Range header field) as cache 531 validators, MUST NOT return a response status code of 304 (Not 532 Modified) unless doing so is consistent with all of the conditional 533 header fields in the request. 535 An HTTP/1.1 caching proxy, upon receiving a conditional request that 536 includes both a Last-Modified date and one or more entity-tags as 537 cache validators, MUST NOT return a locally cached response to the 538 client unless that cached response is consistent with all of the 539 conditional header fields in the request. 541 Note: The general principle behind these rules is that HTTP/1.1 542 servers and clients ought to transmit as much non-redundant 543 information as is available in their responses and requests. 544 HTTP/1.1 systems receiving this information will make the most 545 conservative assumptions about the validators they receive. 547 HTTP/1.0 clients and caches might ignore entity-tags. Generally, 548 last-modified values received or used by these systems will 549 support transparent and efficient caching, and so HTTP/1.1 origin 550 servers should provide Last-Modified values. In those rare cases 551 where the use of a Last-Modified value as a validator by an 552 HTTP/1.0 system could result in a serious problem, then HTTP/1.1 553 origin servers should not provide one. 555 6. Header Field Definitions 557 This section defines the syntax and semantics of HTTP/1.1 header 558 fields related to conditional requests. 560 6.1. ETag 562 The "ETag" header field provides the current value of the entity-tag 563 (see Section 2) for one representation of the target resource. An 564 entity-tag is intended for use as a resource-local identifier for 565 differentiating between representations of the same resource that 566 vary over time or via content negotiation (see Section 4). 568 ETag = "ETag" ":" OWS ETag-v 569 ETag-v = entity-tag 571 Examples: 573 ETag: "xyzzy" 574 ETag: W/"xyzzy" 575 ETag: "" 577 An entity-tag provides an "opaque" cache validator that allows for 578 more reliable validation than modification dates in situations where 579 it is inconvenient to store modification dates, where the one-second 580 resolution of HTTP date values is not sufficient, or where the origin 581 server wishes to avoid certain paradoxes that might arise from the 582 use of modification dates. 584 The principle behind entity-tags is that only the service author 585 knows the semantics of a resource well enough to select an 586 appropriate cache validation mechanism, and the specification of any 587 validator comparison function more complex than byte-equality would 588 open up a can of worms. Thus, comparisons of any other header fields 589 (except Last-Modified, for compatibility with HTTP/1.0) are never 590 used for purposes of validating a cache entry. 592 6.2. If-Match 594 The "If-Match" header field is used to make a request method 595 conditional. A client that has one or more representations 596 previously obtained from the resource can verify that one of those 597 representations is current by including a list of their associated 598 entity-tags in the If-Match header field. 600 This allows efficient updates of cached information with a minimum 601 amount of transaction overhead. It is also used when updating 602 resources, to prevent inadvertent modification of the wrong version 603 of a resource. As a special case, the value "*" matches any current 604 representation of the resource. 606 If-Match = "If-Match" ":" OWS If-Match-v 607 If-Match-v = "*" / 1#entity-tag 609 If any of the entity-tags match the entity-tag of the representation 610 that would have been returned in the response to a similar GET 611 request (without the If-Match header field) on that resource, or if 612 "*" is given and any current representation exists for that resource, 613 then the server MAY perform the requested method as if the If-Match 614 header field did not exist. 616 If none of the entity-tags match, or if "*" is given and no current 617 representation exists, the server MUST NOT perform the requested 618 method, and MUST return a 412 (Precondition Failed) response. This 619 behavior is most useful when the client wants to prevent an updating 620 request method, such as PUT, from modifying a resource that has 621 changed since the client last retrieved it. 623 If the request would, without the If-Match header field, result in 624 anything other than a 2xx or 412 status code, then the If-Match 625 header field MUST be ignored. 627 The meaning of "If-Match: *" is that the request method SHOULD be 628 performed if the representation selected by the origin server (or by 629 a cache, possibly using the Vary mechanism, see Section 3.5 of 630 [Part6]) exists, and MUST NOT be performed if the representation does 631 not exist. 633 A request intended to update a resource (e.g., a PUT) MAY include an 634 If-Match header field to signal that the request method MUST NOT be 635 applied if the representation corresponding to the If-Match value (a 636 single entity-tag) is no longer a representation of that resource. 637 This allows the user to indicate that they do not wish the request to 638 be successful if the resource has been changed without their 639 knowledge. Examples: 641 If-Match: "xyzzy" 642 If-Match: "xyzzy", "r2d2xxxx", "c3piozzzz" 643 If-Match: * 645 The result of a request having both an If-Match header field and 646 either an If-None-Match or an If-Modified-Since header fields is 647 undefined by this specification. 649 6.3. If-Modified-Since 651 The "If-Modified-Since" header field is used to make a request method 652 conditional by date: if the representation that would have been 653 transferred in a 200 response to a GET request has not been modified 654 since the time specified in this field, then do not perform the 655 method; instead, respond as detailed below. 657 If-Modified-Since = "If-Modified-Since" ":" OWS 658 If-Modified-Since-v 659 If-Modified-Since-v = HTTP-date 661 An example of the field is: 663 If-Modified-Since: Sat, 29 Oct 1994 19:43:31 GMT 665 A GET method with an If-Modified-Since header field and no Range 666 header field requests that the representation be transferred only if 667 it has been modified since the date given by the If-Modified-Since 668 header field. The algorithm for determining this includes the 669 following cases: 671 1. If the request would normally result in anything other than a 200 672 (OK) status code, or if the passed If-Modified-Since date is 673 invalid, the response is exactly the same as for a normal GET. A 674 date which is later than the server's current time is invalid. 676 2. If the representation has been modified since the If-Modified- 677 Since date, the response is exactly the same as for a normal GET. 679 3. If the representation has not been modified since a valid If- 680 Modified-Since date, the server SHOULD return a 304 (Not 681 Modified) response. 683 The purpose of this feature is to allow efficient updates of cached 684 information with a minimum amount of transaction overhead. 686 Note: The Range header field modifies the meaning of If-Modified- 687 Since; see Section 5.4 of [Part5] for full details. 689 Note: If-Modified-Since times are interpreted by the server, whose 690 clock might not be synchronized with the client. 692 Note: When handling an If-Modified-Since header field, some 693 servers will use an exact date comparison function, rather than a 694 less-than function, for deciding whether to send a 304 (Not 695 Modified) response. To get best results when sending an If- 696 Modified-Since header field for cache validation, clients are 697 advised to use the exact date string received in a previous Last- 698 Modified header field whenever possible. 700 Note: If a client uses an arbitrary date in the If-Modified-Since 701 header field instead of a date taken from the Last-Modified header 702 field for the same request, the client needs to be aware that this 703 date is interpreted in the server's understanding of time. 704 Unsynchronized clocks and rounding problems, due to the different 705 encodings of time between the client and server, are concerns. 706 This includes the possibility of race conditions if the document 707 has changed between the time it was first requested and the If- 708 Modified-Since date of a subsequent request, and the possibility 709 of clock-skew-related problems if the If-Modified-Since date is 710 derived from the client's clock without correction to the server's 711 clock. Corrections for different time bases between client and 712 server are at best approximate due to network latency. 714 The result of a request having both an If-Modified-Since header field 715 and either an If-Match or an If-Unmodified-Since header fields is 716 undefined by this specification. 718 6.4. If-None-Match 720 The "If-None-Match" header field is used to make a request method 721 conditional. A client that has one or more representations 722 previously obtained from the resource can verify that none of those 723 representations is current by including a list of their associated 724 entity-tags in the If-None-Match header field. 726 This allows efficient updates of cached information with a minimum 727 amount of transaction overhead. It is also used to prevent a request 728 method (e.g., PUT) from inadvertently modifying an existing resource 729 when the client believes that the resource does not exist. 731 As a special case, the value "*" matches any current representation 732 of the resource. 734 If-None-Match = "If-None-Match" ":" OWS If-None-Match-v 735 If-None-Match-v = "*" / 1#entity-tag 737 If any of the entity-tags match the entity-tag of the representation 738 that would have been returned in the response to a similar GET 739 request (without the If-None-Match header field) on that resource, or 740 if "*" is given and any current representation exists for that 741 resource, then the server MUST NOT perform the requested method, 742 unless required to do so because the resource's modification date 743 fails to match that supplied in an If-Modified-Since header field in 744 the request. Instead, if the request method was GET or HEAD, the 745 server SHOULD respond with a 304 (Not Modified) response, including 746 the cache-related header fields (particularly ETag) of one of the 747 representations that matched. For all other request methods, the 748 server MUST respond with a 412 (Precondition Failed) status code. 750 If none of the entity-tags match, then the server MAY perform the 751 requested method as if the If-None-Match header field did not exist, 752 but MUST also ignore any If-Modified-Since header field(s) in the 753 request. That is, if no entity-tags match, then the server MUST NOT 754 return a 304 (Not Modified) response. 756 If the request would, without the If-None-Match header field, result 757 in anything other than a 2xx or 304 status code, then the If-None- 758 Match header field MUST be ignored. (See Section 5 for a discussion 759 of server behavior when both If-Modified-Since and If-None-Match 760 appear in the same request.) 762 The meaning of "If-None-Match: *" is that the request method MUST NOT 763 be performed if the representation selected by the origin server (or 764 by a cache, possibly using the Vary mechanism, see Section 3.5 of 765 [Part6]) exists, and SHOULD be performed if the representation does 766 not exist. This feature is intended to be useful in preventing races 767 between PUT operations. 769 Examples: 771 If-None-Match: "xyzzy" 772 If-None-Match: W/"xyzzy" 773 If-None-Match: "xyzzy", "r2d2xxxx", "c3piozzzz" 774 If-None-Match: W/"xyzzy", W/"r2d2xxxx", W/"c3piozzzz" 775 If-None-Match: * 777 The result of a request having both an If-None-Match header field and 778 either an If-Match or an If-Unmodified-Since header fields is 779 undefined by this specification. 781 6.5. If-Unmodified-Since 783 The "If-Unmodified-Since" header field is used to make a request 784 method conditional. If the representation that would have been 785 transferred in a 200 response to a GET request on the same resource 786 has not been modified since the time specified in this field, the 787 server SHOULD perform the requested operation as if the If- 788 Unmodified-Since header field were not present. 790 If the representation has been modified since the specified time, the 791 server MUST NOT perform the requested operation, and MUST return a 792 412 (Precondition Failed). 794 If-Unmodified-Since = "If-Unmodified-Since" ":" OWS 795 If-Unmodified-Since-v 796 If-Unmodified-Since-v = HTTP-date 798 An example of the field is: 800 If-Unmodified-Since: Sat, 29 Oct 1994 19:43:31 GMT 802 If the request normally (i.e., without the If-Unmodified-Since header 803 field) would result in anything other than a 2xx or 412 status code, 804 the If-Unmodified-Since header field SHOULD be ignored. 806 If the specified date is invalid, the header field is ignored. 808 The result of a request having both an If-Unmodified-Since header 809 field and either an If-None-Match or an If-Modified-Since header 810 fields is undefined by this specification. 812 6.6. Last-Modified 814 The "Last-Modified" header field indicates the date and time at which 815 the origin server believes the representation was last modified. 817 Last-Modified = "Last-Modified" ":" OWS Last-Modified-v 818 Last-Modified-v = HTTP-date 820 An example of its use is 822 Last-Modified: Tue, 15 Nov 1994 12:45:26 GMT 824 A representation is typically the sum of many parts behind the 825 resource interface. The last-modified time would usually be the most 826 recent time that any of those parts were changed. How that value is 827 determined for any given resource is an implementation detail beyond 828 the scope of this specification. What matters to HTTP is how 829 recipients of the Last-Modified header field can use its value to 830 make conditional requests and test the validity of locally cached 831 responses. 833 An origin server MUST NOT send a Last-Modified date which is later 834 than the server's time of message origination. In such cases, where 835 the resource's last modification would indicate some time in the 836 future, the server MUST replace that date with the message 837 origination date. 839 An origin server SHOULD obtain the Last-Modified value of the 840 representation as close as possible to the time that it generates the 841 Date value of its response. This allows a recipient to make an 842 accurate assessment of the representation's modification time, 843 especially if the representation changes near the time that the 844 response is generated. 846 HTTP/1.1 servers SHOULD send Last-Modified whenever feasible. 848 The Last-Modified header field value is often used as a cache 849 validator. In simple terms, a cache entry is considered to be valid 850 if the representation has not been modified since the Last-Modified 851 value. 853 7. IANA Considerations 855 7.1. Status Code Registration 857 The HTTP Status Code Registry located at 858 shall be updated 859 with the registrations below: 861 +-------+---------------------+-------------+ 862 | Value | Description | Reference | 863 +-------+---------------------+-------------+ 864 | 304 | Not Modified | Section 3.1 | 865 | 412 | Precondition Failed | Section 3.2 | 866 +-------+---------------------+-------------+ 868 7.2. Header Field Registration 870 The Message Header Field Registry located at shall be 872 updated with the permanent registrations below (see [RFC3864]): 874 +---------------------+----------+----------+-------------+ 875 | Header Field Name | Protocol | Status | Reference | 876 +---------------------+----------+----------+-------------+ 877 | ETag | http | standard | Section 6.1 | 878 | If-Match | http | standard | Section 6.2 | 879 | If-Modified-Since | http | standard | Section 6.3 | 880 | If-None-Match | http | standard | Section 6.4 | 881 | If-Unmodified-Since | http | standard | Section 6.5 | 882 | Last-Modified | http | standard | Section 6.6 | 883 +---------------------+----------+----------+-------------+ 885 The change controller is: "IETF (iesg@ietf.org) - Internet 886 Engineering Task Force". 888 8. Security Considerations 890 No additional security considerations have been identified beyond 891 those applicable to HTTP in general [Part1]. 893 9. Acknowledgments 895 10. References 897 10.1. Normative References 899 [Part1] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H., 900 Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed., 901 and J. Reschke, Ed., "HTTP/1.1, part 1: URIs, Connections, 902 and Message Parsing", draft-ietf-httpbis-p1-messaging-13 903 (work in progress), March 2011. 905 [Part3] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H., 906 Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed., 907 and J. Reschke, Ed., "HTTP/1.1, part 3: Message Payload 908 and Content Negotiation", draft-ietf-httpbis-p3-payload-13 909 (work in progress), March 2011. 911 [Part5] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H., 912 Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed., 913 and J. Reschke, Ed., "HTTP/1.1, part 5: Range Requests and 914 Partial Responses", draft-ietf-httpbis-p5-range-13 (work 915 in progress), March 2011. 917 [Part6] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H., 918 Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed., 919 Nottingham, M., Ed., and J. Reschke, Ed., "HTTP/1.1, part 920 6: Caching", draft-ietf-httpbis-p6-cache-13 (work in 921 progress), March 2011. 923 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 924 Requirement Levels", BCP 14, RFC 2119, March 1997. 926 [RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax 927 Specifications: ABNF", STD 68, RFC 5234, January 2008. 929 10.2. Informative References 931 [RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., 932 Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext 933 Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999. 935 [RFC3864] Klyne, G., Nottingham, M., and J. Mogul, "Registration 936 Procedures for Message Header Fields", BCP 90, RFC 3864, 937 September 2004. 939 Appendix A. Changes from RFC 2616 941 Allow weak entity-tags in all requests except range requests 942 (Sections 4 and 6.4). 944 Appendix B. Collected ABNF 946 ETag = "ETag:" OWS ETag-v 947 ETag-v = entity-tag 949 HTTP-date = 951 If-Match = "If-Match:" OWS If-Match-v 952 If-Match-v = "*" / ( *( "," OWS ) entity-tag *( OWS "," [ OWS 953 entity-tag ] ) ) 954 If-Modified-Since = "If-Modified-Since:" OWS If-Modified-Since-v 955 If-Modified-Since-v = HTTP-date 956 If-None-Match = "If-None-Match:" OWS If-None-Match-v 957 If-None-Match-v = "*" / ( *( "," OWS ) entity-tag *( OWS "," [ OWS 958 entity-tag ] ) ) 959 If-Unmodified-Since = "If-Unmodified-Since:" OWS 960 If-Unmodified-Since-v 961 If-Unmodified-Since-v = HTTP-date 963 Last-Modified = "Last-Modified:" OWS Last-Modified-v 964 Last-Modified-v = HTTP-date 966 OWS = 968 entity-tag = [ weak ] opaque-tag 970 opaque-tag = quoted-string 972 quoted-string = 974 weak = %x57.2F ; W/ 976 ABNF diagnostics: 978 ; ETag defined but not used 979 ; If-Match defined but not used 980 ; If-Modified-Since defined but not used 981 ; If-None-Match defined but not used 982 ; If-Unmodified-Since defined but not used 983 ; Last-Modified defined but not used 985 Appendix C. Change Log (to be removed by RFC Editor before publication) 987 C.1. Since RFC 2616 989 Extracted relevant partitions from [RFC2616]. 991 C.2. Since draft-ietf-httpbis-p4-conditional-00 993 Closed issues: 995 o : "Normative and 996 Informative references" 998 Other changes: 1000 o Move definitions of 304 and 412 condition codes from Part2. 1002 C.3. Since draft-ietf-httpbis-p4-conditional-01 1004 Ongoing work on ABNF conversion 1005 (): 1007 o Add explicit references to BNF syntax and rules imported from 1008 other parts of the specification. 1010 C.4. Since draft-ietf-httpbis-p4-conditional-02 1012 Closed issues: 1014 o : "Weak ETags on 1015 non-GET requests" 1017 Ongoing work on IANA Message Header Field Registration 1018 (): 1020 o Reference RFC 3984, and update header field registrations for 1021 header fields defined in this document. 1023 C.5. Since draft-ietf-httpbis-p4-conditional-03 1025 Closed issues: 1027 o : "Examples for 1028 ETag matching" 1030 o : "'entity 1031 value' undefined" 1033 o : "bogus 2068 1034 Date header reference" 1036 C.6. Since draft-ietf-httpbis-p4-conditional-04 1038 Ongoing work on ABNF conversion 1039 (): 1041 o Use "/" instead of "|" for alternatives. 1043 o Introduce new ABNF rules for "bad" whitespace ("BWS"), optional 1044 whitespace ("OWS") and required whitespace ("RWS"). 1046 o Rewrite ABNFs to spell out whitespace rules, factor out header 1047 field value format definitions. 1049 C.7. Since draft-ietf-httpbis-p4-conditional-05 1051 Final work on ABNF conversion 1052 (): 1054 o Add appendix containing collected and expanded ABNF, reorganize 1055 ABNF introduction. 1057 C.8. Since draft-ietf-httpbis-p4-conditional-06 1059 Closed issues: 1061 o : "case- 1062 sensitivity of etag weakness indicator" 1064 C.9. Since draft-ietf-httpbis-p4-conditional-07 1066 Closed issues: 1068 o : "Weak ETags on 1069 non-GET requests" (If-Match still was defined to require strong 1070 matching) 1072 o : "move IANA 1073 registrations for optional status codes" 1075 C.10. Since draft-ietf-httpbis-p4-conditional-08 1077 No significant changes. 1079 C.11. Since draft-ietf-httpbis-p4-conditional-09 1081 No significant changes. 1083 C.12. Since draft-ietf-httpbis-p4-conditional-10 1085 Closed issues: 1087 o : "Clarify 1088 'Requested Variant'" 1090 o : "Clarify 1091 entity / representation / variant terminology" 1093 o : "consider 1094 removing the 'changes from 2068' sections" 1096 C.13. Since draft-ietf-httpbis-p4-conditional-11 1098 None. 1100 C.14. Since draft-ietf-httpbis-p4-conditional-12 1102 Closed issues: 1104 o : "Header 1105 Classification" 1107 Index 1109 3 1110 304 Not Modified (status code) 8 1112 4 1113 412 Precondition Failed (status code) 8 1115 E 1116 ETag header field 13 1118 G 1119 Grammar 1120 entity-tag 6 1121 ETag 13 1122 ETag-v 13 1123 If-Match 14 1124 If-Match-v 14 1125 If-Modified-Since 15 1126 If-Modified-Since-v 15 1127 If-None-Match 17 1128 If-None-Match-v 17 1129 If-Unmodified-Since 18 1130 If-Unmodified-Since-v 18 1131 Last-Modified 19 1132 Last-Modified-v 19 1133 opaque-tag 6 1134 weak 6 1136 H 1137 Header Fields 1138 ETag 13 1139 If-Match 14 1140 If-Modified-Since 15 1141 If-None-Match 17 1142 If-Unmodified-Since 18 1143 Last-Modified 19 1145 I 1146 If-Match header field 14 1147 If-Modified-Since header field 15 1148 If-None-Match header field 17 1149 If-Unmodified-Since header field 18 1151 L 1152 Last-Modified header field 19 1154 S 1155 Status Codes 1156 304 Not Modified 8 1157 412 Precondition Failed 8 1159 Authors' Addresses 1161 Roy T. Fielding (editor) 1162 Adobe Systems Incorporated 1163 345 Park Ave 1164 San Jose, CA 95110 1165 USA 1167 EMail: fielding@gbiv.com 1168 URI: http://roy.gbiv.com/ 1169 Jim Gettys 1170 Alcatel-Lucent Bell Labs 1171 21 Oak Knoll Road 1172 Carlisle, MA 01741 1173 USA 1175 EMail: jg@freedesktop.org 1176 URI: http://gettys.wordpress.com/ 1178 Jeffrey C. Mogul 1179 Hewlett-Packard Company 1180 HP Labs, Large Scale Systems Group 1181 1501 Page Mill Road, MS 1177 1182 Palo Alto, CA 94304 1183 USA 1185 EMail: JeffMogul@acm.org 1187 Henrik Frystyk Nielsen 1188 Microsoft Corporation 1189 1 Microsoft Way 1190 Redmond, WA 98052 1191 USA 1193 EMail: henrikn@microsoft.com 1195 Larry Masinter 1196 Adobe Systems Incorporated 1197 345 Park Ave 1198 San Jose, CA 95110 1199 USA 1201 EMail: LMM@acm.org 1202 URI: http://larry.masinter.net/ 1204 Paul J. Leach 1205 Microsoft Corporation 1206 1 Microsoft Way 1207 Redmond, WA 98052 1209 EMail: paulle@microsoft.com 1210 Tim Berners-Lee 1211 World Wide Web Consortium 1212 MIT Computer Science and Artificial Intelligence Laboratory 1213 The Stata Center, Building 32 1214 32 Vassar Street 1215 Cambridge, MA 02139 1216 USA 1218 EMail: timbl@w3.org 1219 URI: http://www.w3.org/People/Berners-Lee/ 1221 Yves Lafon (editor) 1222 World Wide Web Consortium 1223 W3C / ERCIM 1224 2004, rte des Lucioles 1225 Sophia-Antipolis, AM 06902 1226 France 1228 EMail: ylafon@w3.org 1229 URI: http://www.raubacapeu.net/people/yves/ 1231 Julian F. Reschke (editor) 1232 greenbytes GmbH 1233 Hafenweg 16 1234 Muenster, NW 48155 1235 Germany 1237 Phone: +49 251 2807760 1238 Fax: +49 251 2807761 1239 EMail: julian.reschke@greenbytes.de 1240 URI: http://greenbytes.de/tech/webdav/