mirror of
				https://github.com/ossrs/srs.git
				synced 2025-03-09 15:49:59 +00:00 
			
		
		
		
	
		
			
				
	
	
		
			3363 lines
		
	
	
	
		
			134 KiB
		
	
	
	
		
			Text
		
	
	
	
	
	
			
		
		
	
	
			3363 lines
		
	
	
	
		
			134 KiB
		
	
	
	
		
			Text
		
	
	
	
	
	
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| Network Working Group                                     T. Berners-Lee
 | ||
| Request for Comments: 1945                                       MIT/LCS
 | ||
| Category: Informational                                      R. Fielding
 | ||
|                                                                UC Irvine
 | ||
|                                                               H. Frystyk
 | ||
|                                                                  MIT/LCS
 | ||
|                                                                 May 1996
 | ||
| 
 | ||
| 
 | ||
|                 Hypertext Transfer Protocol -- HTTP/1.0
 | ||
| 
 | ||
| Status of This Memo
 | ||
| 
 | ||
|    This memo provides information for the Internet community.  This memo
 | ||
|    does not specify an Internet standard of any kind.  Distribution of
 | ||
|    this memo is unlimited.
 | ||
| 
 | ||
| IESG Note:
 | ||
| 
 | ||
|    The IESG has concerns about this protocol, and expects this document
 | ||
|    to be replaced relatively soon by a standards track document.
 | ||
| 
 | ||
| Abstract
 | ||
| 
 | ||
|    The Hypertext Transfer Protocol (HTTP) is an application-level
 | ||
|    protocol with the lightness and speed necessary for distributed,
 | ||
|    collaborative, hypermedia information systems. It is a generic,
 | ||
|    stateless, object-oriented protocol which can be used for many tasks,
 | ||
|    such as name servers and distributed object management systems,
 | ||
|    through extension of its request methods (commands). A feature of
 | ||
|    HTTP is the typing of data representation, allowing systems to be
 | ||
|    built independently of the data being transferred.
 | ||
| 
 | ||
|    HTTP has been in use by the World-Wide Web global information
 | ||
|    initiative since 1990. This specification reflects common usage of
 | ||
|    the protocol referred to as "HTTP/1.0".
 | ||
| 
 | ||
| Table of Contents
 | ||
| 
 | ||
|    1.  Introduction ..............................................  4
 | ||
|        1.1  Purpose ..............................................  4
 | ||
|        1.2  Terminology ..........................................  4
 | ||
|        1.3  Overall Operation ....................................  6
 | ||
|        1.4  HTTP and MIME ........................................  8
 | ||
|    2.  Notational Conventions and Generic Grammar ................  8
 | ||
|        2.1  Augmented BNF ........................................  8
 | ||
|        2.2  Basic Rules .......................................... 10
 | ||
|    3.  Protocol Parameters ....................................... 12
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| Berners-Lee, et al           Informational                      [Page 1]
 | ||
| 
 | ||
| RFC 1945                        HTTP/1.0                        May 1996
 | ||
| 
 | ||
| 
 | ||
|        3.1  HTTP Version ......................................... 12
 | ||
|        3.2  Uniform Resource Identifiers ......................... 14
 | ||
|             3.2.1  General Syntax ................................ 14
 | ||
|             3.2.2  http URL ...................................... 15
 | ||
|        3.3  Date/Time Formats .................................... 15
 | ||
|        3.4  Character Sets ....................................... 17
 | ||
|        3.5  Content Codings ...................................... 18
 | ||
|        3.6  Media Types .......................................... 19
 | ||
|             3.6.1  Canonicalization and Text Defaults ............ 19
 | ||
|             3.6.2  Multipart Types ............................... 20
 | ||
|        3.7  Product Tokens ....................................... 20
 | ||
|    4.  HTTP Message .............................................. 21
 | ||
|        4.1  Message Types ........................................ 21
 | ||
|        4.2  Message Headers ...................................... 22
 | ||
|        4.3  General Header Fields ................................ 23
 | ||
|    5.  Request ................................................... 23
 | ||
|        5.1  Request-Line ......................................... 23
 | ||
|             5.1.1  Method ........................................ 24
 | ||
|             5.1.2  Request-URI ................................... 24
 | ||
|        5.2  Request Header Fields ................................ 25
 | ||
|    6.  Response .................................................. 25
 | ||
|        6.1  Status-Line .......................................... 26
 | ||
|             6.1.1  Status Code and Reason Phrase ................. 26
 | ||
|        6.2  Response Header Fields ............................... 28
 | ||
|    7.  Entity .................................................... 28
 | ||
|        7.1  Entity Header Fields ................................. 29
 | ||
|        7.2  Entity Body .......................................... 29
 | ||
|             7.2.1  Type .......................................... 29
 | ||
|             7.2.2  Length ........................................ 30
 | ||
|    8.  Method Definitions ........................................ 30
 | ||
|        8.1  GET .................................................. 31
 | ||
|        8.2  HEAD ................................................. 31
 | ||
|        8.3  POST ................................................. 31
 | ||
|    9.  Status Code Definitions ................................... 32
 | ||
|        9.1  Informational 1xx .................................... 32
 | ||
|        9.2  Successful 2xx ....................................... 32
 | ||
|        9.3  Redirection 3xx ...................................... 34
 | ||
|        9.4  Client Error 4xx ..................................... 35
 | ||
|        9.5  Server Error 5xx ..................................... 37
 | ||
|    10. Header Field Definitions .................................. 37
 | ||
|        10.1  Allow ............................................... 38
 | ||
|        10.2  Authorization ....................................... 38
 | ||
|        10.3  Content-Encoding .................................... 39
 | ||
|        10.4  Content-Length ...................................... 39
 | ||
|        10.5  Content-Type ........................................ 40
 | ||
|        10.6  Date ................................................ 40
 | ||
|        10.7  Expires ............................................. 41
 | ||
|        10.8  From ................................................ 42
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| Berners-Lee, et al           Informational                      [Page 2]
 | ||
| 
 | ||
| RFC 1945                        HTTP/1.0                        May 1996
 | ||
| 
 | ||
| 
 | ||
|        10.9  If-Modified-Since ................................... 42
 | ||
|        10.10 Last-Modified ....................................... 43
 | ||
|        10.11 Location ............................................ 44
 | ||
|        10.12 Pragma .............................................. 44
 | ||
|        10.13 Referer ............................................. 44
 | ||
|        10.14 Server .............................................. 45
 | ||
|        10.15 User-Agent .......................................... 46
 | ||
|        10.16 WWW-Authenticate .................................... 46
 | ||
|    11. Access Authentication ..................................... 47
 | ||
|        11.1  Basic Authentication Scheme ......................... 48
 | ||
|    12. Security Considerations ................................... 49
 | ||
|        12.1  Authentication of Clients ........................... 49
 | ||
|        12.2  Safe Methods ........................................ 49
 | ||
|        12.3  Abuse of Server Log Information ..................... 50
 | ||
|        12.4  Transfer of Sensitive Information ................... 50
 | ||
|        12.5  Attacks Based On File and Path Names ................ 51
 | ||
|    13. Acknowledgments ........................................... 51
 | ||
|    14. References ................................................ 52
 | ||
|    15. Authors' Addresses ........................................ 54
 | ||
|    Appendix A.   Internet Media Type message/http ................ 55
 | ||
|    Appendix B.   Tolerant Applications ........................... 55
 | ||
|    Appendix C.   Relationship to MIME ............................ 56
 | ||
|        C.1  Conversion to Canonical Form ......................... 56
 | ||
|        C.2  Conversion of Date Formats ........................... 57
 | ||
|        C.3  Introduction of Content-Encoding ..................... 57
 | ||
|        C.4  No Content-Transfer-Encoding ......................... 57
 | ||
|        C.5  HTTP Header Fields in Multipart Body-Parts ........... 57
 | ||
|    Appendix D.   Additional Features ............................. 57
 | ||
|        D.1  Additional Request Methods ........................... 58
 | ||
|             D.1.1  PUT ........................................... 58
 | ||
|             D.1.2  DELETE ........................................ 58
 | ||
|             D.1.3  LINK .......................................... 58
 | ||
|             D.1.4  UNLINK ........................................ 58
 | ||
|        D.2  Additional Header Field Definitions .................. 58
 | ||
|             D.2.1  Accept ........................................ 58
 | ||
|             D.2.2  Accept-Charset ................................ 59
 | ||
|             D.2.3  Accept-Encoding ............................... 59
 | ||
|             D.2.4  Accept-Language ............................... 59
 | ||
|             D.2.5  Content-Language .............................. 59
 | ||
|             D.2.6  Link .......................................... 59
 | ||
|             D.2.7  MIME-Version .................................. 59
 | ||
|             D.2.8  Retry-After ................................... 60
 | ||
|             D.2.9  Title ......................................... 60
 | ||
|             D.2.10 URI ........................................... 60
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| Berners-Lee, et al           Informational                      [Page 3]
 | ||
| 
 | ||
| RFC 1945                        HTTP/1.0                        May 1996
 | ||
| 
 | ||
| 
 | ||
| 1.  Introduction
 | ||
| 
 | ||
| 1.1  Purpose
 | ||
| 
 | ||
|    The Hypertext Transfer Protocol (HTTP) is an application-level
 | ||
|    protocol with the lightness and speed necessary for distributed,
 | ||
|    collaborative, hypermedia information systems. HTTP has been in use
 | ||
|    by the World-Wide Web global information initiative since 1990. This
 | ||
|    specification reflects common usage of the protocol referred too as
 | ||
|    "HTTP/1.0". This specification describes the features that seem to be
 | ||
|    consistently implemented in most HTTP/1.0 clients and servers. The
 | ||
|    specification is split into two sections. Those features of HTTP for
 | ||
|    which implementations are usually consistent are described in the
 | ||
|    main body of this document. Those features which have few or
 | ||
|    inconsistent implementations are listed in Appendix D.
 | ||
| 
 | ||
|    Practical information systems require more functionality than simple
 | ||
|    retrieval, including search, front-end update, and annotation. HTTP
 | ||
|    allows an open-ended set of methods to be used to indicate the
 | ||
|    purpose of a request. It builds on the discipline of reference
 | ||
|    provided by the Uniform Resource Identifier (URI) [2], as a location
 | ||
|    (URL) [4] or name (URN) [16], for indicating the resource on which a
 | ||
|    method is to be applied. Messages are passed in a format similar to
 | ||
|    that used by Internet Mail [7] and the Multipurpose Internet Mail
 | ||
|    Extensions (MIME) [5].
 | ||
| 
 | ||
|    HTTP is also used as a generic protocol for communication between
 | ||
|    user agents and proxies/gateways to other Internet protocols, such as
 | ||
|    SMTP [12], NNTP [11], FTP [14], Gopher [1], and WAIS [8], allowing
 | ||
|    basic hypermedia access to resources available from diverse
 | ||
|    applications and simplifying the implementation of user agents.
 | ||
| 
 | ||
| 1.2  Terminology
 | ||
| 
 | ||
|    This specification uses a number of terms to refer to the roles
 | ||
|    played by participants in, and objects of, the HTTP communication.
 | ||
| 
 | ||
|    connection
 | ||
| 
 | ||
|        A transport layer virtual circuit established between two
 | ||
|        application programs for the purpose of communication.
 | ||
| 
 | ||
|    message
 | ||
| 
 | ||
|        The basic unit of HTTP communication, consisting of a structured
 | ||
|        sequence of octets matching the syntax defined in Section 4 and
 | ||
|        transmitted via the connection.
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| Berners-Lee, et al           Informational                      [Page 4]
 | ||
| 
 | ||
| RFC 1945                        HTTP/1.0                        May 1996
 | ||
| 
 | ||
| 
 | ||
|    request
 | ||
| 
 | ||
|        An HTTP request message (as defined in Section 5).
 | ||
| 
 | ||
|    response
 | ||
| 
 | ||
|        An HTTP response message (as defined in Section 6).
 | ||
| 
 | ||
|    resource
 | ||
| 
 | ||
|        A network data object or service which can be identified by a
 | ||
|        URI (Section 3.2).
 | ||
| 
 | ||
|    entity
 | ||
| 
 | ||
|        A particular representation or rendition of a data resource, or
 | ||
|        reply from a service resource, that may be enclosed within a
 | ||
|        request or response message. An entity consists of
 | ||
|        metainformation in the form of entity headers and content in the
 | ||
|        form of an entity body.
 | ||
| 
 | ||
|    client
 | ||
| 
 | ||
|        An application program that establishes connections for the
 | ||
|        purpose of sending requests.
 | ||
| 
 | ||
|    user agent
 | ||
| 
 | ||
|        The client which initiates a request. These are often browsers,
 | ||
|        editors, spiders (web-traversing robots), or other end user
 | ||
|        tools.
 | ||
| 
 | ||
|    server
 | ||
| 
 | ||
|        An application program that accepts connections in order to
 | ||
|        service requests by sending back responses.
 | ||
| 
 | ||
|    origin server
 | ||
| 
 | ||
|        The server on which a given resource resides or is to be created.
 | ||
| 
 | ||
|    proxy
 | ||
| 
 | ||
|        An intermediary program which acts as both a server and a client
 | ||
|        for the purpose of making requests on behalf of other clients.
 | ||
|        Requests are serviced internally or by passing them, with
 | ||
|        possible translation, on to other servers. A proxy must
 | ||
|        interpret and, if necessary, rewrite a request message before
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| Berners-Lee, et al           Informational                      [Page 5]
 | ||
| 
 | ||
| RFC 1945                        HTTP/1.0                        May 1996
 | ||
| 
 | ||
| 
 | ||
|        forwarding it. Proxies are often used as client-side portals
 | ||
|        through network firewalls and as helper applications for
 | ||
|        handling requests via protocols not implemented by the user
 | ||
|        agent.
 | ||
| 
 | ||
|    gateway
 | ||
| 
 | ||
|        A server which acts as an intermediary for some other server.
 | ||
|        Unlike a proxy, a gateway receives requests as if it were the
 | ||
|        origin server for the requested resource; the requesting client
 | ||
|        may not be aware that it is communicating with a gateway.
 | ||
|        Gateways are often used as server-side portals through network
 | ||
|        firewalls and as protocol translators for access to resources
 | ||
|        stored on non-HTTP systems.
 | ||
| 
 | ||
|    tunnel
 | ||
| 
 | ||
|        A tunnel is an intermediary program which is acting as a blind
 | ||
|        relay between two connections. Once active, a tunnel is not
 | ||
|        considered a party to the HTTP communication, though the tunnel
 | ||
|        may have been initiated by an HTTP request. The tunnel ceases to
 | ||
|        exist when both ends of the relayed connections are closed.
 | ||
|        Tunnels are used when a portal is necessary and the intermediary
 | ||
|        cannot, or should not, interpret the relayed communication.
 | ||
| 
 | ||
|    cache
 | ||
| 
 | ||
|        A program's local store of response messages and the subsystem
 | ||
|        that controls its message storage, retrieval, and deletion. A
 | ||
|        cache stores cachable responses in order to reduce the response
 | ||
|        time and network bandwidth consumption on future, equivalent
 | ||
|        requests. Any client or server may include a cache, though a
 | ||
|        cache cannot be used by a server while it is acting as a tunnel.
 | ||
| 
 | ||
|    Any given program may be capable of being both a client and a server;
 | ||
|    our use of these terms refers only to the role being performed by the
 | ||
|    program for a particular connection, rather than to the program's
 | ||
|    capabilities in general. Likewise, any server may act as an origin
 | ||
|    server, proxy, gateway, or tunnel, switching behavior based on the
 | ||
|    nature of each request.
 | ||
| 
 | ||
| 1.3  Overall Operation
 | ||
| 
 | ||
|    The HTTP protocol is based on a request/response paradigm. A client
 | ||
|    establishes a connection with a server and sends a request to the
 | ||
|    server in the form of a request method, URI, and protocol version,
 | ||
|    followed by a MIME-like message containing request modifiers, client
 | ||
|    information, and possible body content. The server responds with a
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| Berners-Lee, et al           Informational                      [Page 6]
 | ||
| 
 | ||
| RFC 1945                        HTTP/1.0                        May 1996
 | ||
| 
 | ||
| 
 | ||
|    status line, including the message's protocol version and a success
 | ||
|    or error code, followed by a MIME-like message containing server
 | ||
|    information, entity metainformation, and possible body content.
 | ||
| 
 | ||
|    Most HTTP communication is initiated by a user agent and consists of
 | ||
|    a request to be applied to a resource on some origin server. In the
 | ||
|    simplest case, this may be accomplished via a single connection (v)
 | ||
|    between the user agent (UA) and the origin server (O).
 | ||
| 
 | ||
|           request chain ------------------------>
 | ||
|        UA -------------------v------------------- O
 | ||
|           <----------------------- response chain
 | ||
| 
 | ||
|    A more complicated situation occurs when one or more intermediaries
 | ||
|    are present in the request/response chain. There are three common
 | ||
|    forms of intermediary: proxy, gateway, and tunnel. A proxy is a
 | ||
|    forwarding agent, receiving requests for a URI in its absolute form,
 | ||
|    rewriting all or parts of the message, and forwarding the reformatted
 | ||
|    request toward the server identified by the URI. A gateway is a
 | ||
|    receiving agent, acting as a layer above some other server(s) and, if
 | ||
|    necessary, translating the requests to the underlying server's
 | ||
|    protocol. A tunnel acts as a relay point between two connections
 | ||
|    without changing the messages; tunnels are used when the
 | ||
|    communication needs to pass through an intermediary (such as a
 | ||
|    firewall) even when the intermediary cannot understand the contents
 | ||
|    of the messages.
 | ||
| 
 | ||
|           request chain -------------------------------------->
 | ||
|        UA -----v----- A -----v----- B -----v----- C -----v----- O
 | ||
|           <------------------------------------- response chain
 | ||
| 
 | ||
|    The figure above shows three intermediaries (A, B, and C) between the
 | ||
|    user agent and origin server. A request or response message that
 | ||
|    travels the whole chain must pass through four separate connections.
 | ||
|    This distinction is important because some HTTP communication options
 | ||
|    may apply only to the connection with the nearest, non-tunnel
 | ||
|    neighbor, only to the end-points of the chain, or to all connections
 | ||
|    along the chain. Although the diagram is linear, each participant may
 | ||
|    be engaged in multiple, simultaneous communications. For example, B
 | ||
|    may be receiving requests from many clients other than A, and/or
 | ||
|    forwarding requests to servers other than C, at the same time that it
 | ||
|    is handling A's request.
 | ||
| 
 | ||
|    Any party to the communication which is not acting as a tunnel may
 | ||
|    employ an internal cache for handling requests. The effect of a cache
 | ||
|    is that the request/response chain is shortened if one of the
 | ||
|    participants along the chain has a cached response applicable to that
 | ||
|    request. The following illustrates the resulting chain if B has a
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| Berners-Lee, et al           Informational                      [Page 7]
 | ||
| 
 | ||
| RFC 1945                        HTTP/1.0                        May 1996
 | ||
| 
 | ||
| 
 | ||
|    cached copy of an earlier response from O (via C) for a request which
 | ||
|    has not been cached by UA or A.
 | ||
| 
 | ||
|           request chain ---------->
 | ||
|        UA -----v----- A -----v----- B - - - - - - C - - - - - - O
 | ||
|           <--------- response chain
 | ||
| 
 | ||
|    Not all responses are cachable, and some requests may contain
 | ||
|    modifiers which place special requirements on cache behavior. Some
 | ||
|    HTTP/1.0 applications use heuristics to describe what is or is not a
 | ||
|    "cachable" response, but these rules are not standardized.
 | ||
| 
 | ||
|    On the Internet, HTTP communication generally takes place over TCP/IP
 | ||
|    connections. The default port is TCP 80 [15], but other ports can be
 | ||
|    used. This does not preclude HTTP from being implemented on top of
 | ||
|    any other protocol on the Internet, or on other networks. HTTP only
 | ||
|    presumes a reliable transport; any protocol that provides such
 | ||
|    guarantees can be used, and the mapping of the HTTP/1.0 request and
 | ||
|    response structures onto the transport data units of the protocol in
 | ||
|    question is outside the scope of this specification.
 | ||
| 
 | ||
|    Except for experimental applications, current practice requires that
 | ||
|    the connection be established by the client prior to each request and
 | ||
|    closed by the server after sending the response. Both clients and
 | ||
|    servers should be aware that either party may close the connection
 | ||
|    prematurely, due to user action, automated time-out, or program
 | ||
|    failure, and should handle such closing in a predictable fashion. In
 | ||
|    any case, the closing of the connection by either or both parties
 | ||
|    always terminates the current request, regardless of its status.
 | ||
| 
 | ||
| 1.4  HTTP and MIME
 | ||
| 
 | ||
|    HTTP/1.0 uses many of the constructs defined for MIME, as defined in
 | ||
|    RFC 1521 [5]. Appendix C describes the ways in which the context of
 | ||
|    HTTP allows for different use of Internet Media Types than is
 | ||
|    typically found in Internet mail, and gives the rationale for those
 | ||
|    differences.
 | ||
| 
 | ||
| 2.  Notational Conventions and Generic Grammar
 | ||
| 
 | ||
| 2.1  Augmented BNF
 | ||
| 
 | ||
|    All of the mechanisms specified in this document are described in
 | ||
|    both prose and an augmented Backus-Naur Form (BNF) similar to that
 | ||
|    used by RFC 822 [7]. Implementors will need to be familiar with the
 | ||
|    notation in order to understand this specification. The augmented BNF
 | ||
|    includes the following constructs:
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| Berners-Lee, et al           Informational                      [Page 8]
 | ||
| 
 | ||
| RFC 1945                        HTTP/1.0                        May 1996
 | ||
| 
 | ||
| 
 | ||
|    name = definition
 | ||
| 
 | ||
|        The name of a rule is simply the name itself (without any
 | ||
|        enclosing "<" and ">") and is separated from its definition by
 | ||
|        the equal character "=". Whitespace is only significant in that
 | ||
|        indentation of continuation lines is used to indicate a rule
 | ||
|        definition that spans more than one line. Certain basic rules
 | ||
|        are in uppercase, such as SP, LWS, HT, CRLF, DIGIT, ALPHA, etc.
 | ||
|        Angle brackets are used within definitions whenever their
 | ||
|        presence will facilitate discerning the use of rule names.
 | ||
| 
 | ||
|    "literal"
 | ||
| 
 | ||
|        Quotation marks surround literal text. Unless stated otherwise,
 | ||
|        the text is case-insensitive.
 | ||
| 
 | ||
|    rule1 | rule2
 | ||
| 
 | ||
|        Elements separated by a bar ("I") are alternatives,
 | ||
|        e.g., "yes | no" will accept yes or no.
 | ||
| 
 | ||
|    (rule1 rule2)
 | ||
| 
 | ||
|        Elements enclosed in parentheses are treated as a single
 | ||
|        element. Thus, "(elem (foo | bar) elem)" allows the token
 | ||
|        sequences "elem foo elem" and "elem bar elem".
 | ||
| 
 | ||
|    *rule
 | ||
| 
 | ||
|        The character "*" preceding an element indicates repetition. The
 | ||
|        full form is "<n>*<m>element" indicating at least <n> and at
 | ||
|        most <m> occurrences of element. Default values are 0 and
 | ||
|        infinity so that "*(element)" allows any number, including zero;
 | ||
|        "1*element" requires at least one; and "1*2element" allows one
 | ||
|        or two.
 | ||
| 
 | ||
|    [rule]
 | ||
| 
 | ||
|        Square brackets enclose optional elements; "[foo bar]" is
 | ||
|        equivalent to "*1(foo bar)".
 | ||
| 
 | ||
|    N rule
 | ||
| 
 | ||
|        Specific repetition: "<n>(element)" is equivalent to
 | ||
|        "<n>*<n>(element)"; that is, exactly <n> occurrences of
 | ||
|        (element). Thus 2DIGIT is a 2-digit number, and 3ALPHA is a
 | ||
|        string of three alphabetic characters.
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| Berners-Lee, et al           Informational                      [Page 9]
 | ||
| 
 | ||
| RFC 1945                        HTTP/1.0                        May 1996
 | ||
| 
 | ||
| 
 | ||
|    #rule
 | ||
| 
 | ||
|        A construct "#" is defined, similar to "*", for defining lists
 | ||
|        of elements. The full form is "<n>#<m>element" indicating at
 | ||
|        least <n> and at most <m> elements, each separated by one or
 | ||
|        more commas (",") and optional linear whitespace (LWS). This
 | ||
|        makes the usual form of lists very easy; a rule such as
 | ||
|        "( *LWS element *( *LWS "," *LWS element ))" can be shown as
 | ||
|        "1#element". Wherever this construct is used, null elements are
 | ||
|        allowed, but do not contribute to the count of elements present.
 | ||
|        That is, "(element), , (element)" is permitted, but counts as
 | ||
|        only two elements. Therefore, where at least one element is
 | ||
|        required, at least one non-null element must be present. Default
 | ||
|        values are 0 and infinity so that "#(element)" allows any
 | ||
|        number, including zero; "1#element" requires at least one; and
 | ||
|        "1#2element" allows one or two.
 | ||
| 
 | ||
|    ; comment
 | ||
| 
 | ||
|        A semi-colon, set off some distance to the right of rule text,
 | ||
|        starts a comment that continues to the end of line. This is a
 | ||
|        simple way of including useful notes in parallel with the
 | ||
|        specifications.
 | ||
| 
 | ||
|    implied *LWS
 | ||
| 
 | ||
|        The grammar described by this specification is word-based.
 | ||
|        Except where noted otherwise, linear whitespace (LWS) can be
 | ||
|        included between any two adjacent words (token or
 | ||
|        quoted-string), and between adjacent tokens and delimiters
 | ||
|        (tspecials), without changing the interpretation of a field. At
 | ||
|        least one delimiter (tspecials) must exist between any two
 | ||
|        tokens, since they would otherwise be interpreted as a single
 | ||
|        token. However, applications should attempt to follow "common
 | ||
|        form" when generating HTTP constructs, since there exist some
 | ||
|        implementations that fail to accept anything beyond the common
 | ||
|        forms.
 | ||
| 
 | ||
| 2.2  Basic Rules
 | ||
| 
 | ||
|    The following rules are used throughout this specification to
 | ||
|    describe basic parsing constructs. The US-ASCII coded character set
 | ||
|    is defined by [17].
 | ||
| 
 | ||
|        OCTET          = <any 8-bit sequence of data>
 | ||
|        CHAR           = <any US-ASCII character (octets 0 - 127)>
 | ||
|        UPALPHA        = <any US-ASCII uppercase letter "A".."Z">
 | ||
|        LOALPHA        = <any US-ASCII lowercase letter "a".."z">
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| Berners-Lee, et al           Informational                     [Page 10]
 | ||
| 
 | ||
| RFC 1945                        HTTP/1.0                        May 1996
 | ||
| 
 | ||
| 
 | ||
|        ALPHA          = UPALPHA | LOALPHA
 | ||
|        DIGIT          = <any US-ASCII digit "0".."9">
 | ||
|        CTL            = <any US-ASCII control character
 | ||
|                         (octets 0 - 31) and DEL (127)>
 | ||
|        CR             = <US-ASCII CR, carriage return (13)>
 | ||
|        LF             = <US-ASCII LF, linefeed (10)>
 | ||
|        SP             = <US-ASCII SP, space (32)>
 | ||
|        HT             = <US-ASCII HT, horizontal-tab (9)>
 | ||
|        <">            = <US-ASCII double-quote mark (34)>
 | ||
| 
 | ||
|    HTTP/1.0 defines the octet sequence CR LF as the end-of-line marker
 | ||
|    for all protocol elements except the Entity-Body (see Appendix B for
 | ||
|    tolerant applications). The end-of-line marker within an Entity-Body
 | ||
|    is defined by its associated media type, as described in Section 3.6.
 | ||
| 
 | ||
|        CRLF           = CR LF
 | ||
| 
 | ||
|    HTTP/1.0 headers may be folded onto multiple lines if each
 | ||
|    continuation line begins with a space or horizontal tab. All linear
 | ||
|    whitespace, including folding, has the same semantics as SP.
 | ||
| 
 | ||
|        LWS            = [CRLF] 1*( SP | HT )
 | ||
| 
 | ||
|    However, folding of header lines is not expected by some
 | ||
|    applications, and should not be generated by HTTP/1.0 applications.
 | ||
| 
 | ||
|    The TEXT rule is only used for descriptive field contents and values
 | ||
|    that are not intended to be interpreted by the message parser. Words
 | ||
|    of *TEXT may contain octets from character sets other than US-ASCII.
 | ||
| 
 | ||
|        TEXT           = <any OCTET except CTLs,
 | ||
|                         but including LWS>
 | ||
| 
 | ||
|    Recipients of header field TEXT containing octets outside the US-
 | ||
|    ASCII character set may assume that they represent ISO-8859-1
 | ||
|    characters.
 | ||
| 
 | ||
|    Hexadecimal numeric characters are used in several protocol elements.
 | ||
| 
 | ||
|        HEX            = "A" | "B" | "C" | "D" | "E" | "F"
 | ||
|                       | "a" | "b" | "c" | "d" | "e" | "f" | DIGIT
 | ||
| 
 | ||
|    Many HTTP/1.0 header field values consist of words separated by LWS
 | ||
|    or special characters. These special characters must be in a quoted
 | ||
|    string to be used within a parameter value.
 | ||
| 
 | ||
|        word           = token | quoted-string
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| Berners-Lee, et al           Informational                     [Page 11]
 | ||
| 
 | ||
| RFC 1945                        HTTP/1.0                        May 1996
 | ||
| 
 | ||
| 
 | ||
|        token          = 1*<any CHAR except CTLs or tspecials>
 | ||
| 
 | ||
|        tspecials      = "(" | ")" | "<" | ">" | "@"
 | ||
|                       | "," | ";" | ":" | "\" | <">
 | ||
|                       | "/" | "[" | "]" | "?" | "="
 | ||
|                       | "{" | "}" | SP | HT
 | ||
| 
 | ||
|    Comments may be included in some HTTP header fields by surrounding
 | ||
|    the comment text with parentheses. Comments are only allowed in
 | ||
|    fields containing "comment" as part of their field value definition.
 | ||
|    In all other fields, parentheses are considered part of the field
 | ||
|    value.
 | ||
| 
 | ||
|        comment        = "(" *( ctext | comment ) ")"
 | ||
|        ctext          = <any TEXT excluding "(" and ")">
 | ||
| 
 | ||
|    A string of text is parsed as a single word if it is quoted using
 | ||
|    double-quote marks.
 | ||
| 
 | ||
|        quoted-string  = ( <"> *(qdtext) <"> )
 | ||
| 
 | ||
|        qdtext         = <any CHAR except <"> and CTLs,
 | ||
|                         but including LWS>
 | ||
| 
 | ||
|    Single-character quoting using the backslash ("\") character is not
 | ||
|    permitted in HTTP/1.0.
 | ||
| 
 | ||
| 3.  Protocol Parameters
 | ||
| 
 | ||
| 3.1  HTTP Version
 | ||
| 
 | ||
|    HTTP uses a "<major>.<minor>" numbering scheme to indicate versions
 | ||
|    of the protocol. The protocol versioning policy is intended to allow
 | ||
|    the sender to indicate the format of a message and its capacity for
 | ||
|    understanding further HTTP communication, rather than the features
 | ||
|    obtained via that communication. No change is made to the version
 | ||
|    number for the addition of message components which do not affect
 | ||
|    communication behavior or which only add to extensible field values.
 | ||
|    The <minor> number is incremented when the changes made to the
 | ||
|    protocol add features which do not change the general message parsing
 | ||
|    algorithm, but which may add to the message semantics and imply
 | ||
|    additional capabilities of the sender. The <major> number is
 | ||
|    incremented when the format of a message within the protocol is
 | ||
|    changed.
 | ||
| 
 | ||
|    The version of an HTTP message is indicated by an HTTP-Version field
 | ||
|    in the first line of the message. If the protocol version is not
 | ||
|    specified, the recipient must assume that the message is in the
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| Berners-Lee, et al           Informational                     [Page 12]
 | ||
| 
 | ||
| RFC 1945                        HTTP/1.0                        May 1996
 | ||
| 
 | ||
| 
 | ||
|    simple HTTP/0.9 format.
 | ||
| 
 | ||
|        HTTP-Version   = "HTTP" "/" 1*DIGIT "." 1*DIGIT
 | ||
| 
 | ||
|    Note that the major and minor numbers should be treated as separate
 | ||
|    integers and that each may be incremented higher than a single digit.
 | ||
|    Thus, HTTP/2.4 is a lower version than HTTP/2.13, which in turn is
 | ||
|    lower than HTTP/12.3. Leading zeros should be ignored by recipients
 | ||
|    and never generated by senders.
 | ||
| 
 | ||
|    This document defines both the 0.9 and 1.0 versions of the HTTP
 | ||
|    protocol. Applications sending Full-Request or Full-Response
 | ||
|    messages, as defined by this specification, must include an HTTP-
 | ||
|    Version of "HTTP/1.0".
 | ||
| 
 | ||
|    HTTP/1.0 servers must:
 | ||
| 
 | ||
|       o recognize the format of the Request-Line for HTTP/0.9 and
 | ||
|         HTTP/1.0 requests;
 | ||
| 
 | ||
|       o understand any valid request in the format of HTTP/0.9 or
 | ||
|         HTTP/1.0;
 | ||
| 
 | ||
|       o respond appropriately with a message in the same protocol
 | ||
|         version used by the client.
 | ||
| 
 | ||
|    HTTP/1.0 clients must:
 | ||
| 
 | ||
|       o recognize the format of the Status-Line for HTTP/1.0 responses;
 | ||
| 
 | ||
|       o understand any valid response in the format of HTTP/0.9 or
 | ||
|         HTTP/1.0.
 | ||
| 
 | ||
|    Proxy and gateway applications must be careful in forwarding requests
 | ||
|    that are received in a format different than that of the
 | ||
|    application's native HTTP version. Since the protocol version
 | ||
|    indicates the protocol capability of the sender, a proxy/gateway must
 | ||
|    never send a message with a version indicator which is greater than
 | ||
|    its native version; if a higher version request is received, the
 | ||
|    proxy/gateway must either downgrade the request version or respond
 | ||
|    with an error. Requests with a version lower than that of the
 | ||
|    application's native format may be upgraded before being forwarded;
 | ||
|    the proxy/gateway's response to that request must follow the server
 | ||
|    requirements listed above.
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| Berners-Lee, et al           Informational                     [Page 13]
 | ||
| 
 | ||
| RFC 1945                        HTTP/1.0                        May 1996
 | ||
| 
 | ||
| 
 | ||
| 3.2  Uniform Resource Identifiers
 | ||
| 
 | ||
|    URIs have been known by many names: WWW addresses, Universal Document
 | ||
|    Identifiers, Universal Resource Identifiers [2], and finally the
 | ||
|    combination of Uniform Resource Locators (URL) [4] and Names (URN)
 | ||
|    [16]. As far as HTTP is concerned, Uniform Resource Identifiers are
 | ||
|    simply formatted strings which identify--via name, location, or any
 | ||
|    other characteristic--a network resource.
 | ||
| 
 | ||
| 3.2.1 General Syntax
 | ||
| 
 | ||
|    URIs in HTTP can be represented in absolute form or relative to some
 | ||
|    known base URI [9], depending upon the context of their use. The two
 | ||
|    forms are differentiated by the fact that absolute URIs always begin
 | ||
|    with a scheme name followed by a colon.
 | ||
| 
 | ||
|        URI            = ( absoluteURI | relativeURI ) [ "#" fragment ]
 | ||
| 
 | ||
|        absoluteURI    = scheme ":" *( uchar | reserved )
 | ||
| 
 | ||
|        relativeURI    = net_path | abs_path | rel_path
 | ||
| 
 | ||
|        net_path       = "//" net_loc [ abs_path ]
 | ||
|        abs_path       = "/" rel_path
 | ||
|        rel_path       = [ path ] [ ";" params ] [ "?" query ]
 | ||
| 
 | ||
|        path           = fsegment *( "/" segment )
 | ||
|        fsegment       = 1*pchar
 | ||
|        segment        = *pchar
 | ||
| 
 | ||
|        params         = param *( ";" param )
 | ||
|        param          = *( pchar | "/" )
 | ||
| 
 | ||
|        scheme         = 1*( ALPHA | DIGIT | "+" | "-" | "." )
 | ||
|        net_loc        = *( pchar | ";" | "?" )
 | ||
|        query          = *( uchar | reserved )
 | ||
|        fragment       = *( uchar | reserved )
 | ||
| 
 | ||
|        pchar          = uchar | ":" | "@" | "&" | "=" | "+"
 | ||
|        uchar          = unreserved | escape
 | ||
|        unreserved     = ALPHA | DIGIT | safe | extra | national
 | ||
| 
 | ||
|        escape         = "%" HEX HEX
 | ||
|        reserved       = ";" | "/" | "?" | ":" | "@" | "&" | "=" | "+"
 | ||
|        extra          = "!" | "*" | "'" | "(" | ")" | ","
 | ||
|        safe           = "$" | "-" | "_" | "."
 | ||
|        unsafe         = CTL | SP | <"> | "#" | "%" | "<" | ">"
 | ||
|        national       = <any OCTET excluding ALPHA, DIGIT,
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| Berners-Lee, et al           Informational                     [Page 14]
 | ||
| 
 | ||
| RFC 1945                        HTTP/1.0                        May 1996
 | ||
| 
 | ||
| 
 | ||
|                         reserved, extra, safe, and unsafe>
 | ||
| 
 | ||
|    For definitive information on URL syntax and semantics, see RFC 1738
 | ||
|    [4] and RFC 1808 [9]. The BNF above includes national characters not
 | ||
|    allowed in valid URLs as specified by RFC 1738, since HTTP servers
 | ||
|    are not restricted in the set of unreserved characters allowed to
 | ||
|    represent the rel_path part of addresses, and HTTP proxies may
 | ||
|    receive requests for URIs not defined by RFC 1738.
 | ||
| 
 | ||
| 3.2.2 http URL
 | ||
| 
 | ||
|    The "http" scheme is used to locate network resources via the HTTP
 | ||
|    protocol. This section defines the scheme-specific syntax and
 | ||
|    semantics for http URLs.
 | ||
| 
 | ||
|        http_URL       = "http:" "//" host [ ":" port ] [ abs_path ]
 | ||
| 
 | ||
|        host           = <A legal Internet host domain name
 | ||
|                          or IP address (in dotted-decimal form),
 | ||
|                          as defined by Section 2.1 of RFC 1123>
 | ||
| 
 | ||
|        port           = *DIGIT
 | ||
| 
 | ||
|    If the port is empty or not given, port 80 is assumed. The semantics
 | ||
|    are that the identified resource is located at the server listening
 | ||
|    for TCP connections on that port of that host, and the Request-URI
 | ||
|    for the resource is abs_path. If the abs_path is not present in the
 | ||
|    URL, it must be given as "/" when used as a Request-URI (Section
 | ||
|    5.1.2).
 | ||
| 
 | ||
|       Note: Although the HTTP protocol is independent of the transport
 | ||
|       layer protocol, the http URL only identifies resources by their
 | ||
|       TCP location, and thus non-TCP resources must be identified by
 | ||
|       some other URI scheme.
 | ||
| 
 | ||
|    The canonical form for "http" URLs is obtained by converting any
 | ||
|    UPALPHA characters in host to their LOALPHA equivalent (hostnames are
 | ||
|    case-insensitive), eliding the [ ":" port ] if the port is 80, and
 | ||
|    replacing an empty abs_path with "/".
 | ||
| 
 | ||
| 3.3  Date/Time Formats
 | ||
| 
 | ||
|    HTTP/1.0 applications have historically allowed three different
 | ||
|    formats for the representation of date/time stamps:
 | ||
| 
 | ||
|        Sun, 06 Nov 1994 08:49:37 GMT    ; RFC 822, updated by RFC 1123
 | ||
|        Sunday, 06-Nov-94 08:49:37 GMT   ; RFC 850, obsoleted by RFC 1036
 | ||
|        Sun Nov  6 08:49:37 1994         ; ANSI C's asctime() format
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| Berners-Lee, et al           Informational                     [Page 15]
 | ||
| 
 | ||
| RFC 1945                        HTTP/1.0                        May 1996
 | ||
| 
 | ||
| 
 | ||
|    The first format is preferred as an Internet standard and represents
 | ||
|    a fixed-length subset of that defined by RFC 1123 [6] (an update to
 | ||
|    RFC 822 [7]). The second format is in common use, but is based on the
 | ||
|    obsolete RFC 850 [10] date format and lacks a four-digit year.
 | ||
|    HTTP/1.0 clients and servers that parse the date value should accept
 | ||
|    all three formats, though they must never generate the third
 | ||
|    (asctime) format.
 | ||
| 
 | ||
|       Note: Recipients of date values are encouraged to be robust in
 | ||
|       accepting date values that may have been generated by non-HTTP
 | ||
|       applications, as is sometimes the case when retrieving or posting
 | ||
|       messages via proxies/gateways to SMTP or NNTP.
 | ||
| 
 | ||
|    All HTTP/1.0 date/time stamps must be represented in Universal Time
 | ||
|    (UT), also known as Greenwich Mean Time (GMT), without exception.
 | ||
|    This is indicated in the first two formats by the inclusion of "GMT"
 | ||
|    as the three-letter abbreviation for time zone, and should be assumed
 | ||
|    when reading the asctime format.
 | ||
| 
 | ||
|        HTTP-date      = rfc1123-date | rfc850-date | asctime-date
 | ||
| 
 | ||
|        rfc1123-date   = wkday "," SP date1 SP time SP "GMT"
 | ||
|        rfc850-date    = weekday "," SP date2 SP time SP "GMT"
 | ||
|        asctime-date   = wkday SP date3 SP time SP 4DIGIT
 | ||
| 
 | ||
|        date1          = 2DIGIT SP month SP 4DIGIT
 | ||
|                         ; day month year (e.g., 02 Jun 1982)
 | ||
|        date2          = 2DIGIT "-" month "-" 2DIGIT
 | ||
|                         ; day-month-year (e.g., 02-Jun-82)
 | ||
|        date3          = month SP ( 2DIGIT | ( SP 1DIGIT ))
 | ||
|                         ; month day (e.g., Jun  2)
 | ||
| 
 | ||
|        time           = 2DIGIT ":" 2DIGIT ":" 2DIGIT
 | ||
|                         ; 00:00:00 - 23:59:59
 | ||
| 
 | ||
|        wkday          = "Mon" | "Tue" | "Wed"
 | ||
|                       | "Thu" | "Fri" | "Sat" | "Sun"
 | ||
| 
 | ||
|        weekday        = "Monday" | "Tuesday" | "Wednesday"
 | ||
|                       | "Thursday" | "Friday" | "Saturday" | "Sunday"
 | ||
| 
 | ||
|        month          = "Jan" | "Feb" | "Mar" | "Apr"
 | ||
|                       | "May" | "Jun" | "Jul" | "Aug"
 | ||
|                       | "Sep" | "Oct" | "Nov" | "Dec"
 | ||
| 
 | ||
|        Note: HTTP requirements for the date/time stamp format apply
 | ||
|        only to their usage within the protocol stream. Clients and
 | ||
|        servers are not required to use these formats for user
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| Berners-Lee, et al           Informational                     [Page 16]
 | ||
| 
 | ||
| RFC 1945                        HTTP/1.0                        May 1996
 | ||
| 
 | ||
| 
 | ||
|        presentation, request logging, etc.
 | ||
| 
 | ||
| 3.4  Character Sets
 | ||
| 
 | ||
|    HTTP uses the same definition of the term "character set" as that
 | ||
|    described for MIME:
 | ||
| 
 | ||
|       The term "character set" is used in this document to refer to a
 | ||
|       method used with one or more tables to convert a sequence of
 | ||
|       octets into a sequence of characters. Note that unconditional
 | ||
|       conversion in the other direction is not required, in that not all
 | ||
|       characters may be available in a given character set and a
 | ||
|       character set may provide more than one sequence of octets to
 | ||
|       represent a particular character. This definition is intended to
 | ||
|       allow various kinds of character encodings, from simple single-
 | ||
|       table mappings such as US-ASCII to complex table switching methods
 | ||
|       such as those that use ISO 2022's techniques. However, the
 | ||
|       definition associated with a MIME character set name must fully
 | ||
|       specify the mapping to be performed from octets to characters. In
 | ||
|       particular, use of external profiling information to determine the
 | ||
|       exact mapping is not permitted.
 | ||
| 
 | ||
|       Note: This use of the term "character set" is more commonly
 | ||
|       referred to as a "character encoding." However, since HTTP and
 | ||
|       MIME share the same registry, it is important that the terminology
 | ||
|       also be shared.
 | ||
| 
 | ||
|    HTTP character sets are identified by case-insensitive tokens. The
 | ||
|    complete set of tokens are defined by the IANA Character Set registry
 | ||
|    [15]. However, because that registry does not define a single,
 | ||
|    consistent token for each character set, we define here the preferred
 | ||
|    names for those character sets most likely to be used with HTTP
 | ||
|    entities. These character sets include those registered by RFC 1521
 | ||
|    [5] -- the US-ASCII [17] and ISO-8859 [18] character sets -- and
 | ||
|    other names specifically recommended for use within MIME charset
 | ||
|    parameters.
 | ||
| 
 | ||
|      charset = "US-ASCII"
 | ||
|              | "ISO-8859-1" | "ISO-8859-2" | "ISO-8859-3"
 | ||
|              | "ISO-8859-4" | "ISO-8859-5" | "ISO-8859-6"
 | ||
|              | "ISO-8859-7" | "ISO-8859-8" | "ISO-8859-9"
 | ||
|              | "ISO-2022-JP" | "ISO-2022-JP-2" | "ISO-2022-KR"
 | ||
|              | "UNICODE-1-1" | "UNICODE-1-1-UTF-7" | "UNICODE-1-1-UTF-8"
 | ||
|              | token
 | ||
| 
 | ||
|    Although HTTP allows an arbitrary token to be used as a charset
 | ||
|    value, any token that has a predefined value within the IANA
 | ||
|    Character Set registry [15] must represent the character set defined
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| Berners-Lee, et al           Informational                     [Page 17]
 | ||
| 
 | ||
| RFC 1945                        HTTP/1.0                        May 1996
 | ||
| 
 | ||
| 
 | ||
|    by that registry. Applications should limit their use of character
 | ||
|    sets to those defined by the IANA registry.
 | ||
| 
 | ||
|    The character set of an entity body should be labelled as the lowest
 | ||
|    common denominator of the character codes used within that body, with
 | ||
|    the exception that no label is preferred over the labels US-ASCII or
 | ||
|    ISO-8859-1.
 | ||
| 
 | ||
| 3.5  Content Codings
 | ||
| 
 | ||
|    Content coding values are used to indicate an encoding transformation
 | ||
|    that has been applied to a resource. Content codings are primarily
 | ||
|    used to allow a document to be compressed or encrypted without losing
 | ||
|    the identity of its underlying media type. Typically, the resource is
 | ||
|    stored in this encoding and only decoded before rendering or
 | ||
|    analogous usage.
 | ||
| 
 | ||
|        content-coding = "x-gzip" | "x-compress" | token
 | ||
| 
 | ||
|        Note: For future compatibility, HTTP/1.0 applications should
 | ||
|        consider "gzip" and "compress" to be equivalent to "x-gzip"
 | ||
|        and "x-compress", respectively.
 | ||
| 
 | ||
|    All content-coding values are case-insensitive. HTTP/1.0 uses
 | ||
|    content-coding values in the Content-Encoding (Section 10.3) header
 | ||
|    field. Although the value describes the content-coding, what is more
 | ||
|    important is that it indicates what decoding mechanism will be
 | ||
|    required to remove the encoding. Note that a single program may be
 | ||
|    capable of decoding multiple content-coding formats. Two values are
 | ||
|    defined by this specification:
 | ||
| 
 | ||
|    x-gzip
 | ||
|        An encoding format produced by the file compression program
 | ||
|        "gzip" (GNU zip) developed by Jean-loup Gailly. This format is
 | ||
|        typically a Lempel-Ziv coding (LZ77) with a 32 bit CRC.
 | ||
| 
 | ||
|    x-compress
 | ||
|        The encoding format produced by the file compression program
 | ||
|        "compress". This format is an adaptive Lempel-Ziv-Welch coding
 | ||
|        (LZW).
 | ||
| 
 | ||
|        Note: Use of program names for the identification of
 | ||
|        encoding formats is not desirable and should be discouraged
 | ||
|        for future encodings. Their use here is representative of
 | ||
|        historical practice, not good design.
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| Berners-Lee, et al           Informational                     [Page 18]
 | ||
| 
 | ||
| RFC 1945                        HTTP/1.0                        May 1996
 | ||
| 
 | ||
| 
 | ||
| 3.6  Media Types
 | ||
| 
 | ||
|    HTTP uses Internet Media Types [13] in the Content-Type header field
 | ||
|    (Section 10.5) in order to provide open and extensible data typing.
 | ||
| 
 | ||
|        media-type     = type "/" subtype *( ";" parameter )
 | ||
|        type           = token
 | ||
|        subtype        = token
 | ||
| 
 | ||
|    Parameters may follow the type/subtype in the form of attribute/value
 | ||
|    pairs.
 | ||
| 
 | ||
|        parameter      = attribute "=" value
 | ||
|        attribute      = token
 | ||
|        value          = token | quoted-string
 | ||
| 
 | ||
|    The type, subtype, and parameter attribute names are case-
 | ||
|    insensitive. Parameter values may or may not be case-sensitive,
 | ||
|    depending on the semantics of the parameter name. LWS must not be
 | ||
|    generated between the type and subtype, nor between an attribute and
 | ||
|    its value. Upon receipt of a media type with an unrecognized
 | ||
|    parameter, a user agent should treat the media type as if the
 | ||
|    unrecognized parameter and its value were not present.
 | ||
| 
 | ||
|    Some older HTTP applications do not recognize media type parameters.
 | ||
|    HTTP/1.0 applications should only use media type parameters when they
 | ||
|    are necessary to define the content of a message.
 | ||
| 
 | ||
|    Media-type values are registered with the Internet Assigned Number
 | ||
|    Authority (IANA [15]). The media type registration process is
 | ||
|    outlined in RFC 1590 [13]. Use of non-registered media types is
 | ||
|    discouraged.
 | ||
| 
 | ||
| 3.6.1 Canonicalization and Text Defaults
 | ||
| 
 | ||
|    Internet media types are registered with a canonical form. In
 | ||
|    general, an Entity-Body transferred via HTTP must be represented in
 | ||
|    the appropriate canonical form prior to its transmission. If the body
 | ||
|    has been encoded with a Content-Encoding, the underlying data should
 | ||
|    be in canonical form prior to being encoded.
 | ||
| 
 | ||
|    Media subtypes of the "text" type use CRLF as the text line break
 | ||
|    when in canonical form. However, HTTP allows the transport of text
 | ||
|    media with plain CR or LF alone representing a line break when used
 | ||
|    consistently within the Entity-Body. HTTP applications must accept
 | ||
|    CRLF, bare CR, and bare LF as being representative of a line break in
 | ||
|    text media received via HTTP.
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| Berners-Lee, et al           Informational                     [Page 19]
 | ||
| 
 | ||
| RFC 1945                        HTTP/1.0                        May 1996
 | ||
| 
 | ||
| 
 | ||
|    In addition, if the text media is represented in a character set that
 | ||
|    does not use octets 13 and 10 for CR and LF respectively, as is the
 | ||
|    case for some multi-byte character sets, HTTP allows the use of
 | ||
|    whatever octet sequences are defined by that character set to
 | ||
|    represent the equivalent of CR and LF for line breaks. This
 | ||
|    flexibility regarding line breaks applies only to text media in the
 | ||
|    Entity-Body; a bare CR or LF should not be substituted for CRLF
 | ||
|    within any of the HTTP control structures (such as header fields and
 | ||
|    multipart boundaries).
 | ||
| 
 | ||
|    The "charset" parameter is used with some media types to define the
 | ||
|    character set (Section 3.4) of the data. When no explicit charset
 | ||
|    parameter is provided by the sender, media subtypes of the "text"
 | ||
|    type are defined to have a default charset value of "ISO-8859-1" when
 | ||
|    received via HTTP. Data in character sets other than "ISO-8859-1" or
 | ||
|    its subsets must be labelled with an appropriate charset value in
 | ||
|    order to be consistently interpreted by the recipient.
 | ||
| 
 | ||
|       Note: Many current HTTP servers provide data using charsets other
 | ||
|       than "ISO-8859-1" without proper labelling. This situation reduces
 | ||
|       interoperability and is not recommended. To compensate for this,
 | ||
|       some HTTP user agents provide a configuration option to allow the
 | ||
|       user to change the default interpretation of the media type
 | ||
|       character set when no charset parameter is given.
 | ||
| 
 | ||
| 3.6.2 Multipart Types
 | ||
| 
 | ||
|    MIME provides for a number of "multipart" types -- encapsulations of
 | ||
|    several entities within a single message's Entity-Body. The multipart
 | ||
|    types registered by IANA [15] do not have any special meaning for
 | ||
|    HTTP/1.0, though user agents may need to understand each type in
 | ||
|    order to correctly interpret the purpose of each body-part. An HTTP
 | ||
|    user agent should follow the same or similar behavior as a MIME user
 | ||
|    agent does upon receipt of a multipart type. HTTP servers should not
 | ||
|    assume that all HTTP clients are prepared to handle multipart types.
 | ||
| 
 | ||
|    All multipart types share a common syntax and must include a boundary
 | ||
|    parameter as part of the media type value. The message body is itself
 | ||
|    a protocol element and must therefore use only CRLF to represent line
 | ||
|    breaks between body-parts. Multipart body-parts may contain HTTP
 | ||
|    header fields which are significant to the meaning of that part.
 | ||
| 
 | ||
| 3.7  Product Tokens
 | ||
| 
 | ||
|    Product tokens are used to allow communicating applications to
 | ||
|    identify themselves via a simple product token, with an optional
 | ||
|    slash and version designator. Most fields using product tokens also
 | ||
|    allow subproducts which form a significant part of the application to
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| Berners-Lee, et al           Informational                     [Page 20]
 | ||
| 
 | ||
| RFC 1945                        HTTP/1.0                        May 1996
 | ||
| 
 | ||
| 
 | ||
|    be listed, separated by whitespace. By convention, the products are
 | ||
|    listed in order of their significance for identifying the
 | ||
|    application.
 | ||
| 
 | ||
|        product         = token ["/" product-version]
 | ||
|        product-version = token
 | ||
| 
 | ||
|    Examples:
 | ||
| 
 | ||
|        User-Agent: CERN-LineMode/2.15 libwww/2.17b3
 | ||
| 
 | ||
|        Server: Apache/0.8.4
 | ||
| 
 | ||
|    Product tokens should be short and to the point -- use of them for
 | ||
|    advertizing or other non-essential information is explicitly
 | ||
|    forbidden. Although any token character may appear in a product-
 | ||
|    version, this token should only be used for a version identifier
 | ||
|    (i.e., successive versions of the same product should only differ in
 | ||
|    the product-version portion of the product value).
 | ||
| 
 | ||
| 4.  HTTP Message
 | ||
| 
 | ||
| 4.1  Message Types
 | ||
| 
 | ||
|    HTTP messages consist of requests from client to server and responses
 | ||
|    from server to client.
 | ||
| 
 | ||
|        HTTP-message   = Simple-Request           ; HTTP/0.9 messages
 | ||
|                       | Simple-Response
 | ||
|                       | Full-Request             ; HTTP/1.0 messages
 | ||
|                       | Full-Response
 | ||
| 
 | ||
|    Full-Request and Full-Response use the generic message format of RFC
 | ||
|    822 [7] for transferring entities. Both messages may include optional
 | ||
|    header fields (also known as "headers") and an entity body. The
 | ||
|    entity body is separated from the headers by a null line (i.e., a
 | ||
|    line with nothing preceding the CRLF).
 | ||
| 
 | ||
|        Full-Request   = Request-Line             ; Section 5.1
 | ||
|                         *( General-Header        ; Section 4.3
 | ||
|                          | Request-Header        ; Section 5.2
 | ||
|                          | Entity-Header )       ; Section 7.1
 | ||
|                         CRLF
 | ||
|                         [ Entity-Body ]          ; Section 7.2
 | ||
| 
 | ||
|        Full-Response  = Status-Line              ; Section 6.1
 | ||
|                         *( General-Header        ; Section 4.3
 | ||
|                          | Response-Header       ; Section 6.2
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| Berners-Lee, et al           Informational                     [Page 21]
 | ||
| 
 | ||
| RFC 1945                        HTTP/1.0                        May 1996
 | ||
| 
 | ||
| 
 | ||
|                          | Entity-Header )       ; Section 7.1
 | ||
|                         CRLF
 | ||
|                         [ Entity-Body ]          ; Section 7.2
 | ||
| 
 | ||
|    Simple-Request and Simple-Response do not allow the use of any header
 | ||
|    information and are limited to a single request method (GET).
 | ||
| 
 | ||
|        Simple-Request  = "GET" SP Request-URI CRLF
 | ||
| 
 | ||
|        Simple-Response = [ Entity-Body ]
 | ||
| 
 | ||
|    Use of the Simple-Request format is discouraged because it prevents
 | ||
|    the server from identifying the media type of the returned entity.
 | ||
| 
 | ||
| 4.2  Message Headers
 | ||
| 
 | ||
|    HTTP header fields, which include General-Header (Section 4.3),
 | ||
|    Request-Header (Section 5.2), Response-Header (Section 6.2), and
 | ||
|    Entity-Header (Section 7.1) fields, follow the same generic format as
 | ||
|    that given in Section 3.1 of RFC 822 [7]. Each header field consists
 | ||
|    of a name followed immediately by a colon (":"), a single space (SP)
 | ||
|    character, and the field value. Field names are case-insensitive.
 | ||
|    Header fields can be extended over multiple lines by preceding each
 | ||
|    extra line with at least one SP or HT, though this is not
 | ||
|    recommended.
 | ||
| 
 | ||
|        HTTP-header    = field-name ":" [ field-value ] CRLF
 | ||
| 
 | ||
|        field-name     = token
 | ||
|        field-value    = *( field-content | LWS )
 | ||
| 
 | ||
|        field-content  = <the OCTETs making up the field-value
 | ||
|                         and consisting of either *TEXT or combinations
 | ||
|                         of token, tspecials, and quoted-string>
 | ||
| 
 | ||
|    The order in which header fields are received is not significant.
 | ||
|    However, it is "good practice" to send General-Header fields first,
 | ||
|    followed by Request-Header or Response-Header fields prior to the
 | ||
|    Entity-Header fields.
 | ||
| 
 | ||
|    Multiple HTTP-header fields with the same field-name may be present
 | ||
|    in a message if and only if the entire field-value for that header
 | ||
|    field is defined as a comma-separated list [i.e., #(values)]. It must
 | ||
|    be possible to combine the multiple header fields into one "field-
 | ||
|    name: field-value" pair, without changing the semantics of the
 | ||
|    message, by appending each subsequent field-value to the first, each
 | ||
|    separated by a comma.
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| Berners-Lee, et al           Informational                     [Page 22]
 | ||
| 
 | ||
| RFC 1945                        HTTP/1.0                        May 1996
 | ||
| 
 | ||
| 
 | ||
| 4.3  General Header Fields
 | ||
| 
 | ||
|    There are a few header fields which have general applicability for
 | ||
|    both request and response messages, but which do not apply to the
 | ||
|    entity being transferred. These headers apply only to the message
 | ||
|    being transmitted.
 | ||
| 
 | ||
|        General-Header = Date                     ; Section 10.6
 | ||
|                       | Pragma                   ; Section 10.12
 | ||
| 
 | ||
|    General header field names can be extended reliably only in
 | ||
|    combination with a change in the protocol version. However, new or
 | ||
|    experimental header fields may be given the semantics of general
 | ||
|    header fields if all parties in the communication recognize them to
 | ||
|    be general header fields. Unrecognized header fields are treated as
 | ||
|    Entity-Header fields.
 | ||
| 
 | ||
| 5. Request
 | ||
| 
 | ||
|    A request message from a client to a server includes, within the
 | ||
|    first line of that message, the method to be applied to the resource,
 | ||
|    the identifier of the resource, and the protocol version in use. For
 | ||
|    backwards compatibility with the more limited HTTP/0.9 protocol,
 | ||
|    there are two valid formats for an HTTP request:
 | ||
| 
 | ||
|        Request        = Simple-Request | Full-Request
 | ||
| 
 | ||
|        Simple-Request = "GET" SP Request-URI CRLF
 | ||
| 
 | ||
|        Full-Request   = Request-Line             ; Section 5.1
 | ||
|                         *( General-Header        ; Section 4.3
 | ||
|                          | Request-Header        ; Section 5.2
 | ||
|                          | Entity-Header )       ; Section 7.1
 | ||
|                         CRLF
 | ||
|                         [ Entity-Body ]          ; Section 7.2
 | ||
| 
 | ||
|    If an HTTP/1.0 server receives a Simple-Request, it must respond with
 | ||
|    an HTTP/0.9 Simple-Response. An HTTP/1.0 client capable of receiving
 | ||
|    a Full-Response should never generate a Simple-Request.
 | ||
| 
 | ||
| 5.1  Request-Line
 | ||
| 
 | ||
|    The Request-Line begins with a method token, followed by the
 | ||
|    Request-URI and the protocol version, and ending with CRLF. The
 | ||
|    elements are separated by SP characters. No CR or LF are allowed
 | ||
|    except in the final CRLF sequence.
 | ||
| 
 | ||
|        Request-Line = Method SP Request-URI SP HTTP-Version CRLF
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| Berners-Lee, et al           Informational                     [Page 23]
 | ||
| 
 | ||
| RFC 1945                        HTTP/1.0                        May 1996
 | ||
| 
 | ||
| 
 | ||
|    Note that the difference between a Simple-Request and the Request-
 | ||
|    Line of a Full-Request is the presence of the HTTP-Version field and
 | ||
|    the availability of methods other than GET.
 | ||
| 
 | ||
| 5.1.1 Method
 | ||
| 
 | ||
|    The Method token indicates the method to be performed on the resource
 | ||
|    identified by the Request-URI. The method is case-sensitive.
 | ||
| 
 | ||
|        Method         = "GET"                    ; Section 8.1
 | ||
|                       | "HEAD"                   ; Section 8.2
 | ||
|                       | "POST"                   ; Section 8.3
 | ||
|                       | extension-method
 | ||
| 
 | ||
|        extension-method = token
 | ||
| 
 | ||
|    The list of methods acceptable by a specific resource can change
 | ||
|    dynamically; the client is notified through the return code of the
 | ||
|    response if a method is not allowed on a resource. Servers should
 | ||
|    return the status code 501 (not implemented) if the method is
 | ||
|    unrecognized or not implemented.
 | ||
| 
 | ||
|    The methods commonly used by HTTP/1.0 applications are fully defined
 | ||
|    in Section 8.
 | ||
| 
 | ||
| 5.1.2 Request-URI
 | ||
| 
 | ||
|    The Request-URI is a Uniform Resource Identifier (Section 3.2) and
 | ||
|    identifies the resource upon which to apply the request.
 | ||
| 
 | ||
|        Request-URI    = absoluteURI | abs_path
 | ||
| 
 | ||
|    The two options for Request-URI are dependent on the nature of the
 | ||
|    request.
 | ||
| 
 | ||
|    The absoluteURI form is only allowed when the request is being made
 | ||
|    to a proxy. The proxy is requested to forward the request and return
 | ||
|    the response. If the request is GET or HEAD and a prior response is
 | ||
|    cached, the proxy may use the cached message if it passes any
 | ||
|    restrictions in the Expires header field. Note that the proxy may
 | ||
|    forward the request on to another proxy or directly to the server
 | ||
|    specified by the absoluteURI. In order to avoid request loops, a
 | ||
|    proxy must be able to recognize all of its server names, including
 | ||
|    any aliases, local variations, and the numeric IP address. An example
 | ||
|    Request-Line would be:
 | ||
| 
 | ||
|        GET http://www.w3.org/pub/WWW/TheProject.html HTTP/1.0
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| Berners-Lee, et al           Informational                     [Page 24]
 | ||
| 
 | ||
| RFC 1945                        HTTP/1.0                        May 1996
 | ||
| 
 | ||
| 
 | ||
|    The most common form of Request-URI is that used to identify a
 | ||
|    resource on an origin server or gateway. In this case, only the
 | ||
|    absolute path of the URI is transmitted (see Section 3.2.1,
 | ||
|    abs_path). For example, a client wishing to retrieve the resource
 | ||
|    above directly from the origin server would create a TCP connection
 | ||
|    to port 80 of the host "www.w3.org" and send the line:
 | ||
| 
 | ||
|        GET /pub/WWW/TheProject.html HTTP/1.0
 | ||
| 
 | ||
|    followed by the remainder of the Full-Request. Note that the absolute
 | ||
|    path cannot be empty; if none is present in the original URI, it must
 | ||
|    be given as "/" (the server root).
 | ||
| 
 | ||
|    The Request-URI is transmitted as an encoded string, where some
 | ||
|    characters may be escaped using the "% HEX HEX" encoding defined by
 | ||
|    RFC 1738 [4]. The origin server must decode the Request-URI in order
 | ||
|    to properly interpret the request.
 | ||
| 
 | ||
| 5.2  Request Header Fields
 | ||
| 
 | ||
|    The request header fields allow the client to pass additional
 | ||
|    information about the request, and about the client itself, to the
 | ||
|    server. These fields act as request modifiers, with semantics
 | ||
|    equivalent to the parameters on a programming language method
 | ||
|    (procedure) invocation.
 | ||
| 
 | ||
|        Request-Header = Authorization            ; Section 10.2
 | ||
|                       | From                     ; Section 10.8
 | ||
|                       | If-Modified-Since        ; Section 10.9
 | ||
|                       | Referer                  ; Section 10.13
 | ||
|                       | User-Agent               ; Section 10.15
 | ||
| 
 | ||
|    Request-Header field names can be extended reliably only in
 | ||
|    combination with a change in the protocol version. However, new or
 | ||
|    experimental header fields may be given the semantics of request
 | ||
|    header fields if all parties in the communication recognize them to
 | ||
|    be request header fields. Unrecognized header fields are treated as
 | ||
|    Entity-Header fields.
 | ||
| 
 | ||
| 6.  Response
 | ||
| 
 | ||
|    After receiving and interpreting a request message, a server responds
 | ||
|    in the form of an HTTP response message.
 | ||
| 
 | ||
|        Response        = Simple-Response | Full-Response
 | ||
| 
 | ||
|        Simple-Response = [ Entity-Body ]
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| Berners-Lee, et al           Informational                     [Page 25]
 | ||
| 
 | ||
| RFC 1945                        HTTP/1.0                        May 1996
 | ||
| 
 | ||
| 
 | ||
|        Full-Response   = Status-Line             ; Section 6.1
 | ||
|                          *( General-Header       ; Section 4.3
 | ||
|                           | Response-Header      ; Section 6.2
 | ||
|                           | Entity-Header )      ; Section 7.1
 | ||
|                          CRLF
 | ||
|                          [ Entity-Body ]         ; Section 7.2
 | ||
| 
 | ||
|    A Simple-Response should only be sent in response to an HTTP/0.9
 | ||
|    Simple-Request or if the server only supports the more limited
 | ||
|    HTTP/0.9 protocol. If a client sends an HTTP/1.0 Full-Request and
 | ||
|    receives a response that does not begin with a Status-Line, it should
 | ||
|    assume that the response is a Simple-Response and parse it
 | ||
|    accordingly. Note that the Simple-Response consists only of the
 | ||
|    entity body and is terminated by the server closing the connection.
 | ||
| 
 | ||
| 6.1  Status-Line
 | ||
| 
 | ||
|    The first line of a Full-Response message is the Status-Line,
 | ||
|    consisting of the protocol version followed by a numeric status code
 | ||
|    and its associated textual phrase, with each element separated by SP
 | ||
|    characters. No CR or LF is allowed except in the final CRLF sequence.
 | ||
| 
 | ||
|        Status-Line = HTTP-Version SP Status-Code SP Reason-Phrase CRLF
 | ||
| 
 | ||
|    Since a status line always begins with the protocol version and
 | ||
|    status code
 | ||
| 
 | ||
|        "HTTP/" 1*DIGIT "." 1*DIGIT SP 3DIGIT SP
 | ||
| 
 | ||
|    (e.g., "HTTP/1.0 200 "), the presence of that expression is
 | ||
|    sufficient to differentiate a Full-Response from a Simple-Response.
 | ||
|    Although the Simple-Response format may allow such an expression to
 | ||
|    occur at the beginning of an entity body, and thus cause a
 | ||
|    misinterpretation of the message if it was given in response to a
 | ||
|    Full-Request, most HTTP/0.9 servers are limited to responses of type
 | ||
|    "text/html" and therefore would never generate such a response.
 | ||
| 
 | ||
| 6.1.1 Status Code and Reason Phrase
 | ||
| 
 | ||
|    The Status-Code element is a 3-digit integer result code of the
 | ||
|    attempt to understand and satisfy the request. The Reason-Phrase is
 | ||
|    intended to give a short textual description of the Status-Code. The
 | ||
|    Status-Code is intended for use by automata and the Reason-Phrase is
 | ||
|    intended for the human user. The client is not required to examine or
 | ||
|    display the Reason-Phrase.
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| Berners-Lee, et al           Informational                     [Page 26]
 | ||
| 
 | ||
| RFC 1945                        HTTP/1.0                        May 1996
 | ||
| 
 | ||
| 
 | ||
|    The first digit of the Status-Code defines the class of response. The
 | ||
|    last two digits do not have any categorization role. There are 5
 | ||
|    values for the first digit:
 | ||
| 
 | ||
|       o 1xx: Informational - Not used, but reserved for future use
 | ||
| 
 | ||
|       o 2xx: Success - The action was successfully received,
 | ||
|              understood, and accepted.
 | ||
| 
 | ||
|       o 3xx: Redirection - Further action must be taken in order to
 | ||
|              complete the request
 | ||
| 
 | ||
|       o 4xx: Client Error - The request contains bad syntax or cannot
 | ||
|              be fulfilled
 | ||
| 
 | ||
|       o 5xx: Server Error - The server failed to fulfill an apparently
 | ||
|              valid request
 | ||
| 
 | ||
|    The individual values of the numeric status codes defined for
 | ||
|    HTTP/1.0, and an example set of corresponding Reason-Phrase's, are
 | ||
|    presented below. The reason phrases listed here are only recommended
 | ||
|    -- they may be replaced by local equivalents without affecting the
 | ||
|    protocol. These codes are fully defined in Section 9.
 | ||
| 
 | ||
|        Status-Code    = "200"   ; OK
 | ||
|                       | "201"   ; Created
 | ||
|                       | "202"   ; Accepted
 | ||
|                       | "204"   ; No Content
 | ||
|                       | "301"   ; Moved Permanently
 | ||
|                       | "302"   ; Moved Temporarily
 | ||
|                       | "304"   ; Not Modified
 | ||
|                       | "400"   ; Bad Request
 | ||
|                       | "401"   ; Unauthorized
 | ||
|                       | "403"   ; Forbidden
 | ||
|                       | "404"   ; Not Found
 | ||
|                       | "500"   ; Internal Server Error
 | ||
|                       | "501"   ; Not Implemented
 | ||
|                       | "502"   ; Bad Gateway
 | ||
|                       | "503"   ; Service Unavailable
 | ||
|                       | extension-code
 | ||
| 
 | ||
|        extension-code = 3DIGIT
 | ||
| 
 | ||
|        Reason-Phrase  = *<TEXT, excluding CR, LF>
 | ||
| 
 | ||
|    HTTP status codes are extensible, but the above codes are the only
 | ||
|    ones generally recognized in current practice. HTTP applications are
 | ||
|    not required to understand the meaning of all registered status
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| Berners-Lee, et al           Informational                     [Page 27]
 | ||
| 
 | ||
| RFC 1945                        HTTP/1.0                        May 1996
 | ||
| 
 | ||
| 
 | ||
|    codes, though such understanding is obviously desirable. However,
 | ||
|    applications must understand the class of any status code, as
 | ||
|    indicated by the first digit, and treat any unrecognized response as
 | ||
|    being equivalent to the x00 status code of that class, with the
 | ||
|    exception that an unrecognized response must not be cached. For
 | ||
|    example, if an unrecognized status code of 431 is received by the
 | ||
|    client, it can safely assume that there was something wrong with its
 | ||
|    request and treat the response as if it had received a 400 status
 | ||
|    code. In such cases, user agents should present to the user the
 | ||
|    entity returned with the response, since that entity is likely to
 | ||
|    include human-readable information which will explain the unusual
 | ||
|    status.
 | ||
| 
 | ||
| 6.2  Response Header Fields
 | ||
| 
 | ||
|    The response header fields allow the server to pass additional
 | ||
|    information about the response which cannot be placed in the Status-
 | ||
|    Line. These header fields give information about the server and about
 | ||
|    further access to the resource identified by the Request-URI.
 | ||
| 
 | ||
|        Response-Header = Location                ; Section 10.11
 | ||
|                        | Server                  ; Section 10.14
 | ||
|                        | WWW-Authenticate        ; Section 10.16
 | ||
| 
 | ||
|    Response-Header field names can be extended reliably only in
 | ||
|    combination with a change in the protocol version. However, new or
 | ||
|    experimental header fields may be given the semantics of response
 | ||
|    header fields if all parties in the communication recognize them to
 | ||
|     be response header fields. Unrecognized header fields are treated as
 | ||
|    Entity-Header fields.
 | ||
| 
 | ||
| 7.  Entity
 | ||
| 
 | ||
|    Full-Request and Full-Response messages may transfer an entity within
 | ||
|    some requests and responses. An entity consists of Entity-Header
 | ||
|    fields and (usually) an Entity-Body. In this section, both sender and
 | ||
|    recipient refer to either the client or the server, depending on who
 | ||
|    sends and who receives the entity.
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| Berners-Lee, et al           Informational                     [Page 28]
 | ||
| 
 | ||
| RFC 1945                        HTTP/1.0                        May 1996
 | ||
| 
 | ||
| 
 | ||
| 7.1  Entity Header Fields
 | ||
| 
 | ||
|    Entity-Header fields define optional metainformation about the
 | ||
|    Entity-Body or, if no body is present, about the resource identified
 | ||
|    by the request.
 | ||
| 
 | ||
|        Entity-Header  = Allow                    ; Section 10.1
 | ||
|                       | Content-Encoding         ; Section 10.3
 | ||
|                       | Content-Length           ; Section 10.4
 | ||
|                       | Content-Type             ; Section 10.5
 | ||
|                       | Expires                  ; Section 10.7
 | ||
|                       | Last-Modified            ; Section 10.10
 | ||
|                       | extension-header
 | ||
| 
 | ||
|        extension-header = HTTP-header
 | ||
| 
 | ||
|    The extension-header mechanism allows additional Entity-Header fields
 | ||
|    to be defined without changing the protocol, but these fields cannot
 | ||
|    be assumed to be recognizable by the recipient. Unrecognized header
 | ||
|    fields should be ignored by the recipient and forwarded by proxies.
 | ||
| 
 | ||
| 7.2  Entity Body
 | ||
| 
 | ||
|    The entity body (if any) sent with an HTTP request or response is in
 | ||
|    a format and encoding defined by the Entity-Header fields.
 | ||
| 
 | ||
|        Entity-Body    = *OCTET
 | ||
| 
 | ||
|    An entity body is included with a request message only when the
 | ||
|    request method calls for one. The presence of an entity body in a
 | ||
|    request is signaled by the inclusion of a Content-Length header field
 | ||
|    in the request message headers. HTTP/1.0 requests containing an
 | ||
|    entity body must include a valid Content-Length header field.
 | ||
| 
 | ||
|    For response messages, whether or not an entity body is included with
 | ||
|    a message is dependent on both the request method and the response
 | ||
|    code. All responses to the HEAD request method must not include a
 | ||
|    body, even though the presence of entity header fields may lead one
 | ||
|    to believe they do. All 1xx (informational), 204 (no content), and
 | ||
|    304 (not modified) responses must not include a body. All other
 | ||
|    responses must include an entity body or a Content-Length header
 | ||
|    field defined with a value of zero (0).
 | ||
| 
 | ||
| 7.2.1 Type
 | ||
| 
 | ||
|    When an Entity-Body is included with a message, the data type of that
 | ||
|    body is determined via the header fields Content-Type and Content-
 | ||
|    Encoding. These define a two-layer, ordered encoding model:
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| Berners-Lee, et al           Informational                     [Page 29]
 | ||
| 
 | ||
| RFC 1945                        HTTP/1.0                        May 1996
 | ||
| 
 | ||
| 
 | ||
|        entity-body := Content-Encoding( Content-Type( data ) )
 | ||
| 
 | ||
|    A Content-Type specifies the media type of the underlying data. A
 | ||
|    Content-Encoding may be used to indicate any additional content
 | ||
|    coding applied to the type, usually for the purpose of data
 | ||
|    compression, that is a property of the resource requested. The
 | ||
|    default for the content encoding is none (i.e., the identity
 | ||
|    function).
 | ||
| 
 | ||
|    Any HTTP/1.0 message containing an entity body should include a
 | ||
|    Content-Type header field defining the media type of that body. If
 | ||
|    and only if the media type is not given by a Content-Type header, as
 | ||
|    is the case for Simple-Response messages, the recipient may attempt
 | ||
|    to guess the media type via inspection of its content and/or the name
 | ||
|    extension(s) of the URL used to identify the resource. If the media
 | ||
|    type remains unknown, the recipient should treat it as type
 | ||
|    "application/octet-stream".
 | ||
| 
 | ||
| 7.2.2 Length
 | ||
| 
 | ||
|    When an Entity-Body is included with a message, the length of that
 | ||
|    body may be determined in one of two ways. If a Content-Length header
 | ||
|    field is present, its value in bytes represents the length of the
 | ||
|    Entity-Body. Otherwise, the body length is determined by the closing
 | ||
|    of the connection by the server.
 | ||
| 
 | ||
|    Closing the connection cannot be used to indicate the end of a
 | ||
|    request body, since it leaves no possibility for the server to send
 | ||
|    back a response. Therefore, HTTP/1.0 requests containing an entity
 | ||
|    body must include a valid Content-Length header field. If a request
 | ||
|    contains an entity body and Content-Length is not specified, and the
 | ||
|    server does not recognize or cannot calculate the length from other
 | ||
|    fields, then the server should send a 400 (bad request) response.
 | ||
| 
 | ||
|       Note: Some older servers supply an invalid Content-Length when
 | ||
|       sending a document that contains server-side includes dynamically
 | ||
|       inserted into the data stream. It must be emphasized that this
 | ||
|       will not be tolerated by future versions of HTTP. Unless the
 | ||
|       client knows that it is receiving a response from a compliant
 | ||
|       server, it should not depend on the Content-Length value being
 | ||
|       correct.
 | ||
| 
 | ||
| 8.  Method Definitions
 | ||
| 
 | ||
|    The set of common methods for HTTP/1.0 is defined below. Although
 | ||
|    this set can be expanded, additional methods cannot be assumed to
 | ||
|    share the same semantics for separately extended clients and servers.
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| Berners-Lee, et al           Informational                     [Page 30]
 | ||
| 
 | ||
| RFC 1945                        HTTP/1.0                        May 1996
 | ||
| 
 | ||
| 
 | ||
| 8.1  GET
 | ||
| 
 | ||
|    The GET method means retrieve whatever information (in the form of an
 | ||
|    entity) is identified by the Request-URI. If the Request-URI refers
 | ||
|    to a data-producing process, it is the produced data which shall be
 | ||
|    returned as the entity in the response and not the source text of the
 | ||
|    process, unless that text happens to be the output of the process.
 | ||
| 
 | ||
|    The semantics of the GET method changes to a "conditional GET" if the
 | ||
|    request message includes an If-Modified-Since header field. A
 | ||
|    conditional GET method requests that the identified resource be
 | ||
|    transferred only if it has been modified since the date given by the
 | ||
|    If-Modified-Since header, as described in Section 10.9. The
 | ||
|    conditional GET method is intended to reduce network usage by
 | ||
|    allowing cached entities to be refreshed without requiring multiple
 | ||
|    requests or transferring unnecessary data.
 | ||
| 
 | ||
| 8.2  HEAD
 | ||
| 
 | ||
|    The HEAD method is identical to GET except that the server must not
 | ||
|    return any Entity-Body in the response. The metainformation contained
 | ||
|    in the HTTP headers in response to a HEAD request should be identical
 | ||
|    to the information sent in response to a GET request. This method can
 | ||
|    be used for obtaining metainformation about the resource identified
 | ||
|    by the Request-URI without transferring the Entity-Body itself. This
 | ||
|    method is often used for testing hypertext links for validity,
 | ||
|    accessibility, and recent modification.
 | ||
| 
 | ||
|    There is no "conditional HEAD" request analogous to the conditional
 | ||
|    GET. If an If-Modified-Since header field is included with a HEAD
 | ||
|    request, it should be ignored.
 | ||
| 
 | ||
| 8.3  POST
 | ||
| 
 | ||
|    The POST method is used to request that the destination server accept
 | ||
|    the entity enclosed in the request as a new subordinate of the
 | ||
|    resource identified by the Request-URI in the Request-Line. POST is
 | ||
|    designed to allow a uniform method to cover the following functions:
 | ||
| 
 | ||
|       o Annotation of existing resources;
 | ||
| 
 | ||
|       o Posting a message to a bulletin board, newsgroup, mailing list,
 | ||
|         or similar group of articles;
 | ||
| 
 | ||
|       o Providing a block of data, such as the result of submitting a
 | ||
|         form [3], to a data-handling process;
 | ||
| 
 | ||
|       o Extending a database through an append operation.
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| Berners-Lee, et al           Informational                     [Page 31]
 | ||
| 
 | ||
| RFC 1945                        HTTP/1.0                        May 1996
 | ||
| 
 | ||
| 
 | ||
|    The actual function performed by the POST method is determined by the
 | ||
|    server and is usually dependent on the Request-URI. The posted entity
 | ||
|    is subordinate to that URI in the same way that a file is subordinate
 | ||
|    to a directory containing it, a news article is subordinate to a
 | ||
|    newsgroup to which it is posted, or a record is subordinate to a
 | ||
|    database.
 | ||
| 
 | ||
|    A successful POST does not require that the entity be created as a
 | ||
|    resource on the origin server or made accessible for future
 | ||
|    reference. That is, the action performed by the POST method might not
 | ||
|    result in a resource that can be identified by a URI. In this case,
 | ||
|    either 200 (ok) or 204 (no content) is the appropriate response
 | ||
|    status, depending on whether or not the response includes an entity
 | ||
|    that describes the result.
 | ||
| 
 | ||
|    If a resource has been created on the origin server, the response
 | ||
|    should be 201 (created) and contain an entity (preferably of type
 | ||
|    "text/html") which describes the status of the request and refers to
 | ||
|    the new resource.
 | ||
| 
 | ||
|    A valid Content-Length is required on all HTTP/1.0 POST requests. An
 | ||
|    HTTP/1.0 server should respond with a 400 (bad request) message if it
 | ||
|    cannot determine the length of the request message's content.
 | ||
| 
 | ||
|    Applications must not cache responses to a POST request because the
 | ||
|    application has no way of knowing that the server would return an
 | ||
|    equivalent response on some future request.
 | ||
| 
 | ||
| 9.  Status Code Definitions
 | ||
| 
 | ||
|    Each Status-Code is described below, including a description of which
 | ||
|    method(s) it can follow and any metainformation required in the
 | ||
|    response.
 | ||
| 
 | ||
| 9.1  Informational 1xx
 | ||
| 
 | ||
|    This class of status code indicates a provisional response,
 | ||
|    consisting only of the Status-Line and optional headers, and is
 | ||
|    terminated by an empty line. HTTP/1.0 does not define any 1xx status
 | ||
|    codes and they are not a valid response to a HTTP/1.0 request.
 | ||
|    However, they may be useful for experimental applications which are
 | ||
|    outside the scope of this specification.
 | ||
| 
 | ||
| 9.2  Successful 2xx
 | ||
| 
 | ||
|    This class of status code indicates that the client's request was
 | ||
|    successfully received, understood, and accepted.
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| Berners-Lee, et al           Informational                     [Page 32]
 | ||
| 
 | ||
| RFC 1945                        HTTP/1.0                        May 1996
 | ||
| 
 | ||
| 
 | ||
|    200 OK
 | ||
| 
 | ||
|    The request has succeeded. The information returned with the
 | ||
|    response is dependent on the method used in the request, as follows:
 | ||
| 
 | ||
|    GET    an entity corresponding to the requested resource is sent
 | ||
|           in the response;
 | ||
| 
 | ||
|    HEAD   the response must only contain the header information and
 | ||
|           no Entity-Body;
 | ||
| 
 | ||
|    POST   an entity describing or containing the result of the action.
 | ||
| 
 | ||
|    201 Created
 | ||
| 
 | ||
|    The request has been fulfilled and resulted in a new resource being
 | ||
|    created. The newly created resource can be referenced by the URI(s)
 | ||
|    returned in the entity of the response. The origin server should
 | ||
|    create the resource before using this Status-Code. If the action
 | ||
|    cannot be carried out immediately, the server must include in the
 | ||
|    response body a description of when the resource will be available;
 | ||
|    otherwise, the server should respond with 202 (accepted).
 | ||
| 
 | ||
|    Of the methods defined by this specification, only POST can create a
 | ||
|    resource.
 | ||
| 
 | ||
|    202 Accepted
 | ||
| 
 | ||
|    The request has been accepted for processing, but the processing
 | ||
|    has not been completed. The request may or may not eventually be
 | ||
|    acted upon, as it may be disallowed when processing actually takes
 | ||
|    place. There is no facility for re-sending a status code from an
 | ||
|    asynchronous operation such as this.
 | ||
| 
 | ||
|    The 202 response is intentionally non-committal. Its purpose is to
 | ||
|    allow a server to accept a request for some other process (perhaps
 | ||
|    a batch-oriented process that is only run once per day) without
 | ||
|    requiring that the user agent's connection to the server persist
 | ||
|    until the process is completed. The entity returned with this
 | ||
|    response should include an indication of the request's current
 | ||
|    status and either a pointer to a status monitor or some estimate of
 | ||
|    when the user can expect the request to be fulfilled.
 | ||
| 
 | ||
|    204 No Content
 | ||
| 
 | ||
|    The server has fulfilled the request but there is no new
 | ||
|    information to send back. If the client is a user agent, it should
 | ||
|    not change its document view from that which caused the request to
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| Berners-Lee, et al           Informational                     [Page 33]
 | ||
| 
 | ||
| RFC 1945                        HTTP/1.0                        May 1996
 | ||
| 
 | ||
| 
 | ||
|    be generated. This response is primarily intended to allow input
 | ||
|    for scripts or other actions to take place without causing a change
 | ||
|    to the user agent's active document view. The response may include
 | ||
|    new metainformation in the form of entity headers, which should
 | ||
|    apply to the document currently in the user agent's active view.
 | ||
| 
 | ||
| 9.3  Redirection 3xx
 | ||
| 
 | ||
|    This class of status code indicates that further action needs to be
 | ||
|    taken by the user agent in order to fulfill the request. The action
 | ||
|    required may be carried out by the user agent without interaction
 | ||
|    with the user if and only if the method used in the subsequent
 | ||
|    request is GET or HEAD. A user agent should never automatically
 | ||
|    redirect a request more than 5 times, since such redirections usually
 | ||
|    indicate an infinite loop.
 | ||
| 
 | ||
|    300 Multiple Choices
 | ||
| 
 | ||
|    This response code is not directly used by HTTP/1.0 applications,
 | ||
|    but serves as the default for interpreting the 3xx class of
 | ||
|    responses.
 | ||
| 
 | ||
|    The requested resource is available at one or more locations.
 | ||
|    Unless it was a HEAD request, the response should include an entity
 | ||
|    containing a list of resource characteristics and locations from
 | ||
|    which the user or user agent can choose the one most appropriate.
 | ||
|    If the server has a preferred choice, it should include the URL in
 | ||
|    a Location field; user agents may use this field value for
 | ||
|    automatic redirection.
 | ||
| 
 | ||
|    301 Moved Permanently
 | ||
| 
 | ||
|    The requested resource has been assigned a new permanent URL and
 | ||
|    any future references to this resource should be done using that
 | ||
|    URL. Clients with link editing capabilities should automatically
 | ||
|    relink references to the Request-URI to the new reference returned
 | ||
|    by the server, where possible.
 | ||
| 
 | ||
|    The new URL must be given by the Location field in the response.
 | ||
|    Unless it was a HEAD request, the Entity-Body of the response
 | ||
|    should contain a short note with a hyperlink to the new URL.
 | ||
| 
 | ||
|    If the 301 status code is received in response to a request using
 | ||
|    the POST method, the user agent must not automatically redirect the
 | ||
|    request unless it can be confirmed by the user, since this might
 | ||
|    change the conditions under which the request was issued.
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| Berners-Lee, et al           Informational                     [Page 34]
 | ||
| 
 | ||
| RFC 1945                        HTTP/1.0                        May 1996
 | ||
| 
 | ||
| 
 | ||
|        Note: When automatically redirecting a POST request after
 | ||
|        receiving a 301 status code, some existing user agents will
 | ||
|        erroneously change it into a GET request.
 | ||
| 
 | ||
|    302 Moved Temporarily
 | ||
| 
 | ||
|    The requested resource resides temporarily under a different URL.
 | ||
|    Since the redirection may be altered on occasion, the client should
 | ||
|    continue to use the Request-URI for future requests.
 | ||
| 
 | ||
|    The URL must be given by the Location field in the response. Unless
 | ||
|    it was a HEAD request, the Entity-Body of the response should
 | ||
|    contain a short note with a hyperlink to the new URI(s).
 | ||
| 
 | ||
|    If the 302 status code is received in response to a request using
 | ||
|    the POST method, the user agent must not automatically redirect the
 | ||
|    request unless it can be confirmed by the user, since this might
 | ||
|    change the conditions under which the request was issued.
 | ||
| 
 | ||
|        Note: When automatically redirecting a POST request after
 | ||
|        receiving a 302 status code, some existing user agents will
 | ||
|        erroneously change it into a GET request.
 | ||
| 
 | ||
|    304 Not Modified
 | ||
| 
 | ||
|    If the client has performed a conditional GET request and access is
 | ||
|    allowed, but the document has not been modified since the date and
 | ||
|    time specified in the If-Modified-Since field, the server must
 | ||
|    respond with this status code and not send an Entity-Body to the
 | ||
|    client. Header fields contained in the response should only include
 | ||
|    information which is relevant to cache managers or which may have
 | ||
|    changed independently of the entity's Last-Modified date. Examples
 | ||
|    of relevant header fields include: Date, Server, and Expires. A
 | ||
|    cache should update its cached entity to reflect any new field
 | ||
|    values given in the 304 response.
 | ||
| 
 | ||
| 9.4  Client Error 4xx
 | ||
| 
 | ||
|    The 4xx class of status code is intended for cases in which the
 | ||
|    client seems to have erred. If the client has not completed the
 | ||
|    request when a 4xx code is received, it should immediately cease
 | ||
|    sending data to the server. Except when responding to a HEAD request,
 | ||
|    the server should include an entity containing an explanation of the
 | ||
|    error situation, and whether it is a temporary or permanent
 | ||
|    condition. These status codes are applicable to any request method.
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| Berners-Lee, et al           Informational                     [Page 35]
 | ||
| 
 | ||
| RFC 1945                        HTTP/1.0                        May 1996
 | ||
| 
 | ||
| 
 | ||
|       Note: If the client is sending data, server implementations on TCP
 | ||
|       should be careful to ensure that the client acknowledges receipt
 | ||
|       of the packet(s) containing the response prior to closing the
 | ||
|       input connection. If the client continues sending data to the
 | ||
|       server after the close, the server's controller will send a reset
 | ||
|       packet to the client, which may erase the client's unacknowledged
 | ||
|       input buffers before they can be read and interpreted by the HTTP
 | ||
|       application.
 | ||
| 
 | ||
|    400 Bad Request
 | ||
| 
 | ||
|    The request could not be understood by the server due to malformed
 | ||
|    syntax. The client should not repeat the request without
 | ||
|    modifications.
 | ||
| 
 | ||
|    401 Unauthorized
 | ||
| 
 | ||
|    The request requires user authentication. The response must include
 | ||
|    a WWW-Authenticate header field (Section 10.16) containing a
 | ||
|    challenge applicable to the requested resource. The client may
 | ||
|    repeat the request with a suitable Authorization header field
 | ||
|    (Section 10.2). If the request already included Authorization
 | ||
|    credentials, then the 401 response indicates that authorization has
 | ||
|    been refused for those credentials. If the 401 response contains
 | ||
|    the same challenge as the prior response, and the user agent has
 | ||
|    already attempted authentication at least once, then the user
 | ||
|    should be presented the entity that was given in the response,
 | ||
|    since that entity may include relevant diagnostic information. HTTP
 | ||
|    access authentication is explained in Section 11.
 | ||
| 
 | ||
|    403 Forbidden
 | ||
| 
 | ||
|    The server understood the request, but is refusing to fulfill it.
 | ||
|    Authorization will not help and the request should not be repeated.
 | ||
|    If the request method was not HEAD and the server wishes to make
 | ||
|    public why the request has not been fulfilled, it should describe
 | ||
|    the reason for the refusal in the entity body. This status code is
 | ||
|    commonly used when the server does not wish to reveal exactly why
 | ||
|    the request has been refused, or when no other response is
 | ||
|    applicable.
 | ||
| 
 | ||
|    404 Not Found
 | ||
| 
 | ||
|    The server has not found anything matching the Request-URI. No
 | ||
|    indication is given of whether the condition is temporary or
 | ||
|    permanent. If the server does not wish to make this information
 | ||
|    available to the client, the status code 403 (forbidden) can be
 | ||
|    used instead.
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| Berners-Lee, et al           Informational                     [Page 36]
 | ||
| 
 | ||
| RFC 1945                        HTTP/1.0                        May 1996
 | ||
| 
 | ||
| 
 | ||
| 9.5  Server Error 5xx
 | ||
| 
 | ||
|    Response status codes beginning with the digit "5" indicate cases in
 | ||
|    which the server is aware that it has erred or is incapable of
 | ||
|    performing the request. If the client has not completed the request
 | ||
|    when a 5xx code is received, it should immediately cease sending data
 | ||
|    to the server. Except when responding to a HEAD request, the server
 | ||
|    should include an entity containing an explanation of the error
 | ||
|    situation, and whether it is a temporary or permanent condition.
 | ||
|    These response codes are applicable to any request method and there
 | ||
|    are no required header fields.
 | ||
| 
 | ||
|    500 Internal Server Error
 | ||
| 
 | ||
|    The server encountered an unexpected condition which prevented it
 | ||
|    from fulfilling the request.
 | ||
| 
 | ||
|    501 Not Implemented
 | ||
| 
 | ||
|    The server does not support the functionality required to fulfill
 | ||
|    the request. This is the appropriate response when the server does
 | ||
|    not recognize the request method and is not capable of supporting
 | ||
|    it for any resource.
 | ||
| 
 | ||
|    502 Bad Gateway
 | ||
| 
 | ||
|    The server, while acting as a gateway or proxy, received an invalid
 | ||
|    response from the upstream server it accessed in attempting to
 | ||
|    fulfill the request.
 | ||
| 
 | ||
|    503 Service Unavailable
 | ||
| 
 | ||
|    The server is currently unable to handle the request due to a
 | ||
|    temporary overloading or maintenance of the server. The implication
 | ||
|    is that this is a temporary condition which will be alleviated
 | ||
|    after some delay.
 | ||
| 
 | ||
|        Note: The existence of the 503 status code does not imply
 | ||
|        that a server must use it when becoming overloaded. Some
 | ||
|        servers may wish to simply refuse the connection.
 | ||
| 
 | ||
| 10.  Header Field Definitions
 | ||
| 
 | ||
|    This section defines the syntax and semantics of all commonly used
 | ||
|    HTTP/1.0 header fields. For general and entity header fields, both
 | ||
|    sender and recipient refer to either the client or the server,
 | ||
|    depending on who sends and who receives the message.
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| Berners-Lee, et al           Informational                     [Page 37]
 | ||
| 
 | ||
| RFC 1945                        HTTP/1.0                        May 1996
 | ||
| 
 | ||
| 
 | ||
| 10.1  Allow
 | ||
| 
 | ||
|    The Allow entity-header field lists the set of methods supported by
 | ||
|    the resource identified by the Request-URI. The purpose of this field
 | ||
|    is strictly to inform the recipient of valid methods associated with
 | ||
|    the resource. The Allow header field is not permitted in a request
 | ||
|    using the POST method, and thus should be ignored if it is received
 | ||
|    as part of a POST entity.
 | ||
| 
 | ||
|        Allow          = "Allow" ":" 1#method
 | ||
| 
 | ||
|     Example of use:
 | ||
| 
 | ||
|        Allow: GET, HEAD
 | ||
| 
 | ||
|    This field cannot prevent a client from trying other methods.
 | ||
|    However, the indications given by the Allow header field value should
 | ||
|    be followed. The actual set of allowed methods is defined by the
 | ||
|    origin server at the time of each request.
 | ||
| 
 | ||
|    A proxy must not modify the Allow header field even if it does not
 | ||
|    understand all the methods specified, since the user agent may have
 | ||
|    other means of communicating with the origin server.
 | ||
| 
 | ||
|    The Allow header field does not indicate what methods are implemented
 | ||
|    by the server.
 | ||
| 
 | ||
| 10.2  Authorization
 | ||
| 
 | ||
|    A user agent that wishes to authenticate itself with a server--
 | ||
|    usually, but not necessarily, after receiving a 401 response--may do
 | ||
|    so by including an Authorization request-header field with the
 | ||
|    request. The Authorization field value consists of credentials
 | ||
|    containing the authentication information of the user agent for the
 | ||
|    realm of the resource being requested.
 | ||
| 
 | ||
|        Authorization  = "Authorization" ":" credentials
 | ||
| 
 | ||
|    HTTP access authentication is described in Section 11. If a request
 | ||
|    is authenticated and a realm specified, the same credentials should
 | ||
|    be valid for all other requests within this realm.
 | ||
| 
 | ||
|    Responses to requests containing an Authorization field are not
 | ||
|    cachable.
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| Berners-Lee, et al           Informational                     [Page 38]
 | ||
| 
 | ||
| RFC 1945                        HTTP/1.0                        May 1996
 | ||
| 
 | ||
| 
 | ||
| 10.3  Content-Encoding
 | ||
| 
 | ||
|    The Content-Encoding entity-header field is used as a modifier to the
 | ||
|    media-type. When present, its value indicates what additional content
 | ||
|    coding has been applied to the resource, and thus what decoding
 | ||
|    mechanism must be applied in order to obtain the media-type
 | ||
|    referenced by the Content-Type header field. The Content-Encoding is
 | ||
|    primarily used to allow a document to be compressed without losing
 | ||
|    the identity of its underlying media type.
 | ||
| 
 | ||
|        Content-Encoding = "Content-Encoding" ":" content-coding
 | ||
| 
 | ||
|    Content codings are defined in Section 3.5. An example of its use is
 | ||
| 
 | ||
|        Content-Encoding: x-gzip
 | ||
| 
 | ||
|    The Content-Encoding is a characteristic of the resource identified
 | ||
|    by the Request-URI. Typically, the resource is stored with this
 | ||
|    encoding and is only decoded before rendering or analogous usage.
 | ||
| 
 | ||
| 10.4  Content-Length
 | ||
| 
 | ||
|    The Content-Length entity-header field indicates the size of the
 | ||
|    Entity-Body, in decimal number of octets, sent to the recipient or,
 | ||
|    in the case of the HEAD method, the size of the Entity-Body that
 | ||
|    would have been sent had the request been a GET.
 | ||
| 
 | ||
|        Content-Length = "Content-Length" ":" 1*DIGIT
 | ||
| 
 | ||
|    An example is
 | ||
| 
 | ||
|        Content-Length: 3495
 | ||
| 
 | ||
|    Applications should use this field to indicate the size of the
 | ||
|    Entity-Body to be transferred, regardless of the media type of the
 | ||
|    entity. A valid Content-Length field value is required on all
 | ||
|    HTTP/1.0 request messages containing an entity body.
 | ||
| 
 | ||
|    Any Content-Length greater than or equal to zero is a valid value.
 | ||
|    Section 7.2.2 describes how to determine the length of a response
 | ||
|    entity body if a Content-Length is not given.
 | ||
| 
 | ||
|       Note: The meaning of this field is significantly different from
 | ||
|       the corresponding definition in MIME, where it is an optional
 | ||
|       field used within the "message/external-body" content-type. In
 | ||
|       HTTP, it should be used whenever the entity's length can be
 | ||
|       determined prior to being transferred.
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| Berners-Lee, et al           Informational                     [Page 39]
 | ||
| 
 | ||
| RFC 1945                        HTTP/1.0                        May 1996
 | ||
| 
 | ||
| 
 | ||
| 10.5  Content-Type
 | ||
| 
 | ||
|    The Content-Type entity-header field indicates the media type of the
 | ||
|    Entity-Body sent to the recipient or, in the case of the HEAD method,
 | ||
|    the media type that would have been sent had the request been a GET.
 | ||
| 
 | ||
|        Content-Type   = "Content-Type" ":" media-type
 | ||
| 
 | ||
|    Media types are defined in Section 3.6. An example of the field is
 | ||
| 
 | ||
|        Content-Type: text/html
 | ||
| 
 | ||
|    Further discussion of methods for identifying the media type of an
 | ||
|    entity is provided in Section 7.2.1.
 | ||
| 
 | ||
| 10.6  Date
 | ||
| 
 | ||
|    The Date general-header field represents the date and time at which
 | ||
|    the message was originated, having the same semantics as orig-date in
 | ||
|    RFC 822. The field value is an HTTP-date, as described in Section
 | ||
|    3.3.
 | ||
| 
 | ||
|        Date           = "Date" ":" HTTP-date
 | ||
| 
 | ||
|    An example is
 | ||
| 
 | ||
|        Date: Tue, 15 Nov 1994 08:12:31 GMT
 | ||
| 
 | ||
|    If a message is received via direct connection with the user agent
 | ||
|    (in the case of requests) or the origin server (in the case of
 | ||
|    responses), then the date can be assumed to be the current date at
 | ||
|    the receiving end. However, since the date--as it is believed by the
 | ||
|    origin--is important for evaluating cached responses, origin servers
 | ||
|    should always include a Date header. Clients should only send a Date
 | ||
|    header field in messages that include an entity body, as in the case
 | ||
|    of the POST request, and even then it is optional. A received message
 | ||
|    which does not have a Date header field should be assigned one by the
 | ||
|    recipient if the message will be cached by that recipient or
 | ||
|    gatewayed via a protocol which requires a Date.
 | ||
| 
 | ||
|    In theory, the date should represent the moment just before the
 | ||
|    entity is generated. In practice, the date can be generated at any
 | ||
|    time during the message origination without affecting its semantic
 | ||
|    value.
 | ||
| 
 | ||
|       Note: An earlier version of this document incorrectly specified
 | ||
|       that this field should contain the creation date of the enclosed
 | ||
|       Entity-Body. This has been changed to reflect actual (and proper)
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| Berners-Lee, et al           Informational                     [Page 40]
 | ||
| 
 | ||
| RFC 1945                        HTTP/1.0                        May 1996
 | ||
| 
 | ||
| 
 | ||
|       usage.
 | ||
| 
 | ||
| 10.7  Expires
 | ||
| 
 | ||
|    The Expires entity-header field gives the date/time after which the
 | ||
|    entity should be considered stale. This allows information providers
 | ||
|    to suggest the volatility of the resource, or a date after which the
 | ||
|    information may no longer be valid. Applications must not cache this
 | ||
|    entity beyond the date given. The presence of an Expires field does
 | ||
|    not imply that the original resource will change or cease to exist
 | ||
|    at, before, or after that time. However, information providers that
 | ||
|    know or even suspect that a resource will change by a certain date
 | ||
|    should include an Expires header with that date. The format is an
 | ||
|    absolute date and time as defined by HTTP-date in Section 3.3.
 | ||
| 
 | ||
|        Expires        = "Expires" ":" HTTP-date
 | ||
| 
 | ||
|    An example of its use is
 | ||
| 
 | ||
|        Expires: Thu, 01 Dec 1994 16:00:00 GMT
 | ||
| 
 | ||
|    If the date given is equal to or earlier than the value of the Date
 | ||
|    header, the recipient must not cache the enclosed entity. If a
 | ||
|    resource is dynamic by nature, as is the case with many data-
 | ||
|    producing processes, entities from that resource should be given an
 | ||
|    appropriate Expires value which reflects that dynamism.
 | ||
| 
 | ||
|    The Expires field cannot be used to force a user agent to refresh its
 | ||
|    display or reload a resource; its semantics apply only to caching
 | ||
|    mechanisms, and such mechanisms need only check a resource's
 | ||
|    expiration status when a new request for that resource is initiated.
 | ||
| 
 | ||
|    User agents often have history mechanisms, such as "Back" buttons and
 | ||
|    history lists, which can be used to redisplay an entity retrieved
 | ||
|    earlier in a session. By default, the Expires field does not apply to
 | ||
|    history mechanisms. If the entity is still in storage, a history
 | ||
|    mechanism should display it even if the entity has expired, unless
 | ||
|    the user has specifically configured the agent to refresh expired
 | ||
|    history documents.
 | ||
| 
 | ||
|       Note: Applications are encouraged to be tolerant of bad or
 | ||
|       misinformed implementations of the Expires header. A value of zero
 | ||
|       (0) or an invalid date format should be considered equivalent to
 | ||
|       an "expires immediately." Although these values are not legitimate
 | ||
|       for HTTP/1.0, a robust implementation is always desirable.
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| Berners-Lee, et al           Informational                     [Page 41]
 | ||
| 
 | ||
| RFC 1945                        HTTP/1.0                        May 1996
 | ||
| 
 | ||
| 
 | ||
| 10.8  From
 | ||
| 
 | ||
|    The From request-header field, if given, should contain an Internet
 | ||
|    e-mail address for the human user who controls the requesting user
 | ||
|    agent. The address should be machine-usable, as defined by mailbox in
 | ||
|    RFC 822 [7] (as updated by RFC 1123 [6]):
 | ||
| 
 | ||
|        From           = "From" ":" mailbox
 | ||
| 
 | ||
|    An example is:
 | ||
| 
 | ||
|        From: webmaster@w3.org
 | ||
| 
 | ||
|    This header field may be used for logging purposes and as a means for
 | ||
|    identifying the source of invalid or unwanted requests. It should not
 | ||
|    be used as an insecure form of access protection. The interpretation
 | ||
|    of this field is that the request is being performed on behalf of the
 | ||
|    person given, who accepts responsibility for the method performed. In
 | ||
|    particular, robot agents should include this header so that the
 | ||
|    person responsible for running the robot can be contacted if problems
 | ||
|    occur on the receiving end.
 | ||
| 
 | ||
|    The Internet e-mail address in this field may be separate from the
 | ||
|    Internet host which issued the request. For example, when a request
 | ||
|    is passed through a proxy, the original issuer's address should be
 | ||
|    used.
 | ||
| 
 | ||
|       Note: The client should not send the From header field without the
 | ||
|       user's approval, as it may conflict with the user's privacy
 | ||
|       interests or their site's security policy. It is strongly
 | ||
|       recommended that the user be able to disable, enable, and modify
 | ||
|       the value of this field at any time prior to a request.
 | ||
| 
 | ||
| 10.9  If-Modified-Since
 | ||
| 
 | ||
|    The If-Modified-Since request-header field is used with the GET
 | ||
|    method to make it conditional: if the requested resource has not been
 | ||
|    modified since the time specified in this field, a copy of the
 | ||
|    resource will not be returned from the server; instead, a 304 (not
 | ||
|    modified) response will be returned without any Entity-Body.
 | ||
| 
 | ||
|        If-Modified-Since = "If-Modified-Since" ":" HTTP-date
 | ||
| 
 | ||
|    An example of the field is:
 | ||
| 
 | ||
|        If-Modified-Since: Sat, 29 Oct 1994 19:43:31 GMT
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| Berners-Lee, et al           Informational                     [Page 42]
 | ||
| 
 | ||
| RFC 1945                        HTTP/1.0                        May 1996
 | ||
| 
 | ||
| 
 | ||
|    A conditional GET method requests that the identified resource be
 | ||
|    transferred only if it has been modified since the date given by the
 | ||
|    If-Modified-Since header. The algorithm for determining this includes
 | ||
|    the following cases:
 | ||
| 
 | ||
|       a) If the request would normally result in anything other than
 | ||
|          a 200 (ok) status, or if the passed If-Modified-Since date
 | ||
|          is invalid, the response is exactly the same as for a
 | ||
|          normal GET. A date which is later than the server's current
 | ||
|          time is invalid.
 | ||
| 
 | ||
|       b) If the resource has been modified since the
 | ||
|          If-Modified-Since date, the response is exactly the same as
 | ||
|          for a normal GET.
 | ||
| 
 | ||
|       c) If the resource has not been modified since a valid
 | ||
|          If-Modified-Since date, the server shall return a 304 (not
 | ||
|          modified) response.
 | ||
| 
 | ||
|    The purpose of this feature is to allow efficient updates of cached
 | ||
|    information with a minimum amount of transaction overhead.
 | ||
| 
 | ||
| 10.10  Last-Modified
 | ||
| 
 | ||
|    The Last-Modified entity-header field indicates the date and time at
 | ||
|    which the sender believes the resource was last modified. The exact
 | ||
|    semantics of this field are defined in terms of how the recipient
 | ||
|    should interpret it:  if the recipient has a copy of this resource
 | ||
|    which is older than the date given by the Last-Modified field, that
 | ||
|    copy should be considered stale.
 | ||
| 
 | ||
|        Last-Modified  = "Last-Modified" ":" HTTP-date
 | ||
| 
 | ||
|    An example of its use is
 | ||
| 
 | ||
|        Last-Modified: Tue, 15 Nov 1994 12:45:26 GMT
 | ||
| 
 | ||
|    The exact meaning of this header field depends on the implementation
 | ||
|    of the sender and the nature of the original resource. For files, it
 | ||
|    may be just the file system last-modified time. For entities with
 | ||
|    dynamically included parts, it may be the most recent of the set of
 | ||
|    last-modify times for its component parts. For database gateways, it
 | ||
|    may be the last-update timestamp of the record. For virtual objects,
 | ||
|    it may be the last time the internal state changed.
 | ||
| 
 | ||
|    An origin server must not send a Last-Modified date which is later
 | ||
|    than the server's time of message origination. In such cases, where
 | ||
|    the resource's last modification would indicate some time in the
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| Berners-Lee, et al           Informational                     [Page 43]
 | ||
| 
 | ||
| RFC 1945                        HTTP/1.0                        May 1996
 | ||
| 
 | ||
| 
 | ||
|    future, the server must replace that date with the message
 | ||
|    origination date.
 | ||
| 
 | ||
| 10.11  Location
 | ||
| 
 | ||
|    The Location response-header field defines the exact location of the
 | ||
|    resource that was identified by the Request-URI. For 3xx responses,
 | ||
|    the location must indicate the server's preferred URL for automatic
 | ||
|    redirection to the resource. Only one absolute URL is allowed.
 | ||
| 
 | ||
|        Location       = "Location" ":" absoluteURI
 | ||
| 
 | ||
|    An example is
 | ||
| 
 | ||
|        Location: http://www.w3.org/hypertext/WWW/NewLocation.html
 | ||
| 
 | ||
| 10.12  Pragma
 | ||
| 
 | ||
|    The Pragma general-header field is used to include implementation-
 | ||
|    specific directives that may apply to any recipient along the
 | ||
|    request/response chain. All pragma directives specify optional
 | ||
|    behavior from the viewpoint of the protocol; however, some systems
 | ||
|    may require that behavior be consistent with the directives.
 | ||
| 
 | ||
|        Pragma           = "Pragma" ":" 1#pragma-directive
 | ||
| 
 | ||
|        pragma-directive = "no-cache" | extension-pragma
 | ||
|        extension-pragma = token [ "=" word ]
 | ||
| 
 | ||
|    When the "no-cache" directive is present in a request message, an
 | ||
|    application should forward the request toward the origin server even
 | ||
|    if it has a cached copy of what is being requested. This allows a
 | ||
|    client to insist upon receiving an authoritative response to its
 | ||
|    request. It also allows a client to refresh a cached copy which is
 | ||
|    known to be corrupted or stale.
 | ||
| 
 | ||
|    Pragma directives must be passed through by a proxy or gateway
 | ||
|    application, regardless of their significance to that application,
 | ||
|    since the directives may be applicable to all recipients along the
 | ||
|    request/response chain. It is not possible to specify a pragma for a
 | ||
|    specific recipient; however, any pragma directive not relevant to a
 | ||
|    recipient should be ignored by that recipient.
 | ||
| 
 | ||
| 10.13  Referer
 | ||
| 
 | ||
|    The Referer request-header field allows the client to specify, for
 | ||
|    the server's benefit, the address (URI) of the resource from which
 | ||
|    the Request-URI was obtained. This allows a server to generate lists
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| Berners-Lee, et al           Informational                     [Page 44]
 | ||
| 
 | ||
| RFC 1945                        HTTP/1.0                        May 1996
 | ||
| 
 | ||
| 
 | ||
|    of back-links to resources for interest, logging, optimized caching,
 | ||
|    etc. It also allows obsolete or mistyped links to be traced for
 | ||
|    maintenance. The Referer field must not be sent if the Request-URI
 | ||
|    was obtained from a source that does not have its own URI, such as
 | ||
|    input from the user keyboard.
 | ||
| 
 | ||
|        Referer        = "Referer" ":" ( absoluteURI | relativeURI )
 | ||
| 
 | ||
|    Example:
 | ||
| 
 | ||
|        Referer: http://www.w3.org/hypertext/DataSources/Overview.html
 | ||
| 
 | ||
|    If a partial URI is given, it should be interpreted relative to the
 | ||
|    Request-URI. The URI must not include a fragment.
 | ||
| 
 | ||
|       Note: Because the source of a link may be private information or
 | ||
|       may reveal an otherwise private information source, it is strongly
 | ||
|       recommended that the user be able to select whether or not the
 | ||
|       Referer field is sent. For example, a browser client could have a
 | ||
|       toggle switch for browsing openly/anonymously, which would
 | ||
|       respectively enable/disable the sending of Referer and From
 | ||
|       information.
 | ||
| 
 | ||
| 10.14  Server
 | ||
| 
 | ||
|    The Server response-header field contains information about the
 | ||
|    software used by the origin server to handle the request. The field
 | ||
|    can contain multiple product tokens (Section 3.7) and comments
 | ||
|    identifying the server and any significant subproducts. By
 | ||
|    convention, the product tokens are listed in order of their
 | ||
|    significance for identifying the application.
 | ||
| 
 | ||
|        Server         = "Server" ":" 1*( product | comment )
 | ||
| 
 | ||
|    Example:
 | ||
| 
 | ||
|        Server: CERN/3.0 libwww/2.17
 | ||
| 
 | ||
|    If the response is being forwarded through a proxy, the proxy
 | ||
|    application must not add its data to the product list.
 | ||
| 
 | ||
|       Note: Revealing the specific software version of the server may
 | ||
|       allow the server machine to become more vulnerable to attacks
 | ||
|       against software that is known to contain security holes. Server
 | ||
|       implementors are encouraged to make this field a configurable
 | ||
|       option.
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| Berners-Lee, et al           Informational                     [Page 45]
 | ||
| 
 | ||
| RFC 1945                        HTTP/1.0                        May 1996
 | ||
| 
 | ||
| 
 | ||
|       Note: Some existing servers fail to restrict themselves to the
 | ||
|       product token syntax within the Server field.
 | ||
| 
 | ||
| 10.15  User-Agent
 | ||
| 
 | ||
|    The User-Agent request-header field contains information about the
 | ||
|    user agent originating the request. This is for statistical purposes,
 | ||
|    the tracing of protocol violations, and automated recognition of user
 | ||
|    agents for the sake of tailoring responses to avoid particular user
 | ||
|    agent limitations. Although it is not required, user agents should
 | ||
|    include this field with requests. The field can contain multiple
 | ||
|    product tokens (Section 3.7) and comments identifying the agent and
 | ||
|    any subproducts which form a significant part of the user agent. By
 | ||
|    convention, the product tokens are listed in order of their
 | ||
|    significance for identifying the application.
 | ||
| 
 | ||
|        User-Agent     = "User-Agent" ":" 1*( product | comment )
 | ||
| 
 | ||
|    Example:
 | ||
| 
 | ||
|        User-Agent: CERN-LineMode/2.15 libwww/2.17b3
 | ||
| 
 | ||
|        Note: Some current proxy applications append their product
 | ||
|        information to the list in the User-Agent field. This is not
 | ||
|        recommended, since it makes machine interpretation of these
 | ||
|        fields ambiguous.
 | ||
| 
 | ||
|        Note: Some existing clients fail to restrict themselves to
 | ||
|        the product token syntax within the User-Agent field.
 | ||
| 
 | ||
| 10.16  WWW-Authenticate
 | ||
| 
 | ||
|    The WWW-Authenticate response-header field must be included in 401
 | ||
|    (unauthorized) response messages. The field value consists of at
 | ||
|    least one challenge that indicates the authentication scheme(s) and
 | ||
|    parameters applicable to the Request-URI.
 | ||
| 
 | ||
|        WWW-Authenticate = "WWW-Authenticate" ":" 1#challenge
 | ||
| 
 | ||
|    The HTTP access authentication process is described in Section 11.
 | ||
|    User agents must take special care in parsing the WWW-Authenticate
 | ||
|    field value if it contains more than one challenge, or if more than
 | ||
|    one WWW-Authenticate header field is provided, since the contents of
 | ||
|    a challenge may itself contain a comma-separated list of
 | ||
|    authentication parameters.
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| Berners-Lee, et al           Informational                     [Page 46]
 | ||
| 
 | ||
| RFC 1945                        HTTP/1.0                        May 1996
 | ||
| 
 | ||
| 
 | ||
| 11.  Access Authentication
 | ||
| 
 | ||
|    HTTP provides a simple challenge-response authentication mechanism
 | ||
|    which may be used by a server to challenge a client request and by a
 | ||
|    client to provide authentication information. It uses an extensible,
 | ||
|    case-insensitive token to identify the authentication scheme,
 | ||
|    followed by a comma-separated list of attribute-value pairs which
 | ||
|    carry the parameters necessary for achieving authentication via that
 | ||
|    scheme.
 | ||
| 
 | ||
|        auth-scheme    = token
 | ||
| 
 | ||
|        auth-param     = token "=" quoted-string
 | ||
| 
 | ||
|    The 401 (unauthorized) response message is used by an origin server
 | ||
|    to challenge the authorization of a user agent. This response must
 | ||
|    include a WWW-Authenticate header field containing at least one
 | ||
|    challenge applicable to the requested resource.
 | ||
| 
 | ||
|        challenge      = auth-scheme 1*SP realm *( "," auth-param )
 | ||
| 
 | ||
|        realm          = "realm" "=" realm-value
 | ||
|        realm-value    = quoted-string
 | ||
| 
 | ||
|    The realm attribute (case-insensitive) is required for all
 | ||
|    authentication schemes which issue a challenge. The realm value
 | ||
|    (case-sensitive), in combination with the canonical root URL of the
 | ||
|    server being accessed, defines the protection space. These realms
 | ||
|    allow the protected resources on a server to be partitioned into a
 | ||
|    set of protection spaces, each with its own authentication scheme
 | ||
|    and/or authorization database. The realm value is a string, generally
 | ||
|    assigned by the origin server, which may have additional semantics
 | ||
|    specific to the authentication scheme.
 | ||
| 
 | ||
|    A user agent that wishes to authenticate itself with a server--
 | ||
|    usually, but not necessarily, after receiving a 401 response--may do
 | ||
|    so by including an Authorization header field with the request. The
 | ||
|    Authorization field value consists of credentials containing the
 | ||
|    authentication information of the user agent for the realm of the
 | ||
|    resource being requested.
 | ||
| 
 | ||
|        credentials    = basic-credentials
 | ||
|                       | ( auth-scheme #auth-param )
 | ||
| 
 | ||
|    The domain over which credentials can be automatically applied by a
 | ||
|    user agent is determined by the protection space. If a prior request
 | ||
|    has been authorized, the same credentials may be reused for all other
 | ||
|    requests within that protection space for a period of time determined
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| Berners-Lee, et al           Informational                     [Page 47]
 | ||
| 
 | ||
| RFC 1945                        HTTP/1.0                        May 1996
 | ||
| 
 | ||
| 
 | ||
|    by the authentication scheme, parameters, and/or user preference.
 | ||
|    Unless otherwise defined by the authentication scheme, a single
 | ||
|    protection space cannot extend outside the scope of its server.
 | ||
| 
 | ||
|    If the server does not wish to accept the credentials sent with a
 | ||
|    request, it should return a 403 (forbidden) response.
 | ||
| 
 | ||
|    The HTTP protocol does not restrict applications to this simple
 | ||
|    challenge-response mechanism for access authentication. Additional
 | ||
|    mechanisms may be used, such as encryption at the transport level or
 | ||
|    via message encapsulation, and with additional header fields
 | ||
|    specifying authentication information. However, these additional
 | ||
|    mechanisms are not defined by this specification.
 | ||
| 
 | ||
|    Proxies must be completely transparent regarding user agent
 | ||
|    authentication. That is, they must forward the WWW-Authenticate and
 | ||
|    Authorization headers untouched, and must not cache the response to a
 | ||
|    request containing Authorization. HTTP/1.0 does not provide a means
 | ||
|    for a client to be authenticated with a proxy.
 | ||
| 
 | ||
| 11.1  Basic Authentication Scheme
 | ||
| 
 | ||
|    The "basic" authentication scheme is based on the model that the user
 | ||
|    agent must authenticate itself with a user-ID and a password for each
 | ||
|    realm. The realm value should be considered an opaque string which
 | ||
|    can only be compared for equality with other realms on that server.
 | ||
|    The server will authorize the request only if it can validate the
 | ||
|    user-ID and password for the protection space of the Request-URI.
 | ||
|    There are no optional authentication parameters.
 | ||
| 
 | ||
|    Upon receipt of an unauthorized request for a URI within the
 | ||
|    protection space, the server should respond with a challenge like the
 | ||
|    following:
 | ||
| 
 | ||
|        WWW-Authenticate: Basic realm="WallyWorld"
 | ||
| 
 | ||
|    where "WallyWorld" is the string assigned by the server to identify
 | ||
|    the protection space of the Request-URI.
 | ||
| 
 | ||
|    To receive authorization, the client sends the user-ID and password,
 | ||
|    separated by a single colon (":") character, within a base64 [5]
 | ||
|    encoded string in the credentials.
 | ||
| 
 | ||
|        basic-credentials = "Basic" SP basic-cookie
 | ||
| 
 | ||
|        basic-cookie      = <base64 [5] encoding of userid-password,
 | ||
|                             except not limited to 76 char/line>
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| Berners-Lee, et al           Informational                     [Page 48]
 | ||
| 
 | ||
| RFC 1945                        HTTP/1.0                        May 1996
 | ||
| 
 | ||
| 
 | ||
|        userid-password   = [ token ] ":" *TEXT
 | ||
| 
 | ||
|    If the user agent wishes to send the user-ID "Aladdin" and password
 | ||
|    "open sesame", it would use the following header field:
 | ||
| 
 | ||
|        Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
 | ||
| 
 | ||
|    The basic authentication scheme is a non-secure method of filtering
 | ||
|    unauthorized access to resources on an HTTP server. It is based on
 | ||
|    the assumption that the connection between the client and the server
 | ||
|    can be regarded as a trusted carrier. As this is not generally true
 | ||
|    on an open network, the basic authentication scheme should be used
 | ||
|    accordingly. In spite of this, clients should implement the scheme in
 | ||
|    order to communicate with servers that use it.
 | ||
| 
 | ||
| 12.  Security Considerations
 | ||
| 
 | ||
|    This section is meant to inform application developers, information
 | ||
|    providers, and users of the security limitations in HTTP/1.0 as
 | ||
|    described by this document. The discussion does not include
 | ||
|    definitive solutions to the problems revealed, though it does make
 | ||
|    some suggestions for reducing security risks.
 | ||
| 
 | ||
| 12.1  Authentication of Clients
 | ||
| 
 | ||
|    As mentioned in Section 11.1, the Basic authentication scheme is not
 | ||
|    a secure method of user authentication, nor does it prevent the
 | ||
|    Entity-Body from being transmitted in clear text across the physical
 | ||
|    network used as the carrier. HTTP/1.0 does not prevent additional
 | ||
|    authentication schemes and encryption mechanisms from being employed
 | ||
|    to increase security.
 | ||
| 
 | ||
| 12.2  Safe Methods
 | ||
| 
 | ||
|    The writers of client software should be aware that the software
 | ||
|    represents the user in their interactions over the Internet, and
 | ||
|    should be careful to allow the user to be aware of any actions they
 | ||
|    may take which may have an unexpected significance to themselves or
 | ||
|    others.
 | ||
| 
 | ||
|    In particular, the convention has been established that the GET and
 | ||
|    HEAD methods should never have the significance of taking an action
 | ||
|    other than retrieval. These methods should be considered "safe." This
 | ||
|    allows user agents to represent other methods, such as POST, in a
 | ||
|    special way, so that the user is made aware of the fact that a
 | ||
|    possibly unsafe action is being requested.
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| Berners-Lee, et al           Informational                     [Page 49]
 | ||
| 
 | ||
| RFC 1945                        HTTP/1.0                        May 1996
 | ||
| 
 | ||
| 
 | ||
|    Naturally, it is not possible to ensure that the server does not
 | ||
|    generate side-effects as a result of performing a GET request; in
 | ||
|    fact, some dynamic resources consider that a feature. The important
 | ||
|    distinction here is that the user did not request the side-effects,
 | ||
|    so therefore cannot be held accountable for them.
 | ||
| 
 | ||
| 12.3  Abuse of Server Log Information
 | ||
| 
 | ||
|    A server is in the position to save personal data about a user's
 | ||
|    requests which may identify their reading patterns or subjects of
 | ||
|    interest. This information is clearly confidential in nature and its
 | ||
|    handling may be constrained by law in certain countries. People using
 | ||
|    the HTTP protocol to provide data are responsible for ensuring that
 | ||
|    such material is not distributed without the permission of any
 | ||
|    individuals that are identifiable by the published results.
 | ||
| 
 | ||
| 12.4  Transfer of Sensitive Information
 | ||
| 
 | ||
|    Like any generic data transfer protocol, HTTP cannot regulate the
 | ||
|    content of the data that is transferred, nor is there any a priori
 | ||
|    method of determining the sensitivity of any particular piece of
 | ||
|    information within the context of any given request. Therefore,
 | ||
|    applications should supply as much control over this information as
 | ||
|    possible to the provider of that information. Three header fields are
 | ||
|    worth special mention in this context: Server, Referer and From.
 | ||
| 
 | ||
|    Revealing the specific software version of the server may allow the
 | ||
|    server machine to become more vulnerable to attacks against software
 | ||
|    that is known to contain security holes. Implementors should make the
 | ||
|    Server header field a configurable option.
 | ||
| 
 | ||
|    The Referer field allows reading patterns to be studied and reverse
 | ||
|    links drawn. Although it can be very useful, its power can be abused
 | ||
|    if user details are not separated from the information contained in
 | ||
|    the Referer. Even when the personal information has been removed, the
 | ||
|    Referer field may indicate a private document's URI whose publication
 | ||
|    would be inappropriate.
 | ||
| 
 | ||
|    The information sent in the From field might conflict with the user's
 | ||
|    privacy interests or their site's security policy, and hence it
 | ||
|    should not be transmitted without the user being able to disable,
 | ||
|    enable, and modify the contents of the field. The user must be able
 | ||
|    to set the contents of this field within a user preference or
 | ||
|    application defaults configuration.
 | ||
| 
 | ||
|    We suggest, though do not require, that a convenient toggle interface
 | ||
|    be provided for the user to enable or disable the sending of From and
 | ||
|    Referer information.
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| Berners-Lee, et al           Informational                     [Page 50]
 | ||
| 
 | ||
| RFC 1945                        HTTP/1.0                        May 1996
 | ||
| 
 | ||
| 
 | ||
| 12.5  Attacks Based On File and Path Names
 | ||
| 
 | ||
|    Implementations of HTTP origin servers should be careful to restrict
 | ||
|    the documents returned by HTTP requests to be only those that were
 | ||
|    intended by the server administrators. If an HTTP server translates
 | ||
|    HTTP URIs directly into file system calls, the server must take
 | ||
|    special care not to serve files that were not intended to be
 | ||
|    delivered to HTTP clients. For example, Unix, Microsoft Windows, and
 | ||
|    other operating systems use ".." as a path component to indicate a
 | ||
|    directory level above the current one. On such a system, an HTTP
 | ||
|    server must disallow any such construct in the Request-URI if it
 | ||
|    would otherwise allow access to a resource outside those intended to
 | ||
|    be accessible via the HTTP server. Similarly, files intended for
 | ||
|    reference only internally to the server (such as access control
 | ||
|    files, configuration files, and script code) must be protected from
 | ||
|    inappropriate retrieval, since they might contain sensitive
 | ||
|    information. Experience has shown that minor bugs in such HTTP server
 | ||
|    implementations have turned into security risks.
 | ||
| 
 | ||
| 13.  Acknowledgments
 | ||
| 
 | ||
|    This specification makes heavy use of the augmented BNF and generic
 | ||
|    constructs defined by David H. Crocker for RFC 822 [7]. Similarly, it
 | ||
|    reuses many of the definitions provided by Nathaniel Borenstein and
 | ||
|    Ned Freed for MIME [5]. We hope that their inclusion in this
 | ||
|    specification will help reduce past confusion over the relationship
 | ||
|    between HTTP/1.0 and Internet mail message formats.
 | ||
| 
 | ||
|    The HTTP protocol has evolved considerably over the past four years.
 | ||
|    It has benefited from a large and active developer community--the
 | ||
|    many people who have participated on the www-talk mailing list--and
 | ||
|    it is that community which has been most responsible for the success
 | ||
|    of HTTP and of the World-Wide Web in general. Marc Andreessen, Robert
 | ||
|    Cailliau, Daniel W. Connolly, Bob Denny, Jean-Francois Groff, Phillip
 | ||
|    M. Hallam-Baker, Hakon W. Lie, Ari Luotonen, Rob McCool, Lou
 | ||
|    Montulli, Dave Raggett, Tony Sanders, and Marc VanHeyningen deserve
 | ||
|    special recognition for their efforts in defining aspects of the
 | ||
|    protocol for early versions of this specification.
 | ||
| 
 | ||
|    Paul Hoffman contributed sections regarding the informational status
 | ||
|    of this document and Appendices C and D.
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| Berners-Lee, et al           Informational                     [Page 51]
 | ||
| 
 | ||
| RFC 1945                        HTTP/1.0                        May 1996
 | ||
| 
 | ||
| 
 | ||
|    This document has benefited greatly from the comments of all those
 | ||
|    participating in the HTTP-WG. In addition to those already mentioned,
 | ||
|    the following individuals have contributed to this specification:
 | ||
| 
 | ||
|        Gary Adams                         Harald Tveit Alvestrand
 | ||
|        Keith Ball                         Brian Behlendorf
 | ||
|        Paul Burchard                      Maurizio Codogno
 | ||
|        Mike Cowlishaw                     Roman Czyborra
 | ||
|        Michael A. Dolan                   John Franks
 | ||
|        Jim Gettys                         Marc Hedlund
 | ||
|        Koen Holtman                       Alex Hopmann
 | ||
|        Bob Jernigan                       Shel Kaphan
 | ||
|        Martijn Koster                     Dave Kristol
 | ||
|        Daniel LaLiberte                   Paul Leach
 | ||
|        Albert Lunde                       John C. Mallery
 | ||
|        Larry Masinter                     Mitra
 | ||
|        Jeffrey Mogul                      Gavin Nicol
 | ||
|        Bill Perry                         Jeffrey Perry
 | ||
|        Owen Rees                          Luigi Rizzo
 | ||
|        David Robinson                     Marc Salomon
 | ||
|        Rich Salz                          Jim Seidman
 | ||
|        Chuck Shotton                      Eric W. Sink
 | ||
|        Simon E. Spero                     Robert S. Thau
 | ||
|        Francois Yergeau                   Mary Ellen Zurko
 | ||
|        Jean-Philippe Martin-Flatin
 | ||
| 
 | ||
| 14. References
 | ||
| 
 | ||
|    [1]  Anklesaria, F., McCahill, M., Lindner, P., Johnson, D.,
 | ||
|         Torrey, D., and B. Alberti, "The Internet Gopher Protocol: A
 | ||
|         Distributed Document Search and Retrieval Protocol", RFC 1436,
 | ||
|         University of Minnesota, March 1993.
 | ||
| 
 | ||
|    [2]  Berners-Lee, T., "Universal Resource Identifiers in WWW: A
 | ||
|         Unifying Syntax for the Expression of Names and Addresses of
 | ||
|         Objects on the Network as used in the World-Wide Web",
 | ||
|         RFC 1630, CERN, June 1994.
 | ||
| 
 | ||
|    [3]  Berners-Lee, T., and D. Connolly, "Hypertext Markup Language -
 | ||
|         2.0", RFC 1866, MIT/W3C, November 1995.
 | ||
| 
 | ||
|    [4]  Berners-Lee, T., Masinter, L., and M. McCahill, "Uniform
 | ||
|         Resource Locators (URL)", RFC 1738, CERN, Xerox PARC,
 | ||
|         University of Minnesota, December 1994.
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| Berners-Lee, et al           Informational                     [Page 52]
 | ||
| 
 | ||
| RFC 1945                        HTTP/1.0                        May 1996
 | ||
| 
 | ||
| 
 | ||
|    [5]  Borenstein, N., and N. Freed, "MIME (Multipurpose Internet Mail
 | ||
|         Extensions) Part One: Mechanisms for Specifying and Describing
 | ||
|         the Format of Internet Message Bodies", RFC 1521, Bellcore,
 | ||
|         Innosoft, September 1993.
 | ||
| 
 | ||
|    [6]  Braden, R., "Requirements for Internet hosts - Application and
 | ||
|         Support", STD 3, RFC 1123, IETF, October 1989.
 | ||
| 
 | ||
|    [7]  Crocker, D., "Standard for the Format of ARPA Internet Text
 | ||
|         Messages", STD 11, RFC 822, UDEL, August 1982.
 | ||
| 
 | ||
|    [8]  F. Davis, B. Kahle, H. Morris, J. Salem, T. Shen, R. Wang,
 | ||
|         J. Sui, and M. Grinbaum. "WAIS Interface Protocol Prototype
 | ||
|         Functional Specification." (v1.5), Thinking Machines
 | ||
|         Corporation, April 1990.
 | ||
| 
 | ||
|    [9]  Fielding, R., "Relative Uniform Resource Locators", RFC 1808,
 | ||
|         UC Irvine, June 1995.
 | ||
| 
 | ||
|    [10] Horton, M., and R. Adams, "Standard for interchange of USENET
 | ||
|         Messages", RFC 1036 (Obsoletes RFC 850), AT&T Bell
 | ||
|         Laboratories, Center for Seismic Studies, December 1987.
 | ||
| 
 | ||
|    [11] Kantor, B., and P. Lapsley, "Network News Transfer Protocol:
 | ||
|         A Proposed Standard for the Stream-Based Transmission of News",
 | ||
|         RFC 977, UC San Diego, UC Berkeley, February 1986.
 | ||
| 
 | ||
|    [12] Postel, J., "Simple Mail Transfer Protocol." STD 10, RFC 821,
 | ||
|         USC/ISI, August 1982.
 | ||
| 
 | ||
|    [13] Postel, J., "Media Type Registration Procedure." RFC 1590,
 | ||
|         USC/ISI, March 1994.
 | ||
| 
 | ||
|    [14] Postel, J., and J. Reynolds, "File Transfer Protocol (FTP)",
 | ||
|         STD 9, RFC 959, USC/ISI, October 1985.
 | ||
| 
 | ||
|    [15] Reynolds, J., and J. Postel, "Assigned Numbers", STD 2, RFC
 | ||
|         1700, USC/ISI, October 1994.
 | ||
| 
 | ||
|    [16] Sollins, K., and L. Masinter, "Functional Requirements for
 | ||
|         Uniform Resource Names", RFC 1737, MIT/LCS, Xerox Corporation,
 | ||
|         December 1994.
 | ||
| 
 | ||
|    [17] US-ASCII. Coded Character Set - 7-Bit American Standard Code
 | ||
|         for Information Interchange. Standard ANSI X3.4-1986, ANSI,
 | ||
|         1986.
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| Berners-Lee, et al           Informational                     [Page 53]
 | ||
| 
 | ||
| RFC 1945                        HTTP/1.0                        May 1996
 | ||
| 
 | ||
| 
 | ||
|    [18] ISO-8859. International Standard -- Information Processing --
 | ||
|         8-bit Single-Byte Coded Graphic Character Sets --
 | ||
|         Part 1: Latin alphabet No. 1, ISO 8859-1:1987.
 | ||
|         Part 2: Latin alphabet No. 2, ISO 8859-2, 1987.
 | ||
|         Part 3: Latin alphabet No. 3, ISO 8859-3, 1988.
 | ||
|         Part 4: Latin alphabet No. 4, ISO 8859-4, 1988.
 | ||
|         Part 5: Latin/Cyrillic alphabet, ISO 8859-5, 1988.
 | ||
|         Part 6: Latin/Arabic alphabet, ISO 8859-6, 1987.
 | ||
|         Part 7: Latin/Greek alphabet, ISO 8859-7, 1987.
 | ||
|         Part 8: Latin/Hebrew alphabet, ISO 8859-8, 1988.
 | ||
|         Part 9: Latin alphabet No. 5, ISO 8859-9, 1990.
 | ||
| 
 | ||
| 15.  Authors' Addresses
 | ||
| 
 | ||
|    Tim Berners-Lee
 | ||
|    Director, W3 Consortium
 | ||
|    MIT Laboratory for Computer Science
 | ||
|    545 Technology Square
 | ||
|    Cambridge, MA 02139, U.S.A.
 | ||
| 
 | ||
|    Fax: +1 (617) 258 8682
 | ||
|    EMail: timbl@w3.org
 | ||
| 
 | ||
| 
 | ||
|    Roy T. Fielding
 | ||
|    Department of Information and Computer Science
 | ||
|    University of California
 | ||
|    Irvine, CA 92717-3425, U.S.A.
 | ||
| 
 | ||
|    Fax: +1 (714) 824-4056
 | ||
|    EMail: fielding@ics.uci.edu
 | ||
| 
 | ||
| 
 | ||
|    Henrik Frystyk Nielsen
 | ||
|    W3 Consortium
 | ||
|    MIT Laboratory for Computer Science
 | ||
|    545 Technology Square
 | ||
|    Cambridge, MA 02139, U.S.A.
 | ||
| 
 | ||
|    Fax: +1 (617) 258 8682
 | ||
|    EMail: frystyk@w3.org
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| Berners-Lee, et al           Informational                     [Page 54]
 | ||
| 
 | ||
| RFC 1945                        HTTP/1.0                        May 1996
 | ||
| 
 | ||
| 
 | ||
| Appendices
 | ||
| 
 | ||
|    These appendices are provided for informational reasons only -- they
 | ||
|    do not form a part of the HTTP/1.0 specification.
 | ||
| 
 | ||
| A.  Internet Media Type message/http
 | ||
| 
 | ||
|    In addition to defining the HTTP/1.0 protocol, this document serves
 | ||
|    as the specification for the Internet media type "message/http". The
 | ||
|    following is to be registered with IANA [13].
 | ||
| 
 | ||
|        Media Type name:         message
 | ||
| 
 | ||
|        Media subtype name:      http
 | ||
| 
 | ||
|        Required parameters:     none
 | ||
| 
 | ||
|        Optional parameters:     version, msgtype
 | ||
| 
 | ||
|               version: The HTTP-Version number of the enclosed message
 | ||
|                        (e.g., "1.0"). If not present, the version can be
 | ||
|                        determined from the first line of the body.
 | ||
| 
 | ||
|               msgtype: The message type -- "request" or "response". If
 | ||
|                        not present, the type can be determined from the
 | ||
|                        first line of the body.
 | ||
| 
 | ||
|        Encoding considerations: only "7bit", "8bit", or "binary" are
 | ||
|                                 permitted
 | ||
| 
 | ||
|        Security considerations: none
 | ||
| 
 | ||
| B.  Tolerant Applications
 | ||
| 
 | ||
|    Although this document specifies the requirements for the generation
 | ||
|    of HTTP/1.0 messages, not all applications will be correct in their
 | ||
|    implementation. We therefore recommend that operational applications
 | ||
|    be tolerant of deviations whenever those deviations can be
 | ||
|    interpreted unambiguously.
 | ||
| 
 | ||
|    Clients should be tolerant in parsing the Status-Line and servers
 | ||
|    tolerant when parsing the Request-Line. In particular, they should
 | ||
|    accept any amount of SP or HT characters between fields, even though
 | ||
|    only a single SP is required.
 | ||
| 
 | ||
|    The line terminator for HTTP-header fields is the sequence CRLF.
 | ||
|    However, we recommend that applications, when parsing such headers,
 | ||
|    recognize a single LF as a line terminator and ignore the leading CR.
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| Berners-Lee, et al           Informational                     [Page 55]
 | ||
| 
 | ||
| RFC 1945                        HTTP/1.0                        May 1996
 | ||
| 
 | ||
| 
 | ||
| C.  Relationship to MIME
 | ||
| 
 | ||
|    HTTP/1.0 uses many of the constructs defined for Internet Mail (RFC
 | ||
|    822 [7]) and the Multipurpose Internet Mail Extensions (MIME [5]) to
 | ||
|    allow entities to be transmitted in an open variety of
 | ||
|    representations and with extensible mechanisms. However, RFC 1521
 | ||
|    discusses mail, and HTTP has a few features that are different than
 | ||
|    those described in RFC 1521. These differences were carefully chosen
 | ||
|    to optimize performance over binary connections, to allow greater
 | ||
|    freedom in the use of new media types, to make date comparisons
 | ||
|    easier, and to acknowledge the practice of some early HTTP servers
 | ||
|    and clients.
 | ||
| 
 | ||
|    At the time of this writing, it is expected that RFC 1521 will be
 | ||
|    revised. The revisions may include some of the practices found in
 | ||
|    HTTP/1.0 but not in RFC 1521.
 | ||
| 
 | ||
|    This appendix describes specific areas where HTTP differs from RFC
 | ||
|    1521. Proxies and gateways to strict MIME environments should be
 | ||
|    aware of these differences and provide the appropriate conversions
 | ||
|    where necessary. Proxies and gateways from MIME environments to HTTP
 | ||
|    also need to be aware of the differences because some conversions may
 | ||
|    be required.
 | ||
| 
 | ||
| C.1  Conversion to Canonical Form
 | ||
| 
 | ||
|    RFC 1521 requires that an Internet mail entity be converted to
 | ||
|    canonical form prior to being transferred, as described in Appendix G
 | ||
|    of RFC 1521 [5]. Section 3.6.1 of this document describes the forms
 | ||
|    allowed for subtypes of the "text" media type when transmitted over
 | ||
|    HTTP.
 | ||
| 
 | ||
|    RFC 1521 requires that content with a Content-Type of "text"
 | ||
|    represent line breaks as CRLF and forbids the use of CR or LF outside
 | ||
|    of line break sequences. HTTP allows CRLF, bare CR, and bare LF to
 | ||
|    indicate a line break within text content when a message is
 | ||
|    transmitted over HTTP.
 | ||
| 
 | ||
|    Where it is possible, a proxy or gateway from HTTP to a strict RFC
 | ||
|    1521 environment should translate all line breaks within the text
 | ||
|    media types described in Section 3.6.1 of this document to the RFC
 | ||
|    1521 canonical form of CRLF. Note, however, that this may be
 | ||
|    complicated by the presence of a Content-Encoding and by the fact
 | ||
|    that HTTP allows the use of some character sets which do not use
 | ||
|    octets 13 and 10 to represent CR and LF, as is the case for some
 | ||
|    multi-byte character sets.
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| Berners-Lee, et al           Informational                     [Page 56]
 | ||
| 
 | ||
| RFC 1945                        HTTP/1.0                        May 1996
 | ||
| 
 | ||
| 
 | ||
| C.2  Conversion of Date Formats
 | ||
| 
 | ||
|    HTTP/1.0 uses a restricted set of date formats (Section 3.3) to
 | ||
|    simplify the process of date comparison. Proxies and gateways from
 | ||
|    other protocols should ensure that any Date header field present in a
 | ||
|    message conforms to one of the HTTP/1.0 formats and rewrite the date
 | ||
|    if necessary.
 | ||
| 
 | ||
| C.3  Introduction of Content-Encoding
 | ||
| 
 | ||
|    RFC 1521 does not include any concept equivalent to HTTP/1.0's
 | ||
|    Content-Encoding header field. Since this acts as a modifier on the
 | ||
|    media type, proxies and gateways from HTTP to MIME-compliant
 | ||
|    protocols must either change the value of the Content-Type header
 | ||
|    field or decode the Entity-Body before forwarding the message. (Some
 | ||
|    experimental applications of Content-Type for Internet mail have used
 | ||
|    a media-type parameter of ";conversions=<content-coding>" to perform
 | ||
|    an equivalent function as Content-Encoding. However, this parameter
 | ||
|    is not part of RFC 1521.)
 | ||
| 
 | ||
| C.4  No Content-Transfer-Encoding
 | ||
| 
 | ||
|    HTTP does not use the Content-Transfer-Encoding (CTE) field of RFC
 | ||
|    1521. Proxies and gateways from MIME-compliant protocols to HTTP must
 | ||
|    remove any non-identity CTE ("quoted-printable" or "base64") encoding
 | ||
|    prior to delivering the response message to an HTTP client.
 | ||
| 
 | ||
|    Proxies and gateways from HTTP to MIME-compliant protocols are
 | ||
|    responsible for ensuring that the message is in the correct format
 | ||
|    and encoding for safe transport on that protocol, where "safe
 | ||
|    transport" is defined by the limitations of the protocol being used.
 | ||
|    Such a proxy or gateway should label the data with an appropriate
 | ||
|    Content-Transfer-Encoding if doing so will improve the likelihood of
 | ||
|    safe transport over the destination protocol.
 | ||
| 
 | ||
| C.5  HTTP Header Fields in Multipart Body-Parts
 | ||
| 
 | ||
|    In RFC 1521, most header fields in multipart body-parts are generally
 | ||
|    ignored unless the field name begins with "Content-". In HTTP/1.0,
 | ||
|    multipart body-parts may contain any HTTP header fields which are
 | ||
|    significant to the meaning of that part.
 | ||
| 
 | ||
| D.  Additional Features
 | ||
| 
 | ||
|    This appendix documents protocol elements used by some existing HTTP
 | ||
|    implementations, but not consistently and correctly across most
 | ||
|    HTTP/1.0 applications. Implementors should be aware of these
 | ||
|    features, but cannot rely upon their presence in, or interoperability
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| Berners-Lee, et al           Informational                     [Page 57]
 | ||
| 
 | ||
| RFC 1945                        HTTP/1.0                        May 1996
 | ||
| 
 | ||
| 
 | ||
|    with, other HTTP/1.0 applications.
 | ||
| 
 | ||
| D.1  Additional Request Methods
 | ||
| 
 | ||
| D.1.1 PUT
 | ||
| 
 | ||
|    The PUT method requests that the enclosed entity be stored under the
 | ||
|    supplied Request-URI. If the Request-URI refers to an already
 | ||
|    existing resource, the enclosed entity should be considered as a
 | ||
|    modified version of the one residing on the origin server. If the
 | ||
|    Request-URI does not point to an existing resource, and that URI is
 | ||
|    capable of being defined as a new resource by the requesting user
 | ||
|    agent, the origin server can create the resource with that URI.
 | ||
| 
 | ||
|    The fundamental difference between the POST and PUT requests is
 | ||
|    reflected in the different meaning of the Request-URI. The URI in a
 | ||
|    POST request identifies the resource that will handle the enclosed
 | ||
|    entity as data to be processed. That resource may be a data-accepting
 | ||
|    process, a gateway to some other protocol, or a separate entity that
 | ||
|    accepts annotations. In contrast, the URI in a PUT request identifies
 | ||
|    the entity enclosed with the request -- the user agent knows what URI
 | ||
|    is intended and the server should not apply the request to some other
 | ||
|    resource.
 | ||
| 
 | ||
| D.1.2 DELETE
 | ||
| 
 | ||
|    The DELETE method requests that the origin server delete the resource
 | ||
|    identified by the Request-URI.
 | ||
| 
 | ||
| D.1.3 LINK
 | ||
| 
 | ||
|    The LINK method establishes one or more Link relationships between
 | ||
|    the existing resource identified by the Request-URI and other
 | ||
|    existing resources.
 | ||
| 
 | ||
| D.1.4 UNLINK
 | ||
| 
 | ||
|    The UNLINK method removes one or more Link relationships from the
 | ||
|    existing resource identified by the Request-URI.
 | ||
| 
 | ||
| D.2  Additional Header Field Definitions
 | ||
| 
 | ||
| D.2.1 Accept
 | ||
| 
 | ||
|    The Accept request-header field can be used to indicate a list of
 | ||
|    media ranges which are acceptable as a response to the request. The
 | ||
|    asterisk "*" character is used to group media types into ranges, with
 | ||
|    "*/*" indicating all media types and "type/*" indicating all subtypes
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| Berners-Lee, et al           Informational                     [Page 58]
 | ||
| 
 | ||
| RFC 1945                        HTTP/1.0                        May 1996
 | ||
| 
 | ||
| 
 | ||
|    of that type. The set of ranges given by the client should represent
 | ||
|    what types are acceptable given the context of the request.
 | ||
| 
 | ||
| D.2.2 Accept-Charset
 | ||
| 
 | ||
|    The Accept-Charset request-header field can be used to indicate a
 | ||
|    list of preferred character sets other than the default US-ASCII and
 | ||
|    ISO-8859-1. This field allows clients capable of understanding more
 | ||
|    comprehensive or special-purpose character sets to signal that
 | ||
|    capability to a server which is capable of representing documents in
 | ||
|    those character sets.
 | ||
| 
 | ||
| D.2.3 Accept-Encoding
 | ||
| 
 | ||
|    The Accept-Encoding request-header field is similar to Accept, but
 | ||
|    restricts the content-coding values which are acceptable in the
 | ||
|    response.
 | ||
| 
 | ||
| D.2.4 Accept-Language
 | ||
| 
 | ||
|    The Accept-Language request-header field is similar to Accept, but
 | ||
|    restricts the set of natural languages that are preferred as a
 | ||
|    response to the request.
 | ||
| 
 | ||
| D.2.5 Content-Language
 | ||
| 
 | ||
|    The Content-Language entity-header field describes the natural
 | ||
|    language(s) of the intended audience for the enclosed entity. Note
 | ||
|    that this may not be equivalent to all the languages used within the
 | ||
|    entity.
 | ||
| 
 | ||
| D.2.6 Link
 | ||
| 
 | ||
|    The Link entity-header field provides a means for describing a
 | ||
|    relationship between the entity and some other resource. An entity
 | ||
|    may include multiple Link values. Links at the metainformation level
 | ||
|    typically indicate relationships like hierarchical structure and
 | ||
|    navigation paths.
 | ||
| 
 | ||
| D.2.7 MIME-Version
 | ||
| 
 | ||
|    HTTP messages may include a single MIME-Version general-header field
 | ||
|    to indicate what version of the MIME protocol was used to construct
 | ||
|    the message. Use of the MIME-Version header field, as defined by RFC
 | ||
|    1521 [5], should indicate that the message is MIME-conformant.
 | ||
|    Unfortunately, some older HTTP/1.0 servers send it indiscriminately,
 | ||
|    and thus this field should be ignored.
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| Berners-Lee, et al           Informational                     [Page 59]
 | ||
| 
 | ||
| RFC 1945                        HTTP/1.0                        May 1996
 | ||
| 
 | ||
| 
 | ||
| D.2.8 Retry-After
 | ||
| 
 | ||
|    The Retry-After response-header field can be used with a 503 (service
 | ||
|    unavailable) response to indicate how long the service is expected to
 | ||
|    be unavailable to the requesting client. The value of this field can
 | ||
|    be either an HTTP-date or an integer number of seconds (in decimal)
 | ||
|    after the time of the response.
 | ||
| 
 | ||
| D.2.9 Title
 | ||
| 
 | ||
|    The Title entity-header field indicates the title of the entity.
 | ||
| 
 | ||
| D.2.10 URI
 | ||
| 
 | ||
|    The URI entity-header field may contain some or all of the Uniform
 | ||
|    Resource Identifiers (Section 3.2) by which the Request-URI resource
 | ||
|    can be identified. There is no guarantee that the resource can be
 | ||
|    accessed using the URI(s) specified.
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| 
 | ||
| Berners-Lee, et al           Informational                     [Page 60]
 | ||
| 
 |