📄 rfc2774.txt
字号:
4.2 Hop-by-Hop Extensions
Hop-by-hop extension declarations are meaningful only for a single
HTTP connection. In HTTP/1.1, C-Man, C-Opt, and all header fields
with matching header-prefix values defined by C-Man and C-Opt MUST be
protected by a Connection header field. That is, these header fields
are to be included as Connection header field directives (see [5],
section 14.10). The two header fields have the following grammar:
c-mandatory = "C-Man" ":" 1#ext-decl
c-optional = "C-Opt" ":" 1#ext-decl
Nielsen, et al. Experimental [Page 7]
RFC 2774 An HTTP Extension Framework February 2000
For example
M-GET / HTTP/1.1
Host: some.host
C-Man: "http://www.digest.org/ProxyAuth"; ns=14
14-Credentials="g5gj262jdw@4df"
Connection: C-Man, 14-Credentials
The ultimate recipient of a mandatory hop-by-hop extension
declaration MUST handle that extension declaration as described in
section 5 and 6.
4.3 Extension Response Header Fields
Two extension response header fields are used to indicate that a
request containing mandatory extension declarations has been
fulfilled by the ultimate recipient as described in section 5.1. The
extension response header fields are exclusively intended to serve as
extension acknowledgements, and can not carry any other information.
The Ext header field is used to indicate that all end-to-end
mandatory extension declarations in the request were fulfilled:
ext = "Ext" ":"
The C-Ext response header field is used to indicate that all hop-by-
hop mandatory extension declarations in the request were fulfilled.
c-ext = "C-Ext" ":"
In HTTP/1.1, the C-Ext header fields MUST be protected by a
Connection header (see [5], section 14.10).
The Ext and the C-Ext header fields are not mutually exclusive; they
can both occur within the same message as described in section 5.1.
5. Mandatory HTTP Requests
An HTTP request is called a mandatory request if it includes at least
one mandatory extension declaration (using the Man or the C-Man
header fields). The method name of a mandatory request MUST be
prefixed by "M-". For example, a client might express the binding
rights- management constraints in an HTTP PUT request as follows:
Nielsen, et al. Experimental [Page 8]
RFC 2774 An HTTP Extension Framework February 2000
M-PUT /a-resource HTTP/1.1
Man: "http://www.copyright.org/rights-management"; ns=16
16-copyright: http://www.copyright.org/COPYRIGHT.html
16-contributions: http://www.copyright.org/PATCHES.html
Host: www.w3.org
Content-Length: 1203
Content-Type: text/html
<!doctype html ...
An ultimate recipient conforming to this specification receiving a
mandatory request MUST process the request by performing the
following actions in the order listed below:
1. Identify all mandatory extension declarations (both hop-by-hop
and end-to-end); the server MAY ignore optional declarations
without affecting the result of processing the HTTP message;
2. Examine all extensions identified in 1) and determine if they
are supported for this message. If not, respond with a 510 (Not
Extended) status-code (see section 7);
3. If 2) did not result in a 510 (Not Extended) status code, then
process the request according to the semantics of the
extensions and of the existing HTTP method name as defined in
HTTP/1.1 [5] or later versions of HTTP. The HTTP method name
can be obtained by ignoring the "M-" method name prefix.
4. If the evaluation in 3) was successful and the mandatory
request fulfilled, the server MUST respond as defined in
section 5.1. A server MUST NOT fulfill a request without
understanding and obeying all mandatory extension
declaration(s) in a request.
A proxy that does not act as the ultimate recipient of a mandatory
extension declaration MUST NOT remove the extension declaration or
the "M-" method name prefix when forwarding the message (see section
5.1 for how to detect when a mandatory extension has been fulfilled).
A server receiving an HTTP/1.0 (or earlier versions of HTTP) message
that includes a Connection header MUST, for each connection-token in
this field, remove and ignore any header field(s) from the message
with the same name as the connection-token.
A server receiving a mandatory request including the "M-" method name
prefix without any mandatory extension declarations to follow MUST
return a 510 (Not Extended) response.
Nielsen, et al. Experimental [Page 9]
RFC 2774 An HTTP Extension Framework February 2000
The "M-" prefix is reserved by this proposal and MUST NOT be used by
other HTTP extensions.
5.1 Fulfilling a Mandatory Request
A server MUST NOT claim to have fulfilled any mandatory request
unless it understood and obeyed all the mandatory extension
declarations in the request. This section defines a mechanism for
conveying this information to the client in such a way that it
interoperates with existing HTTP applications and prevents broken
servers from giving the false impression that an extended request was
fulfilled by responding with a 200 (Ok) response without
understanding the method.
If any end-to-end mandatory extension declarations were among the
fulfilled extensions then the server MUST include an Ext response
header field in the response. In order to avoid that the Ext header
field inadvertently is cached in an HTTP/1.1 cache, the response MUST
contain a no-cache cache-control directive. If the response is
otherwise cachable, the no-cache cache-control directive SHOULD be
limited to only affect the Ext header field:
HTTP/1.1 200 OK
Ext:
Cache-Control: no-cache="Ext"
...
If the mandatory request has been forwarded by an HTTP/1.0
intermediary proxy then this is indicated either directly in the
Request-Line or by the presence of an HTTP/1.1 Via header field. In
this case, the server MUST include an Expires header field with a
date equal to or earlier than the value of the Date header field (see
section 9 for a discussion on caching considerations):
HTTP/1.1 200 OK
Date: Sun, 25 Oct 1998 08:12:31 GMT
Expires: Sun, 25 Oct 1998 08:12:31 GMT
Ext:
Cache-Control: no-cache="Ext", max-age=3600
...
If any hop-by-hop mandatory extension declarations were among the
fulfilled extensions then the server MUST include a C-Ext response
header field in the response. The C-Ext header field MUST be
protected by a Connection header field (see [5], section 14.10).
Nielsen, et al. Experimental [Page 10]
RFC 2774 An HTTP Extension Framework February 2000
HTTP/1.1 200 OK
C-Ext:
Connection: C-Ext
Note, that the Ext and C-Ext header fields are not mutually
exclusive; they can be both be present in a response when fulfilling
mandatory request containing both hop-by-hop as well as end-to-end
mandatory extension declarations.
6. Mandatory HTTP Responses
A server MUST NOT include mandatory extension declarations in an HTTP
response unless it is responding to a mandatory HTTP request whose
definition allowed for the mandatory response or the server has some
a priori knowledge that the recipient can handle the extended
response. A server MAY include optional extension declarations in
any HTTP response (see section 4).
If a client is the ultimate recipient of a mandatory HTTP response
containing mandatory extension declarations that either the client
does not understand or does not want to use, then it SHOULD discard
the complete response as if it were a 500 (Internal Server Error)
response.
7. 510 Not Extended
The policy for accessing the resource has not been met in the
request. The server should send back all the information necessary
for the client to issue an extended request. It is outside the scope
of this specification to specify how the extensions inform the
client.
If the 510 response contains information about extensions that were
not present in the initial request then the client MAY repeat the
request if it has reason to believe it can fulfill the extension
policy by modifying the request according to the information provided
in the 510 response. Otherwise the client MAY present any entity
included in the 510 response to the user, since that entity may
include relevant diagnostic information.
8. Publishing an Extension
While the protocol extension definition should be published at the
address of the extension identifier, this specification does not
require it. The only absolute requirement is that extension
identifiers MUST be globally unique identifiers, and that distinct
names be used for distinct semantics.
Nielsen, et al. Experimental [Page 11]
RFC 2774 An HTTP Extension Framework February 2000
Likewise, applications are not required to attempt resolving
extension identifiers included in an extension declaration. The only
absolute requirement is that an application MUST NOT claim
conformance with an extension that it does not recognize (regardless
of whether it has tried to resolve the extension identifier or not).
This document does not provide any policy for how long or how often
an application may attempt to resolve an extension identifier.
The association between the extension identifier and the
specification might be made by distributing a specification, which
references the extension identifier.
It is strongly recommended that the integrity and persistence of the
extension identifier be maintained and kept unquestioned throughout
the lifetime of the extension. Care should be taken not to distribute
conflicting specifications that reference the same name. Even when an
extension specification is made available at the address of the URI,
care must be taken that the specification made available at that
address does not change over time. One agent may associate the
identifier with the old semantics, while another might associate it
with the new semantics.
The extension definition may be made available in different
representations ranging from
o a human-readable specification defining the extension semantics
(see for example [7]),
o downloadable code which implements the semantics defined by the
extension,
o a formal interface description provided by the extension, to
o a machine-readable specification defining the extension
semantics.
For example, a software component that implements the specification
may reside at the same address as a human-readable specification
(distinguished by content negotiation). The human-readable
representation serves to document the extension and encourage
deployment, while the software component would allow clients and
servers to be dynamically extended.
9. Caching Considerations
Use of extensions using the syntax defined by this document may have
additional implications on the cachability of HTTP response messages
other than the ones described in section 5.1.
Nielsen, et al. Experimental [Page 12]
RFC 2774 An HTTP Extension Framework February 2000
The originator of an extended message should be able to determine
from the semantics of the extension whether or not the extension's
presence impacts the caching constraints of the response message. If
an extension does require tighter constraints on the cachebility of
the response, the originator MUST include the appropriate combination
of cache header fields (Cache-Control, Vary, Expires) corresponding
to the required level of constraints of the extended semantics.
10. Security Considerations
Dynamic installation of extension facilities as described in the
introduction involves software written by one party (the provider of
the implementation) to be executed under the authority of another
(the party operating the host software). This opens the host party to
a variety of "Trojan horse" attacks by the provider, or a malicious
third party that forges implementations under a provider's name. See,
for example RFC2046 [4], section 4.5.2 for a discussion of these
risks.
11. References
[1] Crocker, D., "Standard for the Format of ARPA Internet Text
Messages", STD 11, RFC 822, August 1982.
[2] Berners-Lee, T., Fielding, R. and H. Frystyk, "Hypertext
Transfer Protocol -- HTTP/1.0", RFC 1945, May 1996.
[3] Bradner, S., "The Internet Standards Process -- Revision 3", BCP
9, RFC 2026, October 1996.
[4] Freed, N. and N. Borenstein, "Multipurpose Internet Mail
Extensions (MIME) Part Two: Media Types", RFC 2046, November
1996.
[5] Fielding, R., Gettys, J., Mogul, J., Frystyk, H. and T.
Berners-Lee, "Hypertext Transfer Protocol -- HTTP/1.1", RFC
2068, January 1997.
[6] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", BCP 14, RFC 2119, March 1997.
[7] Masinter, L., "Hyper Text Coffee Pot Control Protocol
(HTCPCP/1.0)", RFC 2324, 1 April 1998.
[8] Berners-Lee, T., Fielding, R. and L. Masinter, "Uniform Resource
Identifiers (URI): Generic Syntax", RFC 2396, August 1998.
Nielsen, et al. Experimental [Page 13]
RFC 2774 An HTTP Extension Framework February 2000
[9] Nielsen, H., Connolly, D. and R. Khare, "PEP - an extension
mechanism for HTTP", Work in Progress.
12. Acknowledgements
Roy Fielding, Rohit Khare, Yaron Y. Goland, and Koen Holtman, deserve
special recognition for their efforts in commenting in all phases of
this specification. Also thanks to Josh Cohen, Ross Patterson, Jim
Gettys, Larry Masinter, and to the people involved in PEP [9].
The contribution of World Wide Web Consortium (W3C) staff is part of
the W3C HTTP Activity (see "http://www.w3.org/Protocols/Activity").
13. Authors' Addresses
Henrik Frystyk Nielsen
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -