| draft-ietf-httpbis-safe-method-w-body-03.txt | draft-ietf-httpbis-safe-method-w-body-latest.txt | |||
|---|---|---|---|---|
| HTTP Working Group J. Reschke | HTTP Working Group J. Reschke | |||
| Internet-Draft greenbytes | Internet-Draft greenbytes | |||
| Intended status: Standards Track A. Malhotra | Intended status: Standards Track A. Malhotra | |||
| Expires: January 5, 2023 | Expires: October 12, 2024 | |||
| J.M. Snell | J.M. Snell | |||
| July 4, 2022 | April 10, 2024 | |||
| The HTTP QUERY Method | The HTTP QUERY Method | |||
| draft-ietf-httpbis-safe-method-w-body-03 | draft-ietf-httpbis-safe-method-w-body-latest | |||
| Abstract | Abstract | |||
| This specification defines a new HTTP method, QUERY, as a safe, | This specification defines a new HTTP method, QUERY, as a safe, | |||
| idempotent request method that can carry request content. | idempotent request method that can carry request content. | |||
| Editorial Note | Editorial Note | |||
| This note is to be removed before publishing as an RFC. | This note is to be removed before publishing as an RFC. | |||
| skipping to change at page 1, line 48 ¶ | skipping to change at page 1, line 48 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on January 5, 2023. | This Internet-Draft will expire on October 12, 2024. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2022 IETF Trust and the persons identified as the | Copyright (c) 2024 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents (https://trustee.ietf.org/ | Provisions Relating to IETF Documents (https://trustee.ietf.org/ | |||
| license-info) in effect on the date of publication of this document. | license-info) in effect on the date of publication of this document. | |||
| Please review these documents carefully, as they describe your rights | Please review these documents carefully, as they describe your rights | |||
| and restrictions with respect to this document. Code Components | and restrictions with respect to this document. Code Components | |||
| extracted from this document must include Revised BSD License text as | extracted from this document must include Revised BSD License text as | |||
| described in Section 4.e of the Trust Legal Provisions and are | described in Section 4.e of the Trust Legal Provisions and are | |||
| provided without warranty as described in the Revised BSD License. | provided without warranty as described in the Revised BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 2. QUERY . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 | 2. QUERY . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 2.1. Caching . . . . . . . . . . . . . . . . . . . . . . . . . 4 | 2.1. Caching . . . . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 3. The "Accept-Query" Header Field . . . . . . . . . . . . . . . 5 | 3. The "Accept-Query" Header Field . . . . . . . . . . . . . . . 5 | |||
| 4. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . 5 | 4. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 4.1. Simple QUERY with a Direct Response . . . . . . . . . . . 5 | 4.1. Simple QUERY with a Direct Response . . . . . . . . . . . 6 | |||
| 4.2. Simple QUERY with indirect response (303 See Other) . . . 6 | 4.2. Simple QUERY with indirect response (303 See Other) . . . 6 | |||
| 5. Security Considerations . . . . . . . . . . . . . . . . . . . 7 | 5. Security Considerations . . . . . . . . . . . . . . . . . . . 7 | |||
| 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 | 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 7. Normative References . . . . . . . . . . . . . . . . . . . . 7 | 7. Normative References . . . . . . . . . . . . . . . . . . . . 7 | |||
| Appendix A. Change Log . . . . . . . . . . . . . . . . . . . . . 7 | Appendix A. Change Log . . . . . . . . . . . . . . . . . . . . . 8 | |||
| A.1. Since draft-ietf-httpbis-safe-method-w-body-00 . . . . . 7 | A.1. Since draft-ietf-httpbis-safe-method-w-body-00 . . . . . 8 | |||
| A.2. Since draft-ietf-httpbis-safe-method-w-body-01 . . . . . 8 | A.2. Since draft-ietf-httpbis-safe-method-w-body-01 . . . . . 8 | |||
| A.3. Since draft-ietf-httpbis-safe-method-w-body-02 . . . . . 8 | A.3. Since draft-ietf-httpbis-safe-method-w-body-02 . . . . . 8 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8 | A.4. Since draft-ietf-httpbis-safe-method-w-body-02 . . . . . 9 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9 | ||||
| 1. Introduction | 1. Introduction | |||
| This specification defines the HTTP QUERY request method as a means | This specification defines the HTTP QUERY request method as a means | |||
| of making a safe, idempotent request that contains content. | of making a safe, idempotent request that contains content. | |||
| Most often, this is desirable when the data conveyed in a request is | Most often, this is desirable when the data conveyed in a request is | |||
| too voluminous to be encoded into the request's URI. For example, | too voluminous to be encoded into the request's URI. For example, | |||
| while this is an common and interoperable query: | while this is an common and interoperable query: | |||
| skipping to change at page 3, line 4 ¶ | skipping to change at page 2, line 49 ¶ | |||
| This specification defines the HTTP QUERY request method as a means | This specification defines the HTTP QUERY request method as a means | |||
| of making a safe, idempotent request that contains content. | of making a safe, idempotent request that contains content. | |||
| Most often, this is desirable when the data conveyed in a request is | Most often, this is desirable when the data conveyed in a request is | |||
| too voluminous to be encoded into the request's URI. For example, | too voluminous to be encoded into the request's URI. For example, | |||
| while this is an common and interoperable query: | while this is an common and interoperable query: | |||
| GET /feed?q=foo&limit=10&sort=-published HTTP/1.1 | GET /feed?q=foo&limit=10&sort=-published HTTP/1.1 | |||
| Host: example.org | Host: example.org | |||
| if the query parameters extend to several kilobytes or more of data | if the query parameters extend to several kilobytes or more of data | |||
| it may not be, because many implementations place limits on their | it may not be, because many implementations place limits on their | |||
| size. Often these limits are not known or discoverable ahead of | size. Often these limits are not known or discoverable ahead of | |||
| time, because a request can pass through many uncoordinated systems. | time, because a request can pass through many uncoordinated systems. | |||
| Additionally, expressing some data in the target URI is inefficient, | Additionally, expressing some data in the target URI is inefficient, | |||
| because it needs to be encoded to be a valid URI. | because it needs to be encoded to be a valid URI. | |||
| Encoding query parameters directly into the request URI also | Encoding query parameters directly into the request URI also | |||
| effectively casts every possible combination of query inputs as | effectively casts every possible combination of query inputs as | |||
| distinct resources. Depending on the application, that may not be | distinct resources. Depending on the application, that may not be | |||
| desirable. | desirable. | |||
| As an alternative to using GET, many implementations make use of the | As an alternative to using GET, many implementations make use of the | |||
| HTTP POST method to perform queries, as illustrated in the example | HTTP POST method to perform queries, as illustrated in the example | |||
| below. In this case, the input parameters to the search operation | below. In this case, the input parameters to the query operation are | |||
| are passed along within the request content as opposed to using the | passed along within the request content as opposed to using the | |||
| request URI. | request URI. | |||
| A typical use of HTTP POST for requesting a search | A typical use of HTTP POST for requesting a query | |||
| POST /feed HTTP/1.1 | POST /feed HTTP/1.1 | |||
| Host: example.org | Host: example.org | |||
| Content-Type: application/x-www-form-urlencoded | Content-Type: application/x-www-form-urlencoded | |||
| q=foo&limit=10&sort=-published | q=foo&limit=10&sort=-published | |||
| This variation, however, suffers from the same basic limitation as | This variation, however, suffers from the same basic limitation as | |||
| GET in that it is not readily apparent -- absent specific knowledge | GET in that it is not readily apparent -- absent specific knowledge | |||
| of the resource and server to which the request is being sent -- that | of the resource and server to which the request is being sent -- that | |||
| skipping to change at page 4, line 46 ¶ | skipping to change at page 4, line 46 ¶ | |||
| retrieved using an HTTP GET request. Various non-normative examples | retrieved using an HTTP GET request. Various non-normative examples | |||
| of successful QUERY responses are illustrated in Section 4. | of successful QUERY responses are illustrated in Section 4. | |||
| The semantics of the QUERY method change to a "conditional QUERY" if | The semantics of the QUERY method change to a "conditional QUERY" if | |||
| the request message includes an If-Modified-Since, If-Unmodified- | the request message includes an If-Modified-Since, If-Unmodified- | |||
| Since, If-Match, If-None-Match, or If-Range header field ([HTTP], | Since, If-Match, If-None-Match, or If-Range header field ([HTTP], | |||
| Section 13). A conditional QUERY requests that the query be | Section 13). A conditional QUERY requests that the query be | |||
| performed only under the circumstances described by the conditional | performed only under the circumstances described by the conditional | |||
| header field(s). It is important to note, however, that such | header field(s). It is important to note, however, that such | |||
| conditions are evaluated against the state of the target resource | conditions are evaluated against the state of the target resource | |||
| itself as opposed to the collected results of the search operation. | itself as opposed to the collected results of the query operation. | |||
| 2.1. Caching | 2.1. Caching | |||
| The response to a QUERY method is cacheable; a cache MAY use it to | The response to a QUERY method is cacheable; a cache MAY use it to | |||
| satisfy subsequent QUERY requests as per Section 4 of | satisfy subsequent QUERY requests as per Section 4 of | |||
| [HTTP-CACHING]). | [HTTP-CACHING]). | |||
| The cache key for a query (see Section 2 of [HTTP-CACHING]) MUST | The cache key for a query (see Section 2 of [HTTP-CACHING]) MUST | |||
| incorporate the request content. When doing so, caches SHOULD first | incorporate the request content. When doing so, caches SHOULD first | |||
| normalize request content to remove semantically insignificant | normalize request content to remove semantically insignificant | |||
| skipping to change at page 5, line 24 ¶ | skipping to change at page 5, line 24 ¶ | |||
| Type field (e.g., "+json") | Type field (e.g., "+json") | |||
| o Normalizing based upon knowledge of the semantics of the content | o Normalizing based upon knowledge of the semantics of the content | |||
| itself, as indicated by the request's Content-Type field. | itself, as indicated by the request's Content-Type field. | |||
| Note that any such normalization is performed solely for the purpose | Note that any such normalization is performed solely for the purpose | |||
| of generating a cache key; it does not change the request itself. | of generating a cache key; it does not change the request itself. | |||
| 3. The "Accept-Query" Header Field | 3. The "Accept-Query" Header Field | |||
| The "Accept-Query" response header field MAY be used by a server to | The "Accept-Query" response header field MAY be used by a resource to | |||
| directly signal support for the QUERY method while identifying the | directly signal support for the QUERY method while identifying the | |||
| specific query format media type(s) that may be used. | specific query format media type(s) that may be used. | |||
| Accept-Query = 1#media-type | Accept-Query = 1#media-type | |||
| The Accept-Query header field specifies a comma-separated listing of | The Accept-Query header field specifies a comma-separated listing of | |||
| media types (with optional parameters) as defined by Section 8.3.1 of | media types (with optional parameters) as defined by Section 8.3.1 of | |||
| [HTTP]. | [HTTP]. | |||
| The order of types listed by the Accept-Query header field is not | The order of types listed by the Accept-Query header field is not | |||
| significant. | significant. | |||
| Accept-Query's value applies to every URI on the server that shares | ||||
| the same path; in other words, the query component is ignored. If | ||||
| requests to the same resource return different Accept-Query values, | ||||
| the most recently received fresh (per Section 4.2 of [HTTP-CACHING]) | ||||
| value is used. | ||||
| 4. Examples | 4. Examples | |||
| The non-normative examples in this section make use of a simple, | The non-normative examples in this section make use of a simple, | |||
| hypothetical plain-text based query syntax based on SQL with results | hypothetical plain-text based query syntax based on SQL with results | |||
| returned as comma-separated values. This is done for illustration | returned as comma-separated values. This is done for illustration | |||
| purposes only. Implementations are free to use any format they wish | purposes only. Implementations are free to use any format they wish | |||
| on both the request and response. | on both the request and response. | |||
| 4.1. Simple QUERY with a Direct Response | 4.1. Simple QUERY with a Direct Response | |||
| skipping to change at page 8, line 45 ¶ | skipping to change at page 9, line 5 ¶ | |||
| o In Section 3, slightly rephrase statement about significance of | o In Section 3, slightly rephrase statement about significance of | |||
| ordering (<https://github.com/httpwg/http-extensions/issues/1896>) | ordering (<https://github.com/httpwg/http-extensions/issues/1896>) | |||
| o Throughout: use "content" instead of "payload" or "body" | o Throughout: use "content" instead of "payload" or "body" | |||
| (<https://github.com/httpwg/http-extensions/issues/1915>) | (<https://github.com/httpwg/http-extensions/issues/1915>) | |||
| o Updated references (<https://github.com/httpwg/http-extensions/ | o Updated references (<https://github.com/httpwg/http-extensions/ | |||
| issues/2157>) | issues/2157>) | |||
| A.4. Since draft-ietf-httpbis-safe-method-w-body-02 | ||||
| o In Section 3, clarify scope (<https://github.com/httpwg/http- | ||||
| extensions/issues/1913>) | ||||
| Authors' Addresses | Authors' Addresses | |||
| Julian Reschke | Julian Reschke | |||
| greenbytes GmbH | greenbytes GmbH | |||
| Hafenweg 16 | Hafenweg 16 | |||
| 48155 Münster | 48155 Münster | |||
| Germany | Germany | |||
| Email: julian.reschke@greenbytes.de | Email: julian.reschke@greenbytes.de | |||
| URI: https://greenbytes.de/tech/webdav/ | URI: https://greenbytes.de/tech/webdav/ | |||
| End of changes. 15 change blocks. | ||||
| 14 lines changed or deleted | 27 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||