https://tools.ietf.org/html/rfc7231
Table of Contents
1. Introduction ....................................................6
1.1. Conformance and Error Handling .............................6
1.2. Syntax Notation ............................................6
2. Resources .......................................................7
3. Representations .................................................7
3.1. Representation Metadata ....................................8
3.1.1. Processing Representation Data ......................8
3.1.2. Encoding for Compression or Integrity ..............11
3.1.3. Audience Language ..................................13
3.1.4. Identification .....................................14
3.2. Representation Data .......................................17
3.3. Payload Semantics .........................................17
3.4. Content Negotiation .......................................18
3.4.1. Proactive Negotiation ..............................19
3.4.2. Reactive Negotiation ...............................20
4. Request Methods ................................................21
4.1. Overview ..................................................21
4.2. Common Method Properties ..................................22
4.2.1. Safe Methods .......................................22
4.2.2. Idempotent Methods .................................23
4.2.3. Cacheable Methods ..................................24
4.3. Method Definitions ........................................24
4.3.1. GET ................................................24
4.3.2. HEAD ...............................................25
4.3.3. POST ...............................................25
4.3.4. PUT ................................................26
4.3.5. DELETE .............................................29
4.3.6. CONNECT ............................................30
4.3.7. OPTIONS ............................................31
4.3.8. TRACE ..............................................32
5. Request Header Fields ..........................................33
5.1. Controls ..................................................33
5.1.1. Expect .............................................34
5.1.2. Max-Forwards .......................................36
5.2. Conditionals ..............................................36
5.3. Content Negotiation .......................................37
5.3.1. Quality Values .....................................37
5.3.2. Accept .............................................38
5.3.3. Accept-Charset .....................................40
5.3.4. Accept-Encoding ....................................41
5.3.5. Accept-Language ....................................42
5.4. Authentication Credentials ................................44
5.5. Request Context ...........................................44
5.5.1. From ...............................................44
5.5.2. Referer ............................................45
5.5.3. User-Agent .........................................46
6. Response Status Codes ..........................................47
6.1. Overview of Status Codes ..................................48
6.2. Informational 1xx .........................................50
6.2.1. 100 Continue .......................................50
6.2.2. 101 Switching Protocols ............................50
6.3. Successful 2xx ............................................51
6.3.1. 200 OK .............................................51
6.3.2. 201 Created ........................................52
6.3.3. 202 Accepted .......................................52
6.3.4. 203 Non-Authoritative Information ..................52
6.3.5. 204 No Content .....................................53
6.3.6. 205 Reset Content ..................................53
6.4. Redirection 3xx ...........................................54
6.4.1. 300 Multiple Choices ...............................55
6.4.2. 301 Moved Permanently ..............................56
6.4.3. 302 Found ..........................................56
6.4.4. 303 See Other ......................................57
6.4.5. 305 Use Proxy ......................................58
6.4.6. 306 (Unused) .......................................58
6.4.7. 307 Temporary Redirect .............................58
6.5. Client Error 4xx ..........................................58
6.5.1. 400 Bad Request ....................................58
6.5.2. 402 Payment Required ...............................59
6.5.3. 403 Forbidden ......................................59
6.5.4. 404 Not Found ......................................59
6.5.5. 405 Method Not Allowed .............................59
6.5.6. 406 Not Acceptable .................................60
6.5.7. 408 Request Timeout ................................60
6.5.8. 409 Conflict .......................................60
6.5.9. 410 Gone ...........................................60
6.5.10. 411 Length Required ...............................61
6.5.11. 413 Payload Too Large .............................61
6.5.12. 414 URI Too Long ..................................61
6.5.13. 415 Unsupported Media Type ........................62
6.5.14. 417 Expectation Failed ............................62
6.5.15. 426 Upgrade Required ..............................62
6.6. Server Error 5xx ..........................................62
6.6.1. 500 Internal Server Error ..........................63
6.6.2. 501 Not Implemented ................................63
6.6.3. 502 Bad Gateway ....................................63
6.6.4. 503 Service Unavailable ............................63
6.6.5. 504 Gateway Timeout ................................63
6.6.6. 505 HTTP Version Not Supported .....................64
7. Response Header Fields .........................................64
7.1. Control Data ..............................................64
ed 7.1.1. Origination Date ...................................65
7.1.2. Location ...........................................68
7.1.3. Retry-After ........................................69
7.1.4. Vary ...............................................70
7.2. Validator Header Fields ...................................71
7.3. Authentication Challenges .................................72
7.4. Response Context ..........................................72
7.4.1. Allow ..............................................72
7.4.2. Server .............................................73
8. IANA Considerations ............................................73
8.1. Method Registry ...........................................73
8.1.1. Procedure ..........................................74
8.1.2. Considerations for New Methods .....................74
8.1.3. Registrations ......................................75
8.2. Status Code Registry ......................................75
8.2.1. Procedure ..........................................75
8.2.2. Considerations for New Status Codes ................76
8.2.3. Registrations ......................................76
8.3. Header Field Registry .....................................77
8.3.1. Considerations for New Header Fields ...............78
8.3.2. Registrations ......................................80
8.4. Content Coding Registry ...................................81
8.4.1. Procedure ..........................................81
8.4.2. Registrations ......................................81
9. Security Considerations ........................................81
9.1. Attacks Based on File and Path Names ......................82
9.2. Attacks Based on Command, Code, or Query Injection ........82
9.3. Disclosure of Personal Information ........................83
9.4. Disclosure of Sensitive Information in URIs ...............83
9.5. Disclosure of Fragment after Redirects ....................84
9.6. Disclosure of Product Information .........................84
9.7. Browser Fingerprinting ....................................84
10. Acknowledgments ...............................................85
11. References ....................................................85
11.1. Normative References .....................................85
11.2. Informative References ...................................86
Appendix A. Differences between HTTP and MIME .....................89
A.1. MIME-Version ..............................................89
A.2. Conversion to Canonical Form ..............................89
A.3. Conversion of Date Formats ................................90
A.4. Conversion of Content-Encoding ............................90
A.5. Conversion of Content-Transfer-Encoding ...................90
A.6. MHTML and Line Length Limitations .........................90
Appendix B. Changes from RFC 2616 .................................91
Appendix C. Imported ABNF .........................................93
Appendix D. Collected ABNF ........................................94
Index .............................................................97