LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - News (https://www.linuxquestions.org/questions/linux-news-59/)
-   -   HTTP 1.1 updated (https://www.linuxquestions.org/questions/linux-news-59/http-1-1-updated-4175507398/)

BenCollver 06-08-2014 06:52 AM
HTTP 1.1 updated
 
http://evertpot.com/http-11-updated/

"""
The biggest difference compared to the old spec, is that there is simply a lot more text. A lot of things are easier to understand and read, and parts where there were ambiguity has been resolved.

A second change is that the core specification has now been split up over 6 separate specs, whereas before there was just RFC 2616 for HTTP, and RFC 2617 for Basic and Digest authentication.

Just for those reasons alone it may make a lot of sense for API authors to read the specs from end-to-end. Guarenteed you'll learn and get inspired into doing better HTTP api design.

Furthermore the 308 status code is now standard, which provides a 4th redirect status. 308 is a permanent redirect. Clients that receive a 308 are expected to follow the redirect and execute the exact same request again. This, as opposed to the 301, where clients usually change the method into a GET.

RFC 7239 standardizes a Forwarded header, which is supposed to replace headers such as X-Forwarded-For and X-Forwarded-Proto.

A far from complete list of interesting things that have changed.
  • Clarifications around dealing with unexpected whitespace, which should fix response splitting vulnerabilities.
  • The limit of two connections per server has been removed.
  • HTTP/0.9 support has been dropped.
  • Default charset of ISO-8859-1 has been removed.
  • Servers are no longer required to handle all Content-* header fields.
  • Content-Range has been explicitly banned in PUT requests.
  • It's now suggested to use the about:blank uri in the Referer header when no referer exists, to distinguish between "there was no referrer" and "I don't want to send a referrer".
  • The 204, 404, 405, 414 and 501 status codes are now cachable.
  • The status codes 301 and 302 have been changed to allow user agents to rewrite the method from POST to GET. This is a good example of a case where everybody has been (incorrectly) already doing this, and the spec now reflects the real world implementation.
  • The Location header can now contain relative uri's as well as fragment identifiers.
  • Content-MD5 has been removed.
"""

unSpawn 06-09-2014 03:39 AM
Thanks for posting, I rarely keep track of RFCs...

*I've asked for this post to be copied or moved to our Linux News section but it's also something you could consider posting in your own LQ web log BTW.


All times are GMT -5. The time now is 02:04 AM.