rfc7238.txt   draft-ietf-httpbis-rfc7238bis-latest.txt 
Internet Engineering Task Force (IETF) J. Reschke HTTP Working Group J. Reschke
Request for Comments: 7238 greenbytes Internet-Draft greenbytes
Category: Experimental June 2014 Obsoletes: 7238 (if approved) March 2015
ISSN: 2070-1721 Intended status: Standards Track
Expires: September 2, 2015
The Hypertext Transfer Protocol Status Code 308 (Permanent Redirect) The Hypertext Transfer Protocol Status Code 308 (Permanent Redirect)
draft-ietf-httpbis-rfc7238bis-latest
Abstract Abstract
This document specifies the additional Hypertext Transfer Protocol This document specifies the additional Hypertext Transfer Protocol
(HTTP) status code 308 (Permanent Redirect). (HTTP) status code 308 (Permanent Redirect).
Status of This Memo Status of This Memo
This document is not an Internet Standards Track specification; it is This Internet-Draft is submitted in full conformance with the
published for examination, experimental implementation, and provisions of BCP 78 and BCP 79.
evaluation.
This document defines an Experimental Protocol for the Internet Internet-Drafts are working documents of the Internet Engineering
community. This document is a product of the Internet Engineering Task Force (IETF). Note that other groups may also distribute
Task Force (IETF). It represents the consensus of the IETF working documents as Internet-Drafts. The list of current Internet-
community. It has received public review and has been approved for Drafts is at http://datatracker.ietf.org/drafts/current/.
publication by the Internet Engineering Steering Group (IESG). Not
all documents approved by the IESG are a candidate for any level of
Internet Standard; see Section 2 of RFC 5741.
Information about the current status of this document, any errata, Internet-Drafts are draft documents valid for a maximum of six months
and how to provide feedback on it may be obtained at and may be updated, replaced, or obsoleted by other documents at any
http://www.rfc-editor.org/info/rfc7238. time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 2, 2015.
Copyright Notice Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Notational Conventions . . . . . . . . . . . . . . . . . . . . 3 2. Notational Conventions . . . . . . . . . . . . . . . . . . . . 3
3. 308 Permanent Redirect . . . . . . . . . . . . . . . . . . . . 3 3. 308 Permanent Redirect . . . . . . . . . . . . . . . . . . . . 3
4. Deployment Considerations . . . . . . . . . . . . . . . . . . . 4 4. Deployment Considerations . . . . . . . . . . . . . . . . . . . 4
5. Security Considerations . . . . . . . . . . . . . . . . . . . . 5 5. Security Considerations . . . . . . . . . . . . . . . . . . . . 5
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 5 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 5
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 5 7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 6
8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 6 7.1. Normative References . . . . . . . . . . . . . . . . . . . 6
8.1. Normative References . . . . . . . . . . . . . . . . . . . 6 7.2. Informative References . . . . . . . . . . . . . . . . . . 6
8.2. Informative References . . . . . . . . . . . . . . . . . . 6 Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . . 6
1. Introduction 1. Introduction
HTTP defines a set of status codes for the purpose of redirecting a HTTP defines a set of status codes for the purpose of redirecting a
request to a different URI ([RFC3986]). The history of these status request to a different URI ([RFC3986]). The history of these status
codes is summarized in Section 6.4 of [RFC7231], which also codes is summarized in Section 6.4 of [RFC7231], which also
classifies the existing status codes into four categories. classifies the existing status codes into four categories.
The first of these categories contains the status codes 301 (Moved The first of these categories contains the status codes 301 (Moved
Permanently), 302 (Found), and 307 (Temporary Redirect), which can be Permanently), 302 (Found), and 307 (Temporary Redirect), which can be
skipping to change at page 3, line 25 skipping to change at page 3, line 25
+-------------------------------------------+-----------+-----------+ +-------------------------------------------+-----------+-----------+
| | Permanent | Temporary | | | Permanent | Temporary |
+-------------------------------------------+-----------+-----------+ +-------------------------------------------+-----------+-----------+
| Allows changing the request method from | 301 | 302 | | Allows changing the request method from | 301 | 302 |
| POST to GET | | | | POST to GET | | |
| Does not allow changing the request | - | 307 | | Does not allow changing the request | - | 307 |
| method from POST to GET | | | | method from POST to GET | | |
+-------------------------------------------+-----------+-----------+ +-------------------------------------------+-----------+-----------+
Section 6.4.7 of [RFC7231] states that HTTP does not define a Section 6.4.7 of [RFC7231] states that it does not define a permanent
permanent variant of status code 307; this specification adds the variant of status code 307; this specification adds the status code
status code 308, defining this missing variant (Section 3). 308, defining this missing variant (Section 3).
This specification contains no technical changes from the
Experimental RFC 7238, which it obsoletes.
2. Notational Conventions 2. Notational Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
3. 308 Permanent Redirect 3. 308 Permanent Redirect
The 308 (Permanent Redirect) status code indicates that the target The 308 (Permanent Redirect) status code indicates that the target
skipping to change at page 4, line 4 skipping to change at page 4, line 7
The server SHOULD generate a Location header field ([RFC7231], The server SHOULD generate a Location header field ([RFC7231],
Section 7.1.2) in the response containing a preferred URI reference Section 7.1.2) in the response containing a preferred URI reference
for the new permanent URI. The user agent MAY use the Location field for the new permanent URI. The user agent MAY use the Location field
value for automatic redirection. The server's response payload value for automatic redirection. The server's response payload
usually contains a short hypertext note with a hyperlink to the new usually contains a short hypertext note with a hyperlink to the new
URI(s). URI(s).
A 308 response is cacheable by default; i.e., unless otherwise A 308 response is cacheable by default; i.e., unless otherwise
indicated by the method definition or explicit cache controls (see indicated by the method definition or explicit cache controls (see
[RFC7234], Section 4.2.2). [RFC7234], Section 4.2.2).
Note: This status code is similar to 301 (Moved Permanently) Note: This status code is similar to 301 (Moved Permanently)
([RFC7231], Section 6.4.2), except that it does not allow changing ([RFC7231], Section 6.4.2), except that it does not allow changing
the request method from POST to GET. the request method from POST to GET.
4. Deployment Considerations 4. Deployment Considerations
Section 6 of [RFC7231] requires recipients to treat unknown 3xx Section 6 of [RFC7231] requires recipients to treat unknown 3xx
status codes the same way as status code 300 Multiple Choices status codes the same way as status code 300 (Multiple Choices)
([RFC7231], Section 6.4.1). Thus, servers will not be able to rely ([RFC7231], Section 6.4.1). Thus, servers will not be able to rely
on automatic redirection happening similar to status codes 301, 302, on automatic redirection happening similar to status codes 301, 302,
or 307. or 307.
Therefore, initial use of status code 308 will be restricted to cases Therefore, the use of status code 308 is restricted to cases where
where the server has sufficient confidence in the client's the server has sufficient confidence in the client's understanding
understanding the new code or when a fallback to the semantics of the new code or when a fallback to the semantics of status code 300
status code 300 is not problematic. Server implementers are advised is not problematic. Server implementers are advised not to vary the
not to vary the status code based on characteristics of the request, status code based on characteristics of the request, such as the
such as the User-Agent header field ("User-Agent Sniffing") -- doing User-Agent header field ("User-Agent Sniffing") -- doing so usually
so usually results in code that is both hard to maintain and hard to results in code that is both hard to maintain and hard to debug and
debug and would also require special attention to caching (i.e., would also require special attention to caching (i.e., setting a
setting a "Vary" response header field, as defined in Section 7.1.4 "Vary" response header field, as defined in Section 7.1.4 of
of [RFC7231]). [RFC7231]).
Note that many existing HTML-based user agents will emulate a refresh Note that many existing HTML-based user agents will emulate a refresh
when encountering an HTML <meta> refresh directive ([HTML]). This when encountering an HTML <meta> refresh directive ([HTML], Section
can be used as another fallback. For example: 4.2.5.3). This can be used as another fallback. For example:
Client request: Client request:
GET / HTTP/1.1 GET / HTTP/1.1
Host: example.com Host: example.com
Server response: Server response:
HTTP/1.1 308 Permanent Redirect HTTP/1.1 308 Permanent Redirect
Content-Type: text/html; charset=UTF-8 Content-Type: text/html; charset=UTF-8
Location: http://example.com/new Location: http://example.com/new
Content-Length: 454 Content-Length: 356
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" <!DOCTYPE HTML>
"http://www.w3.org/TR/html4/strict.dtd">
<html> <html>
<head> <head>
<title>Permanent Redirect</title> <title>Permanent Redirect</title>
<meta http-equiv="refresh" <meta http-equiv="refresh"
content="0; url=http://example.com/new"> content="0; url=http://example.com/new">
</head> </head>
<body> <body>
<p> <p>
The document has been moved to The document has been moved to
<a href="http://example.com/new" <a href="http://example.com/new"
>http://example.com/new</a>. >http://example.com/new</a>.
</p> </p>
</body> </body>
</html> </html>
5. Security Considerations 5. Security Considerations
All security considerations that apply to HTTP redirects apply to the All security considerations that apply to HTTP redirects apply to the
308 status code as well (see Section 9 of [RFC7231]). 308 status code as well (see Section 9 of [RFC7231]).
Unsecured communication over the Internet is subject to man-in-the-
middle modification of messages, including changing status codes or
redirect targets. Use of Transport Layer Security (TLS) is one way
to mitigate those attacks. See Section 9 of [RFC7230] for related
attacks on authority and message integrity.
6. IANA Considerations 6. IANA Considerations
The registration below has been added to the "Hypertext Transfer The "Hypertext Transfer Protocol (HTTP) Status Code Registry"
Protocol (HTTP) Status Code Registry" (defined in Section 8.2 of (defined in Section 8.2 of [RFC7231] and located at
[RFC7231] and located at <http://www.iana.org/assignments/http-status-codes>) has been updated
<http://www.iana.org/assignments/http-status-codes>): to reference this specification.
+-------+--------------------+---------------------------------+ +-------+--------------------+---------------------------------+
| Value | Description | Reference | | Value | Description | Reference |
+-------+--------------------+---------------------------------+ +-------+--------------------+---------------------------------+
| 308 | Permanent Redirect | Section 3 of this specification | | 308 | Permanent Redirect | Section 3 of this specification |
+-------+--------------------+---------------------------------+ +-------+--------------------+---------------------------------+
7. Acknowledgements 7. References
The definition for the new status code 308 reuses text from the
HTTP/1.1 definitions of status codes 301 and 307.
Furthermore, thanks to Ben Campbell, Cyrus Daboo, Eran Hammer-Lahav,
Bjoern Hoehrmann, Subramanian Moonesamy, Peter Saint-Andre, and
Robert Sparks for feedback on this document.
8. References
8.1. Normative References 7.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>.
[RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
Resource Identifier (URI): Generic Syntax", STD 66, Resource Identifier (URI): Generic Syntax", STD 66,
RFC 3986, January 2005. RFC 3986, January 2005,
<http://www.rfc-editor.org/info/rfc3986>.
[RFC7230] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer [RFC7230] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer
Protocol (HTTP/1.1): Message Syntax and Routing", Protocol (HTTP/1.1): Message Syntax and Routing",
RFC 7230, June 2014. RFC 7230, June 2014,
<http://www.rfc-editor.org/info/rfc7230>.
[RFC7231] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer [RFC7231] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer
Protocol (HTTP/1.1): Semantics and Content", RFC 7231, Protocol (HTTP/1.1): Semantics and Content", RFC 7231,
June 2014. June 2014, <http://www.rfc-editor.org/info/rfc7231>.
[RFC7234] Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke, [RFC7234] Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke,
Ed., "Hypertext Transfer Protocol (HTTP/1.1): Caching", Ed., "Hypertext Transfer Protocol (HTTP/1.1): Caching",
RFC 7234, June 2014. RFC 7234, June 2014,
<http://www.rfc-editor.org/info/rfc7234>.
8.2. Informative References 7.2. Informative References
[HTML] Raggett, D., Le Hors, A., and I. Jacobs, "HTML 4.01 [HTML] Hickson, I., Berjon, R., Faulkner, S., Leithead, T., Doyle
Specification", W3C Recommendation REC-html401-19991224, Navara, E., O'Connor, E., and S. Pfeiffer, "HTML5", W3C
December 1999, Recommendation REC-html5-20141028, October 2014,
<http://www.w3.org/TR/1999/REC-html401-19991224>. <http://www.w3.org/TR/2014/REC-html5-20141028/>.
Latest version available at Latest version available at <http://www.w3.org/TR/html5/>.
<http://www.w3.org/TR/html401>.
Appendix A. Acknowledgements
The definition for the new status code 308 reuses text from the
HTTP/1.1 definitions of status codes 301 and 307.
Furthermore, thanks to Ben Campbell, Cyrus Daboo, Adrian Farrell,
Eran Hammer-Lahav, Bjoern Hoehrmann, Barry Leiba, Subramanian
Moonesamy, Kathleen Moriarty, Peter Saint-Andre, Robert Sparks, and
Roy Fielding for feedback on this document.
Author's Address Author's Address
Julian F. Reschke Julian F. Reschke
greenbytes GmbH greenbytes GmbH
Hafenweg 16 Hafenweg 16
Muenster, NW 48155 Muenster, NW 48155
Germany Germany
EMail: julian.reschke@greenbytes.de EMail: julian.reschke@greenbytes.de
 End of changes. 26 change blocks. 
69 lines changed or deleted 81 lines changed or added

This html diff was produced by rfcdiff 1.44jr. The latest version is available from http://tools.ietf.org/tools/rfcdiff/