Prefer Header for HTTP

Within the course of processing an HTTP request there are typically a range of required and optional behaviors that a server or intermediary can employ. These often manifest in a variety of subtle and not-so-subtle ways within the response. For example, when using the HTTP PUT method to modify a resource -- similar to that defined for the Atom Publishing Protocol -- the server is given the option of returning either a complete representation of a modified resource or a minimal response that indicates only the successful completion of the operation. The selection of which type of response to return to the client generally has no bearing on the successful processing of the request but could, for instance, have an impact on what actions the client must take after receiving the response. That is, returning a representation of the modified resource within the response can allow the client to avoid sending an additional subsequent GET request. Similarly, servers that process requests are often faced with decisions about how to process requests that may be technically invalid or incorrect but are still understandable. It might be the case that the server is able to overlook the technical errors in the request but still successfully process the request. Depending on the specific requirements of the application and the nature of the request being made, the client might or might not consider such lenient processing of its request to be appropriate. While the decision of exactly which behaviors to apply in these cases lies with the server processing the request, the server might wish to defer to the client to specify which optional behavior is preferred. Currently, HTTP offers no explicitly defined means of expressing the client's preferences regarding the optional aspects of handling of a given request. While HTTP does provide the Expect header -- which can be used to identify mandatory expectations for the processing of a request -- use of the field to communicate optional preferences is problematic: The semantics of the Expect header field are such that intermediaries and servers are required to reject any request that states unrecognized or unsupported expectations. While the Expect header field is end-to-end, the HTTP specification requires that the header be processed hop-by-hop. That is, every interceding intermediary that handles a request between the client and the origin server is required to process an expectation and determine whether it is capable of appropriately handling it. The rigid, must-understand semantics of the Expect header, therefore, make it a poor choice for the general expression of optional preferences that may be specific to an individual application and are therefore unknown to an intermediary or are otherwise irrelevant to the intermediaries successful handling of the request and response. Another option available to clients is to utilize Request URI query-string parameters to express preferences. Doing so, however, results in a variety of issues affecting the cacheability of responses. As an alternative, this specification defines a new HTTP request header field that can be used by clients to request that optional behaviors be applied by a server during the processing the request. Additionally, a handful of initial preference tokens for use with the new header are defined. In this document, the key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" are to be interpreted as described in .

This specification uses the Augmented Backus-Naur Form (ABNF) notation of and includes, by reference, the "token", "word", "OWS", "BWS" rules and the #rule extension as defined within Sections 3.2.1 and 3.2.4 of .

The Prefer request header field is used to indicate that particular server behaviors are preferred by the client, but not required for successful completion of the request. Prefer is similar in nature to the Expect header field defined by Section 6.1.2 of with the exception that servers are allowed to ignore stated preferences.

ABNF: Prefer = "Prefer" ":" 1#preference preference = token [ BWS "=" BWS word ] *( OWS ";" [ OWS parameter ] ) parameter = token [ BWS "=" BWS word ] This header field is defined with an extensible syntax to allow for future values included in the Registry of Preferences. A server that does not recognize or is unable to comply with particular preference tokens in the Prefer header field of a request MUST ignore those tokens and continue processing instead of signalling an error. A preference token can contain a value. Empty, or zero length values on both the preference token and within parameters are equivalent to no value being specified at all. The following, then, are equivalent:

Prefer: foo; bar Prefer: foo; bar="" Prefer: foo=""; bar An optional set of parameters can be specified for any preference token. The meaning and application of such parameters is dependent on the definition of each preference token and the server's implementation thereof. Comparison of preference token names is case-insensitive while values are case-sensitive regardless of whether token or quoted-string values are used. The Prefer header field is end-to-end and SHOULD be forwarded by a proxy if the request is forwarded unless Prefer is explicitly identified as being hop-by-hop using the Connection header field defined by , Section 6.1. In various situations, a proxy might determine that it is capable of honoring a preference independently of the server to which the request has been directed. For instance, an intervening proxy might be capable of providing asynchronous handling of a request using 202 Accepted responses independently of the origin server. Such proxies can choose to honor the "return-asynch" preference on their own despite whether the origin is capable or willing to do so. Individual preference tokens MAY define their own requirements and restrictions as to whether and how intermediaries can apply the preference to a request independently of the origin server. Implementations MUST support multiple instances of the Prefer header field in a single message, as well as multiple preference tokens separated by commas in a single Prefer header field. The following examples are equivalent:

Multiple Prefer Header Fields: POST /foo HTTP/1.1 Host: example.org Prefer: return-asynch Prefer: wait=100 Date: Tue, 20 Dec 2011 12:34:56 GMT

Single Prefer Header Field: POST /foo HTTP/1.1 Host: example.org Prefer: wait=100, return-asynch Date: Tue, 20 Dec 2011 12:34:56 GMT To avoid possible ambiguity, individual preference tokens SHOULD NOT appear multiple times within a single request. If any preference is specified more than once, only the first instance is to be considered. All subsequent occurrences SHOULD be ignored without signaling an error or otherwise altering the processing of the request. This is the only case in which the ordering of preferences within a request is considered to be significant. Due to the inherent complexities involved with properly implementing server-driven content negotiation, effective caching, and the application of optional preferences, implementors are urged to exercise caution when using preferences in a way that impacts the caching of a response and SHOULD NOT use the Prefer header mechanism for content negotiation. If a server supports the optional application of a preference that might result in a variance to a cache's handling of a response entity, a Vary header field MUST be included with the response listing the Prefer header field regardless of whether the client actually used Prefer in the request.

The following examples illustrate the use of various preferences defined by this specification, as well as undefined extensions for strictly illustrative purposes:

1. Return a "202 Accepted" response for asynchronous processing if the response cannot be processed within 10 seconds. An undefined "priority" preference is also specified: Prefer: return-asynch, wait=10; Prefer: priority=5;

2. Use lenient processing: Prefer: Lenient

3. Use of an optional, undefined parameter on the return-minimal preference: Prefer: return-minimal; foo="some parameter"

The Preference-Applied response header MAY be included within a response message as an indication as to which Prefer tokens were honored by the server and applied to the processing of a request.

ABNF: Preference-Applied = "Preference-Applied" ":" 1#token The syntax of the Preference-Applied header differs from that of the Prefer header in that token values and parameters are not included. Use of the Preference-Applied header is only necessary when it is not readily and obviously apparent that a server applied a given preference and such ambiguity might have an impact on the client's handling of the response. For instance, when using either the "return-representation" or "return-minimal" preferences, a client application might not be capable of reliably determining that the preference was applied simply by examining the payload of the response. In such case the Preference-Applied header field can be used.

Request: PATCH /my-document HTTP/1.1 Host: example.org Content-Type: application/json-patch Prefer: return-representation [{"op": "add", "path": "/a", "value": 1}]

Response: HTTP/1.1 200 OK Content-Type: application/json Preference-Applied: return-representation Content-Location: /my-document {"a": 1}

The following subsections define an initial set of preferences. Additional preferences can be registered for convenience and/or to promote reuse by other applications. This specification establishes an IANA registry of such relation types (see ). Registered preference names MUST conform to the token rule, and MUST be compared character-by-character in a case-insensitive fashion. They SHOULD be appropriate to the specificity of the preference; i.e., if the semantics are highly specific to a particular application, the name should reflect that, so that more general names remain available for less specific use. Registered preferences MUST NOT constrain servers, clients or any intermediaries involved in the exchange and processing of a request to any behavior required for successful processing. The use and application of a preference within a given request MUST be optional on the part of all participants.

The "return-asynch" preference indicates that the client prefers the server to respond asynchronously to a response. For instance, in the case when the length of time it takes to generate a response will exceed some arbitrary threshold established by the server, the server can honor the return-asynch preference by returning a "202 Accepted" response.

ABNF: return-asynch = "return-asynch" The key motivation for the "return-asynch" preference is to facilitate the operation of asynchronous request handling by allowing the client to indicate to a server its capability and preference for handling asynchronous responses.

An example request specifying the "return-asynch" preference: POST /collection HTTP/1.1 Host: example.org Content-Type: text/plain Prefer: return-asynch {Data}

An example asynchronous response using "202 Accepted": HTTP/1.1 202 Accepted Location: http://example.org/collection/123 While the "202 Accepted" response status is defined by , little guidance is given on how and when to use the response code and the process for determining the subsequent final result of the operation is left entirely undefined. Therefore, whether and how any given server supports asynchronous responses is an implementation specific detail that is considered to be out of the scope of this specification.

The "return-representation" preference indicates that the client prefers that the server include an entity representing the current state of the resource in the response to a successful request. The "return-minimal" preference, on the other hand, indicates that the client wishes the server to return only a minimal response to a successful request. Typically, such responses would utilize the "204 No Content" status, but other codes MAY be used as appropriate, such as a "200" status with a zero-length response entity. The determination of what constitutes an appropriate minimal response is solely at the discretion of the server.

ABNF: return-representation = "return-representation" return-minimal = "return-minimal" When honoring the "return-representation" preference, the returned representation might not be a representation of the effective request URI when the request is affecting another resource. In such cases, the Content-Location header can be used to identify the URI of the returned representation. The "return-representation" preference is intended to provide a means of optimizing communication between the client and server by eliminating the need for a subsequent GET request to retrieve the current representation of the resource following a modification. Currently, after successfully processing a modification request such as a POST or PUT, a server can choose to return either an entity describing the status of the operation or a representation of the modified resource itself. While the selection of which type of entity to return, if any at all, is solely at the discretion of the server, the "return-representation" preference -- along with the "return-minimal" preference defined below -- allow the server to take the client's preferences into consideration while constructing the response.

An example request specifying the "return-representation" preference: BCDFGHJKLMNPQRSTVWXYZ ]]>

An example response containing the resource representation: HTTP/1.1 200 OK Content-Location: http://example.org/item/123 Preference-Applied: return-representation Content-Type: text/plain ETag: "d3b07384d113edec49eaa6238ad5ff00" BCDFGHJKLMNPQRSTVWXYZ In contrast, the "return-minimal" preference can reduce the amount of data the server is required to return to the client following a request. This can be particularly useful, for instance, when communicating with limited-bandwidth mobile devices or when the client simply does not require any further information about the result of a request beyond knowing if it was successfully processed.

An example request specifying the "return-minimal" preference: POST /collection HTTP/1.1 Host: example.org Content-Type: text/plain Prefer: return-minimal {Data}

An example minimal response: HTTP/1.1 201 Created Location: http://example.org/collection/123 The "return-minimal" and "return-representation" preferences are mutually exclusive directives. A request that contains both preferences can be treated as though neither were specified.

The "wait" preference can be used to establish an upper bound on the length of time, in seconds, the client expects it will take the server to process the request once it has been received. In the case that generating a response will take longer than the time specified, the server, or proxy, can choose to utilize an asynchronous processing model by returning -- for example -- a "202 Accepted" response.

ABNF: wait = "wait" BWS "=" BWS delta-seconds It is important to consider that HTTP messages spend some time traversing the network and being processed by intermediaries. This increases the length of time that a client will wait for a response in addition to the time the server takes to process the request. A client that has strict timing requirements can estimate these factors and adjust the wait value accordingly. As with other preferences, the "wait" preference could be ignored. Clients can abandon requests that take longer than they are prepared to wait.

For example, a server receiving the following request might choose to respond asynchronously if processing the request will take longer than 10 seconds: POST /collection HTTP/1.1 Host: example.org Content-Type: text/plain Prefer: return-asynch, wait=10 {Data}

The "strict" and "lenient" preferences are mutually-exclusive directives indicating, at the server's discretion, how the client wishes the server to handle potential error conditions that can arise in the processing of a request. For instance, if the payload of a request contains various minor syntactical or semantic errors, but the server is still capable of comprehending and successfully processing the request, a decision must be made to either reject the request with an appropriate "4xx" error response or go ahead with processing. The "strict" preference can be used to indicate that, while any particular error may be recoverable, the client would prefer that the server reject the request. The "lenient" preference, on the other hand, indicates that the client wishes the server to attempt to process the request.

ABNF: handling = "strict" / "lenient"

An example request specifying the "strict" preference: POST /collection HTTP/1.1 Host: example.org Content-Type: text/plain Prefer: strict

The 'Prefer' and 'Preference-Applied' header fields should be added to the Permanent Message Header Fields registry defined in (http://www.iana.org/assignments/message-headers/perm-headers.html). Header field name: Prefer Applicable Protocol: HTTP Status: Standard ]]> Change controller: IETF Specification document: this specification Header field name: Preference-Applied Applicable Protocol: HTTP Status: Standard ]]> Change controller: IETF Specification document: this specification

IANA is asked to create a new registry, "HTTP Preferences", under the Hypertext Transfer Protocol (HTTP) Parameters group. New registrations will use the Specification Required policy . The requirements for registered preferences are described in . Registration requests consist of the completed registration template below, typically published in the required specification. However, to allow for the allocation of values prior to publication, the Designated Expert can approve registration based on a separately submitted template once they are satisfied that a specification will be published. Preferences can be registered by third parties if the Designated Expert determines that an unregistered preference is widely deployed and not likely to be registered in a timely manner. The registration template is: Preference: (A value for the Prefer request header field that conforms to the syntax rule given in ) Description: Reference: Notes: [optional] Registration requests should be sent to the ietf-http-wg@w3.org mailing list, marked clearly in the subject line (e.g., "NEW PREFERENCE - example" to register an "example" preference). Within at most 14 days of the request, the Designated Expert(s) will either approve or deny the registration request, communicating this decision to the review list and IANA. Denials should include an explanation and, if applicable, suggestions as to how to make the request successful.

The Preferences Registry's initial contents are: Preference: return-asynch Description: Indicates that the client prefers the server to respond asynchronously to a request. Reference: [this specification], Preference: return-minimal Description: Indicates that the client prefers the server return a minimal response to a request. Reference: [this specification], Preference: return-representation Description: Indicates that the client prefers the server to include a representation of the current state of the resource in response to a request. Reference: [this specification], Preference: wait Description: Indicates an upper bound to the length of time the client expects it will take the server to process the request once it has been received. Reference: [this specification], Preference: strict Description: Indicates that the client wishes the server to apply strict validation and error handling to the processing of a request. Reference: [this specification], Preference: lenient Description: Indicates that the client wishes the server to apply lenient validation and error handling to the processing of a request. Reference: [this specification],

Specific preferences requested by a client can introduce security considerations and concerns beyond those discussed within HTTP/1.1 and it's additional associated specification documents. Implementers need to refer to the specifications and descriptions of each preference to determine the security considerations relevant to each. A server could incur greater costs in attempting to comply with a particular preference (for instance, the cost of providing a representation in a response that would not ordinarily contain one; or the commitment of resources necessary to track state for an asynchronous response). Unconditional compliance from a server could allow the use of preferences for denial of service. A server can ignore an expressed preference to avoid expending resources that it does not wish to commit.