HTTP Working Group J. Reschke
Internet-Draft greenbytes
Intended status: Standards Track A. Malhotra
Expires: August 29, 2025
J.M. Snell
M. Bishop
Akamai
February 25, 2025
The HTTP QUERY Method
draft-ietf-httpbis-safe-method-w-body-08
Abstract
This specification defines a new HTTP method, QUERY, as a safe,
idempotent request method that can carry request content.
Editorial Note
This note is to be removed before publishing as an RFC.
Discussion of this draft takes place on the HTTP working group
mailing list (ietf-http-wg@w3.org), which is archived at
.
Working Group information can be found at ;
source code and issues list for this draft can be found at
.
The changes in this draft are summarized in Appendix B.8.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
Reschke, et al. Expires August 29, 2025 [Page 1]
�
Internet-Draft The HTTP QUERY Method February 2025
This Internet-Draft will expire on August 29, 2025.
Copyright Notice
Copyright (c) 2025 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. Code Components
extracted from this document must include Revised BSD License text as
described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Revised BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4
1.2. Notational Conventions . . . . . . . . . . . . . . . . . 4
2. QUERY . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.1. Content-Location and Location Fields . . . . . . . . . . 5
2.2. Redirection . . . . . . . . . . . . . . . . . . . . . . . 6
2.3. Conditional Requests . . . . . . . . . . . . . . . . . . 6
2.4. Caching . . . . . . . . . . . . . . . . . . . . . . . . . 6
2.5. Range Requests . . . . . . . . . . . . . . . . . . . . . 7
3. The "Accept-Query" Header Field . . . . . . . . . . . . . . . 7
4. Security Considerations . . . . . . . . . . . . . . . . . . . 8
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8
5.1. Registration of QUERY method . . . . . . . . . . . . . . 8
5.2. Registration of Accept-Query field . . . . . . . . . . . 8
6. References . . . . . . . . . . . . . . . . . . . . . . . . . 9
6.1. Normative References . . . . . . . . . . . . . . . . . . 9
6.2. Informative References . . . . . . . . . . . . . . . . . 9
Appendix A. Examples . . . . . . . . . . . . . . . . . . . . . . 10
A.1. Simple Query . . . . . . . . . . . . . . . . . . . . . . 10
A.2. Discovery of QUERY support . . . . . . . . . . . . . . . 10
A.3. Discovery of QUERY Formats . . . . . . . . . . . . . . . 11
A.4. Content-Location, Location, and Indirect Responses . . . 12
A.4.1. Using Content-Location . . . . . . . . . . . . . . . 12
A.4.2. Using Location . . . . . . . . . . . . . . . . . . . 13
A.4.3. Indirect Responses . . . . . . . . . . . . . . . . . 14
A.5. More Query Formats . . . . . . . . . . . . . . . . . . . 14
Appendix B. Change Log . . . . . . . . . . . . . . . . . . . . . 17
B.1. Since draft-ietf-httpbis-safe-method-w-body-00 . . . . . 17
B.2. Since draft-ietf-httpbis-safe-method-w-body-01 . . . . . 18
B.3. Since draft-ietf-httpbis-safe-method-w-body-02 . . . . . 18
Reschke, et al. Expires August 29, 2025 [Page 2]
�
Internet-Draft The HTTP QUERY Method February 2025
B.4. Since draft-ietf-httpbis-safe-method-w-body-03 . . . . . 18
B.5. Since draft-ietf-httpbis-safe-method-w-body-04 . . . . . 18
B.6. Since draft-ietf-httpbis-safe-method-w-body-05 . . . . . 18
B.7. Since draft-ietf-httpbis-safe-method-w-body-06 . . . . . 19
B.8. Since draft-ietf-httpbis-safe-method-w-body-07 . . . . . 20
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 20
1. Introduction
This specification defines the HTTP QUERY request method as a means
of making a safe, idempotent request that contains content.
Most often, this is desirable when the data conveyed in a request is
too voluminous to be encoded into the request's URI. For example,
this is a common query pattern:
GET /feed?q=foo&limit=10&sort=-published HTTP/1.1
Host: example.org
However, for a query with parameters that are complex or large,
encoding it in the request URI may not be the best option because
o often size limits are not known ahead of time because a request
can pass through many uncoordinated system (but note that
Section 4.1 of [HTTP] recommends senders and recipients to support
at least 8000 octets),
o expressing certain kinds of data in the target URI is inefficient
because of the overhead of encoding that data into a valid URI,
and
o encoding query parameters directly into the request URI
effectively casts every possible combination of query inputs as
distinct resources.
As an alternative to using GET, many implementations make use of the
HTTP POST method to perform queries, as illustrated in the example
below. In this case, the input parameters to the query operation are
passed along within the request content as opposed to using the
request URI.
A typical use of HTTP POST for requesting a query:
POST /feed HTTP/1.1
Host: example.org
Content-Type: application/x-www-form-urlencoded
q=foo&limit=10&sort=-published
Reschke, et al. Expires August 29, 2025 [Page 3]
�
Internet-Draft The HTTP QUERY Method February 2025
This variation, however, suffers from the same basic limitation as
GET in that it is not readily apparent -- absent specific knowledge
of the resource and server to which the request is being sent -- that
a safe, idempotent query is being performed.
The QUERY method provides a solution that spans the gap between the
use of GET and POST, with the example above being expressed as:
QUERY /feed HTTP/1.1
Host: example.org
Content-Type: application/x-www-form-urlencoded
q=foo&limit=10&sort=-published
As with POST, the input to the query operation is passed along within
the content of the request rather than as part of the request URI.
Unlike POST, however, the method is explicitly safe and idempotent,
allowing functions like caching and automatic retries to operate.
Summarizing:
+------------+-------------+------------------+------------------+
| | GET | QUERY | POST |
+------------+-------------+------------------+------------------+
| Safe | yes | yes | potentially no |
| Idempotent | yes | yes | potentially no |
| Cacheable | yes | yes | no |
| Content | "no defined | expected | expected |
| (body) | semantics" | (semantics per | (semantics per |
| | | target resource) | target resource) |
+------------+-------------+------------------+------------------+
Table 1
1.1. Terminology
This document uses terminology defined in Section 3 of [HTTP].
1.2. Notational Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
Reschke, et al. Expires August 29, 2025 [Page 4]
�
Internet-Draft The HTTP QUERY Method February 2025
2. QUERY
The QUERY method is used to initiate a server-side query. Unlike the
HTTP GET method, which requests that a server return a representation
of the resource identified by the target URI (as defined by
Section 7.1 of [HTTP]), the QUERY method is used to ask the server to
perform a query operation (described by the request content) over
some set of data scoped to the target URI. The content returned in
response to a QUERY cannot be assumed to be a representation of the
resource identified by the target URI.
The content of the request defines the query. Implementations MAY
use a request content of any media type with the QUERY method,
provided that it has appropriate query semantics.
QUERY requests are both safe and idempotent with regards to the
resource identified by the request URI. That is, QUERY requests do
not alter the state of the targeted resource. However, while
processing a QUERY request, a server can be expected to allocate
computing and memory resources or even create additional HTTP
resources through which the response can be retrieved.
A successful response to a QUERY request is expected to provide some
indication as to the final disposition of the operation. For
instance, a successful query that yields no results can be
represented by a 204 No Content response. If the response includes
content, it is expected to describe the results of the operation.
2.1. Content-Location and Location Fields
Furthermore, a successful response can include a Content-Location
header field (see Section 8.7 of [HTTP]) containing an identifier for
a resource corresponding to the results of the operation. This
represents a claim from the server that a client can send a GET
request for the indicated URI to retrieve the results of the query
operation just performed. The indicated resource might be temporary.
A server MAY create or locate a resource that identifies the query
operation for future use. If the server does so, the URI of the
resource can be included in the Location header field of the response
(see Section 10.2.2 of [HTTP]). This represents a claim that a
client can send a GET request to the indicated URI to repeat the
query operation just performed without resending the query
parameters. This resource might be temporary; if a future request
fails, the client can retry using the original QUERY resource and the
previously submitted parameters again.
Reschke, et al. Expires August 29, 2025 [Page 5]
�
Internet-Draft The HTTP QUERY Method February 2025
2.2. Redirection
In some cases, the server may choose to respond indirectly to the
QUERY request by redirecting the user agent to a different URI (see
Section 15.4 of [HTTP]). The semantics of the redirect response do
not differ from other methods. For instance, a 303 (See Other)
response would indicate that the Location field identifies an
alternate URI from which the results can be retrieved using a GET
request (this use case is also covered by the use of the Location
response field in a 2xx response). On the other hand, response codes
307 (Temporary Redirect) and 308 (Permanent Redirect) can be used to
request the user agent to redo the QUERY request on the URI specified
by the Location field. Various non-normative examples of successful
QUERY responses are illustrated in Appendix A.
2.3. Conditional Requests
A conditional QUERY requests that the selected representation (i.e.,
the query results, after any content negotiation) be returned in the
response only under the circumstances described by the conditional
header field(s), as defined in Section 13 of [HTTP].
2.4. Caching
The response to a QUERY method is cacheable; a cache MAY use it to
satisfy subsequent QUERY requests as per Section 4 of
[HTTP-CACHING]).
The cache key for a query (see Section 2 of [HTTP-CACHING]) MUST
incorporate the request content. When doing so, caches SHOULD first
normalize request content to remove semantically insignificant
differences, thereby improving cache efficiency, by:
o Removing content encoding(s)
o Normalizing based upon knowledge of format conventions, as
indicated by any media type suffix in the request's Content-Type
field (e.g., "+json")
o Normalizing based upon knowledge of the semantics of the content
itself, as indicated by the request's Content-Type field.
Note that any such normalization is performed solely for the purpose
of generating a cache key; it does not change the request itself.
Reschke, et al. Expires August 29, 2025 [Page 6]
�
Internet-Draft The HTTP QUERY Method February 2025
2.5. Range Requests
The semantics of Range Requests for QUERY are identical to those for
GET, as defined in Section 14 of [HTTP].
3. The "Accept-Query" Header Field
The "Accept-Query" response header field can be used by a resource to
directly signal support for the QUERY method while identifying the
specific query format media type(s) that may be used.
"Accept-Query" contains a list of media ranges (Section 12.5.1 of
[HTTP]) using "Structured Fields" syntax ([STRUCTURED-FIELDS]).
Media ranges are represented by a List Structured Header Field of
either Tokens or Strings, containing the media range value without
parameters. Parameters, if any, are mapped to Parameters of type
String.
The choice of Token vs. String is semantically insignificant. That
is, recipients MAY convert Tokens to Strings, but MUST NOT process
them differently based on the received type.
Media types do not exactly map to Tokens, for instance they allow a
leading digit. In cases like these, the String format needs to be
used.
The only supported uses of wildcards are "*/*", which matches any
type, or "xxxx/*", which matches any subtype of the indicated type.
The order of types listed in the field value is not significant.
The only allowed format for parameters is String.
Accept-Query's value applies to every URI on the server that shares
the same path; in other words, the query component is ignored. If
requests to the same resource return different Accept-Query values,
the most recently received fresh value (per Section 4.2 of
[HTTP-CACHING]) is used.
Example:
Accept-Query: "application/jsonpath", application/sql;charset="UTF-8"
Although the syntax for this field appears to be similar to other
fields, such as "Accept" (Section 12.5.1 of [HTTP]), it is a
Structured Field and thus MUST be processed as specified in Section 4
of [STRUCTURED-FIELDS].
Reschke, et al. Expires August 29, 2025 [Page 7]
�
Internet-Draft The HTTP QUERY Method February 2025
4. Security Considerations
The QUERY method is subject to the same general security
considerations as all HTTP methods as described in [HTTP].
It can be used as an alternative to passing request information in
the URI (e.g., in the query section). This is preferred in some
cases, as the URI is more likely to be logged or otherwise processed
by intermediaries than the request content. If a server creates a
temporary resource to represent the results of a QUERY request (e.g.,
for use in the Location or Content-Location field) and the request
contains sensitive information that cannot be logged, then the URI of
this resource SHOULD be chosen such that it does not include any
sensitive portions of the original request content.
Caches that normalize QUERY content incorrectly or in ways that are
significantly different from how the resource processes the content
can return the incorrect response if normalization results in a false
positive.
A QUERY request from user agents implementing CORS (Cross-Origin
Resource Sharing) will require a "preflight" request, as QUERY does
not belong to the set of CORS-safelisted methods (see "Methods
(https://fetch.spec.whatwg.org/#methods)" in [FETCH]).
5. IANA Considerations
5.1. Registration of QUERY method
IANA is requested to add the QUERY method to the HTTP Method Registry
at (see Section 16.3.1
of [HTTP]).
+-------------+------+------------+---------------+
| Method Name | Safe | Idempotent | Specification |
+-------------+------+------------+---------------+
| QUERY | Yes | Yes | Section 2 |
+-------------+------+------------+---------------+
Table 2
5.2. Registration of Accept-Query field
IANA is requested to add the Accept-Query field to the HTTP Field
Name Registry at (see
Section 16.1.1 of [HTTP]).
Reschke, et al. Expires August 29, 2025 [Page 8]
�
Internet-Draft The HTTP QUERY Method February 2025
+--------------+-----------+------------+----------------+----------+
| Field Name | Status | Structured | Reference | Comments |
| | | Type | | |
+--------------+-----------+------------+----------------+----------+
| Accept-Query | permanent | List | Section 3 | |
| | | | of this | |
| | | | document. | |
+--------------+-----------+------------+----------------+----------+
Table 3
6. References
6.1. Normative References
[HTTP] Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke,
Ed., "HTTP Semantics", STD 97, RFC 9110,
DOI 10.17487/RFC9110, June 2022,
.
[HTTP-CACHING]
Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke,
Ed., "HTTP Caching", STD 98, RFC 9111,
DOI 10.17487/RFC9111, June 2022,
.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, .
[STRUCTURED-FIELDS]
Nottingham, M. and P-H. Kamp, "Structured Field Values for
HTTP", RFC 9651, DOI 10.17487/RFC9651, September 2024,
.
6.2. Informative References
[FETCH] WHATWG, "FETCH", .
[RFC9535] Gössner, S., Ed., Normington, G., Ed., and C. Bormann,
Ed., "JSONPath: Query Expressions for JSON", RFC 9535,
DOI 10.17487/RFC9535, February 2024,
.
Reschke, et al. Expires August 29, 2025 [Page 9]
�
Internet-Draft The HTTP QUERY Method February 2025
[XSLT] Kay, M., "XSL Transformations (XSLT) Version 3.0", W3C
Recommendation REC-xslt-30-20170608, June 8, 2017,
.
Latest version available at
.
Appendix A. Examples
The examples below are for illustrative purposes only; if one needs
to send queries that are actually this short, it is probably better
to use GET.
The media type used in most examples is "application/x-www-form-
urlencoded" (as used in POST requests from browser user clients).
The Content-Length fields have been omitted for brevity.
A.1. Simple Query
A simple query with a direct response:
QUERY /contacts HTTP/1.1
Host: example.org
Content-Type: application/x-www-form-urlencoded
Accept: application/json
select=surname,givenname,email&limit=10&match=%22email=*@example.*%22
Response:
HTTP/1.1 200 OK
Content-Type: application/json
[
{ "surname": "Smith",
"givenname": "John",
"email": "smith@example.org" },
{ "surname": "Jones",
"givenname": "Sally",
"email": "sally.jones@example.com" },
{ "surname": "Dubois",
"givenname": "Camille",
"email": "camille.dubois@example.net" }
]
A.2. Discovery of QUERY support
A simple way to discover support for QUERY is provided by the OPTIONS
(Section 9.3.7 of [HTTP]) method:
Reschke, et al. Expires August 29, 2025 [Page 10]
�
Internet-Draft The HTTP QUERY Method February 2025
OPTIONS /contacts HTTP/1.1
Host: example.org
Response:
HTTP/1.1 200 OK
Allow: GET, QUERY, OPTIONS, HEAD
The Allow response field (Section 10.2.1 of [HTTP]) denotes the set
of supported methods on the specified resource.
There are alternatives to the use of OPTIONS. For instance, a QUERY
request can be tried without prior knowledge of server support. The
server would then either process the request, or could respond with a
4xx status such as 405 ("Method Not Allowed", Section 15.5.6 of
[HTTP]), including the Allow response field.
A.3. Discovery of QUERY Formats
Discovery of supported media types for QUERY is possible via the
Accept-Query (Section 3) response field:
HEAD /contacts HTTP/1.1
Host: example.org
Response:
HTTP/1.1 200 OK
Content-Type: application/xhtml
Accept-Query: application/x-www-form-urlencoded, application/sql
Responses to which request methods will contain Accept-Query will
depend on the resource being accessed.
An alternative to checking Accept-Query would be to make a QUERY
request, and then - in case of a 4xx status such as 415 ("Unsupported
Media Type", Section 12.5.1 of [HTTP]) response - to inspect the
Allow (Section 15.5.16 of [HTTP]) response field:
HTTP/1.1 415 Unsupported Media Type
Content-Type: application/xhtml
Accept: application/x-www-form-urlencoded, application/sql
Reschke, et al. Expires August 29, 2025 [Page 11]
�
Internet-Draft The HTTP QUERY Method February 2025
A.4. Content-Location, Location, and Indirect Responses
The Content-Location and Location response fields provide a way to
identify alternate resources that will respond to GET requests,
either for the received result of the request, or for future requests
to perform the same operation. Going back to the example from
Appendix A.1:
QUERY /contacts HTTP/1.1
Host: example.org
Content-Type: application/x-www-form-urlencoded
Accept: application/json
select=surname,givenname,email&limit=10&match=%22email=*@example.*%22
Response:
HTTP/1.1 200 OK
Content-Type: application/json
Content-Location: /contacts/stored-results/17
Location: /contacts/stored-queries/42
Last-Modified: Sat, 25 Aug 2012 23:34:45 GMT
Date: Sun, 17 Nov 2024, 16:10:24 GMT
[
{ "surname": "Smith",
"givenname": "John",
"email": "smith@example.org" },
{ "surname": "Jones",
"givenname": "Sally",
"email": "sally.jones@example.com" },
{ "surname": "Dubois",
"givenname": "Camille",
"email": "camille.dubois@example.net" }
]
A.4.1. Using Content-Location
The Content-Location response field received above identifies a
resource holding the result for the QUERY response it appeared on:
GET /contacts/stored-results/17 HTTP/1.1
Host: example.org
Accept: application/json
Response:
Reschke, et al. Expires August 29, 2025 [Page 12]
�
Internet-Draft The HTTP QUERY Method February 2025
HTTP/1.1 200 OK
Last-Modified: Sat, 25 Aug 2012 23:34:45 GMT
Date: Sun, 17 Nov 2024, 16:10:25 GMT
[
{ "surname": "Smith",
"givenname": "John",
"email": "smith@example.org" },
{ "surname": "Jones",
"givenname": "Sally",
"email": "sally.jones@example.com" },
{ "surname": "Dubois",
"givenname": "Camille",
"email": "camille.dubois@example.net" }
]
A.4.2. Using Location
The Location response field identifies a resource that will respond
to GET with a fresh result for the QUERY response it appeared on.
GET /contacts/stored-queries/42 HTTP/1.1
Host: example.org
Accept: application/json
In this example, one entry was removed at 2024-11-17T16:12:01Z (as
indicated in the Last-Modified field), so the response only contains
two entries:
HTTP/1.1 200 OK
Content-Type: application/json
Last-Modified: Sun, 17 November 2024, 16:12:01 GMT
ETag: "42-1"
Date: Sun, 17 Nov 2024, 16:13:17 GMT
[
{ "surname": "Smith",
"givenname": "John",
"email": "smith@example.org" },
{ "surname": "Dubois",
"givenname": "Camille",
"email": "camille.dubois@example.net" }
]
Assuming no change in the query result, a subsequent conditional GET
request with
If-None-Match: "42-1"
Reschke, et al. Expires August 29, 2025 [Page 13]
�
Internet-Draft The HTTP QUERY Method February 2025
would result in a 304 response ("Not Modified", Section 15.4.5 of
[HTTP]).
Note that there's no guarantee that the server will implement this
resource indefinitely, so, after an error response, the client would
need to redo the original QUERY request in order to obtain a new
alternative location.
A.4.3. Indirect Responses
Servers can send "indirect" responses using the status code 303 ("See
Other", Section 15.4.4 of [HTTP]).
Given the request at the beginning of Appendix A.4, a server might
respond with:
HTTP/1.1 303 See Other
Content-Type: text/plain
Date: Sun, 17 Nov 2024, 16:13:17 GMT
Location: /contacts/stored-queries/42
See stored query at "/contacts/stored-queries/42".
This is similar to including Location on a direct response, except
that no result for the query is returned. This allows the server to
only generate an alternative resource. This resource could then be
used as shown in Appendix A.4.2.
A.5. More Query Formats
The following examples show requests on a JSON-shaped database of RFC
errata.
The request below uses XSLT ([XSLT]) to extract errata information
summarized per year and the defined errata types.
Reschke, et al. Expires August 29, 2025 [Page 14]
�
Internet-Draft The HTTP QUERY Method February 2025
QUERY /errata.json HTTP/1.1
Host: example.org
Content-Type: application/xslt+xml
Accept: application/xml, text/csv
errata_status_code
submit_date
year, total, rejected, verified, hdu, reported
Reschke, et al. Expires August 29, 2025 [Page 15]
�
Internet-Draft The HTTP QUERY Method February 2025
Response:
HTTP/1.1 200 OK
Content-Type: text/csv
Accept-Query: "application/jsonpath", "application/xslt+xml"
Date: Wed, 19 Feb 2025, 17:10:01 GMT
year, total, rejected, verified, hdu, reported
2000, 14, 0, 14, 0, 0
2001, 72, 1, 70, 1, 0
2002, 124, 8, 104, 12, 0
2003, 63, 0, 61, 2, 0
2004, 89, 1, 83, 5, 0
2005, 156, 10, 96, 50, 0
2006, 444, 54, 176, 214, 0
2007, 429, 48, 188, 193, 0
2008, 423, 52, 165, 206, 0
2009, 331, 39, 148, 144, 0
2010, 538, 80, 232, 222, 4
2011, 367, 47, 170, 150, 0
2012, 348, 54, 149, 145, 0
2013, 341, 61, 169, 106, 5
2014, 342, 73, 180, 72, 17
2015, 343, 79, 145, 89, 30
2016, 295, 46, 122, 82, 45
2017, 303, 46, 120, 84, 53
2018, 350, 61, 118, 98, 73
2019, 335, 47, 131, 94, 63
2020, 387, 68, 117, 123, 79
2021, 321, 44, 148, 63, 66
2022, 358, 37, 198, 40, 83
2023, 262, 38, 121, 33, 70
2024, 322, 33, 125, 23, 141
9999, 1, 0, 0, 1, 0
Note the Accept-Query response field indicating that another query
format - JSONPath ([RFC9535]) - is supported as well. The request
below would report the identifiers of all rejected errata submitted
since 2024:
Reschke, et al. Expires August 29, 2025 [Page 16]
�
Internet-Draft The HTTP QUERY Method February 2025
QUERY /errata.json HTTP/1.1
Host: example.org
Content-Type: application/jsonpath
Accept: application/json
$..[
?@.errata_status_code=="Rejected"
&& @.submit_date>"2024"
]
["doc-id"]
Response:
HTTP/1.1 200 OK
Content-Type: application/json
Accept-Query: "application/jsonpath", "application/xslt+xml"
Date: Thu, 20 Feb 2025, 09:55:42 GMT
Last-Modified: Thu, 20 Feb 2025 06:10:01 GMT
[
"RFC1185","RFC8407","RFC6350","RFC8467","RFC1157","RFC9543",
"RFC9076","RFC7656","RFC2822","RFC9460","RFC2104","RFC6797",
"RFC9499","RFC9557","RFC2131","RFC2328","RFC9001","RFC3325",
"RFC9438","RFC2526","RFC2985","RFC7643","RFC9132","RFC6376",
"RFC9110","RFC9460","RFC7748","RFC9497","RFC8463","RFC4035",
"RFC7239","RFC9083","RFC9537","RFC9537","RFC9420","RFC9000",
"RFC9656","RFC9110","RFC2324","RFC2549","RFC6797","RFC2549",
"RFC8894"
]
Appendix B. Change Log
This section is to be removed before publishing as an RFC.
B.1. Since draft-ietf-httpbis-safe-method-w-body-00
o Use "example/query" media type instead of undefined "text/query"
()
o In Section 3, adjust the grammar to just define the field value
()
o Update to latest HTTP core spec, and adjust terminology
accordingly ()
o Reference RFC 8174 and markup bcp14 terms
()
Reschke, et al. Expires August 29, 2025 [Page 17]
�
Internet-Draft The HTTP QUERY Method February 2025
o Update HTTP reference ()
o Relax restriction of generic XML media type in request content
()
B.2. Since draft-ietf-httpbis-safe-method-w-body-01
o Add minimal description of cacheability
()
o Use "QUERY" as method name ()
o Update HTTP reference ()
B.3. Since draft-ietf-httpbis-safe-method-w-body-02
o In Section 3, slightly rephrase statement about significance of
ordering ()
o Throughout: use "content" instead of "payload" or "body"
()
o Updated references ()
B.4. Since draft-ietf-httpbis-safe-method-w-body-03
o In Section 3, clarify scope ()
B.5. Since draft-ietf-httpbis-safe-method-w-body-04
o Describe role of Content-Location and Location fields
()
o Added Mike Bishop as author ()
o Use "target URI" instead of "effective request URI"
()
B.6. Since draft-ietf-httpbis-safe-method-w-body-05
o Updated language and examples about redirects and method rewriting
()
Reschke, et al. Expires August 29, 2025 [Page 18]
�
Internet-Draft The HTTP QUERY Method February 2025
o Add QUERY example to introduction ()
o Update "Sensitive information in QUERY URLs"
()
o Field registration for "Accept-Query" ()
B.7. Since draft-ietf-httpbis-safe-method-w-body-06
o Improve language about sensitive information in URIs
()
o Guidance about what's possible with GET wrt URI length
()
o Clarified description of conditional queries
()
o Editorial changes to Introduction (ack Will Hawkins,
)
o Added Security Consideration with respect to Normalization
()
o Added CORS considerations ()
o Make Accept-Query a Structured Field ()
o SQL media type is application/sql (RFC6922)
()
o Added overview table to introduction ()
o Reference HTTP spec for terminology ()
o Moved BCP14 related text into subsection
()
o Move examples into index ()
Reschke, et al. Expires August 29, 2025 [Page 19]
�
Internet-Draft The HTTP QUERY Method February 2025
B.8. Since draft-ietf-httpbis-safe-method-w-body-07
o Examples Section revised ()
o Discuss Range Requests ()
Authors' Addresses
Julian Reschke
greenbytes GmbH
Hafenweg 16
48155 Münster
Germany
Email: julian.reschke@greenbytes.de
URI: https://greenbytes.de/tech/webdav/
Ashok Malhotra
Email: malhotrasahib@gmail.com
James M Snell
Email: jasnell@gmail.com
Mike Bishop
Akamai
Email: mbishop@evequefou.be
Reschke, et al. Expires August 29, 2025 [Page 20]