draft-ietf-httpbis-header-structure-15.txt   draft-ietf-httpbis-header-structure-16.txt 
HTTP M. Nottingham HTTP M. Nottingham
Internet-Draft Fastly Internet-Draft Fastly
Intended status: Standards Track P-H. Kamp Intended status: Standards Track P-H. Kamp
Expires: July 31, 2020 The Varnish Cache Project Expires: September 10, 2020 The Varnish Cache Project
January 28, 2020 March 9, 2020
Structured Headers for HTTP Structured Field Values for HTTP
draft-ietf-httpbis-header-structure-15 draft-ietf-httpbis-header-structure-16
Abstract Abstract
This document describes a set of data types and associated algorithms This document describes a set of data types and associated algorithms
that are intended to make it easier and safer to define and handle that are intended to make it easier and safer to define and handle
HTTP header fields. It is intended for use by specifications of new HTTP header and trailer fields, known as "Structured Fields", or
HTTP header fields that wish to use a common syntax that is more "Structured Headers". It is intended for use by specifications of
new HTTP fields that wish to use a common syntax that is more
restrictive than traditional HTTP field values. restrictive than traditional HTTP field values.
Note to Readers Note to Readers
_RFC EDITOR: please remove this section before publication_ _RFC EDITOR: please remove this section before publication_
Discussion of this draft takes place on the HTTP working group Discussion of this draft takes place on the HTTP working group
mailing list (ietf-http-wg@w3.org), which is archived at mailing list (ietf-http-wg@w3.org), which is archived at
https://lists.w3.org/Archives/Public/ietf-http-wg/ [1]. https://lists.w3.org/Archives/Public/ietf-http-wg/ [1].
skipping to change at page 2, line 10 skipping to change at page 2, line 10
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on July 31, 2020. This Internet-Draft will expire on September 10, 2020.
Copyright Notice Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 32 skipping to change at page 2, line 32
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Intentionally Strict Processing . . . . . . . . . . . . . 4 1.1. Intentionally Strict Processing . . . . . . . . . . . . . 4
1.2. Notational Conventions . . . . . . . . . . . . . . . . . 5 1.2. Notational Conventions . . . . . . . . . . . . . . . . . 5
2. Defining New Structured Headers . . . . . . . . . . . . . . . 5 2. Defining New Structured Fields . . . . . . . . . . . . . . . 5
3. Structured Data Types . . . . . . . . . . . . . . . . . . . . 7 3. Structured Data Types . . . . . . . . . . . . . . . . . . . . 8
3.1. Lists . . . . . . . . . . . . . . . . . . . . . . . . . . 8 3.1. Lists . . . . . . . . . . . . . . . . . . . . . . . . . . 8
3.1.1. Inner Lists . . . . . . . . . . . . . . . . . . . . . 8 3.1.1. Inner Lists . . . . . . . . . . . . . . . . . . . . . 9
3.1.2. Parameters . . . . . . . . . . . . . . . . . . . . . 9 3.1.2. Parameters . . . . . . . . . . . . . . . . . . . . . 9
3.2. Dictionaries . . . . . . . . . . . . . . . . . . . . . . 10 3.2. Dictionaries . . . . . . . . . . . . . . . . . . . . . . 10
3.3. Items . . . . . . . . . . . . . . . . . . . . . . . . . . 11 3.3. Items . . . . . . . . . . . . . . . . . . . . . . . . . . 12
3.3.1. Integers . . . . . . . . . . . . . . . . . . . . . . 12 3.3.1. Integers . . . . . . . . . . . . . . . . . . . . . . 12
3.3.2. Decimals . . . . . . . . . . . . . . . . . . . . . . 12 3.3.2. Decimals . . . . . . . . . . . . . . . . . . . . . . 12
3.3.3. Strings . . . . . . . . . . . . . . . . . . . . . . . 12 3.3.3. Strings . . . . . . . . . . . . . . . . . . . . . . . 13
3.3.4. Tokens . . . . . . . . . . . . . . . . . . . . . . . 13 3.3.4. Tokens . . . . . . . . . . . . . . . . . . . . . . . 14
3.3.5. Byte Sequences . . . . . . . . . . . . . . . . . . . 13 3.3.5. Byte Sequences . . . . . . . . . . . . . . . . . . . 14
3.3.6. Booleans . . . . . . . . . . . . . . . . . . . . . . 14 3.3.6. Booleans . . . . . . . . . . . . . . . . . . . . . . 14
4. Working With Structured Headers in HTTP Headers . . . . . . . 14 4. Working With Structured Fields in HTTP . . . . . . . . . . . 15
4.1. Serializing Structured Headers . . . . . . . . . . . . . 14 4.1. Serializing Structured Fields . . . . . . . . . . . . . . 15
4.1.1. Serializing a List . . . . . . . . . . . . . . . . . 15 4.1.1. Serializing a List . . . . . . . . . . . . . . . . . 15
4.1.2. Serializing a Dictionary . . . . . . . . . . . . . . 17 4.1.2. Serializing a Dictionary . . . . . . . . . . . . . . 17
4.1.3. Serializing an Item . . . . . . . . . . . . . . . . . 17 4.1.3. Serializing an Item . . . . . . . . . . . . . . . . . 18
4.1.4. Serializing an Integer . . . . . . . . . . . . . . . 18 4.1.4. Serializing an Integer . . . . . . . . . . . . . . . 19
4.1.5. Serializing a Decimal . . . . . . . . . . . . . . . . 19 4.1.5. Serializing a Decimal . . . . . . . . . . . . . . . . 19
4.1.6. Serializing a String . . . . . . . . . . . . . . . . 19 4.1.6. Serializing a String . . . . . . . . . . . . . . . . 20
4.1.7. Serializing a Token . . . . . . . . . . . . . . . . . 20 4.1.7. Serializing a Token . . . . . . . . . . . . . . . . . 20
4.1.8. Serializing a Byte Sequence . . . . . . . . . . . . . 20 4.1.8. Serializing a Byte Sequence . . . . . . . . . . . . . 21
4.1.9. Serializing a Boolean . . . . . . . . . . . . . . . . 21 4.1.9. Serializing a Boolean . . . . . . . . . . . . . . . . 21
4.2. Parsing Header Fields into Structured Headers . . . . . . 21 4.2. Parsing Structured Fields . . . . . . . . . . . . . . . . 22
4.2.1. Parsing a List . . . . . . . . . . . . . . . . . . . 22 4.2.1. Parsing a List . . . . . . . . . . . . . . . . . . . 23
4.2.2. Parsing a Dictionary . . . . . . . . . . . . . . . . 24 4.2.2. Parsing a Dictionary . . . . . . . . . . . . . . . . 25
4.2.3. Parsing an Item . . . . . . . . . . . . . . . . . . . 25 4.2.3. Parsing an Item . . . . . . . . . . . . . . . . . . . 26
4.2.4. Parsing a Number . . . . . . . . . . . . . . . . . . 27 4.2.4. Parsing an Integer or Decimal . . . . . . . . . . . . 28
4.2.5. Parsing a String . . . . . . . . . . . . . . . . . . 28 4.2.5. Parsing a String . . . . . . . . . . . . . . . . . . 29
4.2.6. Parsing a Token . . . . . . . . . . . . . . . . . . . 29 4.2.6. Parsing a Token . . . . . . . . . . . . . . . . . . . 30
4.2.7. Parsing a Byte Sequence . . . . . . . . . . . . . . . 29 4.2.7. Parsing a Byte Sequence . . . . . . . . . . . . . . . 30
4.2.8. Parsing a Boolean . . . . . . . . . . . . . . . . . . 30 4.2.8. Parsing a Boolean . . . . . . . . . . . . . . . . . . 31
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 31 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 32
6. Security Considerations . . . . . . . . . . . . . . . . . . . 31 6. Security Considerations . . . . . . . . . . . . . . . . . . . 32
7. References . . . . . . . . . . . . . . . . . . . . . . . . . 31 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 32
7.1. Normative References . . . . . . . . . . . . . . . . . . 31 7.1. Normative References . . . . . . . . . . . . . . . . . . 32
7.2. Informative References . . . . . . . . . . . . . . . . . 32 7.2. Informative References . . . . . . . . . . . . . . . . . 33
7.3. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 32 7.3. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 33 Appendix A. Frequently Asked Questions . . . . . . . . . . . . . 34
Appendix B. Frequently Asked Questions . . . . . . . . . . . . . 33 A.1. Why not JSON? . . . . . . . . . . . . . . . . . . . . . . 34
B.1. Why not JSON? . . . . . . . . . . . . . . . . . . . . . . 33 Appendix B. Implementation Notes . . . . . . . . . . . . . . . . 34
B.2. Structured Headers don't "fit" my data. . . . . . . . . . 34 Appendix C. Changes . . . . . . . . . . . . . . . . . . . . . . 35
Appendix C. Implementation Notes . . . . . . . . . . . . . . . . 34 C.1. Since draft-ietf-httpbis-header-structure-15 . . . . . . 35
Appendix D. Changes . . . . . . . . . . . . . . . . . . . . . . 35 C.2. Since draft-ietf-httpbis-header-structure-14 . . . . . . 35
D.1. Since draft-ietf-httpbis-header-structure-14 . . . . . . 35 C.3. Since draft-ietf-httpbis-header-structure-13 . . . . . . 36
D.2. Since draft-ietf-httpbis-header-structure-13 . . . . . . 35 C.4. Since draft-ietf-httpbis-header-structure-12 . . . . . . 36
D.3. Since draft-ietf-httpbis-header-structure-12 . . . . . . 36 C.5. Since draft-ietf-httpbis-header-structure-11 . . . . . . 37
D.4. Since draft-ietf-httpbis-header-structure-11 . . . . . . 36 C.6. Since draft-ietf-httpbis-header-structure-10 . . . . . . 37
D.5. Since draft-ietf-httpbis-header-structure-10 . . . . . . 36 C.7. Since draft-ietf-httpbis-header-structure-09 . . . . . . 37
D.6. Since draft-ietf-httpbis-header-structure-09 . . . . . . 36 C.8. Since draft-ietf-httpbis-header-structure-08 . . . . . . 37
D.7. Since draft-ietf-httpbis-header-structure-08 . . . . . . 37 C.9. Since draft-ietf-httpbis-header-structure-07 . . . . . . 38
D.8. Since draft-ietf-httpbis-header-structure-07 . . . . . . 37 C.10. Since draft-ietf-httpbis-header-structure-06 . . . . . . 38
D.9. Since draft-ietf-httpbis-header-structure-06 . . . . . . 38 C.11. Since draft-ietf-httpbis-header-structure-05 . . . . . . 38
D.10. Since draft-ietf-httpbis-header-structure-05 . . . . . . 38 C.12. Since draft-ietf-httpbis-header-structure-04 . . . . . . 39
D.11. Since draft-ietf-httpbis-header-structure-04 . . . . . . 38 C.13. Since draft-ietf-httpbis-header-structure-03 . . . . . . 39
D.12. Since draft-ietf-httpbis-header-structure-03 . . . . . . 38 C.14. Since draft-ietf-httpbis-header-structure-02 . . . . . . 39
D.13. Since draft-ietf-httpbis-header-structure-02 . . . . . . 38 C.15. Since draft-ietf-httpbis-header-structure-01 . . . . . . 39
D.14. Since draft-ietf-httpbis-header-structure-01 . . . . . . 39 C.16. Since draft-ietf-httpbis-header-structure-00 . . . . . . 39
D.15. Since draft-ietf-httpbis-header-structure-00 . . . . . . 39 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 40
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 39 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 40
1. Introduction 1. Introduction
Specifying the syntax of new HTTP header fields is an onerous task; Specifying the syntax of new HTTP header (and trailer) fields is an
even with the guidance in Section 8.3.1 of [RFC7231], there are many onerous task; even with the guidance in Section 8.3.1 of [RFC7231],
decisions - and pitfalls - for a prospective HTTP header field there are many decisions - and pitfalls - for a prospective HTTP
author. field author.
Once a header field is defined, bespoke parsers and serializers often Once a field is defined, bespoke parsers and serializers often need
need to be written, because each header has slightly different to be written, because each field value has slightly different
handling of what looks like common syntax. handling of what looks like common syntax.
This document introduces a set of common data structures for use in This document introduces a set of common data structures for use in
definitions of new HTTP header field values to address these definitions of new HTTP field values to address these problems. In
problems. In particular, it defines a generic, abstract model for particular, it defines a generic, abstract model for them, along with
header field values, along with a concrete serialisation for a concrete serialization for expressing that model in HTTP [RFC7230]
expressing that model in HTTP [RFC7230] header fields. header and trailer fields.
HTTP headers that are defined as "Structured Headers" use the types A HTTP field that is defined as a "Structured Header" (or "Structured
defined in this specification to define their syntax and basic Trailer", respectively; if the field can be either, it is a
handling rules, thereby simplifying both their definition by "Structured Field") uses the types defined in this specification to
specification writers and handling by implementations. define its syntax and basic handling rules, thereby simplifying both
its definition by specification writers and handling by
implementations.
Additionally, future versions of HTTP can define alternative Additionally, future versions of HTTP can define alternative
serialisations of the abstract model of these structures, allowing serializations of the abstract model of these structures, allowing
headers that use it to be transmitted more efficiently without being fields that use it to be transmitted more efficiently without being
redefined. redefined.
Note that it is not a goal of this document to redefine the syntax of Note that it is not a goal of this document to redefine the syntax of
existing HTTP headers; the mechanisms described herein are only existing HTTP fields; the mechanisms described herein are only
intended to be used with headers that explicitly opt into them. intended to be used with those that explicitly opt into them.
Section 2 describes how to specify a Structured Header. Section 2 describes how to specify a Structured Field.
Section 3 defines a number of abstract data types that can be used in Section 3 defines a number of abstract data types that can be used in
Structured Headers. Those abstract types can be serialized into and Structured Fields.
parsed from HTTP headers using the algorithms described in Section 4.
Those abstract types can be serialized into and parsed from HTTP
field values using the algorithms described in Section 4.
1.1. Intentionally Strict Processing 1.1. Intentionally Strict Processing
This specification intentionally defines strict parsing and This specification intentionally defines strict parsing and
serialisation behaviours using step-by-step algorithms; the only serialization behaviors using step-by-step algorithms; the only error
error handling defined is to fail the operation altogether. handling defined is to fail the operation altogether.
It is designed to encourage faithful implementation and therefore It is designed to encourage faithful implementation and therefore
good interoperability. Therefore, an implementation that tried to be good interoperability. Therefore, an implementation that tried to be
"helpful" by being more tolerant of input would make interoperability "helpful" by being more tolerant of input would make interoperability
worse, since that would create pressure on other implementations to worse, since that would create pressure on other implementations to
implement similar (but likely subtly different) workarounds. implement similar (but likely subtly different) workarounds.
In other words, strict processing is an intentional feature of this In other words, strict processing is an intentional feature of this
specification; it allows non-conformant input to be discovered and specification; it allows non-conformant input to be discovered and
corrected by the producer early, and avoids both interoperability and corrected by the producer early, and avoids both interoperability and
security issues that might otherwise result. security issues that might otherwise result.
Note that as a result of this strictness, if a header field is Note that as a result of this strictness, if a field is appended to
appended to by multiple parties (e.g., intermediaries, or different by multiple parties (e.g., intermediaries, or different components in
components in the sender), an error in one party's value is likely to the sender), an error in one party's value is likely to cause the
cause the entire header field to fail parsing. entire field value to fail parsing.
1.2. Notational Conventions 1.2. Notational Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP "OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119] [RFC8174] when, and only when, they appear in all 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here. capitals, as shown here.
This document uses algorithms to specify parsing and serialisation This document uses algorithms to specify parsing and serialization
behaviours, and the Augmented Backus-Naur Form (ABNF) notation of behaviors, and the Augmented Backus-Naur Form (ABNF) notation of
[RFC5234] to illustrate expected syntax in HTTP header fields. In [RFC5234] to illustrate expected syntax in HTTP header fields. In
doing so, uses the VCHAR, SP, DIGIT, ALPHA and DQUOTE rules from doing so, it uses the VCHAR, SP, DIGIT, ALPHA and DQUOTE rules from
[RFC5234]. It also includes the tchar rule from [RFC7230]. [RFC5234]. It also includes the tchar rule from [RFC7230].
When parsing from HTTP header fields, implementations MUST follow the When parsing from HTTP fields, implementations MUST follow the
algorithms, but MAY vary in implementation so as the behaviours are algorithms, but MAY vary in implementation so as the behaviors are
indistinguishable from specified behaviour. If there is disagreement indistinguishable from specified behavior. If there is disagreement
between the parsing algorithms and ABNF, the specified algorithms between the parsing algorithms and ABNF, the specified algorithms
take precedence. In some places, the algorithms are "greedy" with take precedence. In some places, the algorithms are "greedy" with
whitespace, but this should not affect conformance. whitespace, but this should not affect conformance.
For serialisation to header fields, the ABNF illustrates the range of For serialization to HTTP fields, the ABNF illustrates the range of
acceptable wire representations with as much fidelity as possible, acceptable wire representations with as much fidelity as possible,
and the algorithms define the recommended way to produce them. and the algorithms define the recommended way to produce them.
Implementations MAY vary from the specified behaviour so long as the Implementations MAY vary from the specified behavior so long as the
output still matches the ABNF. output still matches the ABNF.
2. Defining New Structured Headers 2. Defining New Structured Fields
To specify a HTTP header as a structured header, its authors needs To specify a HTTP field as a Structured Field, its authors needs to:
to:
o Reference this specification. Recipients and generators of the o Reference this specification. Recipients and generators of the
header need to know that the requirements of this document are in field need to know that the requirements of this document are in
effect. effect.
o Specify the type of the header field itself; either Dictionary o Identify whether the field is a Structured Header (i.e., it can
(Section 3.2), List (Section 3.1), or Item (Section 3.3). only be used in the header section - the common case), a
Structured Field (only in the trailer section), or a Structured
Field (both).
o Specify the type of the field value; either List (Section 3.1),
Dictionary (Section 3.2), or Item (Section 3.3).
o Define the semantics of those structures. o Define the semantics of those structures.
o Specify any additional constraints upon the structures used, as o Specify any additional constraints upon the structures used, as
well as the consequences when those constraints are violated. well as the consequences when those constraints are violated.
Typically, this means that a header definition will specify the top- Typically, this means that a field definition will specify the top-
level type - Dictionary, List or Item - and then define its allowable level type - List, Dictionary or Item - and then define its allowable
types, and constraints upon them. For example, a header defined as a types, and constraints upon them. For example, a header defined as a
List might have all Integer members, or a mix of types; a header List might have all Integer members, or a mix of types; a header
defined as an Item might allow only Strings, and additionally only defined as an Item might allow only Strings, and additionally only
strings beginning with the letter "Q". Likewise, inner lists are strings beginning with the letter "Q". Likewise, Inner Lists are
only valid when a header definition explicitly allows them. only valid when a field definition explicitly allows them.
When Structured Headers parsing fails, the header is ignored (see When parsing fails, the field is ignored (see Section 4.2); in most
Section 4.2); in most situations, violating header-specific situations, violating field-specific constraints should have the same
constraints should have the same effect. Thus, if a header is effect. Thus, if a header is defined as an Item and required to be
defined as an Item and required to be an Integer, but a String is an Integer, but a String is received, it will by default be ignored.
received, it will by default be ignored. If the header requires If the field requires different error handling, this should be
different error handling, this should be explicitly specified. explicitly specified.
However, both items and inner lists allow parameters as an However, both Items and Inner Lists allow parameters as an
extensibility mechanism; this means that values can later be extended extensibility mechanism; this means that values can later be extended
to accommodate more information, if need be. As a result, header to accommodate more information, if need be. As a result, field
specifications are discouraged from defining the presence of an specifications are discouraged from defining the presence of an
unrecognised parameter as an error condition. unrecognized Parameter as an error condition.
To help assure that this extensibility is available in the future, To help assure that this extensibility is available in the future,
and to encourage consumers to use a fully capable Structured Headers and to encourage consumers to use a complete parser implementation, a
parser, a header definition can specify that "grease" parameters be field definition can specify that "grease" Parameters be added by
added by senders. For example, a specification could stipulate that senders. For example, a specification could stipulate that all
all parameters beginning with the letter 'q' are reserved for this Parameters beginning with the letter "h" are reserved for this use,
use. and then encourage them to be sent on some portion of requests. This
helps to discourage recipients from writing a parser that does not
account for Parameters.
Note that a header field definition cannot relax the requirements of Note that a field definition cannot relax the requirements of this
this specification because doing so would preclude handling by specification because doing so would preclude handling by generic
generic software; they can only add additional constraints (for software; they can only add additional constraints (for example, on
example, on the numeric range of integers and decimals, the format of the numeric range of Integers and Decimals, the format of Strings and
strings and tokens, the types allowed in a dictionary's values, or Tokens, the types allowed in a Dictionary's values, or the number of
the number of items in a list). Likewise, header field definitions Items in a List). Likewise, field definitions can only use this
can only use Structured Headers for the entire header field value, specification for the entire field value, not a portion thereof.
not a portion thereof.
This specification defines minimums for the length or number of This specification defines minimums for the length or number of
various structures supported by Structured Headers implementations. various structures supported by implementations. It does not specify
It does not specify maximum sizes in most cases, but header authors maximum sizes in most cases, but authors should be aware that HTTP
should be aware that HTTP implementations do impose various limits on implementations do impose various limits on the size of individual
the size of individual header fields, the total number of fields, fields, the total number of fields, and/or the size of the entire
and/or the size of the entire header block. header or trailer section.
Specifications can refer to a Structured Header's field-name as a Specifications can refer to a field name as a "structured header
"structured header name" and its field-value as a "structured header name", "structured trailer name" or "structured field name" as
value" as necessary. Header definitions are encouraged to use the appropriate. Likewise, they can refer its field value as a
ABNF rules beginning with "sh-" defined in this specification; other "structured header value", "structured trailer value" or "structured
rules in this specification are not intended for their use. field value" as necessary. Field definitions are encouraged to use
the ABNF rules beginning with "sh-" defined in this specification;
other rules in this specification are not intended for their use.
For example, a fictitious Foo-Example header field might be specified For example, a fictitious Foo-Example header field might be specified
as: as:
42. Foo-Example Header 42. Foo-Example Header
The Foo-Example HTTP header field conveys information about how The Foo-Example HTTP header field conveys information about how
much Foo the message has. much Foo the message has.
Foo-Example is a Item Structured Header [RFCxxxx]. Its value MUST be Foo-Example is a Item Structured Header [RFCxxxx]. Its value MUST be
an Integer (Section Y.Y of [RFCxxxx]). Its ABNF is: an Integer (Section Y.Y of [RFCxxxx]). Its ABNF is:
Foo-Example = sh-integer Foo-Example = sh-integer
Its value indicates the amount of Foo in the message, and MUST Its value indicates the amount of Foo in the message, and MUST
be between 0 and 10, inclusive; other values MUST cause be between 0 and 10, inclusive; other values MUST cause
the entire header to be ignored. the entire header to be ignored.
The following parameters are defined: The following parameters are defined:
* A parameter whose name is "fooUrl", and whose value is a string * A Parameter whose name is "foourl", and whose value is a String
(Section Y.Y of [RFCxxxx]), conveying the Foo URLs (Section Y.Y of [RFCxxxx]), conveying the Foo URL
for the message. See below for processing requirements. for the message. See below for processing requirements.
"fooUrl" contains a URI-reference (Section 4.1 of "foourl" contains a URI-reference (Section 4.1 of
[RFC3986], Section 4.1). If its value is not a valid URI-reference, [RFC3986]). If its value is not a valid URI-reference,
that URL MUST be ignored. If its value is a relative reference it MUST be ignored. If its value is a relative reference
(Section 4.2 of [RFC3986]), it MUST be resolved (Section 5 of (Section 4.2 of [RFC3986]), it MUST be resolved (Section 5 of
[RFC3986]) before being used. [RFC3986]) before being used.
For example: For example:
Foo-Example: 2; foourl="https://foo.example.com/" Foo-Example: 2; foourl="https://foo.example.com/"
3. Structured Data Types 3. Structured Data Types
This section defines the abstract value types that can be composed This section defines the abstract value types that can be composed
into Structured Headers. The ABNF provided represents the on-wire into Structured Fields. The ABNF provided represents the on-wire
format in HTTP headers. format in HTTP field values.
In summary: In summary:
o There are three top-level types that a HTTP header can be defined o There are three top-level types that a HTTP field can be defined
as; Lists, Dictionaries, and Items. as; Lists, Dictionaries, and Items.
o Lists and Dictionaries are containers; their members can be Items o Lists and Dictionaries are containers; their members can be Items
or Inner Lists (which are themselves lists of items). or Inner Lists (which are themselves lists of items).
o Both Items and Inner Lists can be parameterised with key/value o Both Items and Inner Lists can be parameterized with key/value
pairs. pairs.
3.1. Lists 3.1. Lists
Lists are arrays of zero or more members, each of which can be an Lists are arrays of zero or more members, each of which can be an
item (Section 3.3) or an inner list (Section 3.1.1), both of which Item (Section 3.3) or an Inner List (Section 3.1.1), both of which
can be parameterised (Section 3.1.2). can be Parameterized (Section 3.1.2).
The ABNF for lists in HTTP headers is: The ABNF for Lists in HTTP fields is:
sh-list = list-member *( *SP "," *SP list-member ) sh-list = list-member *( *SP "," *SP list-member )
list-member = sh-item / inner-list list-member = sh-item / inner-list
In HTTP headers, each member is separated by a comma and optional Each member is separated by a comma and optional whitespace. For
whitespace. For example, a header field whose value is defined as a example, a field whose value is defined as a List of Strings could
list of strings could look like: look like:
Example-StrListHeader: "foo", "bar", "It was the best of times." Example-StrListHeader: "foo", "bar", "It was the best of times."
In HTTP headers, an empty list is denoted by not serialising the An empty List is denoted by not serializing the field at all.
header at all.
Note that lists can have their members split across multiple Note that Lists can have their members split across multiple lines
instances inside a block of fields; for example, the following are inside a header or trailer section, as per Section 3.2.2 of
equivalent: [RFC7230]; for example, the following are equivalent:
Example-Hdr: foo, bar Example-Hdr: foo, bar
and and
Example-Hdr: foo Example-Hdr: foo
Example-Hdr: bar Example-Hdr: bar
However, individual members of a List cannot be safely split between
across lines; see Section 4.2 for details.
However, members of a list cannot be safely split between instances; Parsers MUST support Lists containing at least 1024 members. Field
see Section 4.2 for details.
Parsers MUST support lists containing at least 1024 members. Header
specifications can constrain the types and cardinality of individual specifications can constrain the types and cardinality of individual
list values as they require. List values as they require.
3.1.1. Inner Lists 3.1.1. Inner Lists
An inner list is an array of zero or more items (Section 3.3). Both An Inner List is an array of zero or more Items (Section 3.3). Both
the individual items and the inner-list itself can be parameterised the individual Items and the Inner List itself can be Parameterized
(Section 3.1.2). (Section 3.1.2).
The ABNF for inner-lists in HTTP headers is: The ABNF for Inner Lists is:
inner-list = "(" *SP [ sh-item *( 1*SP sh-item ) *SP ] ")" inner-list = "(" *SP [ sh-item *( 1*SP sh-item ) *SP ] ")"
*parameter parameters
In HTTP headers, inner lists are denoted by surrounding parenthesis, Inner Lists are denoted by surrounding parenthesis, and have their
and have their values delimited by a single space. A header field values delimited by a single space. A field whose value is defined
whose value is defined as a list of inner-lists of strings could look as a list of Inner Lists of Strings could look like:
like:
Example-StrListListHeader: ("foo" "bar"), ("baz"), ("bat" "one"), () Example-StrListListHeader: ("foo" "bar"), ("baz"), ("bat" "one"), ()
Note that the last member in this example is an empty inner list. Note that the last member in this example is an empty Inner List.
A header field whose value is defined as a list of inner-lists with A header field whose value is defined as a list of Inner Lists with
parameters at both levels could look like: Parameters at both levels could look like:
Example-ListListParam: ("foo"; a=1;b=2);lvl=5, ("bar" "baz");lvl=1 Example-ListListParam: ("foo"; a=1;b=2);lvl=5, ("bar" "baz");lvl=1
Parsers MUST support inner-lists containing at least 256 members. Parsers MUST support Inner Lists containing at least 256 members.
Header specifications can constrain the types and cardinality of Field specifications can constrain the types and cardinality of
individual inner-list members as they require. individual Inner List members as they require.
3.1.2. Parameters 3.1.2. Parameters
Parameters are an ordered map of key-values pairs that are associated Parameters are an ordered map of key-values pairs that are associated
with an item (Section 3.3) or inner-list (Section 3.1.1). The keys with an Item (Section 3.3) or Inner List (Section 3.1.1). The keys
are unique within the scope of a map of parameters, and the values are unique within the scope the Parameters they occur within, and the
are bare items (i.e., they themselves cannot be parameterised; see values are bare items (i.e., they themselves cannot be parameterized;
Section 3.3). see Section 3.3).
The ABNF for parameters in HTTP headers is: The ABNF for Parameters is:
parameter = ";" *SP param-name [ "=" param-value ] parameters = *( ";" *SP parameter )
parameter = param-name [ "=" param-value ]
param-name = key param-name = key
key = lcalpha *( lcalpha / DIGIT / "_" / "-" / "." / "*" ) key = ( lcalpha / "*" )
*( lcalpha / DIGIT / "_" / "-" / "." / "*" )
lcalpha = %x61-7A ; a-z lcalpha = %x61-7A ; a-z
param-value = bare-item param-value = bare-item
In HTTP headers, parameters are separated from their item or inner- A parameter is separated from its Item or Inner List and other
list and each other by semicolons. For example: parameters by a semicolon. For example:
Example-ParamListHeader: abc;a=1;b=2; cde_456, (ghi;jk=4 l);q="9";r=w Example-ParamListHeader: abc;a=1;b=2; cde_456, (ghi;jk=4 l);q="9";r=w
Parameters whose value is Boolean true MUST omit that value when Parameters whose value is Boolean true MUST omit that value when
serialised. For example: serialized. For example:
Example-IntHeader: 1; a; b=?0 Example-IntHeader: 1; a; b=?0
Note that this requirement is only on serialisation; parsers are
Note that this requirement is only on serialization; parsers are
still required to correctly handle the true value when it appears in still required to correctly handle the true value when it appears in
parameters. a parameter.
Parsers MUST support at least 256 parameters on an item or inner- Parsers MUST support at least 256 parameters on an Item or Inner
list, and support parameter keys with at least 64 characters. Header List, and support parameter keys with at least 64 characters. Field
specifications can constrain the types and cardinality of individual specifications can constrain the types and cardinality of individual
parameter names and values as they require. parameter names and values as they require.
3.2. Dictionaries 3.2. Dictionaries
Dictionaries are ordered maps of name-value pairs, where the names Dictionaries are ordered maps of name-value pairs, where the names
are short, textual strings and the values are items (Section 3.3) or are short, textual strings and the values are items (Section 3.3) or
arrays of items, both of which can be parameterised (Section 3.1.2). arrays of items, both of which can be Parameterized (Section 3.1.2).
There can be zero or more members, and their names are unique in the There can be zero or more members, and their names are unique in the
scope of the dictionary they occur within. scope of the Dictionary they occur within.
Implementations MUST provide access to dictionaries both by index and Implementations MUST provide access to Dictionaries both by index and
by name. Specifications MAY use either means of accessing the by name. Specifications MAY use either means of accessing the
members. members.
The ABNF for dictionaries in HTTP headers is: The ABNF for Dictionaries is:
sh-dictionary = dict-member *( *SP "," *SP dict-member ) sh-dictionary = dict-member *( *SP "," *SP dict-member )
dict-member = member-name [ "=" member-value ] dict-member = member-name [ "=" member-value ]
member-name = key member-name = key
member-value = sh-item / inner-list member-value = sh-item / inner-list
Members are separated by a comma with optional whitespace, while
In HTTP headers, members are separated by a comma with optional names and values are separated by "=" (without whitespace). For
whitespace, while names and values are separated by "=" (without example:
whitespace). For example:
Example-DictHeader: en="Applepie", da=:w4ZibGV0w6ZydGU=: Example-DictHeader: en="Applepie", da=:w4ZibGV0w6ZydGU=:
Members whose value is Boolean true MUST omit that value when Members whose value is Boolean true MUST omit that value when
serialised, unless it has parameters. For example, here both "b" and serialized. For example, here both "b" and "c" are true:
"c" are true, but "c"'s value is serialised because it has
parameters:
Example-DictHeader: a=?0, b, c=?1; foo=bar Example-DictHeader: a=?0, b, c; foo=bar
Note that this requirement is only on serialisation; parsers are Note that this requirement is only on serialization; parsers are
still required to correctly handle the true value when it appears in still required to correctly handle the true Boolean value when it
dictionary values. appears in Dictionary values.
A dictionary with a member whose value is an inner-list of tokens: A Dictionary with a member whose value is an Inner List of tokens:
Example-DictListHeader: rating=1.5, feelings=(joy sadness) Example-DictListHeader: rating=1.5, feelings=(joy sadness)
A dictionary with a mix of singular and list values, some with
parameters:
Example-MixDict: a=(1 2), b=3, c=4;aa=bb, d=(5 6);valid=?1 A Dictionary with a mix of singular and list values, some with
Parameters:
As with lists, an empty dictionary is represented in HTTP headers by Example-MixDict: a=(1 2), b=3, c=4;aa=bb, d=(5 6);valid
omitting the entire header field.
Typically, a header field specification will define the semantics of As with lists, an empty Dictionary is represented by omitting the
dictionaries by specifying the allowed type(s) for individual member entire field.
Typically, a field specification will define the semantics of
Dictionaries by specifying the allowed type(s) for individual member
names, as well as whether their presence is required or optional. names, as well as whether their presence is required or optional.
Recipients MUST ignore names that are undefined or unknown, unless Recipients MUST ignore names that are undefined or unknown, unless
the header field's specification specifically disallows them. the field's specification specifically disallows them.
Note that dictionaries can have their members split across multiple Note that dictionaries can have their members split across multiple
instances inside a block of fields; for example, the following are lines inside a header or trailer section; for example, the following
equivalent: are equivalent:
Example-Hdr: foo=1, bar=2 Example-Hdr: foo=1, bar=2
and and
Example-Hdr: foo=1 Example-Hdr: foo=1
Example-Hdr: bar=2 Example-Hdr: bar=2
However, members of a dictionary cannot be safely split between However, individual members of a Dictionary cannot be safely split
instances; see Section 4.2 for details. between lines; see Section 4.2 for details.
Parsers MUST support dictionaries containing at least 1024 name/value Parsers MUST support Dictionaries containing at least 1024 name/value
pairs, and names with at least 64 characters. pairs, and names with at least 64 characters.
3.3. Items 3.3. Items
An item is can be a integer (Section 3.3.1), decimal (Section 3.3.2), An Item can be a Integer (Section 3.3.1), Decimal (Section 3.3.2),
string (Section 3.3.3), token (Section 3.3.4), byte sequence String (Section 3.3.3), Token (Section 3.3.4), Byte Sequence
(Section 3.3.5), or Boolean (Section 3.3.6). It can have associated (Section 3.3.5), or Boolean (Section 3.3.6). It can have associated
parameters (Section 3.1.2). Parameters (Section 3.1.2).
The ABNF for items in HTTP headers is: The ABNF for Items is:
sh-item = bare-item *parameter sh-item = bare-item parameters
bare-item = sh-integer / sh-decimal / sh-string / sh-token / sh-binary bare-item = sh-integer / sh-decimal / sh-string / sh-token
/ sh-boolean / sh-binary / sh-boolean
For example, a header field that is defined to be an Item that is an For example, a header field that is defined to be an Item that is an
integer might look like: Integer might look like:
Example-IntItemHeader: 5 Example-IntItemHeader: 5
or with parameters:
or with Parameters:
Example-IntItemHeader: 5; foo=bar Example-IntItemHeader: 5; foo=bar
3.3.1. Integers 3.3.1. Integers
Integers have a range of -999,999,999,999,999 to 999,999,999,999,999 Integers have a range of -999,999,999,999,999 to 999,999,999,999,999
inclusive (i.e., up to fifteen digits, signed), for IEEE 754 inclusive (i.e., up to fifteen digits, signed), for IEEE 754
compatibility ([IEEE754]). compatibility ([IEEE754]).
The ABNF for integers in HTTP headers is: The ABNF for Integers is:
sh-integer = ["-"] 1*15DIGIT sh-integer = ["-"] 1*15DIGIT
For example: For example:
Example-IntegerHeader: 42 Example-IntegerHeader: 42
Note that commas in integers are used in this section's prose only Note that commas in Integers are used in this section's prose only
for readability; they are not valid in the wire format. for readability; they are not valid in the wire format.
3.3.2. Decimals 3.3.2. Decimals
Decimals are numbers with an integer and a fractional component. The Decimals are numbers with an integer and a fractional component. The
Integer component has at most 12 digits; the fractional component has integer component has at most 12 digits; the fractional component has
at most three digits. at most three digits.
The ABNF for decimals in HTTP headers is: The ABNF for decimals is:
sh-decimal = ["-"] 1*12DIGIT "." 1*3DIGIT sh-decimal = ["-"] 1*12DIGIT "." 1*3DIGIT
For example, a header whose value is defined as a decimal could look For example, a header whose value is defined as a Decimal could look
like: like:
Example-DecimalHeader: 4.5 Example-DecimalHeader: 4.5
Note that the serialisation algorithm (Section 4.1.5) rounds input
with more than three digits of precision in the fractional component.
If an alternative rounding strategy is desired, this should be
specified by the header definition to occur before serialisation.
3.3.3. Strings 3.3.3. Strings
Strings are zero or more printable ASCII [RFC0020] characters (i.e., Strings are zero or more printable ASCII [RFC0020] characters (i.e.,
the range %x20 to %x7E). Note that this excludes tabs, newlines, the range %x20 to %x7E). Note that this excludes tabs, newlines,
carriage returns, etc. carriage returns, etc.
The ABNF for strings in HTTP headers is: The ABNF for Strings is:
sh-string = DQUOTE *(chr) DQUOTE sh-string = DQUOTE *(chr) DQUOTE
chr = unescaped / escaped chr = unescaped / escaped
unescaped = %x20-21 / %x23-5B / %x5D-7E unescaped = %x20-21 / %x23-5B / %x5D-7E
escaped = "\" ( DQUOTE / "\" ) escaped = "\" ( DQUOTE / "\" )
In HTTP headers, strings are delimited with double quotes, using a
backslash ("\") to escape double quotes and backslashes. For Strings are delimited with double quotes, using a backslash ("\") to
example: escape double quotes and backslashes. For example:
Example-StringHeader: "hello world" Example-StringHeader: "hello world"
Note that strings only use DQUOTE as a delimiter; single quotes do Note that Strings only use DQUOTE as a delimiter; single quotes do
not delimit strings. Furthermore, only DQUOTE and "\" can be not delimit Strings. Furthermore, only DQUOTE and "\" can be
escaped; other characters after "\" MUST cause parsing to fail. escaped; other characters after "\" MUST cause parsing to fail.
Unicode is not directly supported in strings, because it causes a Unicode is not directly supported in Strings, because it causes a
number of interoperability issues, and - with few exceptions - header number of interoperability issues, and - with few exceptions - field
values do not require it. values do not require it.
When it is necessary for a field value to convey non-ASCII content, a When it is necessary for a field value to convey non-ASCII content, a
byte sequence (Section 3.3.5) SHOULD be specified, along with a Byte Sequence (Section 3.3.5) can be specified, along with a
character encoding (preferably [UTF-8]). character encoding (preferably [UTF-8]).
Parsers MUST support strings with at least 1024 characters. Parsers MUST support Strings (after any decoding) with at least 1024
characters.
3.3.4. Tokens 3.3.4. Tokens
Tokens are short textual words; their abstract model is identical to Tokens are short textual words; their abstract model is identical to
their expression in the HTTP header serialisation. their expression in the HTTP field value serialization.
The ABNF for tokens in HTTP headers is: The ABNF for Tokens is:
sh-token = ( ALPHA / "\*" ) *( tchar / ":" / "/" ) sh-token = ( ALPHA / "*" ) *( tchar / ":" / "/" )
Parsers MUST support tokens with at least 512 characters. Parsers MUST support Tokens with at least 512 characters.
Note that a Structured Header token allows the characters as the Note that Token allows the characters as the "token" ABNF rule
"token" ABNF rule defined in [RFC7230], with the exceptions that the defined in [RFC7230], with the exceptions that the first character is
first character is required to be either ALPHA or "*", and ":" and required to be either ALPHA or "*", and ":" and "/" are also allowed
"/" are also allowed in subsequent characters. in subsequent characters.
3.3.5. Byte Sequences 3.3.5. Byte Sequences
Byte sequences can be conveyed in Structured Headers. Byte Sequences can be conveyed in Structured Fields.
The ABNF for a byte sequence in HTTP headers is: The ABNF for a Byte Sequence is:
sh-binary = ":" *(base64) ":" sh-binary = ":" *(base64) ":"
base64 = ALPHA / DIGIT / "+" / "/" / "=" base64 = ALPHA / DIGIT / "+" / "/" / "="
In HTTP headers, a byte sequence is delimited with colons and encoded A Byte Sequence is delimited with colons and encoded using base64
using base64 ([RFC4648], Section 4). For example: ([RFC4648], Section 4). For example:
Example-BinaryHdr: :cHJldGVuZCB0aGlzIGlzIGJpbmFyeSBjb250ZW50Lg==: Example-BinaryHdr: :cHJldGVuZCB0aGlzIGlzIGJpbmFyeSBjb250ZW50Lg==:
Parsers MUST support byte sequences with at least 16384 octets after Parsers MUST support Byte Sequences with at least 16384 octets after
decoding. decoding.
3.3.6. Booleans 3.3.6. Booleans
Boolean values can be conveyed in Structured Headers. Boolean values can be conveyed in Structured Fields.
The ABNF for a Boolean in HTTP headers is: The ABNF for a Boolean is:
sh-boolean = "?" boolean sh-boolean = "?" boolean
boolean = "0" / "1" boolean = "0" / "1"
In HTTP headers, a boolean is indicated with a leading "?" character A Boolean is indicated with a leading "?" character followed by a "1"
followed by a "1" for a true value or "0" for false. For example: for a true value or "0" for false. For example:
Example-BoolHdr: ?1 Example-BoolHdr: ?1
4. Working With Structured Headers in HTTP Headers 4. Working With Structured Fields in HTTP
This section defines how to serialize and parse Structured Headers in This section defines how to serialize and parse Structured Fields in
header fields, and protocols compatible with them (e.g., in HTTP/2 field values, and protocols compatible with them (e.g., in HTTP/2
[RFC7540] before HPACK [RFC7541] is applied). [RFC7540] before HPACK [RFC7541] is applied).
4.1. Serializing Structured Headers 4.1. Serializing Structured Fields
Given a structure defined in this specification, return an ASCII Given a structure defined in this specification, return an ASCII
string suitable for use in a HTTP header value. string suitable for use in a HTTP field value.
1. If the structure is a Dictionary or List and its value is empty 1. If the structure is a Dictionary or List and its value is empty
(i.e., it has no members), do not serialize the field at all (i.e., it has no members), do not serialize the field at all
(i.e., omit both the field-name and field-value). (i.e., omit both the field-name and field-value).
2. If the structure is a Dictionary, let output_string be the result 2. If the structure is a List, let output_string be the result of
of running Serializing a Dictionary (Section 4.1.2) with the running Serializing a List (Section 4.1.1) with the structure.
structure.
3. Else if the structure is a List, let output_string be the result 3. Else if the structure is a Dictionary, let output_string be the
of running Serializing a List (Section 4.1.1) with the structure. result of running Serializing a Dictionary (Section 4.1.2) with
the structure.
4. Else if the structure is an Item, let output_string be the result 4. Else if the structure is an Item, let output_string be the result
of running Serializing an Item (Section 4.1.3) with the of running Serializing an Item (Section 4.1.3) with the
structure. structure.
5. Else, fail serialisation. 5. Else, fail serialization.
6. Return output_string converted into an array of bytes, using 6. Return output_string converted into an array of bytes, using
ASCII encoding [RFC0020]. ASCII encoding [RFC0020].
4.1.1. Serializing a List 4.1.1. Serializing a List
Given an array of (member_value, parameters) tuples as input_list, Given an array of (member_value, parameters) tuples as input_list,
return an ASCII string suitable for use in a HTTP header value. return an ASCII string suitable for use in a HTTP field value.
1. Let output be an empty string. 1. Let output be an empty string.
2. For each (member_value, parameters) of input_list: 2. For each (member_value, parameters) of input_list:
1. If member_value is an array, append the result of running 1. If member_value is an array, append the result of running
Serialising an Inner List (Section 4.1.1.1) with Serializing an Inner List (Section 4.1.1.1) with
(member_value, parameters) to output. (member_value, parameters) to output.
2. Otherwise, append the result of running Serializing an Item 2. Otherwise, append the result of running Serializing an Item
(Section 4.1.3) with (member_value, parameters) to output. (Section 4.1.3) with (member_value, parameters) to output.
3. If more member_values remain in input_list: 3. If more member_values remain in input_list:
1. Append a COMMA to output. 1. Append "," to output.
2. Append a single SP to output. 2. Append a single SP to output.
3. Return output. 3. Return output.
4.1.1.1. Serialising an Inner List 4.1.1.1. Serializing an Inner List
Given an array of (member_value, parameters) tuples as inner_list, Given an array of (member_value, parameters) tuples as inner_list,
and parameters as list_parameters, return an ASCII string suitable and parameters as list_parameters, return an ASCII string suitable
for use in a HTTP header value. for use in a HTTP field value.
1. Let output be the string "(". 1. Let output be the string "(".
2. For each (member_value, parameters) of inner_list: 2. For each (member_value, parameters) of inner_list:
1. Append the result of running Serializing an Item 1. Append the result of running Serializing an Item
(Section 4.1.3) with (member_value, parameters) to output. (Section 4.1.3) with (member_value, parameters) to output.
2. If more values remain in inner_list, append a single SP to 2. If more values remain in inner_list, append a single SP to
output. output.
3. Append ")" to output. 3. Append ")" to output.
4. Append the result of running Serializing Parameters 4. Append the result of running Serializing Parameters
Section 4.1.1.2 with list_parameters to output. (Section 4.1.1.2) with list_parameters to output.
5. Return output. 5. Return output.
4.1.1.2. Serializing Parameters 4.1.1.2. Serializing Parameters
Given an ordered dictionary as input_parameters (each member having a Given an ordered Dictionary as input_parameters (each member having a
param_name and a param_value), return an ASCII string suitable for param_name and a param_value), return an ASCII string suitable for
use in a HTTP header value. use in a HTTP field value.
1. Let output be an empty string. 1. Let output be an empty string.
2. For each parameter-name with a value of param_value in 2. For each param_name with a value of param_value in
input_parameters: input_parameters:
1. Append ";" to output. 1. Append ";" to output.
2. Append the result of running Serializing a Key 2. Append the result of running Serializing a Key
(Section 4.1.1.3) with param_name to output. (Section 4.1.1.3) with param_name to output.
3. If param_value is not Boolean true: 3. If param_value is not Boolean true:
1. Append "=" to output. 1. Append "=" to output.
2. Append the result of running Serializing a bare Item 2. Append the result of running Serializing a bare Item
(Section 4.1.3.1) with param_value to output. (Section 4.1.3.1) with param_value to output.
3. Return output. 3. Return output.
4.1.1.3. Serializing a Key 4.1.1.3. Serializing a Key
Given a key as input_key, return an ASCII string suitable for use in Given a key as input_key, return an ASCII string suitable for use in
a HTTP header value. a HTTP field value.
1. If input_key is not a sequence of characters, or contains 1. Convert input_key into a sequence of ASCII characters; if
characters not in lcalpha, DIGIT, "_", "-", ".", or "*" fail conversion fails, fail serialization.
serialisation.
2. If the first character of input_key is not lcalpha, fail parsing. 2. If input_key contains characters not in lcalpha, DIGIT, "_", "-",
".", or "*" fail serialization.
3. Let output be an empty string. 3. If the first character of input_key is not lcalpha or "*", fail
serialization.
4. Append input_key to output. 4. Let output be an empty string.
5. Return output. 5. Append input_key to output.
6. Return output.
4.1.2. Serializing a Dictionary 4.1.2. Serializing a Dictionary
Given an ordered dictionary as input_dictionary (each member having a Given an ordered Dictionary as input_dictionary (each member having a
member_name and a tuple value of (member_value, parameters)), return member_name and a tuple value of (member_value, parameters)), return
an ASCII string suitable for use in a HTTP header value. an ASCII string suitable for use in a HTTP field value.
1. Let output be an empty string. 1. Let output be an empty string.
2. For each member_name with a value of (member_value, parameters) 2. For each member_name with a value of (member_value, parameters)
in input_dictionary: in input_dictionary:
1. Append the result of running Serializing a Key 1. Append the result of running Serializing a Key
(Section 4.1.1.3) with member's member_name to output. (Section 4.1.1.3) with member's member_name to output.
3. If member_value is not Boolean true or parameters is not empty: 3. If member_value is Boolean true:
1. Append the result of running Serializing Parameters
(Section 4.1.1.2) with parameters to output.
4. Otherwise:
1. Append "=" to output. 1. Append "=" to output.
1. If member_value is an array, append the result of running 2. If member_value is an array, append the result of running
Serialising an Inner List (Section 4.1.1.1) with Serializing an Inner List (Section 4.1.1.1) with
(member_value, parameters) to output. (member_value, parameters) to output.
2. Otherwise, append the result of running Serializing an 3. Otherwise, append the result of running Serializing an Item
Item (Section 4.1.3) with (member_value, parameters) to (Section 4.1.3) with (member_value, parameters) to output.
output.
4. If more members remain in input_dictionary: 5. If more members remain in input_dictionary:
1. Append a COMMA to output. 1. Append "," to output.
2. Append a single SP to output. 2. Append a single SP to output.
5. Return output. 6. Return output.
4.1.3. Serializing an Item 4.1.3. Serializing an Item
Given an item bare_item and parameters item_parameters as input, Given an Item as bare_item and Parameters as item_parameters, return
return an ASCII string suitable for use in a HTTP header value. an ASCII string suitable for use in a HTTP field value.
1. Let output be an empty string. 1. Let output be an empty string.
2. Append the result of running Serializing a Bare Item 2. Append the result of running Serializing a Bare Item
Section 4.1.3.1 with bare_item to output. Section 4.1.3.1 with bare_item to output.
3. Append the result of running Serializing Parameters 3. Append the result of running Serializing Parameters
Section 4.1.1.2 with item_parameters to output. Section 4.1.1.2 with item_parameters to output.
4. Return output. 4. Return output.
4.1.3.1. Serialising a Bare Item 4.1.3.1. Serializing a Bare Item
Given an item as input_item, return an ASCII string suitable for use Given an Item as input_item, return an ASCII string suitable for use
in a HTTP header value. in a HTTP field value.
1. If input_item is an integer, return the result of running 1. If input_item is an Integer, return the result of running
Serializing an Integer (Section 4.1.4) with input_item. Serializing an Integer (Section 4.1.4) with input_item.
2. If input_item is a decimal, return the result of running 2. If input_item is a Decimal, return the result of running
Serializing a Decimal (Section 4.1.5) with input_item. Serializing a Decimal (Section 4.1.5) with input_item.
3. If input_item is a string, return the result of running 3. If input_item is a String, return the result of running
Serializing a String (Section 4.1.6) with input_item. Serializing a String (Section 4.1.6) with input_item.
4. If input_item is a token, return the result of running 4. If input_item is a Token, return the result of running
Serializing a Token (Section 4.1.7) with input_item. Serializing a Token (Section 4.1.7) with input_item.
5. If input_item is a Boolean, return the result of running 5. If input_item is a Boolean, return the result of running
Serializing a Boolean (Section 4.1.9) with input_item. Serializing a Boolean (Section 4.1.9) with input_item.
6. If input_item is a byte sequence, return the result of running 6. If input_item is a Byte Sequence, return the result of running
Serializing a Byte Sequence (Section 4.1.8) with input_item. Serializing a Byte Sequence (Section 4.1.8) with input_item.
7. Otherwise, fail serialisation. 7. Otherwise, fail serialization.
4.1.4. Serializing an Integer 4.1.4. Serializing an Integer
Given an integer as input_integer, return an ASCII string suitable Given an Integer as input_integer, return an ASCII string suitable
for use in a HTTP header value. for use in a HTTP field value.
1. If input_integer is not an integer in the range of 1. If input_integer is not an integer in the range of
-999,999,999,999,999 to 999,999,999,999,999 inclusive, fail -999,999,999,999,999 to 999,999,999,999,999 inclusive, fail
serialisation. serialization.
2. Let output be an empty string. 2. Let output be an empty string.
3. If input_integer is less than (but not equal to) 0, append "-" to 3. If input_integer is less than (but not equal to) 0, append "-" to
output. output.
4. Append input_integer's numeric value represented in base 10 using 4. Append input_integer's numeric value represented in base 10 using
only decimal digits to output. only decimal digits to output.
5. Return output. 5. Return output.
4.1.5. Serializing a Decimal 4.1.5. Serializing a Decimal
Given a decimal_number as input_decimal, return an ASCII string Given a decimal number as input_decimal, return an ASCII string
suitable for use in a HTTP header value. suitable for use in a HTTP field value.
1. Let output be an empty string. 1. If input_decimal is not a decimal number, fail serialization.
2. If input_decimal is less than (but not equal to) 0, append "-" to 2. If input_decimal has more than three significant digits to the
output. right of the decimal point, round it to three decimal places,
rounding the final digit to the nearest value, or to the even
value if it is equidistant.
3. Append input_decimal's integer component represented in base 10 3. If input_decimal has more than 12 significant digits to the left
(using only decimal digits) to output; if it is zero, append "0". of the decimal point after rounding, fail serialization.
4. If the number of characters appended in the previous step is 4. Let output be an empty string.
greater than 12, fail serialisation.
5. Append "." to output. 5. If input_decimal is less than (but not equal to) 0, append "-"
to output.
6. If input_decimal's fractional component is zero, append "0" to 6. Append input_decimal's integer component represented in base 10
output. (using only decimal digits) to output; if it is zero, append
"0".
7. Else if input_decimal's fractional component has up to three 7. Append "." to output.
digits, append them represented in base 10 (using only decimal
digits) to output.
8. Otherwise, append the first three digits of input_decimal's 8. If input_decimal's fractional component is zero, append "0" to
fractional component (represented in base 10, using only decimal output.
digits) to output, rounding the final digit to the nearest value,
or to the even value if it is equidistant.
9. Return output. 9. Otherwise, append the significant digits of input_decimal's
fractional component represented in base 10 (using only decimal
digits) to output.
10. Return output.
4.1.6. Serializing a String 4.1.6. Serializing a String
Given a string as input_string, return an ASCII string suitable for Given a String as input_string, return an ASCII string suitable for
use in a HTTP header value. use in a HTTP field value.
1. If input_string is not a sequence of characters, or contains 1. Convert input_string into a sequence of ASCII characters; if
characters in the range %x00-1f or %x7f (i.e., is not in VCHAR or conversion fails, fail serialization.
SP), fail serialisation.
2. Let output be an empty string. 2. If input_string contains characters in the range %x00-1f or %x7f
(i.e., not in VCHAR or SP), fail serialization.
3. Append DQUOTE to output. 3. Let output be an empty string.
4. For each character char in input_string: 4. Append DQUOTE to output.
5. For each character char in input_string:
1. If char is "\" or DQUOTE: 1. If char is "\" or DQUOTE:
1. Append "\" to output. 1. Append "\" to output.
2. Append char to output. 2. Append char to output.
5. Append DQUOTE to output. 6. Append DQUOTE to output.
6. Return output. 7. Return output.
4.1.7. Serializing a Token 4.1.7. Serializing a Token
Given a token as input_token, return an ASCII string suitable for use Given a Token as input_token, return an ASCII string suitable for use
in a HTTP header value. in a HTTP field value.
1. If input_token is not a sequence of characters, the first 1. Convert input_token into a sequence of ASCII characters; if
character is not ALPHA or "*", or the remaining contain a conversion fails, fail serialization.
character not in tchar, ":" or "/", fail serialisation.
2. Let output be an empty string. 2. If the first character of input_token is not ALPHA or "*", or the
remaining portion contains a character not in tchar, ":" or "/",
fail serialization.
3. Append input_token to output. 3. Let output be an empty string.
4. Return output. 4. Append input_token to output.
5. Return output.
4.1.8. Serializing a Byte Sequence 4.1.8. Serializing a Byte Sequence
Given a byte sequence as input_bytes, return an ASCII string suitable Given a Byte Sequence as input_bytes, return an ASCII string suitable
for use in a HTTP header value. for use in a HTTP field value.
1. If input_bytes is not a sequence of bytes, fail serialisation. 1. If input_bytes is not a sequence of bytes, fail serialization.
2. Let output be an empty string. 2. Let output be an empty string.
3. Append ":" to output. 3. Append ":" to output.
4. Append the result of base64-encoding input_bytes as per 4. Append the result of base64-encoding input_bytes as per
[RFC4648], Section 4, taking account of the requirements below. [RFC4648], Section 4, taking account of the requirements below.
5. Append ":" to output. 5. Append ":" to output.
skipping to change at page 21, line 8 skipping to change at page 21, line 46
The encoded data is required to be padded with "=", as per [RFC4648], The encoded data is required to be padded with "=", as per [RFC4648],
Section 3.2. Section 3.2.
Likewise, encoded data SHOULD have pad bits set to zero, as per Likewise, encoded data SHOULD have pad bits set to zero, as per
[RFC4648], Section 3.5, unless it is not possible to do so due to [RFC4648], Section 3.5, unless it is not possible to do so due to
implementation constraints. implementation constraints.
4.1.9. Serializing a Boolean 4.1.9. Serializing a Boolean
Given a Boolean as input_boolean, return an ASCII string suitable for Given a Boolean as input_boolean, return an ASCII string suitable for
use in a HTTP header value. use in a HTTP field value.
1. If input_boolean is not a boolean, fail serialisation. 1. If input_boolean is not a boolean, fail serialization.
2. Let output be an empty string. 2. Let output be an empty string.
3. Append "?" to output. 3. Append "?" to output.
4. If input_boolean is true, append "1" to output. 4. If input_boolean is true, append "1" to output.
5. If input_boolean is false, append "0" to output. 5. If input_boolean is false, append "0" to output.
6. Return output. 6. Return output.
4.2. Parsing Header Fields into Structured Headers 4.2. Parsing Structured Fields
When a receiving implementation parses HTTP header fields that are When a receiving implementation parses HTTP fields that are known to
known to be Structured Headers, it is important that care be taken, be Structured Fields, it is important that care be taken, as there
as there are a number of edge cases that can cause interoperability are a number of edge cases that can cause interoperability or even
or even security problems. This section specifies the algorithm for security problems. This section specifies the algorithm for doing
doing so. so.
Given an array of bytes input_bytes that represents the chosen Given an array of bytes input_bytes that represents the chosen
header's field-value (which is empty if that header is not present), field's field-value (which is empty if that field is not present),
and header_type (one of "dictionary", "list", or "item"), return the and field_type (one of "dictionary", "list", or "item"), return the
parsed header value. parsed header value.
1. Convert input_bytes into an ASCII string input_string; if 1. Convert input_bytes into an ASCII string input_string; if
conversion fails, fail parsing. conversion fails, fail parsing.
2. Discard any leading SP characters from input_string. 2. Discard any leading SP characters from input_string.
3. If header_type is "list", let output be the result of running 3. If field_type is "list", let output be the result of running
Parsing a List (Section 4.2.1) with input_string. Parsing a List (Section 4.2.1) with input_string.
4. If header_type is "dictionary", let output be the result of 4. If field_type is "dictionary", let output be the result of
running Parsing a Dictionary (Section 4.2.2) with input_string. running Parsing a Dictionary (Section 4.2.2) with input_string.
5. If header_type is "item", let output be the result of running 5. If field_type is "item", let output be the result of running
Parsing an Item (Section 4.2.3) with input_string. Parsing an Item (Section 4.2.3) with input_string.
6. Discard any leading SP characters from input_string. 6. Discard any leading SP characters from input_string.
7. If input_string is not empty, fail parsing. 7. If input_string is not empty, fail parsing.
8. Otherwise, return output. 8. Otherwise, return output.
When generating input_bytes, parsers MUST combine all instances of When generating input_bytes, parsers MUST combine all lines in the
the target header field into one comma-separated field-value, as per same section (header or trailer) that case-insensitively match the
[RFC7230], Section 3.2.2; this assures that the header is processed field name into one comma-separated field-value, as per [RFC7230],
Section 3.2.2; this assures that the entire field value is processed
correctly. correctly.
For Lists and Dictionaries, this has the effect of correctly For Lists and Dictionaries, this has the effect of correctly
concatenating all instances of the header field, as long as concatenating all of the field's lines, as long as individual members
individual individual members of the top-level data structure are not of the top-level data structure are not split across multiple header
split across multiple header instances. instances.
Strings split across multiple header instances will have Strings split across multiple field lines will have unpredictable
unpredictable results, because comma(s) and whitespace inserted upon results, because comma(s) and whitespace inserted upon combination
combination will become part of the string output by the parser. will become part of the string output by the parser. Since
Since concatenation might be done by an upstream intermediary, the concatenation might be done by an upstream intermediary, the results
results are not under the control of the serializer or the parser. are not under the control of the serializer or the parser.
Tokens, Integers, Decimals and Byte Sequences cannot be split across Tokens, Integers, Decimals and Byte Sequences cannot be split across
multiple headers because the inserted commas will cause parsing to multiple field lines because the inserted commas will cause parsing
fail. to fail.
If parsing fails - including when calling another algorithm - the If parsing fails - including when calling another algorithm - the
entire header field's value MUST be ignored (i.e., treated as if the entire field value MUST be ignored (i.e., treated as if the field
header field were not present in the message). This is intentionally were not present in the section). This is intentionally strict, to
strict, to improve interoperability and safety, and specifications improve interoperability and safety, and specifications referencing
referencing this document are not allowed to loosen this requirement. this document are not allowed to loosen this requirement.
Note that this requirement does not apply to an implementation that Note that this requirement does not apply to an implementation that
is not parsing the header field; for example, an intermediary is not is not parsing the field; for example, an intermediary is not
required to strip a failing header field from a message before required to strip a failing header field from a message before
forwarding it. forwarding it.
4.2.1. Parsing a List 4.2.1. Parsing a List
Given an ASCII string as input_string, return an array of Given an ASCII string as input_string, return an array of
(item_or_inner_list, parameters) tuples. input_string is modified to (item_or_inner_list, parameters) tuples. input_string is modified to
remove the parsed value. remove the parsed value.
1. Let members be an empty array. 1. Let members be an empty array.
skipping to change at page 23, line 8 skipping to change at page 23, line 46
2. While input_string is not empty: 2. While input_string is not empty:
1. Append the result of running Parsing an Item or Inner List 1. Append the result of running Parsing an Item or Inner List
(Section 4.2.1.1) with input_string to members. (Section 4.2.1.1) with input_string to members.
2. Discard any leading SP characters from input_string. 2. Discard any leading SP characters from input_string.
3. If input_string is empty, return members. 3. If input_string is empty, return members.
4. Consume the first character of input_string; if it is not 4. Consume the first character of input_string; if it is not
COMMA, fail parsing. ",", fail parsing.
5. Discard any leading SP characters from input_string. 5. Discard any leading SP characters from input_string.
6. If input_string is empty, there is a trailing comma; fail 6. If input_string is empty, there is a trailing comma; fail
parsing. parsing.
3. No structured data has been found; return members (which is 3. No structured data has been found; return members (which is
empty). empty).
4.2.1.1. Parsing an Item or Inner List 4.2.1.1. Parsing an Item or Inner List
skipping to change at page 24, line 41 skipping to change at page 25, line 31
1. Consume the first character of input_string. 1. Consume the first character of input_string.
2. Let member be the result of running Parsing an Item or 2. Let member be the result of running Parsing an Item or
Inner List (Section 4.2.1.1) with input_string. Inner List (Section 4.2.1.1) with input_string.
3. Otherwise: 3. Otherwise:
1. Let value be Boolean true. 1. Let value be Boolean true.
2. Let parameters be an empty, ordered map. 2. Let parameters be the result of running Parsing
Parameters Section 4.2.3.2 with input_string.
3. Let member be the tuple (value, parameters). 3. Let member be the tuple (value, parameters).
4. Add name this_key with value member to dictionary. If 4. Add name this_key with value member to dictionary. If
dictionary already contains a name this_key (comparing dictionary already contains a name this_key (comparing
character-for-character), overwrite its value. character-for-character), overwrite its value.
5. Discard any leading SP characters from input_string. 5. Discard any leading SP characters from input_string.
6. If input_string is empty, return dictionary. 6. If input_string is empty, return dictionary.
7. Consume the first character of input_string; if it is not 7. Consume the first character of input_string; if it is not
COMMA, fail parsing. ",", fail parsing.
8. Discard any leading SP characters from input_string. 8. Discard any leading SP characters from input_string.
9. If input_string is empty, there is a trailing comma; fail 9. If input_string is empty, there is a trailing comma; fail
parsing. parsing.
3. No structured data has been found; return dictionary (which is 3. No structured data has been found; return dictionary (which is
empty). empty).
4.2.3. Parsing an Item 4.2.3. Parsing an Item
skipping to change at page 25, line 32 skipping to change at page 26, line 24
1. Let bare_item be the result of running Parsing a Bare Item 1. Let bare_item be the result of running Parsing a Bare Item
(Section 4.2.3.1) with input_string. (Section 4.2.3.1) with input_string.
2. Let parameters be the result of running Parsing Parameters 2. Let parameters be the result of running Parsing Parameters
(Section 4.2.3.2) with input_string. (Section 4.2.3.2) with input_string.
3. Return the tuple (bare_item, parameters). 3. Return the tuple (bare_item, parameters).
4.2.3.1. Parsing a Bare Item 4.2.3.1. Parsing a Bare Item
Given an ASCII string as input_string, return a bare item. Given an ASCII string as input_string, return a bare Item.
input_string is modified to remove the parsed value. input_string is modified to remove the parsed value.
1. If the first character of input_string is a "-" or a DIGIT, 1. If the first character of input_string is a "-" or a DIGIT,
return the result of running Parsing a Number (Section 4.2.4) return the result of running Parsing an Integer or Decimal
with input_string. (Section 4.2.4) with input_string.
2. If the first character of input_string is a DQUOTE, return the 2. If the first character of input_string is a DQUOTE, return the
result of running Parsing a String (Section 4.2.5) with result of running Parsing a String (Section 4.2.5) with
input_string. input_string.
3. If the first character of input_string is ":", return the result 3. If the first character of input_string is ":", return the result
of running Parsing a Byte Sequence (Section 4.2.7) with of running Parsing a Byte Sequence (Section 4.2.7) with
input_string. input_string.
4. If the first character of input_string is "?", return the result 4. If the first character of input_string is "?", return the result
skipping to change at page 26, line 10 skipping to change at page 26, line 51
5. If the first character of input_string is an ALPHA or "*", return 5. If the first character of input_string is an ALPHA or "*", return
the result of running Parsing a Token (Section 4.2.6) with the result of running Parsing a Token (Section 4.2.6) with
input_string. input_string.
6. Otherwise, the item type is unrecognized; fail parsing. 6. Otherwise, the item type is unrecognized; fail parsing.
4.2.3.2. Parsing Parameters 4.2.3.2. Parsing Parameters
Given an ASCII string as input_string, return an ordered map whose Given an ASCII string as input_string, return an ordered map whose
values are bare items. input_string is modified to remove the parsed values are bare Items. input_string is modified to remove the parsed
value. value.
1. Let parameters be an empty, ordered map. 1. Let parameters be an empty, ordered map.
2. While input_string is not empty: 2. While input_string is not empty:
1. If the first character of input_string is not ";", exit the 1. If the first character of input_string is not ";", exit the
loop. loop.
2. Consume a ";" character from the beginning of input_string. 2. Consume a ";" character from the beginning of input_string.
skipping to change at page 26, line 48 skipping to change at page 27, line 40
If parameters already contains a name param_name (comparing If parameters already contains a name param_name (comparing
character-for-character), overwrite its value. character-for-character), overwrite its value.
3. Return parameters. 3. Return parameters.
4.2.3.3. Parsing a Key 4.2.3.3. Parsing a Key
Given an ASCII string as input_string, return a key. input_string is Given an ASCII string as input_string, return a key. input_string is
modified to remove the parsed value. modified to remove the parsed value.
1. If the first character of input_string is not lcalpha, fail 1. If the first character of input_string is not lcalpha or "*",
parsing. fail parsing.
2. Let output_string be an empty string. 2. Let output_string be an empty string.
3. While input_string is not empty: 3. While input_string is not empty:
1. If the first character of input_string is not one of lcalpha, 1. If the first character of input_string is not one of lcalpha,
DIGIT, "_", "-", ".", or "*", return output_string. DIGIT, "_", "-", ".", or "*", return output_string.
2. Let char be the result of removing the first character of 2. Let char be the result of consuming the first character of
input_string. input_string.
3. Append char to output_string. 3. Append char to output_string.
4. Return output_string. 4. Return output_string.
4.2.4. Parsing a Number 4.2.4. Parsing an Integer or Decimal
Given an ASCII string as input_string, return a number. input_string Given an ASCII string as input_string, return an Integer or Decimal.
is modified to remove the parsed value. input_string is modified to remove the parsed value.
NOTE: This algorithm parses both Integers (Section 3.3.1) and NOTE: This algorithm parses both Integers (Section 3.3.1) and
Decimals (Section 3.3.2), and returns the corresponding structure. Decimals (Section 3.3.2), and returns the corresponding structure.
1. Let type be "integer". 1. Let type be "integer".
2. Let sign be 1. 2. Let sign be 1.
3. Let input_number be an empty string. 3. Let input_number be an empty string.
skipping to change at page 28, line 38 skipping to change at page 29, line 30
2. If the number of characters after "." in input_number is 2. If the number of characters after "." in input_number is
greater than three, fail parsing. greater than three, fail parsing.
3. Parse input_number as a decimal number and let output_number 3. Parse input_number as a decimal number and let output_number
be the product of the result and sign. be the product of the result and sign.
10. Return output_number. 10. Return output_number.
4.2.5. Parsing a String 4.2.5. Parsing a String
Given an ASCII string as input_string, return an unquoted string. Given an ASCII string as input_string, return an unquoted String.
input_string is modified to remove the parsed value. input_string is modified to remove the parsed value.
1. Let output_string be an empty string. 1. Let output_string be an empty string.
2. If the first character of input_string is not DQUOTE, fail 2. If the first character of input_string is not DQUOTE, fail
parsing. parsing.
3. Discard the first character of input_string. 3. Discard the first character of input_string.
4. While input_string is not empty: 4. While input_string is not empty:
skipping to change at page 29, line 28 skipping to change at page 30, line 19
4. Else, if char is in the range %x00-1f or %x7f (i.e., is not 4. Else, if char is in the range %x00-1f or %x7f (i.e., is not
in VCHAR or SP), fail parsing. in VCHAR or SP), fail parsing.
5. Else, append char to output_string. 5. Else, append char to output_string.
5. Reached the end of input_string without finding a closing DQUOTE; 5. Reached the end of input_string without finding a closing DQUOTE;
fail parsing. fail parsing.
4.2.6. Parsing a Token 4.2.6. Parsing a Token
Given an ASCII string as input_string, return a token. input_string Given an ASCII string as input_string, return a Token. input_string
is modified to remove the parsed value. is modified to remove the parsed value.
1. If the first character of input_string is not ALPHA or "*", fail 1. If the first character of input_string is not ALPHA or "*", fail
parsing. parsing.
2. Let output_string be an empty string. 2. Let output_string be an empty string.
3. While input_string is not empty: 3. While input_string is not empty:
1. If the first character of input_string is not in tchar, ":" 1. If the first character of input_string is not in tchar, ":"
skipping to change at page 29, line 50 skipping to change at page 30, line 41
2. Let char be the result of consuming the first character of 2. Let char be the result of consuming the first character of
input_string. input_string.
3. Append char to output_string. 3. Append char to output_string.
4. Return output_string. 4. Return output_string.
4.2.7. Parsing a Byte Sequence 4.2.7. Parsing a Byte Sequence
Given an ASCII string as input_string, return a byte sequence. Given an ASCII string as input_string, return a Byte Sequence.
input_string is modified to remove the parsed value. input_string is modified to remove the parsed value.
1. If the first character of input_string is not ":", fail parsing. 1. If the first character of input_string is not ":", fail parsing.
2. Discard the first character of input_string. 2. Discard the first character of input_string.
3. If there is not a ":" character before the end of input_string, 3. If there is not a ":" character before the end of input_string,
fail parsing. fail parsing.
4. Let b64_content be the result of consuming content of 4. Let b64_content be the result of consuming content of
input_string up to but not including the first instance of the input_string up to but not including the first instance of the
character ":". character ":".
5. Consume the ":" character at the beginning of input_string. 5. Consume the ":" character at the beginning of input_string.
6. If b64_content contains a character not included in ALPHA, DIGIT, 6. If b64_content contains a character not included in ALPHA, DIGIT,
"+", "/" and "=", fail parsing. "+", "/" and "=", fail parsing.
7. Let binary_content be the result of Base 64 Decoding [RFC4648] 7. Let binary_content be the result of Base 64 Decoding [RFC4648]
b64_content, synthesizing padding if necessary (note the b64_content, synthesizing padding if necessary (note the
requirements about recipient behaviour below). requirements about recipient behavior below).
8. Return binary_content. 8. Return binary_content.
Because some implementations of base64 do not allow reject of encoded Because some implementations of base64 do not allow reject of encoded
data that is not properly "=" padded (see [RFC4648], Section 3.2), data that is not properly "=" padded (see [RFC4648], Section 3.2),
parsers SHOULD NOT fail when it is not present, unless they cannot be parsers SHOULD NOT fail when it is not present, unless they cannot be
configured to do so. configured to do so.
Because some implementations of base64 do not allow rejection of Because some implementations of base64 do not allow rejection of
encoded data that has non-zero pad bits (see [RFC4648], Section 3.5), encoded data that has non-zero pad bits (see [RFC4648], Section 3.5),
skipping to change at page 31, line 12 skipping to change at page 32, line 7
3. If the first character of input_string matches "1", discard the 3. If the first character of input_string matches "1", discard the
first character, and return true. first character, and return true.
4. If the first character of input_string matches "0", discard the 4. If the first character of input_string matches "0", discard the
first character, and return false. first character, and return false.
5. No value has matched; fail parsing. 5. No value has matched; fail parsing.
5. IANA Considerations 5. IANA Considerations
This draft has no actions for IANA. This document has no actions for IANA.
6. Security Considerations 6. Security Considerations
The size of most types defined by Structured Headers is not limited; The size of most types defined by Structured Fields is not limited;
as a result, extremely large header fields could be an attack vector as a result, extremely large fields could be an attack vector (e.g.,
(e.g., for resource consumption). Most HTTP implementations limit for resource consumption). Most HTTP implementations limit the sizes
the sizes of individual header fields as well as the overall header of individual fields as well as the overall header or trailer section
block size to mitigate such attacks. size to mitigate such attacks.
It is possible for parties with the ability to inject new HTTP header It is possible for parties with the ability to inject new HTTP fields
fields to change the meaning of a Structured Header. In some to change the meaning of a Structured Field. In some circumstances,
circumstances, this will cause parsing to fail, but it is not this will cause parsing to fail, but it is not possible to reliably
possible to reliably fail in all such circumstances. fail in all such circumstances.
7. References 7. References
7.1. Normative References 7.1. Normative References
[RFC0020] Cerf, V., "ASCII format for network interchange", STD 80, [RFC0020] Cerf, V., "ASCII format for network interchange", STD 80,
RFC 20, DOI 10.17487/RFC0020, October 1969, RFC 20, DOI 10.17487/RFC0020, October 1969,
<https://www.rfc-editor.org/info/rfc20>. <https://www.rfc-editor.org/info/rfc20>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
skipping to change at page 33, line 9 skipping to change at page 34, line 5
[2] https://httpwg.github.io/ [2] https://httpwg.github.io/
[3] https://github.com/httpwg/http-extensions/labels/header-structure [3] https://github.com/httpwg/http-extensions/labels/header-structure
[4] https://github.com/httpwg/structured-header-tests [4] https://github.com/httpwg/structured-header-tests
[5] https://github.com/httpwg/wiki/wiki/Structured-Headers [5] https://github.com/httpwg/wiki/wiki/Structured-Headers
[6] https://github.com/httpwg/structured-header-tests [6] https://github.com/httpwg/structured-header-tests
Appendix A. Acknowledgements Appendix A. Frequently Asked Questions
Many thanks to Matthew Kerwin for his detailed feedback and careful
consideration during the development of this specification.
Appendix B. Frequently Asked Questions
B.1. Why not JSON? A.1. Why not JSON?
Earlier proposals for structured headers were based upon JSON Earlier proposals for Structured Fields were based upon JSON
[RFC8259]. However, constraining its use to make it suitable for [RFC8259]. However, constraining its use to make it suitable for
HTTP header fields required senders and recipients to implement HTTP header fields required senders and recipients to implement
specific additional handling. specific additional handling.
For example, JSON has specification issues around large numbers and For example, JSON has specification issues around large numbers and
objects with duplicate members. Although advice for avoiding these objects with duplicate members. Although advice for avoiding these
issues is available (e.g., [RFC7493]), it cannot be relied upon. issues is available (e.g., [RFC7493]), it cannot be relied upon.
Likewise, JSON strings are by default Unicode strings, which have a Likewise, JSON strings are by default Unicode strings, which have a
number of potential interoperability issues (e.g., in comparison). number of potential interoperability issues (e.g., in comparison).
Although implementers can be advised to avoid non-ASCII content where Although implementers can be advised to avoid non-ASCII content where
unnecessary, this is difficult to enforce. unnecessary, this is difficult to enforce.
Another example is JSON's ability to nest content to arbitrary Another example is JSON's ability to nest content to arbitrary
depths. Since the resulting memory commitment might be unsuitable depths. Since the resulting memory commitment might be unsuitable
(e.g., in embedded and other limited server deployments), it's (e.g., in embedded and other limited server deployments), it's
necessary to limit it in some fashion; however, existing JSON necessary to limit it in some fashion; however, existing JSON
implementations have no such limits, and even if a limit is implementations have no such limits, and even if a limit is
specified, it's likely that some header field definition will find a specified, it's likely that some field definition will find a need to
need to violate it. violate it.
Because of JSON's broad adoption and implementation, it is difficult Because of JSON's broad adoption and implementation, it is difficult
to impose such additional constraints across all implementations; to impose such additional constraints across all implementations;
some deployments would fail to enforce them, thereby harming some deployments would fail to enforce them, thereby harming
interoperability. In short, if it looks like JSON, people will be interoperability. In short, if it looks like JSON, people will be
tempted to use a JSON parser / serialiser on header fields. tempted to use a JSON parser / serializer on field values.
Since a major goal for Structured Headers is to improve Since a major goal for Structured Fields is to improve
interoperability and simplify implementation, these concerns led to a interoperability and simplify implementation, these concerns led to a
format that requires a dedicated parser and serializer. format that requires a dedicated parser and serializer.
Additionally, there were widely shared feelings that JSON doesn't Additionally, there were widely shared feelings that JSON doesn't
"look right" in HTTP headers. "look right" in HTTP fields.
B.2. Structured Headers don't "fit" my data.
Structured headers intentionally limits the complexity of data
structures, to assure that it can be processed in a performant manner
with little overhead. This means that work is necessary to fit some
data types into them.
Sometimes, this can be achieved by creating limited substructures in
values, and/or using more than one header. For example, consider:
Example-Thing: name="Widget", cost=89.2, descriptions=(foo bar)
Example-Description: foo; url="https://example.net"; context=123,
bar; url="https://example.org"; context=456
Since the description contains an array of key/value pairs, we use a
List to represent them, with the token for each item in the array
used to identify it in the "descriptions" member of the Example-Thing
dictionary header.
When specifying more than one header, it's important to remember to
describe what a processor's behaviour should be when one of the
headers is missing.
If you need to fit arbitrarily complex data into a header, Structured
Headers is probably a poor fit for your use case.
Appendix C. Implementation Notes Appendix B. Implementation Notes
A generic implementation of this specification should expose the top- A generic implementation of this specification should expose the top-
level parse (Section 4.2) and serialize (Section 4.1) functions. level serialize (Section 4.1) and parse (Section 4.2) functions.
They need not be functions; for example, it could be implemented as They need not be functions; for example, it could be implemented as
an object, with methods for each of the different top-level types. an object, with methods for each of the different top-level types.
For interoperability, it's important that generic implementations be For interoperability, it's important that generic implementations be
complete and follow the algorithms closely; see Section 1.1. To aid complete and follow the algorithms closely; see Section 1.1. To aid
this, a common test suite is being maintained by the community at this, a common test suite is being maintained by the community at
https://github.com/httpwg/structured-header-tests [6]. https://github.com/httpwg/structured-header-tests [6].
Implementers should note that dictionaries and parameters are order- Implementers should note that Dictionaries and Parameters are order-
preserving maps. Some headers may not convey meaning in the ordering preserving maps. Some fields may not convey meaning in the ordering
of these data types, but it should still be exposed so that of these data types, but it should still be exposed so that
applications which need to use it will have it available. applications which need to use it will have it available.
Likewise, implementations should note that it's important to preserve Likewise, implementations should note that it's important to preserve
the distinction between tokens and strings. While most programming the distinction between Tokens and Strings. While most programming
languages have native types that map to the other types well, it may languages have native types that map to the other types well, it may
be necessary to create a wrapper "token" object or use a parameter on be necessary to create a wrapper "token" object or use a parameter on
functions to assure that these types remain separate. functions to assure that these types remain separate.
Appendix D. Changes The serialization algorithm is defined in a way that it is not
strictly limited to the data types defined in Section 3 in every
case. For example, Decimals are designed to take broader input and
round to allowed values.
Appendix C. Changes
_RFC Editor: Please remove this section before publication._ _RFC Editor: Please remove this section before publication._
D.1. Since draft-ietf-httpbis-header-structure-14 C.1. Since draft-ietf-httpbis-header-structure-15
o Editorial improvements.
o Use HTTP field terminology more consistently, in line with recent
changes to HTTP-core.
o String length requirements apply to decoded strings (#1051).
o Correctly round decimals in serialisation (#1043).
o Clarify input to serialisation algorithms (#1055).
o Omitted True dictionary value can have parameters (#1083).
o Keys can now start with '*' (#1068).
C.2. Since draft-ietf-httpbis-header-structure-14
o Editorial improvements. o Editorial improvements.
o Allow empty dictionary values (#992). o Allow empty dictionary values (#992).
o Change value of omitted parameter value to True (#995). o Change value of omitted parameter value to True (#995).
o Explain more about splitting dictionaries and lists across header o Explain more about splitting dictionaries and lists across header
instances (#997). instances (#997).
skipping to change at page 35, line 40 skipping to change at page 36, line 28
o Handle duplicate dictionary and parameter keys by overwriting o Handle duplicate dictionary and parameter keys by overwriting
their values, rather than failing (#997). their values, rather than failing (#997).
o Allow "." in key (#1027). o Allow "." in key (#1027).
o Check first character of key in serialisation (#1037). o Check first character of key in serialisation (#1037).
o Talk about greasing headers (#1015). o Talk about greasing headers (#1015).
D.2. Since draft-ietf-httpbis-header-structure-13 C.3. Since draft-ietf-httpbis-header-structure-13
o Editorial improvements. o Editorial improvements.
o Define "structured header name" and "structured header value" o Define "structured header name" and "structured header value"
terms (#908). terms (#908).
o Corrected text about valid characters in strings (#931). o Corrected text about valid characters in strings (#931).
o Removed most instances of the word "textual", as it was redundant o Removed most instances of the word "textual", as it was redundant
(#915). (#915).
o Allowed parameters on Items and Inner Lists (#907). o Allowed parameters on Items and Inner Lists (#907).
o Expand the range of characters in token (#961). o Expand the range of characters in token (#961).
o Disallow OWS before ";" delimiter in parameters (#961). o Disallow OWS before ";" delimiter in parameters (#961).
D.3. Since draft-ietf-httpbis-header-structure-12 C.4. Since draft-ietf-httpbis-header-structure-12
o Editorial improvements. o Editorial improvements.
o Reworked float serialisation (#896). o Reworked float serialisation (#896).
o Don't add a trailing space in inner-list (#904). o Don't add a trailing space in inner-list (#904).
D.4. Since draft-ietf-httpbis-header-structure-11 C.5. Since draft-ietf-httpbis-header-structure-11
o Allow * in key (#844). o Allow * in key (#844).
o Constrain floats to six digits of precision (#848). o Constrain floats to six digits of precision (#848).
o Allow dictionary members to have parameters (#842). o Allow dictionary members to have parameters (#842).
D.5. Since draft-ietf-httpbis-header-structure-10 C.6. Since draft-ietf-httpbis-header-structure-10
o Update abstract (#799). o Update abstract (#799).
o Input and output are now arrays of bytes (#662). o Input and output are now arrays of bytes (#662).
o Implementations need to preserve difference between token and o Implementations need to preserve difference between token and
string (#790). string (#790).
o Allow empty dictionaries and lists (#781). o Allow empty dictionaries and lists (#781).
o Change parameterized lists to have primary items (#797). o Change parameterized lists to have primary items (#797).
o Allow inner lists in both dictionaries and lists; removes lists of o Allow inner lists in both dictionaries and lists; removes lists of
lists (#816). lists (#816).
o Subsume Parameterised Lists into Lists (#839). o Subsume Parameterised Lists into Lists (#839).
D.6. Since draft-ietf-httpbis-header-structure-09 C.7. Since draft-ietf-httpbis-header-structure-09
o Changed Boolean from T/F to 1/0 (#784). o Changed Boolean from T/F to 1/0 (#784).
o Parameters are now ordered maps (#765). o Parameters are now ordered maps (#765).
o Clamp integers to 15 digits (#737). o Clamp integers to 15 digits (#737).
D.7. Since draft-ietf-httpbis-header-structure-08 C.8. Since draft-ietf-httpbis-header-structure-08
o Disallow whitespace before items properly (#703). o Disallow whitespace before items properly (#703).
o Created "key" for use in dictionaries and parameters, rather than o Created "key" for use in dictionaries and parameters, rather than
relying on identifier (#702). Identifiers have a separate minimum relying on identifier (#702). Identifiers have a separate minimum
supported size. supported size.
o Expanded the range of special characters allowed in identifier to o Expanded the range of special characters allowed in identifier to
include all of ALPHA, ".", ":", and "%" (#702). include all of ALPHA, ".", ":", and "%" (#702).
skipping to change at page 37, line 29 skipping to change at page 38, line 14
o Gave better names for referring specs to use in Parameterised o Gave better names for referring specs to use in Parameterised
Lists (#720). Lists (#720).
o Added Lists of Lists (#721). o Added Lists of Lists (#721).
o Rename Identifier to Token (#725). o Rename Identifier to Token (#725).
o Add implementation guidance (#727). o Add implementation guidance (#727).
D.8. Since draft-ietf-httpbis-header-structure-07 C.9. Since draft-ietf-httpbis-header-structure-07
o Make Dictionaries ordered mappings (#659). o Make Dictionaries ordered mappings (#659).
o Changed "binary content" to "byte sequence" to align with Infra o Changed "binary content" to "byte sequence" to align with Infra
specification (#671). specification (#671).
o Changed "mapping" to "map" for #671. o Changed "mapping" to "map" for #671.
o Don't fail if byte sequences aren't "=" padded (#658). o Don't fail if byte sequences aren't "=" padded (#658).
o Add Booleans (#683). o Add Booleans (#683).
o Allow identifiers in items again (#629). o Allow identifiers in items again (#629).
o Disallowed whitespace before items (#703). o Disallowed whitespace before items (#703).
o Explain the consequences of splitting a string across multiple o Explain the consequences of splitting a string across multiple
headers (#686). headers (#686).
D.9. Since draft-ietf-httpbis-header-structure-06 C.10. Since draft-ietf-httpbis-header-structure-06
o Add a FAQ. o Add a FAQ.
o Allow non-zero pad bits. o Allow non-zero pad bits.
o Explicitly check for integers that violate constraints. o Explicitly check for integers that violate constraints.
D.10. Since draft-ietf-httpbis-header-structure-05 C.11. Since draft-ietf-httpbis-header-structure-05
o Reorganise specification to separate parsing out. o Reorganise specification to separate parsing out.
o Allow referencing specs to use ABNF. o Allow referencing specs to use ABNF.
o Define serialisation algorithms. o Define serialisation algorithms.
o Refine relationship between ABNF, parsing and serialisation o Refine relationship between ABNF, parsing and serialisation
algorithms. algorithms.
D.11. Since draft-ietf-httpbis-header-structure-04 C.12. Since draft-ietf-httpbis-header-structure-04
o Remove identifiers from item. o Remove identifiers from item.
o Remove most limits on sizes. o Remove most limits on sizes.
o Refine number parsing. o Refine number parsing.
D.12. Since draft-ietf-httpbis-header-structure-03 C.13. Since draft-ietf-httpbis-header-structure-03
o Strengthen language around failure handling. o Strengthen language around failure handling.
D.13. Since draft-ietf-httpbis-header-structure-02 C.14. Since draft-ietf-httpbis-header-structure-02
o Split Numbers into Integers and Floats. o Split Numbers into Integers and Floats.
o Define number parsing. o Define number parsing.
o Tighten up binary parsing and give it an explicit end delimiter. o Tighten up binary parsing and give it an explicit end delimiter.
o Clarify that mappings are unordered. o Clarify that mappings are unordered.
o Allow zero-length strings. o Allow zero-length strings.
o Improve string parsing algorithm. o Improve string parsing algorithm.
o Improve limits in algorithms. o Improve limits in algorithms.
o Require parsers to combine header fields before processing. o Require parsers to combine header fields before processing.
o Throw an error on trailing garbage. o Throw an error on trailing garbage.
D.14. Since draft-ietf-httpbis-header-structure-01 C.15. Since draft-ietf-httpbis-header-structure-01
o Replaced with draft-nottingham-structured-headers. o Replaced with draft-nottingham-structured-headers.
D.15. Since draft-ietf-httpbis-header-structure-00 C.16. Since draft-ietf-httpbis-header-structure-00
o Added signed 64bit integer type. o Added signed 64bit integer type.
o Drop UTF8, and settle on BCP137 ::EmbeddedUnicodeChar for h1- o Drop UTF8, and settle on BCP137 ::EmbeddedUnicodeChar for h1-
unicode-string. unicode-string.
o Change h1_blob delimiter to ":" since "'" is valid t_char o Change h1_blob delimiter to ":" since "'" is valid t_char
Acknowledgements
Many thanks to Matthew Kerwin for his detailed feedback and careful
consideration during the development of this specification.
Thanks also to Ian Clelland, Roy Fielding, Anne van Kesteren, Kazuho
Oku, Evert Pot, Julian Reschke, Martin Thomson, Mike West, and
Jeffrey Yasskin for their contributions.
Authors' Addresses Authors' Addresses
Mark Nottingham Mark Nottingham
Fastly Fastly
Email: mnot@mnot.net Email: mnot@mnot.net
URI: https://www.mnot.net/ URI: https://www.mnot.net/
Poul-Henning Kamp Poul-Henning Kamp
The Varnish Cache Project The Varnish Cache Project
 End of changes. 242 change blocks. 
470 lines changed or deleted 504 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/