draft-ietf-httpbis-safe-method-w-body-00.txt   draft-ietf-httpbis-safe-method-w-body-01.txt 
HTTP J. Reschke HTTP J. Reschke
Internet-Draft greenbytes Internet-Draft greenbytes
Updates: 5323 (if approved) A. Malhotra Updates: 5323 (if approved) A. Malhotra
Intended status: Standards Track Intended status: Standards Track
Expires: 2 October 2021 J.M. Snell Expires: 10 December 2021 J.M. Snell
31 March 2021 8 June 2021
HTTP SEARCH Method HTTP SEARCH Method
draft-ietf-httpbis-safe-method-w-body-00 draft-ietf-httpbis-safe-method-w-body-01
Abstract Abstract
This specification updates the definition and semantics of the HTTP This specification updates the definition and semantics of the HTTP
SEARCH request method originally defined by RFC 5323. SEARCH request method originally defined by RFC 5323.
Editorial Note Editorial Note
This note is to be removed before publishing as an RFC.
Discussion of this draft takes place on the HTTP working group Discussion of this draft takes place on the HTTP working group
mailing list (ietf-http-wg@w3.org), which is archived at mailing list (ietf-http-wg@w3.org), which is archived at
https://lists.w3.org/Archives/Public/ietf-http-wg/. https://lists.w3.org/Archives/Public/ietf-http-wg/.
This note is to be removed before publishing as an RFC.
Working Group information can be found at https://httpwg.org/; source Working Group information can be found at https://httpwg.org/; source
code and issues list for this draft can be found at code and issues list for this draft can be found at
https://github.com/httpwg/http-extensions/labels/safe-method-w-body. https://github.com/httpwg/http-extensions/labels/safe-method-w-body.
The changes in this draft are summarized in Appendix A.1.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on 2 October 2021. This Internet-Draft will expire on 10 December 2021.
Copyright Notice Copyright Notice
Copyright (c) 2021 IETF Trust and the persons identified as the Copyright (c) 2021 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/ Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document. license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights Please review these documents carefully, as they describe your rights
skipping to change at page 2, line 30 skipping to change at page 2, line 30
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. SEARCH . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 2. SEARCH . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
3. The "Accept-Search" Header Field . . . . . . . . . . . . . . 5 3. The "Accept-Search" Header Field . . . . . . . . . . . . . . 5
4. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . 6 4. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . 6
4.1. Simple SEARCH with a Direct Response . . . . . . . . . . 6 4.1. Simple SEARCH with a Direct Response . . . . . . . . . . 6
4.2. Simple SEARCH with indirect response (303 See Other) . . 6 4.2. Simple SEARCH with indirect response (303 See Other) . . 6
5. Security Considerations . . . . . . . . . . . . . . . . . . . 7 5. Security Considerations . . . . . . . . . . . . . . . . . . . 7
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7
7. Normative References . . . . . . . . . . . . . . . . . . . . 7 7. Normative References . . . . . . . . . . . . . . . . . . . . 7
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8 Appendix A. Change Log . . . . . . . . . . . . . . . . . . . . . 8
A.1. Since draft-ietf-httpbis-safe-method-w-body-00 . . . . . 8
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9
1. Introduction 1. Introduction
This specification updates the HTTP SEARCH method originally defined This specification updates the HTTP SEARCH method originally defined
in [RFC5323]. in [RFC5323].
Many existing HTTP-based applications use the HTTP GET and POST Many existing HTTP-based applications use the HTTP GET and POST
methods in various ways to implement the functionality provided by methods in various ways to implement the functionality provided by
SEARCH. SEARCH.
skipping to change at page 3, line 45 skipping to change at page 4, line 4
complexity, introduce bugs, or otherwise reduce the overall complexity, introduce bugs, or otherwise reduce the overall
visibility of the query being requested. visibility of the query being requested.
As an alternative to using GET, many implementations make use of the As an alternative to using GET, many implementations make use of the
HTTP POST method to perform queries, as illustrated in the example HTTP POST method to perform queries, as illustrated in the example
below. In this case, the input parameters to the search operation below. In this case, the input parameters to the search operation
are passed along within the request payload as opposed to using the are passed along within the request payload as opposed to using the
request URI. request URI.
A typical use of HTTP POST for requesting a search A typical use of HTTP POST for requesting a search
POST /feed HTTP/1.1 POST /feed HTTP/1.1
Host: example.org Host: example.org
Content-Type: application/x-www-form-urlencoded Content-Type: application/x-www-form-urlencoded
q=foo&limit=10&sort=-published q=foo&limit=10&sort=-published
This variation, however, suffers from the same basic limitation as This variation, however, suffers from the same basic limitation as
GET in that it is not readily apparent -- absent specific knowledge GET in that it is not readily apparent -- absent specific knowledge
of the resource and server to which the request is being sent -- that of the resource and server to which the request is being sent -- that
a search operation is what is being requested. Web applications use a search operation is what is being requested. Web applications use
the POST method for a wide variety of uses including the creation or the POST method for a wide variety of uses including the creation or
modification of existing resources. Sending the request above to a modification of existing resources. Sending the request above to a
different server, or even repeatedly sending the request to the same different server, or even repeatedly sending the request to the same
server could have dramatically different effects. server could have dramatically different effects.
The SEARCH method provides a solution that spans the gap between the The SEARCH method provides a solution that spans the gap between the
use of GET and POST. As with POST, the input to the query operation use of GET and POST. As with POST, the input to the query operation
is passed along within the payload of the request rather than as part is passed along within the payload of the request rather than as part
of the request URI. Unlike POST, however the semantics of the SEARCH of the request URI. Unlike POST, however the semantics of the SEARCH
method are specifically defined. method are specifically defined.
In this document, the key words "MUST", "MUST NOT", "REQUIRED", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
and "OPTIONAL" are to be interpreted as described in [RFC2119]. "OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
2. SEARCH 2. SEARCH
The SEARCH method is used to initiate a server-side search. Unlike The SEARCH method is used to initiate a server-side search. Unlike
the HTTP GET method, which requests that a server return a the HTTP GET method, which requests that a server return a
representation of the resource identified by the effective request representation of the resource identified by the target URI (as
URI (as defined by [RFC7230]), the SEARCH method is used to ask the defined by Section 7.1 of [RFCHTTP]), the SEARCH method is used to
server to perform a query operation (described by the request ask the server to perform a query operation (described by the request
payload) over some set of data scoped to the effective request URI. payload) over some set of data scoped to the effective request URI.
The payload returned in response to a SEARCH cannot be assumed to be The payload returned in response to a SEARCH cannot be assumed to be
a representation of the resource identified by the effective request a representation of the resource identified by the effective request
URI. URI.
The body payload of the request defines the query. Implementations The body payload of the request defines the query. Implementations
MAY use a request body of any content type with the SEARCH method; MAY use a request body of any content type with the SEARCH method;
however, for backwards compatibility with existing WebDAV however, for backwards compatibility with existing WebDAV
implementations, SEARCH requests that use the text/xml or implementations, SEARCH requests that use the text/xml or
application/xml content types MUST be processed per the requirements application/xml media types with a root element (Section 2.1 of
established by [RFC5323]. [XML]) in the "DAV:" XML namespace ([XMLNS]) MUST be processed per
// This can be relaxed to XML with a document element in the "DAV:" the requirements established by [RFC5323].
// namespace, or even to the two element names mentionbed in
// Section 2.2.2 of [RFC5323].
SEARCH requests are both safe and idempotent with regards to the SEARCH requests are both safe and idempotent with regards to the
resource identified by the request URI. That is, SEARCH requests do resource identified by the request URI. That is, SEARCH requests do
not alter the state of the targeted resource. However, while not alter the state of the targeted resource. However, while
processing a search request, a server can be expected to allocate processing a search request, a server can be expected to allocate
computing and memory resources or even create additional HTTP computing and memory resources or even create additional HTTP
resources through which the response can be retrieved. resources through which the response can be retrieved.
A successful response to a SEARCH request is expected to provide some A successful response to a SEARCH request is expected to provide some
indication as to the final disposition of the search operation. For indication as to the final disposition of the search operation. For
instance, a successful search that yields no results can be instance, a successful search that yields no results can be
represented by a 204 No Content response. If the response includes a represented by a 204 No Content response. If the response includes a
body payload, the payload is expected to describe the results of the content, it is expected to describe the results of the search
search operation. In some cases, the server may choose to respond operation. In some cases, the server may choose to respond
indirectly to the SEARCH request by returning a 3xx Redirection with indirectly to the SEARCH request by returning a 3xx Redirection with
a Location header specifying an alternate Request URI from which the a Location header field specifying an alternate Request URI from
search results can be retrieved using an HTTP GET request. Various which the search results can be retrieved using an HTTP GET request.
non-normative examples of successful SEARCH responses are illustrated Various non-normative examples of successful SEARCH responses are
in Section 4. illustrated in Section 4.
The response to a SEARCH request is not cacheable. It ought to be The response to a SEARCH request is not cacheable. It ought to be
noted, however, that because SEARCH requests are safe and idempotent, noted, however, that because SEARCH requests are safe and idempotent,
responses to a SEARCH MUST NOT invalidate previously cached responses responses to a SEARCH MUST NOT invalidate previously cached responses
to other requests directed at the same effective request URI. to other requests directed at the same effective request URI.
// By default, that is. We need to figure out under which conditions // By default, that is. We need to figure out under which conditions
// we can make the result cacheable. // we can make the result cacheable.
The semantics of the SEARCH method change to a "conditional SEARCH" The semantics of the SEARCH method change to a "conditional SEARCH"
if the request message includes an If-Modified-Since, If-Unmodified- if the request message includes an If-Modified-Since, If-Unmodified-
Since, If-Match, If-None-Match, or If-Range header field ([RFC7232]). Since, If-Match, If-None-Match, or If-Range header field ([RFCHTTP],
A conditional SEARCH requests that the query be performed only under Section 13). A conditional SEARCH requests that the query be
the circumstances described by the conditional header field(s). It performed only under the circumstances described by the conditional
is important to note, however, that such conditions are evaluated header field(s). It is important to note, however, that such
against the state of the target resource itself as opposed to the conditions are evaluated against the state of the target resource
collected results of the search operation. itself as opposed to the collected results of the search operation.
3. The "Accept-Search" Header Field 3. The "Accept-Search" Header Field
The "Accept-Search" response header field MAY be used by a server to The "Accept-Search" response header field MAY be used by a server to
directly signal support for the SEARCH method while identifying the directly signal support for the SEARCH method while identifying the
specific query format Content-Type's that may be used. specific query format media types that may be used.
Accept-Search = "Accept-Search" ":" 1#media-type Accept-Search = 1#media-type
The Accept-Search header specifies a comma-separated listing of media The Accept-Search header field specifies a comma-separated listing of
types (with optional parameters) as defined by [RFC7231], media types (with optional parameters) as defined by Section 8.3.1 of
Section 3.1.1.1. [RFCHTTP].
The order of types listed by the Accept-Search header is The order of types listed by the Accept-Search header field is
insignificant. insignificant.
4. Examples 4. Examples
The non-normative examples in this section make use of a simple, The non-normative examples in this section make use of a simple,
hypothetical plain-text based query syntax based on SQL with results hypothetical plain-text based query syntax based on SQL with results
returned as comma-separated values. This is done for illustration returned as comma-separated values. This is done for illustration
purposes only. Implementations are free to use any format they wish purposes only. Implementations are free to use any format they wish
on both the request and response. on both the request and response.
4.1. Simple SEARCH with a Direct Response 4.1. Simple SEARCH with a Direct Response
A simple query with a direct response: A simple query with a direct response:
SEARCH /contacts HTTP/1.1 SEARCH /contacts HTTP/1.1
Host: example.org Host: example.org
Content-Type: text/query Content-Type: example/query
Accept: text/csv Accept: text/csv
select surname, givenname, email limit 10 select surname, givenname, email limit 10
Response: Response:
HTTP/1.1 200 OK HTTP/1.1 200 OK
Content-Type: text/csv Content-Type: text/csv
surname, givenname, email surname, givenname, email
Smith, John, john.smith@example.org Smith, John, john.smith@example.org
Jones, Sally, sally.jones@example.com Jones, Sally, sally.jones@example.com
Dubois, Camille, camille.dubois@example.net Dubois, Camille, camille.dubois@example.net
4.2. Simple SEARCH with indirect response (303 See Other) 4.2. Simple SEARCH with indirect response (303 See Other)
A simple query with an Indirect Response (303 See Other): A simple query with an Indirect Response (303 See Other):
SEARCH /contacts HTTP/1.1 SEARCH /contacts HTTP/1.1
Host: example.org Host: example.org
Content-Type: text/query Content-Type: example/query
Accept: text/csv Accept: text/csv
select surname, givenname, email limit 10 select surname, givenname, email limit 10
Response: Response:
HTTP/1.1 303 See Other HTTP/1.1 303 See Other
Location: http://example.org/contacts/query123 Location: http://example.org/contacts/query123
Fetch Query Response: Fetch Query Response:
GET /contacts/query123 HTTP/1.1 GET /contacts/query123 HTTP/1.1
Host: example.org Host: example.org
Response: Response:
HTTP/1.1 200 OK HTTP/1.1 200 OK
Content-Type: text/csv Content-Type: text/csv
surname, givenname, email surname, givenname, email
Smith, John, john.smith@example.org Smith, John, john.smith@example.org
Jones, Sally, sally.jones@example.com Jones, Sally, sally.jones@example.com
Dubois, Camille, camille.dubois@example.net Dubois, Camille, camille.dubois@example.net
5. Security Considerations 5. Security Considerations
The SEARCH method is subject to the same general security The SEARCH method is subject to the same general security
considerations as all HTTP methods as described in [RFC7231]. considerations as all HTTP methods as described in [RFCHTTP].
6. IANA Considerations 6. IANA Considerations
IANA is requested to update the registration of the SEARCH method in IANA is requested to update the registration of the SEARCH method in
the permanent registry at <http://www.iana.org/assignments/http- the permanent registry at <http://www.iana.org/assignments/http-
methods> (see Section 8.1 of [RFC7231]). methods> (see Section 16.1.1 of [RFCHTTP]).
+=============+======+============+===============+ +=============+======+============+===============+
| Method Name | Safe | Idempotent | Specification | | Method Name | Safe | Idempotent | Specification |
+=============+======+============+===============+ +=============+======+============+===============+
| SEARCH | Yes | Yes | Section 2 | | SEARCH | Yes | Yes | Section 2 |
+-------------+------+------------+---------------+ +-------------+------+------------+---------------+
Table 1 Table 1
7. Normative References 7. Normative References
skipping to change at page 7, line 49 skipping to change at page 8, line 5
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC5323] Reschke, J., Ed., Reddy, S., Davis, J., and A. Babich, [RFC5323] Reschke, J., Ed., Reddy, S., Davis, J., and A. Babich,
"Web Distributed Authoring and Versioning (WebDAV) "Web Distributed Authoring and Versioning (WebDAV)
SEARCH", RFC 5323, DOI 10.17487/RFC5323, November 2008, SEARCH", RFC 5323, DOI 10.17487/RFC5323, November 2008,
<https://www.rfc-editor.org/info/rfc5323>. <https://www.rfc-editor.org/info/rfc5323>.
[RFC7230] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
Protocol (HTTP/1.1): Message Syntax and Routing", 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
RFC 7230, DOI 10.17487/RFC7230, June 2014, May 2017, <https://www.rfc-editor.org/info/rfc8174>.
<https://www.rfc-editor.org/info/rfc7230>.
[RFC7231] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer [RFCHTTP] Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke,
Protocol (HTTP/1.1): Semantics and Content", RFC 7231, Ed., "HTTP Semantics", Work in Progress, Internet-Draft,
DOI 10.17487/RFC7231, June 2014, draft-ietf-httpbis-semantics-16, 27 May 2021,
<https://www.rfc-editor.org/info/rfc7231>. <https://tools.ietf.org/html/draft-ietf-httpbis-semantics-
16>.
[RFC7232] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer [XML] Bray, T., Paoli, J., Sperberg-McQueen, M., Maler, E., and
Protocol (HTTP/1.1): Conditional Requests", RFC 7232, F. Yergeau, "Extensible Markup Language (XML) 1.0 (Fifth
DOI 10.17487/RFC7232, June 2014, Edition)", W3C Recommendation REC-xml-20081126, 26
<https://www.rfc-editor.org/info/rfc7232>. November 2008,
<https://www.w3.org/TR/2008/REC-xml-20081126/>. Latest
version available at https://www.w3.org/TR/xml/.
[XMLNS] Bray, T., Hollander, D., Layman, A., Tobin, R., and H.
Thompson, "Namespaces in XML 1.0 (Third Edition)", W3C
Recommendation REC-xml-names-20091208, 8 December 2009,
<https://www.w3.org/TR/2009/REC-xml-names-20091208/>.
Latest version available at https://www.w3.org/TR/xml-
names/.
Appendix A. Change Log
This section is to be removed before publishing as an RFC.
// (see https://trac.tools.ietf.org/tools/xml2rfc/trac/ticket/622)
A.1. Since draft-ietf-httpbis-safe-method-w-body-00
* Use "example/query" media type instead of undefined "text/query"
(https://github.com/httpwg/http-extensions/issues/1450)
* In Section 3, adjust the grammar to just define the field value
(https://github.com/httpwg/http-extensions/issues/1470)
* Update to latest HTTP core spec, and adjust terminology
accordingly (https://github.com/httpwg/http-extensions/
issues/1473)
* Reference RFC 8174 and markup bcp14 terms
(https://github.com/httpwg/http-extensions/issues/1497)
* Update HTTP reference (https://github.com/httpwg/http-extensions/
issues/1524)
* Relax restriction of generic XML media type in request body
(https://github.com/httpwg/http-extensions/issues/1535)
Authors' Addresses Authors' Addresses
Julian Reschke Julian Reschke
greenbytes GmbH greenbytes GmbH
Hafenweg 16 Hafenweg 16
48155 Münster 48155 Münster
Germany Germany
Email: julian.reschke@greenbytes.de Email: julian.reschke@greenbytes.de
 End of changes. 27 change blocks. 
54 lines changed or deleted 93 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/