draft-reschke-http-jfv-09.txt   draft-reschke-http-jfv-10.txt 
Network Working Group J. Reschke Network Working Group J. F. Reschke
Internet-Draft greenbytes Internet-Draft greenbytes
Intended status: Standards Track July 2, 2018 Intended status: Informational 14 October 2019
Expires: January 3, 2019 Expires: 16 April 2020
A JSON Encoding for HTTP Header Field Values A JSON Encoding for HTTP Header Field Values
draft-reschke-http-jfv-09 draft-reschke-http-jfv-10
Abstract Abstract
This document establishes a convention for use of JSON-encoded field This document establishes a convention for use of JSON-encoded field
values in HTTP header fields. values in HTTP header fields.
Editorial Note (To be removed by RFC Editor before publication) Editorial Note
This note is to be removed before publishing as an RFC.
Distribution of this document is unlimited. Although this is not a Distribution of this document is unlimited. Although this is not a
work item of the HTTPbis Working Group, comments should be sent to work item of the HTTPbis Working Group, comments should be sent to
the Hypertext Transfer Protocol (HTTP) mailing list at ietf-http- the Hypertext Transfer Protocol (HTTP) mailing list at ietf-http-
wg@w3.org [1], which may be joined by sending a message with subject wg@w3.org (mailto:ietf-http-wg@w3.org), which may be joined by
"subscribe" to ietf-http-wg-request@w3.org [2]. sending a message with subject "subscribe" to ietf-http-wg-
request@w3.org (mailto:ietf-http-wg-
request@w3.org?subject=subscribe).
Discussions of the HTTPbis Working Group are archived at Discussions of the HTTPbis Working Group are archived at
<http://lists.w3.org/Archives/Public/ietf-http-wg/>. http://lists.w3.org/Archives/Public/ietf-http-wg/.
XML versions and latest edits for this document are available from XML versions and latest edits for this document are available from
<http://greenbytes.de/tech/webdav/#draft-reschke-http-jfv>. http://greenbytes.de/tech/webdav/#draft-reschke-http-jfv.
The changes in this draft are summarized in Appendix E.12. The changes in this draft are summarized in Appendix E.13.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on 16 April 2020.
This Internet-Draft will expire on January 3, 2019.
Copyright Notice Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents (https://trustee.ietf.org/
(https://trustee.ietf.org/license-info) in effect on the date of license-info) in effect on the date of publication of this document.
publication of this document. Please review these documents Please review these documents carefully, as they describe your rights
carefully, as they describe your rights and restrictions with respect and restrictions with respect to this document. Code Components
to this document. Code Components extracted from this document must extracted from this document must include Simplified BSD License text
include Simplified BSD License text as described in Section 4.e of as described in Section 4.e of the Trust Legal Provisions and are
the Trust Legal Provisions and are provided without warranty as provided without warranty as described in the Simplified BSD License.
described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Data Model and Format . . . . . . . . . . . . . . . . . . . . 4 2. Data Model and Format . . . . . . . . . . . . . . . . . . . . 4
3. Sender Requirements . . . . . . . . . . . . . . . . . . . . . 5 3. Sender Requirements . . . . . . . . . . . . . . . . . . . . . 5
4. Recipient Requirements . . . . . . . . . . . . . . . . . . . 5 4. Recipient Requirements . . . . . . . . . . . . . . . . . . . 5
5. Using this Format in Header Field Definitions . . . . . . . . 5 5. Using this Format in Header Field Definitions . . . . . . . . 5
6. Deployment Considerations . . . . . . . . . . . . . . . . . . 6 6. Deployment Considerations . . . . . . . . . . . . . . . . . . 6
7. Interoperability Considerations . . . . . . . . . . . . . . . 6 7. Interoperability Considerations . . . . . . . . . . . . . . . 6
7.1. Encoding and Characters . . . . . . . . . . . . . . . . . 6 7.1. Encoding and Characters . . . . . . . . . . . . . . . . . 6
7.2. Numbers . . . . . . . . . . . . . . . . . . . . . . . . . 6 7.2. Numbers . . . . . . . . . . . . . . . . . . . . . . . . . 6
7.3. Object Constraints . . . . . . . . . . . . . . . . . . . 7 7.3. Object Constraints . . . . . . . . . . . . . . . . . . . 6
8. Internationalization Considerations . . . . . . . . . . . . . 7 8. Internationalization Considerations . . . . . . . . . . . . . 7
9. Security Considerations . . . . . . . . . . . . . . . . . . . 7 9. Security Considerations . . . . . . . . . . . . . . . . . . . 7
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 7 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 7
10.1. Normative References . . . . . . . . . . . . . . . . . . 7 10.1. Normative References . . . . . . . . . . . . . . . . . . 7
10.2. Informative References . . . . . . . . . . . . . . . . . 8 10.2. Informative References . . . . . . . . . . . . . . . . . 8
10.3. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Appendix A. Examples . . . . . . . . . . . . . . . . . . . . . . 9
Appendix A. Examples . . . . . . . . . . . . . . . . . . . . . . 10 A.1. Content-Length . . . . . . . . . . . . . . . . . . . . . 9
A.1. Content-Length . . . . . . . . . . . . . . . . . . . . . 10
A.2. Content-Disposition . . . . . . . . . . . . . . . . . . . 10 A.2. Content-Disposition . . . . . . . . . . . . . . . . . . . 10
A.3. WWW-Authenticate . . . . . . . . . . . . . . . . . . . . 11 A.3. WWW-Authenticate . . . . . . . . . . . . . . . . . . . . 11
A.4. Accept-Encoding . . . . . . . . . . . . . . . . . . . . . 12 A.4. Accept-Encoding . . . . . . . . . . . . . . . . . . . . . 12
Appendix B. Use of JSON Field Value Encoding in the Wild . . . . 13 Appendix B. Use of JSON Field Value Encoding in the
B.1. W3C Reporting API Specification . . . . . . . . . . . . . 14 Wild . . . . . . . . . . . . . . . . . . . . . . . . . . 13
B.2. W3C Clear Site Data Specification . . . . . . . . . . . . 14 B.1. W3C Reporting API Specification . . . . . . . . . . . . . 13
B.3. W3C Feature Policy Specification . . . . . . . . . . . . 14 B.2. W3C Clear Site Data Specification . . . . . . . . . . . . 13
B.3. W3C Feature Policy Specification . . . . . . . . . . . . 13
Appendix C. Relation to HTTP 'Key' Header Field . . . . . . . . 14 Appendix C. Relation to HTTP 'Key' Header Field . . . . . . . . 14
Appendix D. Discussion . . . . . . . . . . . . . . . . . . . . . 14 Appendix D. Discussion . . . . . . . . . . . . . . . . . . . . . 14
Appendix E. Change Log (to be removed by RFC Editor before Appendix E. Change Log . . . . . . . . . . . . . . . . . . . . . 14
publication) . . . . . . . . . . . . . . . . . . . . 14 E.1. Since draft-reschke-http-jfv-00 . . . . . . . . . . . . . 14
E.1. Since draft-reschke-http-jfv-00 . . . . . . . . . . . . . 15 E.2. Since draft-reschke-http-jfv-01 . . . . . . . . . . . . . 14
E.2. Since draft-reschke-http-jfv-01 . . . . . . . . . . . . . 15 E.3. Since draft-reschke-http-jfv-02 . . . . . . . . . . . . . 14
E.3. Since draft-reschke-http-jfv-02 . . . . . . . . . . . . . 15
E.4. Since draft-reschke-http-jfv-03 . . . . . . . . . . . . . 15 E.4. Since draft-reschke-http-jfv-03 . . . . . . . . . . . . . 15
E.5. Since draft-reschke-http-jfv-04 . . . . . . . . . . . . . 15 E.5. Since draft-reschke-http-jfv-04 . . . . . . . . . . . . . 15
E.6. Since draft-ietf-httpbis-jfv-00 . . . . . . . . . . . . . 15 E.6. Since draft-ietf-httpbis-jfv-00 . . . . . . . . . . . . . 15
E.7. Since draft-ietf-httpbis-jfv-01 . . . . . . . . . . . . . 15 E.7. Since draft-ietf-httpbis-jfv-01 . . . . . . . . . . . . . 15
E.8. Since draft-ietf-httpbis-jfv-02 . . . . . . . . . . . . . 15 E.8. Since draft-ietf-httpbis-jfv-02 . . . . . . . . . . . . . 15
E.9. Since draft-reschke-http-jfv-05 . . . . . . . . . . . . . 16 E.9. Since draft-reschke-http-jfv-05 . . . . . . . . . . . . . 15
E.10. Since draft-reschke-http-jfv-06 . . . . . . . . . . . . . 16 E.10. Since draft-reschke-http-jfv-06 . . . . . . . . . . . . . 15
E.11. Since draft-reschke-http-jfv-07 . . . . . . . . . . . . . 16 E.11. Since draft-reschke-http-jfv-07 . . . . . . . . . . . . . 15
E.12. Since draft-reschke-http-jfv-08 . . . . . . . . . . . . . 16 E.12. Since draft-reschke-http-jfv-08 . . . . . . . . . . . . . 16
E.13. Since draft-reschke-http-jfv-09 . . . . . . . . . . . . . 16
Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 16 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 16
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 16 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 16
1. Introduction 1. Introduction
Defining syntax for new HTTP header fields ([RFC7230], Section 3.2) Defining syntax for new HTTP header fields ([RFC7230], Section 3.2)
is non-trivial. Among the commonly encountered problems are: is non-trivial. Among the commonly encountered problems are:
o There is no common syntax for complex field values. Several well- * There is no common syntax for complex field values. Several well-
known header fields do use a similarly looking syntax, but it is known header fields do use a similarly looking syntax, but it is
hard to write generic parsing code that will both correctly handle hard to write generic parsing code that will both correctly handle
valid field values but also reject invalid ones. valid field values but also reject invalid ones.
o The HTTP message format allows header fields to repeat, so field * The HTTP message format allows header fields to repeat, so field
syntax needs to be designed in a way that these cases are either syntax needs to be designed in a way that these cases are either
meaningful, or can be unambiguously detected and rejected. meaningful, or can be unambiguously detected and rejected.
o HTTP/1.1 does not define a character encoding scheme ([RFC6365], * HTTP/1.1 does not define a character encoding scheme ([RFC6365],
Section 2), so header fields are either stuck with US-ASCII Section 2), so header fields are either stuck with US-ASCII
([RFC0020]), or need out-of-band information to decide what ([RFC0020]), or need out-of-band information to decide what
encoding scheme is used. Furthermore, APIs usually assume a encoding scheme is used. Furthermore, APIs usually assume a
default encoding scheme in order to map from octet sequences to default encoding scheme in order to map from octet sequences to
strings (for instance, [XMLHttpRequest] uses the IDL type strings (for instance, [XMLHttpRequest] uses the IDL type
"ByteString", effectively resulting in the ISO-8859-1 character "ByteString", effectively resulting in the ISO-8859-1 character
encoding scheme [ISO-8859-1] being used). encoding scheme [ISO-8859-1] being used).
(See Section 8.3.1 of [RFC7231] for a summary of considerations for (See Section 8.3.1 of [RFC7231] for a summary of considerations for
new header fields.) new header fields.)
This specification addresses the issues listed above by defining both This specification addresses the issues listed above by defining both
a generic JSON-based ([RFC8259]) data model and a concrete wire a generic JSON-based ([RFC8259]) data model and a concrete wire
format that can be used in definitions of new header fields, where format that can be used in definitions of new header fields, where
the goals were: the goals were:
o to be compatible with header field recombination when fields occur * to be compatible with header field recombination when fields occur
multiple times in a single message (Section 3.2.2 of [RFC7230]), multiple times in a single message (Section 3.2.2 of [RFC7230]),
and and
o not to use any problematic characters in the field value (non- * not to use any problematic characters in the field value (non-
ASCII characters and certain whitespace characters). ASCII characters and certain whitespace characters).
Note: [HSTRUCT], a work item of the IETF HTTP Working Group, is a | *Note:*[HSTRUCT], a work item of the IETF HTTP Working Group,
different attempt to address this set of problems -- it tries to | is a different attempt to address this set of problems -- it
identify and formalize common field structures in existing header | tries to identify and formalize common field structures in
fields; the syntax defined over there would usually lead to a more | existing header fields; the syntax defined over there would
compact notation. | usually lead to a more compact notation.
2. Data Model and Format 2. Data Model and Format
In HTTP, header fields with the same field name can occur multiple In HTTP, header fields with the same field name can occur multiple
times within a single message (Section 3.2.2 of [RFC7230]). When times within a single message (Section 3.2.2 of [RFC7230]). When
this happens, recipients are allowed to combine the field values this happens, recipients are allowed to combine the field values
using commas as delimiter. This rule matches nicely JSON's array using commas as delimiter. This rule matches nicely JSON's array
format (Section 5 of [RFC8259]). Thus, the basic data model used format (Section 5 of [RFC8259]). Thus, the basic data model used
here is the JSON array. here is the JSON array.
skipping to change at page 4, line 37 skipping to change at page 4, line 37
JSON arrays are mapped to field values by creating a sequence of JSON arrays are mapped to field values by creating a sequence of
serialized member elements, separated by commas and optionally serialized member elements, separated by commas and optionally
whitespace. This is equivalent to using the full JSON array format, whitespace. This is equivalent to using the full JSON array format,
while leaving out the "begin-array" ('[') and "end-array" (']') while leaving out the "begin-array" ('[') and "end-array" (']')
delimiters. delimiters.
The ABNF character names and classes below are used (copied from The ABNF character names and classes below are used (copied from
[RFC5234], Appendix B.1): [RFC5234], Appendix B.1):
CR = %x0D ; carriage return CR = %x0D ; carriage return HTAB = %x09 ; horizontal tab LF = %x0A ; line feed SP = %x20 ; space VCHAR = %x21-7E ; visible (printing) characters
HTAB = %x09 ; horizontal tab
LF = %x0A ; line feed
SP = %x20 ; space
VCHAR = %x21-7E ; visible (printing) characters
Characters in JSON strings that are not allowed or discouraged in Characters in JSON strings that are not allowed or discouraged in
HTTP header field values -- that is, not in the "VCHAR" definition -- HTTP header field values -- that is, not in the "VCHAR" definition --
need to be represented using JSON's "backslash" escaping mechanism need to be represented using JSON's "backslash" escaping mechanism
([RFC8259], Section 7). ([RFC8259], Section 7).
The control characters CR, LF, and HTAB do not appear inside JSON The control characters CR, LF, and HTAB do not appear inside JSON
strings, but can be used outside (line breaks, indentation etc.). strings, but can be used outside (line breaks, indentation etc.).
These characters need to be either stripped or replaced by space These characters need to be either stripped or replaced by space
characters (ABNF "SP"). characters (ABNF "SP").
Formally, using the HTTP specification's ABNF extensions defined in Formally, using the HTTP specification's ABNF extensions defined in
Section 7 of [RFC7230]: Section 7 of [RFC7230]:
json-field-value = #json-field-item json-field-value = #json-field-item json-field-item = JSON-Text ; see [RFC8259], Section 2, ; post-processed so that only VCHAR characters ; are used
json-field-item = JSON-Text
; see [RFC8259], Section 2,
; post-processed so that only VCHAR characters
; are used
3. Sender Requirements 3. Sender Requirements
To map a JSON array to an HTTP header field value, process each array To map a JSON array to an HTTP header field value, process each array
element separately by: element separately by:
1. generating the JSON representation, 1. generating the JSON representation,
2. stripping all JSON control characters (CR, HTAB, LF), or 2. stripping all JSON control characters (CR, HTAB, LF), or
replacing them by space ("SP") characters, replacing them by space ("SP") characters,
skipping to change at page 8, line 10 skipping to change at page 7, line 49
[RFC0020] Cerf, V., "ASCII format for network interchange", STD 80, [RFC0020] Cerf, V., "ASCII format for network interchange", STD 80,
RFC 20, DOI 10.17487/RFC0020, October 1969, RFC 20, DOI 10.17487/RFC0020, October 1969,
<https://www.rfc-editor.org/info/rfc20>. <https://www.rfc-editor.org/info/rfc20>.
[RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax [RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax
Specifications: ABNF", STD 68, RFC 5234, Specifications: ABNF", STD 68, RFC 5234,
DOI 10.17487/RFC5234, January 2008, DOI 10.17487/RFC5234, January 2008,
<https://www.rfc-editor.org/info/rfc5234>. <https://www.rfc-editor.org/info/rfc5234>.
[RFC7230] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer [RFC7230] Fielding, R., Ed. and J. F. Reschke, Ed., "Hypertext
Protocol (HTTP/1.1): Message Syntax and Routing", Transfer Protocol (HTTP/1.1): Message Syntax and Routing",
RFC 7230, DOI 10.17487/RFC7230, June 2014, RFC 7230, DOI 10.17487/RFC7230, June 2014,
<https://www.rfc-editor.org/info/rfc7230>. <https://www.rfc-editor.org/info/rfc7230>.
[RFC7231] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer [RFC7231] Fielding, R., Ed. and J. F. Reschke, Ed., "Hypertext
Protocol (HTTP/1.1): Semantics and Content", RFC 7231, Transfer Protocol (HTTP/1.1): Semantics and Content",
DOI 10.17487/RFC7231, June 2014, RFC 7231, DOI 10.17487/RFC7231, June 2014,
<https://www.rfc-editor.org/info/rfc7231>. <https://www.rfc-editor.org/info/rfc7231>.
[RFC7493] Bray, T., Ed., "The I-JSON Message Format", RFC 7493, [RFC7493] Bray, T., Ed., "The I-JSON Message Format", RFC 7493,
DOI 10.17487/RFC7493, March 2015, DOI 10.17487/RFC7493, March 2015,
<https://www.rfc-editor.org/info/rfc7493>. <https://www.rfc-editor.org/info/rfc7493>.
[RFC8259] Bray, T., Ed., "The JavaScript Object Notation (JSON) Data [RFC8259] Bray, T., Ed., "The JavaScript Object Notation (JSON) Data
Interchange Format", RFC 8259, DOI 10.17487/RFC8259, Interchange Format", RFC 8259, DOI 10.17487/RFC8259,
December 2017, <https://www.rfc-editor.org/info/rfc8259>. December 2017, <https://www.rfc-editor.org/info/rfc8259>.
10.2. Informative References 10.2. Informative References
[CLEARSITE] [CLEARSITE]
West, M., "Clear Site Data", W3C Working Draft WD-clear- West, M., "Clear Site Data", W3C Working Draft WD-clear-
site-data-20171130, November 2017, site-data-20171130, 30 November 2017,
<https://www.w3.org/TR/2017/WD-clear-site-data-20171130/>. <https://www.w3.org/TR/2017/WD-clear-site-data-20171130/>.
Latest version available at https://www.w3.org/TR/clear-
site-data/.
Latest version available at <https://www.w3.org/TR/clear- [ECMA-262] Ecma International, "ECMA-262 6th Edition, The ECMAScript
site-data/>.
[ECMA-262]
Ecma International, "ECMA-262 6th Edition, The ECMAScript
2015 Language Specification", Standard ECMA-262, June 2015 Language Specification", Standard ECMA-262, June
2015, <http://www.ecma-international.org/ecma-262/6.0/>. 2015, <http://www.ecma-international.org/ecma-262/6.0/>.
[FEATUREPOL] [FEATUREPOL]
Clelland, I., "Feature Policy", W3C Draft Community Group Clelland, I., "Feature Policy", W3C Draft Community Group
Report , June 2018, Report , 3 October 2019,
<https://wicg.github.io/feature-policy/>. <https://wicg.github.io/feature-policy/>.
[HSTRUCT] Nottingham, M. and P-H. Kamp, "Structured Headers for [HSTRUCT] Nottingham, M. and P-H. Kamp, "Structured Headers for
HTTP", draft-ietf-httpbis-header-structure-07 (work in HTTP", Internet-Draft, draft-ietf-httpbis-header-
progress), July 2018. structure-13, August 2019,
<https://tools.ietf.org/html/draft-ietf-httpbis-header-
structure-13>.
[ISO-8859-1] [ISO-8859-1]
International Organization for Standardization, International Organization for Standardization,
"Information technology -- 8-bit single-byte coded graphic "Information technology -- 8-bit single-byte coded graphic
character sets -- Part 1: Latin alphabet No. 1", ISO/ character sets -- Part 1: Latin alphabet No. 1", ISO/
IEC 8859-1:1998, 1998. IEC 8859-1:1998, 1998.
[KEY] Fielding, R. and M. Nottingham, "The Key HTTP Response [KEY] Fielding, R. and M. Nottingham, "The Key HTTP Response
Header Field", draft-ietf-httpbis-key-01 (work in Header Field", Internet-Draft, draft-ietf-httpbis-key-01,
progress), March 2016. March 2016,
<https://tools.ietf.org/html/draft-ietf-httpbis-key-01>.
[REPORTING] [REPORTING]
Grigorik, I. and M. West, "Reporting API 1", W3C Group Creager, D., Grigorik, I., Meyer, P., and M. West,
Note NOTE-reporting-1-20160607, June 2016, "Reporting API", W3C Working Draft WD-reporting-
<http://www.w3.org/TR/2016/NOTE-reporting-1-20160607/>. 1-20180925, 25 September 2018,
<https://www.w3.org/TR/2018/WD-reporting-1-20180925/>.
Latest version available at <http://www.w3.org/TR/ Latest version available at https://www.w3.org/TR/
reporting-1/>. reporting-1/.
[RFC6266] Reschke, J., "Use of the Content-Disposition Header Field [RFC6266] Reschke, J. F., "Use of the Content-Disposition Header
in the Hypertext Transfer Protocol (HTTP)", RFC 6266, Field in the Hypertext Transfer Protocol (HTTP)",
DOI 10.17487/RFC6266, June 2011, RFC 6266, DOI 10.17487/RFC6266, June 2011,
<https://www.rfc-editor.org/info/rfc6266>. <https://www.rfc-editor.org/info/rfc6266>.
[RFC6365] Hoffman, P. and J. Klensin, "Terminology Used in [RFC6365] Hoffman, P. and J. Klensin, "Terminology Used in
Internationalization in the IETF", BCP 166, RFC 6365, Internationalization in the IETF", BCP 166, RFC 6365,
DOI 10.17487/RFC6365, September 2011, DOI 10.17487/RFC6365, September 2011,
<https://www.rfc-editor.org/info/rfc6365>. <https://www.rfc-editor.org/info/rfc6365>.
[RFC7235] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer [RFC7235] Fielding, R., Ed. and J. F. Reschke, Ed., "Hypertext
Protocol (HTTP/1.1): Authentication", RFC 7235, Transfer Protocol (HTTP/1.1): Authentication", RFC 7235,
DOI 10.17487/RFC7235, June 2014, DOI 10.17487/RFC7235, June 2014,
<https://www.rfc-editor.org/info/rfc7235>. <https://www.rfc-editor.org/info/rfc7235>.
[RFC8187] Reschke, J., "Indicating Character Encoding and Language [RFC8187] Reschke, J. F., "Indicating Character Encoding and
for HTTP Header Field Parameters", RFC 8187, Language for HTTP Header Field Parameters", RFC 8187,
DOI 10.17487/RFC8187, September 2017, DOI 10.17487/RFC8187, September 2017,
<https://www.rfc-editor.org/info/rfc8187>. <https://www.rfc-editor.org/info/rfc8187>.
[XMLHttpRequest] [XMLHttpRequest]
WhatWG, "XMLHttpRequest", <https://xhr.spec.whatwg.org/>. WhatWG, "XMLHttpRequest", October 2019,
<https://xhr.spec.whatwg.org/>.
10.3. URIs
[1] mailto:ietf-http-wg@w3.org
[2] mailto:ietf-http-wg-request@w3.org?subject=subscribe
Appendix A. Examples Appendix A. Examples
This section shows how some of the existing HTTP header fields would This section shows how some of the existing HTTP header fields would
look like if they would use the format defined by this specification. look like if they would use the format defined by this specification.
A.1. Content-Length A.1. Content-Length
"Content-Length" is defined in Section 3.3.2 of [RFC7230], with the "Content-Length" is defined in Section 3.3.2 of [RFC7230], with the
field value's ABNF being: field value's ABNF being:
Content-Length = 1*DIGIT Content-Length = 1*DIGIT
So the field value is similar to a JSON number ([RFC8259], So the field value is similar to a JSON number ([RFC8259],
Section 6). Section 6).
Content-Length is restricted to a single field instance, as it Content-Length is restricted to a single field instance, as it
doesn't use the list production (as per Section 3.2.2 of [RFC7230]). doesn't use the list production (as per Section 3.2.2 of [RFC7230]).
However, in practice multiple instances do occur, and the definition However, in practice multiple instances do occur, and the definition
of the header field does indeed discuss how to handle these cases. of the header field does indeed discuss how to handle these cases.
If Content-Length was defined using the JSON format discussed here, If Content-Length was defined using the JSON format discussed here,
the ABNF would be something like: the ABNF would be something like:
Content-Length = #number Content-Length = #number ; number: [RFC8259], Section 6
; number: [RFC8259], Section 6
...and the prose definition would: ...and the prose definition would:
o restrict all numbers to be non-negative integers without * restrict all numbers to be non-negative integers without
fractions, and fractions, and
o require that the array of values is of length 1 (but allow the * require that the array of values is of length 1 (but allow the
case where the array is longer, but all members represent the same case where the array is longer, but all members represent the same
value) value)
A.2. Content-Disposition A.2. Content-Disposition
Content-Disposition field values, defined in [RFC6266], consist of a Content-Disposition field values, defined in [RFC6266], consist of a
"disposition type" (a string), plus multiple parameters, of which at "disposition type" (a string), plus multiple parameters, of which at
least one ("filename") sometime needs to carry non-ASCII characters. least one ("filename") sometime needs to carry non-ASCII characters.
For instance, the first example in Section 5 of [RFC6266]: For instance, the first example in Section 5 of [RFC6266]:
skipping to change at page 11, line 22 skipping to change at page 11, line 7
{ "Attachment": { "filename" : "example.html" } } { "Attachment": { "filename" : "example.html" } }
The third example in Section 5 of [RFC6266] uses a filename parameter The third example in Section 5 of [RFC6266] uses a filename parameter
containing non-US-ASCII characters: containing non-US-ASCII characters:
attachment; filename*=UTF-8''%e2%82%ac%20rates attachment; filename*=UTF-8''%e2%82%ac%20rates
Note that in this case, the "filename*" parameter uses the encoding Note that in this case, the "filename*" parameter uses the encoding
defined in [RFC8187], representing a filename starting with the defined in [RFC8187], representing a filename starting with the
Unicode character U+20AC (EURO SIGN), followed by " rates". If the Unicode character "€" (EURO SIGN, U+20AC), followed by " rates". If
definition of Content-Disposition would have used the format proposed the definition of Content-Disposition would have used the format
here, the workaround involving the "parameter*" syntax would not have proposed here, the workaround involving the "parameter*" syntax would
been needed at all. not have been needed at all.
The JSON representation of this value could then be: The JSON representation of this value could then be:
{ "attachment": { "filename" : "\u20AC rates" } } { "attachment": { "filename" : "\u20AC rates" } }
A.3. WWW-Authenticate A.3. WWW-Authenticate
The WWW-Authenticate header field value is defined in Section 4.1 of The WWW-Authenticate header field value is defined in Section 4.1 of
[RFC7235] as a list of "challenges": [RFC7235] as a list of "challenges":
skipping to change at page 12, line 32 skipping to change at page 12, line 17
{ "Newauth" : { "realm": "apps", "type" : 1, { "Newauth" : { "realm": "apps", "type" : 1,
"title": "Login to \"apps\"" }}, "title": "Login to \"apps\"" }},
{ "Basic" : { "realm": "simple"}} { "Basic" : { "realm": "simple"}}
A.4. Accept-Encoding A.4. Accept-Encoding
The Accept-Encoding header field value is defined in Section 5.3.4 of The Accept-Encoding header field value is defined in Section 5.3.4 of
[RFC7231] as a list of codings, each of which allowing a weight [RFC7231] as a list of codings, each of which allowing a weight
parameter 'q': parameter 'q':
Accept-Encoding = #( codings [ weight ] ) Accept-Encoding = #( codings [ weight ] ) codings = content-coding / "identity" / "*" weight = OWS ";" OWS "q=" qvalue qvalue = ( "0" [ "." 0*3DIGIT ] ) / ( "1" [ "." 0*3("0") ] )
codings = content-coding / "identity" / "*"
weight = OWS ";" OWS "q=" qvalue
qvalue = ( "0" [ "." 0*3DIGIT ] )
/ ( "1" [ "." 0*3("0") ] )
An example for a complex header field value given in the definition An example for a complex header field value given in the definition
of the header field is: of the header field is:
gzip;q=1.0, identity; q=0.5, *;q=0 gzip;q=1.0, identity; q=0.5, *;q=0
Due to the defaulting rules for the quality value ([RFC7231], Due to the defaulting rules for the quality value ([RFC7231],
Section 5.3.1), this could also be written as: Section 5.3.1), this could also be written as:
gzip, identity; q=0.5, *; q=0 gzip, identity; q=0.5, *; q=0
skipping to change at page 13, line 49 skipping to change at page 13, line 28
"gzip", "deflate" "gzip", "deflate"
which would be only a small overhead over the original format. which would be only a small overhead over the original format.
Appendix B. Use of JSON Field Value Encoding in the Wild Appendix B. Use of JSON Field Value Encoding in the Wild
Since work started on this document, various specifications have Since work started on this document, various specifications have
adopted this format. At least one of these moved away after the HTTP adopted this format. At least one of these moved away after the HTTP
Working Group decided to focus on [HSTRUCT] (see thread starting at Working Group decided to focus on [HSTRUCT] (see thread starting at
<https://lists.w3.org/Archives/Public/ietf-http- https://lists.w3.org/Archives/Public/ietf-http-
wg/2016OctDec/0505.html>). wg/2016OctDec/0505.html).
The sections below summarize the current usage of this format. The sections below summarize the current usage of this format.
B.1. W3C Reporting API Specification B.1. W3C Reporting API Specification
Defined in W3C Note "Reporting API 1" (Section 3.1 of [REPORTING]). Defined in W3C Working Draft "Reporting API" (Section 3.1 of
Still in use in latest editor copy as of June 2017. [REPORTING]). Still in use in latest working draft dated September
2018.
B.2. W3C Clear Site Data Specification B.2. W3C Clear Site Data Specification
Used in earlier versions of "Clear Site Data". The current version Used in earlier versions of "Clear Site Data". The current version
replaces the use of JSON with a custom syntax that happens to be replaces the use of JSON with a custom syntax that happens to be
somewhat compatible with an array of JSON strings (see Section 3.1 of somewhat compatible with an array of JSON strings (see Section 3.1 of
[CLEARSITE] and <https://lists.w3.org/Archives/Public/ietf-http- [CLEARSITE] and https://lists.w3.org/Archives/Public/ietf-http-
wg/2017AprJun/0214.html> for feedback). wg/2017AprJun/0214.html for feedback).
B.3. W3C Feature Policy Specification B.3. W3C Feature Policy Specification
Originally defined in W3C Draft Community Group Report "Feature Originally defined in W3C Draft Community Group Report "Feature
Policy" ([FEATUREPOL]), but now replaced with a custom syntax (see Policy" ([FEATUREPOL]), but now replaced with a custom syntax (see
<https://github.com/WICG/feature-policy/pull/83>). https://github.com/WICG/feature-policy/pull/83).
Appendix C. Relation to HTTP 'Key' Header Field Appendix C. Relation to HTTP 'Key' Header Field
[KEY] aims to improve the cacheability of responses that vary based [KEY] aims to improve the cacheability of responses that vary based
on certain request header fields, addressing lack of granularity in on certain request header fields, addressing lack of granularity in
the existing "Vary" response header field ([RFC7231], Section 7.1.4). the existing "Vary" response header field ([RFC7231], Section 7.1.4).
If the JSON-based format described by this document gains popularity, If the JSON-based format described by this document gains popularity,
it might be useful to add a JSON-aware "Key Parameter" (see it might be useful to add a JSON-aware "Key Parameter" (see
Section 2.3 of [KEY]). Section 2.3 of [KEY]).
Appendix D. Discussion Appendix D. Discussion
This approach uses a default of "JSON array", using implicit array This approach uses a default of "JSON array", using implicit array
markers. An alternative would be a default of "JSON object". This markers. An alternative would be a default of "JSON object". This
would simplify the syntax for non-list-typed header fields, but all would simplify the syntax for non-list-typed header fields, but all
the benefits of having the same data model for both types of header the benefits of having the same data model for both types of header
fields would be gone. A hybrid approach might make sense, as long as fields would be gone. A hybrid approach might make sense, as long as
it doesn't require any heuristics on the recipient's side. it doesn't require any heuristics on the recipient's side.
Note: a concrete proposal was made by Kazuho Oku in | *Note:* a concrete proposal was made by Kazuho Oku in
<https://lists.w3.org/Archives/Public/ietf-http- | https://lists.w3.org/Archives/Public/ietf-http-
wg/2016JanMar/0155.html>. | wg/2016JanMar/0155.html.
[[CREF1: Use of generic libs vs compactness of field values..]] // Use of generic libs vs compactness of field values..
Appendix E. Change Log
This section is to be removed before publishing as an RFC.
Appendix E. Change Log (to be removed by RFC Editor before publication)
E.1. Since draft-reschke-http-jfv-00 E.1. Since draft-reschke-http-jfv-00
Editorial fixes + working on the TODOs. Editorial fixes + working on the TODOs.
E.2. Since draft-reschke-http-jfv-01 E.2. Since draft-reschke-http-jfv-01
Mention slightly increased risk of smuggling information in header Mention slightly increased risk of smuggling information in header
field values. field values.
E.3. Since draft-reschke-http-jfv-02 E.3. Since draft-reschke-http-jfv-02
skipping to change at page 15, line 29 skipping to change at page 15, line 12
Expand I18N section. Expand I18N section.
E.4. Since draft-reschke-http-jfv-03 E.4. Since draft-reschke-http-jfv-03
Mention relation to KEY header field. Mention relation to KEY header field.
E.5. Since draft-reschke-http-jfv-04 E.5. Since draft-reschke-http-jfv-04
Between June and December 2016, this was a work item of the HTTP Between June and December 2016, this was a work item of the HTTP
working group (see <https://datatracker.ietf.org/doc/draft-ietf- working group (see https://datatracker.ietf.org/doc/draft-ietf-
httpbis-jfv/>). Work (if any) continues now on httpbis-jfv/). Work (if any) continues now on
<https://datatracker.ietf.org/doc/draft-reschke-http-jfv/>. https://datatracker.ietf.org/doc/draft-reschke-http-jfv/.
Changes made while this was a work item of the HTTP Working Group: Changes made while this was a work item of the HTTP Working Group:
E.6. Since draft-ietf-httpbis-jfv-00 E.6. Since draft-ietf-httpbis-jfv-00
Added example for "Accept-Encoding" (inspired by Kazuho's feedback), Added example for "Accept-Encoding" (inspired by Kazuho's feedback),
showing a potential way to optimize the format when default values showing a potential way to optimize the format when default values
apply. apply.
E.7. Since draft-ietf-httpbis-jfv-01 E.7. Since draft-ietf-httpbis-jfv-01
Add interop discussion, building on I-JSON and ECMA-262 (see Add interop discussion, building on I-JSON and ECMA-262 (see
<https://github.com/httpwg/http-extensions/issues/225>). https://github.com/httpwg/http-extensions/issues/225).
E.8. Since draft-ietf-httpbis-jfv-02 E.8. Since draft-ietf-httpbis-jfv-02
Move non-essential parts into appendix. Move non-essential parts into appendix.
Updated XHR reference. Updated XHR reference.
E.9. Since draft-reschke-http-jfv-05 E.9. Since draft-reschke-http-jfv-05
Add meat to "Using this Format in Header Field Definitions". Add meat to "Using this Format in Header Field Definitions".
skipping to change at page 16, line 31 skipping to change at page 16, line 13
Update JSON and HSTRUCT references. Update JSON and HSTRUCT references.
FEATUREPOL doesn't use JSON syntax anymore. FEATUREPOL doesn't use JSON syntax anymore.
E.12. Since draft-reschke-http-jfv-08 E.12. Since draft-reschke-http-jfv-08
Update HSTRUCT reference. Update HSTRUCT reference.
Update notes about CLEARSITE and FEATUREPOL. Update notes about CLEARSITE and FEATUREPOL.
E.13. Since draft-reschke-http-jfv-09
Update HSTRUCT and FEATUREPOL references.
Update note about REPORTING.
Changed category to "informational".
Acknowledgements Acknowledgements
Thanks go to the Hypertext Transfer Protocol Working Group Thanks go to the Hypertext Transfer Protocol Working Group
participants. participants.
Author's Address Author's Address
Julian F. Reschke Julian F. Reschke
greenbytes GmbH greenbytes GmbH
Hafenweg 16 Hafenweg 16
Muenster, NW 48155 48155 Münster
Germany Germany
EMail: julian.reschke@greenbytes.de Email: julian.reschke@greenbytes.de
URI: http://greenbytes.de/tech/webdav/ URI: http://greenbytes.de/tech/webdav/
 End of changes. 56 change blocks. 
125 lines changed or deleted 122 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/