* WGs marked with an * asterisk has had at least one new draft made available during the last 5 days

Changeset 987


Ignore:
Timestamp:
2010-09-03 07:48:02 (4 years ago)
Author:
julian.reschke@gmx.de
Message:

Remove Content-Disposition (now draft-ietf-httpbis-content-disp) (see #123)

Location:
draft-ietf-httpbis/latest
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • draft-ietf-httpbis/latest/p3-payload.html

    r981 r987  
    402402      <meta name="dct.creator" content="Reschke, J. F."> 
    403403      <meta name="dct.identifier" content="urn:ietf:id:draft-ietf-httpbis-p3-payload-latest"> 
    404       <meta name="dct.issued" scheme="ISO8601" content="2010-09-01"> 
     404      <meta name="dct.issued" scheme="ISO8601" content="2010-09-03"> 
    405405      <meta name="dct.replaces" content="urn:ietf:rfc:2616"> 
    406406      <meta name="dct.abstract" content="The Hypertext Transfer Protocol (HTTP) is an application-level protocol for distributed, collaborative, hypermedia information systems. HTTP has been in use by the World Wide Web global information initiative since 1990. This document is Part 3 of the seven-part specification that defines the protocol referred to as &#34;HTTP/1.1&#34; and, taken together, obsoletes RFC 2616. Part 3 defines HTTP message content, metadata, and content negotiation."> 
     
    428428            </tr> 
    429429            <tr> 
    430                <td class="left">Expires: March 5, 2011</td> 
     430               <td class="left">Expires: March 7, 2011</td> 
    431431               <td class="right">J. Mogul</td> 
    432432            </tr> 
     
    485485            <tr> 
    486486               <td class="left"></td> 
    487                <td class="right">September 1, 2010</td> 
     487               <td class="right">September 3, 2010</td> 
    488488            </tr> 
    489489         </tbody> 
     
    511511         in progress”. 
    512512      </p> 
    513       <p>This Internet-Draft will expire on March 5, 2011.</p> 
     513      <p>This Internet-Draft will expire on March 7, 2011.</p> 
    514514      <h1><a id="rfc.copyrightnotice" href="#rfc.copyrightnotice">Copyright Notice</a></h1> 
    515515      <p>Copyright © 2010 IETF Trust and the persons identified as the document authors. All rights reserved.</p> 
     
    590590         <li class="tocline0">8.&nbsp;&nbsp;&nbsp;<a href="#security.considerations">Security Considerations</a><ul class="toc"> 
    591591               <li class="tocline1">8.1&nbsp;&nbsp;&nbsp;<a href="#privacy.issues.connected.to.accept.headers">Privacy Issues Connected to Accept Headers</a></li> 
    592                <li class="tocline1">8.2&nbsp;&nbsp;&nbsp;<a href="#content-disposition.issues">Content-Disposition Issues</a></li> 
    593592            </ul> 
    594593         </li> 
     
    610609            </ul> 
    611610         </li> 
    612          <li class="tocline0">B.&nbsp;&nbsp;&nbsp;<a href="#additional.features">Additional Features</a><ul class="toc"> 
    613                <li class="tocline1">B.1&nbsp;&nbsp;&nbsp;<a href="#content-disposition">Content-Disposition</a></li> 
    614             </ul> 
    615          </li> 
     611         <li class="tocline0">B.&nbsp;&nbsp;&nbsp;<a href="#additional.features">Additional Features</a></li> 
    616612         <li class="tocline0">C.&nbsp;&nbsp;&nbsp;<a href="#changes.from.rfc.2616">Changes from RFC 2616</a></li> 
    617613         <li class="tocline0">D.&nbsp;&nbsp;&nbsp;<a href="#collected.abnf">Collected ABNF</a></li> 
     
    673669      <p id="rfc.section.1.3.1.p.1">The core rules below are defined in <a href="p1-messaging.html#basic.rules" title="Basic Rules">Section 1.2.2</a> of <a href="#Part1" id="rfc.xref.Part1.2"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>: 
    674670      </p> 
    675       <div id="rfc.figure.u.1"></div><pre class="inline">  <a href="#core.rules" class="smpl">quoted-string</a>  = &lt;quoted-string, defined in <a href="#Part1" id="rfc.xref.Part1.3"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>, <a href="p1-messaging.html#basic.rules" title="Basic Rules">Section 1.2.2</a>&gt; 
    676   <a href="#core.rules" class="smpl">token</a>          = &lt;token, defined in <a href="#Part1" id="rfc.xref.Part1.4"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>, <a href="p1-messaging.html#basic.rules" title="Basic Rules">Section 1.2.2</a>&gt; 
    677   <a href="#core.rules" class="smpl">word</a>           = &lt;word, defined in <a href="#Part1" id="rfc.xref.Part1.5"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>, <a href="p1-messaging.html#basic.rules" title="Basic Rules">Section 1.2.2</a>&gt; 
    678   <a href="#core.rules" class="smpl">OWS</a>            = &lt;OWS, defined in <a href="#Part1" id="rfc.xref.Part1.6"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>, <a href="p1-messaging.html#basic.rules" title="Basic Rules">Section 1.2.2</a>&gt; 
     671      <div id="rfc.figure.u.1"></div><pre class="inline">  <a href="#core.rules" class="smpl">token</a>          = &lt;token, defined in <a href="#Part1" id="rfc.xref.Part1.3"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>, <a href="p1-messaging.html#basic.rules" title="Basic Rules">Section 1.2.2</a>&gt; 
     672  <a href="#core.rules" class="smpl">word</a>           = &lt;word, defined in <a href="#Part1" id="rfc.xref.Part1.4"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>, <a href="p1-messaging.html#basic.rules" title="Basic Rules">Section 1.2.2</a>&gt; 
     673  <a href="#core.rules" class="smpl">OWS</a>            = &lt;OWS, defined in <a href="#Part1" id="rfc.xref.Part1.5"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>, <a href="p1-messaging.html#basic.rules" title="Basic Rules">Section 1.2.2</a>&gt; 
    679674</pre><h3 id="rfc.section.1.3.2"><a href="#rfc.section.1.3.2">1.3.2</a>&nbsp;<a id="abnf.dependencies" href="#abnf.dependencies">ABNF Rules defined in other Parts of the Specification</a></h3> 
    680675      <p id="rfc.section.1.3.2.p.1">The ABNF rules below are defined in other parts:</p> 
    681       <div id="rfc.figure.u.2"></div><pre class="inline">  <a href="#abnf.dependencies" class="smpl">absolute-URI</a>   = &lt;absolute-URI, defined in <a href="#Part1" id="rfc.xref.Part1.7"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>, <a href="p1-messaging.html#uri" title="Uniform Resource Identifiers">Section 2.6</a>&gt; 
    682   <a href="#abnf.dependencies" class="smpl">Content-Length</a> = &lt;Content-Length, defined in <a href="#Part1" id="rfc.xref.Part1.8"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>, <a href="p1-messaging.html#header.content-length" title="Content-Length">Section 9.2</a>&gt; 
    683   <a href="#abnf.dependencies" class="smpl">partial-URI</a>    = &lt;partial-URI, defined in <a href="#Part1" id="rfc.xref.Part1.9"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>, <a href="p1-messaging.html#uri" title="Uniform Resource Identifiers">Section 2.6</a>&gt; 
    684   <a href="#abnf.dependencies" class="smpl">qvalue</a>         = &lt;qvalue, defined in <a href="#Part1" id="rfc.xref.Part1.10"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>, <a href="p1-messaging.html#quality.values" title="Quality Values">Section 6.4</a>&gt; 
     676      <div id="rfc.figure.u.2"></div><pre class="inline">  <a href="#abnf.dependencies" class="smpl">absolute-URI</a>   = &lt;absolute-URI, defined in <a href="#Part1" id="rfc.xref.Part1.6"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>, <a href="p1-messaging.html#uri" title="Uniform Resource Identifiers">Section 2.6</a>&gt; 
     677  <a href="#abnf.dependencies" class="smpl">Content-Length</a> = &lt;Content-Length, defined in <a href="#Part1" id="rfc.xref.Part1.7"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>, <a href="p1-messaging.html#header.content-length" title="Content-Length">Section 9.2</a>&gt; 
     678  <a href="#abnf.dependencies" class="smpl">partial-URI</a>    = &lt;partial-URI, defined in <a href="#Part1" id="rfc.xref.Part1.8"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>, <a href="p1-messaging.html#uri" title="Uniform Resource Identifiers">Section 2.6</a>&gt; 
     679  <a href="#abnf.dependencies" class="smpl">qvalue</a>         = &lt;qvalue, defined in <a href="#Part1" id="rfc.xref.Part1.9"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>, <a href="p1-messaging.html#quality.values" title="Quality Values">Section 6.4</a>&gt; 
    685680</pre><div id="rfc.figure.u.3"></div><pre class="inline">  <a href="#abnf.dependencies" class="smpl">Last-Modified</a>  = &lt;Last-Modified, defined in <a href="#Part4" id="rfc.xref.Part4.1"><cite title="HTTP/1.1, part 4: Conditional Requests">[Part4]</cite></a>, <a href="p4-conditional.html#header.last-modified" title="Last-Modified">Section 6.6</a>&gt; 
    686681</pre><div id="rfc.figure.u.4"></div><pre class="inline">  <a href="#abnf.dependencies" class="smpl">Content-Range</a>  = &lt;Content-Range, defined in <a href="#Part5" id="rfc.xref.Part5.1"><cite title="HTTP/1.1, part 5: Range Requests and Partial Responses">[Part5]</cite></a>, <a href="p5-range.html#header.content-range" title="Content-Range">Section 5.2</a>&gt; 
     
    737732      </p> 
    738733      <ul class="empty"> 
    739          <li>See <a href="p1-messaging.html#compress.coding" title="Compress Coding">Section 6.2.2.1</a> of <a href="#Part1" id="rfc.xref.Part1.11"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>. 
     734         <li>See <a href="p1-messaging.html#compress.coding" title="Compress Coding">Section 6.2.2.1</a> of <a href="#Part1" id="rfc.xref.Part1.10"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>. 
    740735         </li> 
    741736      </ul> 
     
    743738      </p> 
    744739      <ul class="empty"> 
    745          <li>See <a href="p1-messaging.html#deflate.coding" title="Deflate Coding">Section 6.2.2.2</a> of <a href="#Part1" id="rfc.xref.Part1.12"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>. 
     740         <li>See <a href="p1-messaging.html#deflate.coding" title="Deflate Coding">Section 6.2.2.2</a> of <a href="#Part1" id="rfc.xref.Part1.11"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>. 
    746741         </li> 
    747742      </ul> 
     
    749744      </p> 
    750745      <ul class="empty"> 
    751          <li>See <a href="p1-messaging.html#gzip.coding" title="Gzip Coding">Section 6.2.2.3</a> of <a href="#Part1" id="rfc.xref.Part1.13"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>. 
     746         <li>See <a href="p1-messaging.html#gzip.coding" title="Gzip Coding">Section 6.2.2.3</a> of <a href="#Part1" id="rfc.xref.Part1.12"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>. 
    752747         </li> 
    753748      </ul> 
     
    768763         <li>Pointer to specification text</li> 
    769764      </ul> 
    770       <p id="rfc.section.2.2.1.p.3">Names of content codings <em class="bcp14">MUST NOT</em> overlap with names of transfer codings (<a href="p1-messaging.html#transfer.codings" title="Transfer Codings">Section 6.2</a> of <a href="#Part1" id="rfc.xref.Part1.14"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>), unless the encoding transformation is identical (as it is the case for the compression codings defined in <a href="p1-messaging.html#compression.codings" title="Compression Codings">Section 6.2.2</a> of <a href="#Part1" id="rfc.xref.Part1.15"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>). 
     765      <p id="rfc.section.2.2.1.p.3">Names of content codings <em class="bcp14">MUST NOT</em> overlap with names of transfer codings (<a href="p1-messaging.html#transfer.codings" title="Transfer Codings">Section 6.2</a> of <a href="#Part1" id="rfc.xref.Part1.13"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>), unless the encoding transformation is identical (as it is the case for the compression codings defined in <a href="p1-messaging.html#compression.codings" title="Compression Codings">Section 6.2.2</a> of <a href="#Part1" id="rfc.xref.Part1.14"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>). 
    771766      </p> 
    772767      <p id="rfc.section.2.2.1.p.4">Values to be added to this name space require a specification (see "Specification Required" in <a href="http://tools.ietf.org/html/rfc5226#section-4.1">Section 4.1</a> of <a href="#RFC5226" id="rfc.xref.RFC5226.1"><cite title="Guidelines for Writing an IANA Considerations Section in RFCs">[RFC5226]</cite></a>), and <em class="bcp14">MUST</em> conform to the purpose of content coding defined in this section. 
     
    861856         header fields". The following payload header fields are defined by HTTP/1.1: 
    862857      </p> 
    863       <div id="rfc.figure.u.12"></div><pre>   <a href="#abnf.dependencies" class="smpl">Content-Length</a>           ; <a href="#Part1" id="rfc.xref.Part1.16"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>, <a href="p1-messaging.html#header.content-length" title="Content-Length">Section 9.2</a> 
     858      <div id="rfc.figure.u.12"></div><pre>   <a href="#abnf.dependencies" class="smpl">Content-Length</a>           ; <a href="#Part1" id="rfc.xref.Part1.15"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>, <a href="p1-messaging.html#header.content-length" title="Content-Length">Section 9.2</a> 
    864859   <a href="#header.content-md5" class="smpl">Content-MD5</a>              ; <a href="#header.content-md5" id="rfc.xref.header.content-md5.1" title="Content-MD5">Section&nbsp;6.8</a> 
    865860   <a href="#abnf.dependencies" class="smpl">Content-Range</a>            ; <a href="#Part5" id="rfc.xref.Part5.2"><cite title="HTTP/1.1, part 5: Range Requests and Partial Responses">[Part5]</cite></a>, <a href="p5-range.html#header.content-range" title="Content-Range">Section 5.2</a> 
    866861</pre><h2 id="rfc.section.3.2"><a href="#rfc.section.3.2">3.2</a>&nbsp;<a id="payload.body" href="#payload.body">Payload Body</a></h2> 
    867       <p id="rfc.section.3.2.p.1">A payload body is only present in a message when a message-body is present, as described in <a href="p1-messaging.html#message.body" title="Message Body">Section 3.3</a> of <a href="#Part1" id="rfc.xref.Part1.17"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>. The payload body is obtained from the message-body by decoding any Transfer-Encoding that might have been applied to ensure 
     862      <p id="rfc.section.3.2.p.1">A payload body is only present in a message when a message-body is present, as described in <a href="p1-messaging.html#message.body" title="Message Body">Section 3.3</a> of <a href="#Part1" id="rfc.xref.Part1.16"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>. The payload body is obtained from the message-body by decoding any Transfer-Encoding that might have been applied to ensure 
    868863         safe and proper transfer of the message. 
    869864      </p> 
     
    10201015      <p id="rfc.section.6.1.p.4">Each media-range <em class="bcp14">MAY</em> be followed by one or more accept-params, beginning with the "q" parameter for indicating a relative quality factor. The first 
    10211016         "q" parameter (if any) separates the media-range parameter(s) from the accept-params. Quality factors allow the user or user 
    1022          agent to indicate the relative degree of preference for that media-range, using the qvalue scale from 0 to 1 (<a href="p1-messaging.html#quality.values" title="Quality Values">Section 6.4</a> of <a href="#Part1" id="rfc.xref.Part1.18"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>). The default value is q=1. 
     1017         agent to indicate the relative degree of preference for that media-range, using the qvalue scale from 0 to 1 (<a href="p1-messaging.html#quality.values" title="Quality Values">Section 6.4</a> of <a href="#Part1" id="rfc.xref.Part1.17"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>). The default value is q=1. 
    10231018      </p> 
    10241019      <div class="note" id="rfc.section.6.1.p.5">  
     
    11441139      <ol> 
    11451140         <li>If the content-coding is one of the content-codings listed in the Accept-Encoding field, then it is acceptable, unless it 
    1146             is accompanied by a qvalue of 0. (As defined in <a href="p1-messaging.html#quality.values" title="Quality Values">Section 6.4</a> of <a href="#Part1" id="rfc.xref.Part1.19"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>, a qvalue of 0 means "not acceptable".) 
     1141            is accompanied by a qvalue of 0. (As defined in <a href="p1-messaging.html#quality.values" title="Quality Values">Section 6.4</a> of <a href="#Part1" id="rfc.xref.Part1.18"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>, a qvalue of 0 means "not acceptable".) 
    11471142         </li> 
    11481143         <li>The special "*" symbol in an Accept-Encoding field matches any available content-coding not explicitly listed in the header 
     
    12711266  <a href="#header.content-location" class="smpl">Content-Location-v</a> = 
    12721267                    <a href="#abnf.dependencies" class="smpl">absolute-URI</a> / <a href="#abnf.dependencies" class="smpl">partial-URI</a> 
    1273 </pre><p id="rfc.section.6.7.p.3">The Content-Location value is not a replacement for the effective Request URI (<a href="p1-messaging.html#effective.request.uri" title="Effective Request URI">Section 4.3</a> of <a href="#Part1" id="rfc.xref.Part1.20"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>). It is representation metadata. It has the same syntax and semantics as the header field of the same name defined for MIME 
     1268</pre><p id="rfc.section.6.7.p.3">The Content-Location value is not a replacement for the effective Request URI (<a href="p1-messaging.html#effective.request.uri" title="Effective Request URI">Section 4.3</a> of <a href="#Part1" id="rfc.xref.Part1.19"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>). It is representation metadata. It has the same syntax and semantics as the header field of the same name defined for MIME 
    12741269         body parts in <a href="http://tools.ietf.org/html/rfc2557#section-4">Section 4</a> of <a href="#RFC2557" id="rfc.xref.RFC2557.1"><cite title="MIME Encapsulation of Aggregate Documents, such as HTML (MHTML)">[RFC2557]</cite></a>. However, its appearance in an HTTP message has some special implications for HTTP recipients. 
    12751270      </p> 
     
    13951390                  <td class="left">standard</td> 
    13961391                  <td class="left"> <a href="#header.accept-language" id="rfc.xref.header.accept-language.2" title="Accept-Language">Section&nbsp;6.4</a>  
    1397                   </td> 
    1398                </tr> 
    1399                <tr> 
    1400                   <td class="left">Content-Disposition</td> 
    1401                   <td class="left">http</td> 
    1402                   <td class="left">standard</td> 
    1403                   <td class="left"> <a href="#content-disposition" id="rfc.xref.content-disposition.1" title="Content-Disposition">Appendix&nbsp;B.1</a>  
    14041392                  </td> 
    14051393               </tr> 
     
    14691457                  <td class="left">compress</td> 
    14701458                  <td class="left">UNIX "compress" program method</td> 
    1471                   <td class="left"> <a href="p1-messaging.html#compress.coding" title="Compress Coding">Section 6.2.2.1</a> of <a href="#Part1" id="rfc.xref.Part1.21"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>  
     1459                  <td class="left"> <a href="p1-messaging.html#compress.coding" title="Compress Coding">Section 6.2.2.1</a> of <a href="#Part1" id="rfc.xref.Part1.20"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>  
    14721460                  </td> 
    14731461               </tr> 
     
    14761464                  <td class="left">"deflate" compression mechanism (<a href="#RFC1951" id="rfc.xref.RFC1951.1"><cite title="DEFLATE Compressed Data Format Specification version 1.3">[RFC1951]</cite></a>) used inside the "zlib" data format (<a href="#RFC1950" id="rfc.xref.RFC1950.1"><cite title="ZLIB Compressed Data Format Specification version 3.3">[RFC1950]</cite></a>) 
    14771465                  </td> 
    1478                   <td class="left"> <a href="p1-messaging.html#deflate.coding" title="Deflate Coding">Section 6.2.2.2</a> of <a href="#Part1" id="rfc.xref.Part1.22"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>  
     1466                  <td class="left"> <a href="p1-messaging.html#deflate.coding" title="Deflate Coding">Section 6.2.2.2</a> of <a href="#Part1" id="rfc.xref.Part1.21"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>  
    14791467                  </td> 
    14801468               </tr> 
     
    14821470                  <td class="left">gzip</td> 
    14831471                  <td class="left">Same as GNU zip <a href="#RFC1952" id="rfc.xref.RFC1952.1"><cite title="GZIP file format specification version 4.3">[RFC1952]</cite></a></td> 
    1484                   <td class="left"> <a href="p1-messaging.html#gzip.coding" title="Gzip Coding">Section 6.2.2.3</a> of <a href="#Part1" id="rfc.xref.Part1.23"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>  
     1472                  <td class="left"> <a href="p1-messaging.html#gzip.coding" title="Gzip Coding">Section 6.2.2.3</a> of <a href="#Part1" id="rfc.xref.Part1.22"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>  
    14851473                  </td> 
    14861474               </tr> 
     
    15181506         filter the accept headers in relayed requests. General purpose user agents which provide a high degree of header configurability <em class="bcp14">SHOULD</em> warn users about the loss of privacy which can be involved. 
    15191507      </p> 
    1520       <h2 id="rfc.section.8.2"><a href="#rfc.section.8.2">8.2</a>&nbsp;<a id="content-disposition.issues" href="#content-disposition.issues">Content-Disposition Issues</a></h2> 
    1521       <p id="rfc.section.8.2.p.1"> <a href="#RFC2183" id="rfc.xref.RFC2183.1"><cite title="Communicating Presentation Information in Internet Messages: The Content-Disposition Header Field">[RFC2183]</cite></a>, from which the often implemented Content-Disposition (see <a href="#content-disposition" id="rfc.xref.content-disposition.2" title="Content-Disposition">Appendix&nbsp;B.1</a>) header in HTTP is derived, has a number of very serious security considerations. Content-Disposition is not part of the 
    1522          HTTP standard, but since it is widely implemented, we are documenting its use and risks for implementors. See <a href="http://tools.ietf.org/html/rfc2183#section-5">Section 5</a> of <a href="#RFC2183" id="rfc.xref.RFC2183.2"><cite title="Communicating Presentation Information in Internet Messages: The Content-Disposition Header Field">[RFC2183]</cite></a> for details. 
    1523       </p> 
    15241508      <h1 id="rfc.section.9"><a href="#rfc.section.9">9.</a>&nbsp;<a id="ack" href="#ack">Acknowledgments</a></h1> 
    15251509      <h1 id="rfc.references"><a id="rfc.section.10" href="#rfc.section.10">10.</a> References 
     
    16131597      <h2 id="rfc.references.2"><a href="#rfc.section.10.2" id="rfc.section.10.2">10.2</a> Informative References 
    16141598      </h2> 
    1615       <table>                                 
     1599      <table>                               
    16161600         <tr> 
    16171601            <td class="reference"><b id="BCP97">[BCP97]</b></td> 
     
    16371621            <td class="reference"><b id="RFC2076">[RFC2076]</b></td> 
    16381622            <td class="top"><a href="mailto:jpalme@dsv.su.se" title="Stockholm University/KTH">Palme, J.</a>, “<a href="http://tools.ietf.org/html/rfc2076">Common Internet Message Headers</a>”, RFC&nbsp;2076, February&nbsp;1997. 
    1639             </td> 
    1640          </tr> 
    1641          <tr> 
    1642             <td class="reference"><b id="RFC2183">[RFC2183]</b></td> 
    1643             <td class="top"><a href="mailto:rens@century.com" title="New Century Systems">Troost, R.</a>, <a href="mailto:sdorner@qualcomm.com" title="QUALCOMM Incorporated">Dorner, S.</a>, and <a href="mailto:moore@cs.utk.edu" title="Department of Computer Science">K. Moore</a>, “<a href="http://tools.ietf.org/html/rfc2183">Communicating Presentation Information in Internet Messages: The Content-Disposition Header Field</a>”, RFC&nbsp;2183, August&nbsp;1997. 
    16441623            </td> 
    16451624         </tr> 
     
    17481727      </p> 
    17491728      <h2 id="rfc.section.A.3"><a href="#rfc.section.A.3">A.3</a>&nbsp;<a id="conversion.of.date.formats" href="#conversion.of.date.formats">Conversion of Date Formats</a></h2> 
    1750       <p id="rfc.section.A.3.p.1">HTTP/1.1 uses a restricted set of date formats (<a href="p1-messaging.html#date.time.formats.full.date" title="Date/Time Formats: Full Date">Section 6.1</a> of <a href="#Part1" id="rfc.xref.Part1.24"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>) to simplify the process of date comparison. Proxies and gateways from other protocols <em class="bcp14">SHOULD</em> ensure that any Date header field present in a message conforms to one of the HTTP/1.1 formats and rewrite the date if necessary. 
     1729      <p id="rfc.section.A.3.p.1">HTTP/1.1 uses a restricted set of date formats (<a href="p1-messaging.html#date.time.formats.full.date" title="Date/Time Formats: Full Date">Section 6.1</a> of <a href="#Part1" id="rfc.xref.Part1.23"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>) to simplify the process of date comparison. Proxies and gateways from other protocols <em class="bcp14">SHOULD</em> ensure that any Date header field present in a message conforms to one of the HTTP/1.1 formats and rewrite the date if necessary. 
    17511730      </p> 
    17521731      <h2 id="rfc.section.A.4"><a href="#rfc.section.A.4">A.4</a>&nbsp;<a id="introduction.of.content-encoding" href="#introduction.of.content-encoding">Introduction of Content-Encoding</a></h2> 
     
    17651744      </p> 
    17661745      <h2 id="rfc.section.A.6"><a href="#rfc.section.A.6">A.6</a>&nbsp;<a id="introduction.of.transfer-encoding" href="#introduction.of.transfer-encoding">Introduction of Transfer-Encoding</a></h2> 
    1767       <p id="rfc.section.A.6.p.1">HTTP/1.1 introduces the Transfer-Encoding header field (<a href="p1-messaging.html#header.transfer-encoding" title="Transfer-Encoding">Section 9.7</a> of <a href="#Part1" id="rfc.xref.Part1.25"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>). Proxies/gateways <em class="bcp14">MUST</em> remove any transfer-coding prior to forwarding a message via a MIME-compliant protocol. 
     1746      <p id="rfc.section.A.6.p.1">HTTP/1.1 introduces the Transfer-Encoding header field (<a href="p1-messaging.html#header.transfer-encoding" title="Transfer-Encoding">Section 9.7</a> of <a href="#Part1" id="rfc.xref.Part1.24"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>). Proxies/gateways <em class="bcp14">MUST</em> remove any transfer-coding prior to forwarding a message via a MIME-compliant protocol. 
    17681747      </p> 
    17691748      <h2 id="rfc.section.A.7"><a href="#rfc.section.A.7">A.7</a>&nbsp;<a id="mhtml.line.length" href="#mhtml.line.length">MHTML and Line Length Limitations</a></h2> 
     
    17801759      <p id="rfc.section.B.p.2">A number of other headers, such as Content-Disposition and Title, from SMTP and MIME are also often implemented (see <a href="#RFC2076" id="rfc.xref.RFC2076.1"><cite title="Common Internet Message Headers">[RFC2076]</cite></a>). 
    17811760      </p> 
    1782       <div id="rfc.iref.h.11"></div> 
    1783       <div id="rfc.iref.c.12"></div> 
    1784       <h2 id="rfc.section.B.1"><a href="#rfc.section.B.1">B.1</a>&nbsp;<a id="content-disposition" href="#content-disposition">Content-Disposition</a></h2> 
    1785       <p id="rfc.section.B.1.p.1">The "Content-Disposition" response-header field has been proposed as a means for the origin server to suggest a default filename 
    1786          if the user requests that the content is saved to a file. This usage is derived from the definition of Content-Disposition 
    1787          in <a href="#RFC2183" id="rfc.xref.RFC2183.3"><cite title="Communicating Presentation Information in Internet Messages: The Content-Disposition Header Field">[RFC2183]</cite></a>. 
    1788       </p> 
    1789       <div id="rfc.figure.u.36"></div><pre class="inline"><span id="rfc.iref.g.36"></span><span id="rfc.iref.g.37"></span><span id="rfc.iref.g.38"></span><span id="rfc.iref.g.39"></span><span id="rfc.iref.g.40"></span><span id="rfc.iref.g.41"></span><span id="rfc.iref.g.42"></span>  <a href="#content-disposition" class="smpl">content-disposition</a> = "Content-Disposition" ":" <a href="#core.rules" class="smpl">OWS</a> 
    1790                         <a href="#content-disposition" class="smpl">content-disposition-v</a> 
    1791   <a href="#content-disposition" class="smpl">content-disposition-v</a> = <a href="#content-disposition" class="smpl">disposition-type</a> 
    1792                           *( <a href="#core.rules" class="smpl">OWS</a> ";" <a href="#core.rules" class="smpl">OWS</a> <a href="#content-disposition" class="smpl">disposition-parm</a> ) 
    1793   <a href="#content-disposition" class="smpl">disposition-type</a> = "attachment" / <a href="#content-disposition" class="smpl">disp-extension-token</a> 
    1794   <a href="#content-disposition" class="smpl">disposition-parm</a> = <a href="#content-disposition" class="smpl">filename-parm</a> / <a href="#content-disposition" class="smpl">disp-extension-parm</a> 
    1795   <a href="#content-disposition" class="smpl">filename-parm</a> = "filename" "=" <a href="#core.rules" class="smpl">quoted-string</a> 
    1796   <a href="#content-disposition" class="smpl">disp-extension-token</a> = <a href="#core.rules" class="smpl">token</a> 
    1797   <a href="#content-disposition" class="smpl">disp-extension-parm</a> = <a href="#core.rules" class="smpl">token</a> "=" <a href="#core.rules" class="smpl">word</a> 
    1798 </pre><p id="rfc.section.B.1.p.3">An example is</p> 
    1799       <div id="rfc.figure.u.37"></div><pre class="text">  Content-Disposition: attachment; filename="fname.ext" 
    1800 </pre><p id="rfc.section.B.1.p.5">The receiving user agent <em class="bcp14">SHOULD NOT</em> respect any directory path information present in the filename-parm parameter, which is the only parameter believed to apply 
    1801          to HTTP implementations at this time. The filename <em class="bcp14">SHOULD</em> be treated as a terminal component only. 
    1802       </p> 
    1803       <p id="rfc.section.B.1.p.6">If this header is used in a response with the application/octet-stream content-type, the implied suggestion is that the user 
    1804          agent should not display the response, but directly enter a "save response as..." dialog. 
    1805       </p> 
    1806       <p id="rfc.section.B.1.p.7">See <a href="#content-disposition.issues" title="Content-Disposition Issues">Section&nbsp;8.2</a> for Content-Disposition security issues. 
    1807       </p> 
    18081761      <h1 id="rfc.section.C"><a href="#rfc.section.C">C.</a>&nbsp;<a id="changes.from.rfc.2616" href="#changes.from.rfc.2616">Changes from RFC 2616</a></h1> 
    18091762      <p id="rfc.section.C.p.1">Clarify contexts that charset is used in. (<a href="#character.sets" title="Character Sets">Section&nbsp;2.1</a>) 
     
    18161769      </p> 
    18171770      <h1 id="rfc.section.D"><a href="#rfc.section.D">D.</a>&nbsp;<a id="collected.abnf" href="#collected.abnf">Collected ABNF</a></h1> 
    1818       <div id="rfc.figure.u.38"></div> <pre class="inline"><a href="#header.accept" class="smpl">Accept</a> = "Accept:" OWS Accept-v 
     1771      <div id="rfc.figure.u.36"></div> <pre class="inline"><a href="#header.accept" class="smpl">Accept</a> = "Accept:" OWS Accept-v 
    18191772<a href="#header.accept-charset" class="smpl">Accept-Charset</a> = "Accept-Charset:" OWS Accept-Charset-v 
    18201773<a href="#header.accept-charset" class="smpl">Accept-Charset-v</a> = *( "," OWS ) ( charset / "*" ) [ OWS ";" OWS "q=" 
     
    18631816<a href="#header.accept-encoding" class="smpl">codings</a> = ( content-coding / "*" ) 
    18641817<a href="#content.codings" class="smpl">content-coding</a> = token 
    1865 <a href="#content-disposition" class="smpl">content-disposition</a> = "Content-Disposition:" OWS 
    1866  content-disposition-v 
    1867 <a href="#content-disposition" class="smpl">content-disposition-v</a> = disposition-type *( OWS ";" OWS 
    1868  disposition-parm ) 
    1869  
    1870 <a href="#content-disposition" class="smpl">disp-extension-parm</a> = token "=" word 
    1871 <a href="#content-disposition" class="smpl">disp-extension-token</a> = token 
    1872 <a href="#content-disposition" class="smpl">disposition-parm</a> = filename-parm / disp-extension-parm 
    1873 <a href="#content-disposition" class="smpl">disposition-type</a> = "attachment" / disp-extension-token 
    1874  
    1875 <a href="#content-disposition" class="smpl">filename-parm</a> = "filename=" quoted-string 
    18761818 
    18771819<a href="#header.accept-language" class="smpl">language-range</a> = &lt;language-range, defined in [RFC4647], Section 2.1&gt; 
     
    18851827<a href="#abnf.dependencies" class="smpl">partial-URI</a> = &lt;partial-URI, defined in [Part1], Section 2.6&gt; 
    18861828 
    1887 <a href="#core.rules" class="smpl">quoted-string</a> = &lt;quoted-string, defined in [Part1], Section 1.2.2&gt; 
    18881829<a href="#abnf.dependencies" class="smpl">qvalue</a> = &lt;qvalue, defined in [Part1], Section 6.4&gt; 
    18891830 
     
    18961837 
    18971838<a href="#core.rules" class="smpl">word</a> = &lt;word, defined in [Part1], Section 1.2.2&gt; 
    1898 </pre> <div id="rfc.figure.u.39"></div> 
     1839</pre> <div id="rfc.figure.u.37"></div> 
    18991840      <p>ABNF diagnostics:</p><pre class="inline">; Accept defined but not used 
    19001841; Accept-Charset defined but not used 
     
    19111852; Last-Modified defined but not used 
    19121853; MIME-Version defined but not used 
    1913 ; content-disposition defined but not used 
    19141854</pre><h1 id="rfc.section.E"><a href="#rfc.section.E">E.</a>&nbsp;<a id="change.log" href="#change.log">Change Log (to be removed by RFC Editor before publication)</a></h1> 
    19151855      <h2 id="rfc.section.E.1"><a href="#rfc.section.E.1">E.1</a>&nbsp;Since RFC2616 
     
    20912031      </ul> 
    20922032      <h2 id="rfc.section.E.13"><a href="#rfc.section.E.13">E.13</a>&nbsp;<a id="changes.since.11" href="#changes.since.11">Since draft-ietf-httpbis-p3-payload-11</a></h2> 
    2093       <p id="rfc.section.E.13.p.1">None yet.</p> 
     2033      <p id="rfc.section.E.13.p.1">Closed issues: </p> 
     2034      <ul> 
     2035         <li> &lt;<a href="http://tools.ietf.org/wg/httpbis/trac/ticket/123">http://tools.ietf.org/wg/httpbis/trac/ticket/123</a>&gt;: "Factor out Content-Disposition" 
     2036         </li> 
     2037      </ul> 
    20942038      <h1 id="rfc.index"><a href="#rfc.index">Index</a></h1> 
    20952039      <p class="noprint"><a href="#rfc.index.A">A</a> <a href="#rfc.index.B">B</a> <a href="#rfc.index.C">C</a> <a href="#rfc.index.D">D</a> <a href="#rfc.index.G">G</a> <a href="#rfc.index.H">H</a> <a href="#rfc.index.I">I</a> <a href="#rfc.index.M">M</a> <a href="#rfc.index.P">P</a> <a href="#rfc.index.R">R</a>  
     
    21192063                  <li class="indline1">compress (Coding Format)&nbsp;&nbsp;<a class="iref" href="#rfc.iref.c.2">2.2</a></li> 
    21202064                  <li class="indline1">content negotiation&nbsp;&nbsp;<a class="iref" href="#rfc.iref.c.1">1.1</a></li> 
    2121                   <li class="indline1">Content-Disposition header&nbsp;&nbsp;<a class="iref" href="#rfc.xref.content-disposition.1">7.1</a>, <a class="iref" href="#rfc.xref.content-disposition.2">8.2</a>, <a class="iref" href="#rfc.iref.c.12"><b>B.1</b></a>, <a class="iref" href="#rfc.extref.c.32">B.1</a>, <a class="iref" href="#rfc.extref.c.50">D</a></li> 
    21222065                  <li class="indline1">Content-Encoding header&nbsp;&nbsp;<a class="iref" href="#rfc.xref.header.content-encoding.1">2.2</a>, <a class="iref" href="#rfc.xref.header.content-encoding.2">4.1</a>, <a class="iref" href="#rfc.iref.c.7"><b>6.5</b></a>, <a class="iref" href="#rfc.xref.header.content-encoding.3">6.5</a>, <a class="iref" href="#rfc.xref.header.content-encoding.4">7.1</a></li> 
    21232066                  <li class="indline1">Content-Language header&nbsp;&nbsp;<a class="iref" href="#rfc.xref.header.content-language.1">4.1</a>, <a class="iref" href="#rfc.iref.c.8"><b>6.6</b></a>, <a class="iref" href="#rfc.xref.header.content-language.2">7.1</a></li> 
     
    21482091                        <li class="indline1"><tt>codings</tt>&nbsp;&nbsp;<a class="iref" href="#rfc.iref.g.20"><b>6.3</b></a></li> 
    21492092                        <li class="indline1"><tt>content-coding</tt>&nbsp;&nbsp;<a class="iref" href="#rfc.iref.g.2"><b>2.2</b></a></li> 
    2150                         <li class="indline1"><tt>content-disposition</tt>&nbsp;&nbsp;<a class="iref" href="#rfc.iref.g.36"><b>B.1</b></a></li> 
    2151                         <li class="indline1"><tt>content-disposition-v</tt>&nbsp;&nbsp;<a class="iref" href="#rfc.iref.g.37"><b>B.1</b></a></li> 
    21522093                        <li class="indline1"><tt>Content-Encoding</tt>&nbsp;&nbsp;<a class="iref" href="#rfc.iref.g.24"><b>6.5</b></a></li> 
    21532094                        <li class="indline1"><tt>Content-Encoding-v</tt>&nbsp;&nbsp;<a class="iref" href="#rfc.iref.g.25"><b>6.5</b></a></li> 
     
    21602101                        <li class="indline1"><tt>Content-Type</tt>&nbsp;&nbsp;<a class="iref" href="#rfc.iref.g.32"><b>6.9</b></a></li> 
    21612102                        <li class="indline1"><tt>Content-Type-v</tt>&nbsp;&nbsp;<a class="iref" href="#rfc.iref.g.33"><b>6.9</b></a></li> 
    2162                         <li class="indline1"><tt>disp-extension-parm</tt>&nbsp;&nbsp;<a class="iref" href="#rfc.iref.g.42"><b>B.1</b></a></li> 
    2163                         <li class="indline1"><tt>disp-extension-token</tt>&nbsp;&nbsp;<a class="iref" href="#rfc.iref.g.41"><b>B.1</b></a></li> 
    2164                         <li class="indline1"><tt>disposition-parm</tt>&nbsp;&nbsp;<a class="iref" href="#rfc.iref.g.39"><b>B.1</b></a></li> 
    2165                         <li class="indline1"><tt>disposition-type</tt>&nbsp;&nbsp;<a class="iref" href="#rfc.iref.g.38"><b>B.1</b></a></li> 
    2166                         <li class="indline1"><tt>filename-parm</tt>&nbsp;&nbsp;<a class="iref" href="#rfc.iref.g.40"><b>B.1</b></a></li> 
    21672103                        <li class="indline1"><tt>language-range</tt>&nbsp;&nbsp;<a class="iref" href="#rfc.iref.g.23"><b>6.4</b></a></li> 
    21682104                        <li class="indline1"><tt>language-tag</tt>&nbsp;&nbsp;<a class="iref" href="#rfc.iref.g.10"><b>2.4</b></a></li> 
     
    21872123                        <li class="indline1">Accept-Encoding&nbsp;&nbsp;<a class="iref" href="#rfc.xref.header.accept-encoding.1">2.2</a>, <a class="iref" href="#rfc.xref.header.accept-encoding.2">5.1</a>, <a class="iref" href="#rfc.iref.h.3"><b>6.3</b></a>, <a class="iref" href="#rfc.xref.header.accept-encoding.3">7.1</a></li> 
    21882124                        <li class="indline1">Accept-Language&nbsp;&nbsp;<a class="iref" href="#rfc.xref.header.accept-language.1">5.1</a>, <a class="iref" href="#rfc.iref.h.4"><b>6.4</b></a>, <a class="iref" href="#rfc.xref.header.accept-language.2">7.1</a></li> 
    2189                         <li class="indline1">Content-Disposition&nbsp;&nbsp;<a class="iref" href="#rfc.xref.content-disposition.1">7.1</a>, <a class="iref" href="#rfc.xref.content-disposition.2">8.2</a>, <a class="iref" href="#rfc.iref.h.11"><b>B.1</b></a>, <a class="iref" href="#rfc.extref.c.32">B.1</a>, <a class="iref" href="#rfc.extref.c.50">D</a></li> 
    21902125                        <li class="indline1">Content-Encoding&nbsp;&nbsp;<a class="iref" href="#rfc.xref.header.content-encoding.1">2.2</a>, <a class="iref" href="#rfc.xref.header.content-encoding.2">4.1</a>, <a class="iref" href="#rfc.iref.h.5"><b>6.5</b></a>, <a class="iref" href="#rfc.xref.header.content-encoding.3">6.5</a>, <a class="iref" href="#rfc.xref.header.content-encoding.4">7.1</a></li> 
    21912126                        <li class="indline1">Content-Language&nbsp;&nbsp;<a class="iref" href="#rfc.xref.header.content-language.1">4.1</a>, <a class="iref" href="#rfc.iref.h.6"><b>6.6</b></a>, <a class="iref" href="#rfc.xref.header.content-language.2">7.1</a></li> 
     
    22082143            </li> 
    22092144            <li class="indline0"><a id="rfc.index.P" href="#rfc.index.P"><b>P</b></a><ul class="ind"> 
    2210                   <li class="indline1"><em>Part1</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.Part1.1">1.3</a>, <a class="iref" href="#rfc.xref.Part1.2">1.3.1</a>, <a class="iref" href="#rfc.xref.Part1.3">1.3.1</a>, <a class="iref" href="#rfc.xref.Part1.4">1.3.1</a>, <a class="iref" href="#rfc.xref.Part1.5">1.3.1</a>, <a class="iref" href="#rfc.xref.Part1.6">1.3.1</a>, <a class="iref" href="#rfc.xref.Part1.7">1.3.2</a>, <a class="iref" href="#rfc.xref.Part1.8">1.3.2</a>, <a class="iref" href="#rfc.xref.Part1.9">1.3.2</a>, <a class="iref" href="#rfc.xref.Part1.10">1.3.2</a>, <a class="iref" href="#rfc.xref.Part1.11">2.2</a>, <a class="iref" href="#rfc.xref.Part1.12">2.2</a>, <a class="iref" href="#rfc.xref.Part1.13">2.2</a>, <a class="iref" href="#rfc.xref.Part1.14">2.2.1</a>, <a class="iref" href="#rfc.xref.Part1.15">2.2.1</a>, <a class="iref" href="#rfc.xref.Part1.16">3.1</a>, <a class="iref" href="#rfc.xref.Part1.17">3.2</a>, <a class="iref" href="#rfc.xref.Part1.18">6.1</a>, <a class="iref" href="#rfc.xref.Part1.19">6.3</a>, <a class="iref" href="#rfc.xref.Part1.20">6.7</a>, <a class="iref" href="#rfc.xref.Part1.21">7.2</a>, <a class="iref" href="#rfc.xref.Part1.22">7.2</a>, <a class="iref" href="#rfc.xref.Part1.23">7.2</a>, <a class="iref" href="#Part1"><b>10.1</b></a>, <a class="iref" href="#rfc.xref.Part1.24">A.3</a>, <a class="iref" href="#rfc.xref.Part1.25">A.6</a><ul class="ind"> 
     2145                  <li class="indline1"><em>Part1</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.Part1.1">1.3</a>, <a class="iref" href="#rfc.xref.Part1.2">1.3.1</a>, <a class="iref" href="#rfc.xref.Part1.3">1.3.1</a>, <a class="iref" href="#rfc.xref.Part1.4">1.3.1</a>, <a class="iref" href="#rfc.xref.Part1.5">1.3.1</a>, <a class="iref" href="#rfc.xref.Part1.6">1.3.2</a>, <a class="iref" href="#rfc.xref.Part1.7">1.3.2</a>, <a class="iref" href="#rfc.xref.Part1.8">1.3.2</a>, <a class="iref" href="#rfc.xref.Part1.9">1.3.2</a>, <a class="iref" href="#rfc.xref.Part1.10">2.2</a>, <a class="iref" href="#rfc.xref.Part1.11">2.2</a>, <a class="iref" href="#rfc.xref.Part1.12">2.2</a>, <a class="iref" href="#rfc.xref.Part1.13">2.2.1</a>, <a class="iref" href="#rfc.xref.Part1.14">2.2.1</a>, <a class="iref" href="#rfc.xref.Part1.15">3.1</a>, <a class="iref" href="#rfc.xref.Part1.16">3.2</a>, <a class="iref" href="#rfc.xref.Part1.17">6.1</a>, <a class="iref" href="#rfc.xref.Part1.18">6.3</a>, <a class="iref" href="#rfc.xref.Part1.19">6.7</a>, <a class="iref" href="#rfc.xref.Part1.20">7.2</a>, <a class="iref" href="#rfc.xref.Part1.21">7.2</a>, <a class="iref" href="#rfc.xref.Part1.22">7.2</a>, <a class="iref" href="#Part1"><b>10.1</b></a>, <a class="iref" href="#rfc.xref.Part1.23">A.3</a>, <a class="iref" href="#rfc.xref.Part1.24">A.6</a><ul class="ind"> 
    22112146                        <li class="indline1"><em>Section 1.2</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.Part1.1">1.3</a></li> 
    2212                         <li class="indline1"><em>Section 1.2.2</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.Part1.2">1.3.1</a>, <a class="iref" href="#rfc.xref.Part1.3">1.3.1</a>, <a class="iref" href="#rfc.xref.Part1.4">1.3.1</a>, <a class="iref" href="#rfc.xref.Part1.5">1.3.1</a>, <a class="iref" href="#rfc.xref.Part1.6">1.3.1</a></li> 
    2213                         <li class="indline1"><em>Section 2.6</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.Part1.7">1.3.2</a>, <a class="iref" href="#rfc.xref.Part1.9">1.3.2</a></li> 
    2214                         <li class="indline1"><em>Section 3.3</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.Part1.17">3.2</a></li> 
    2215                         <li class="indline1"><em>Section 4.3</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.Part1.20">6.7</a></li> 
    2216                         <li class="indline1"><em>Section 6.1</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.Part1.24">A.3</a></li> 
    2217                         <li class="indline1"><em>Section 6.2</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.Part1.14">2.2.1</a></li> 
    2218                         <li class="indline1"><em>Section 6.2.2.1</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.Part1.11">2.2</a>, <a class="iref" href="#rfc.xref.Part1.21">7.2</a></li> 
    2219                         <li class="indline1"><em>Section 6.2.2</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.Part1.15">2.2.1</a></li> 
    2220                         <li class="indline1"><em>Section 6.2.2.2</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.Part1.12">2.2</a>, <a class="iref" href="#rfc.xref.Part1.22">7.2</a></li> 
    2221                         <li class="indline1"><em>Section 6.2.2.3</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.Part1.13">2.2</a>, <a class="iref" href="#rfc.xref.Part1.23">7.2</a></li> 
    2222                         <li class="indline1"><em>Section 6.4</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.Part1.10">1.3.2</a>, <a class="iref" href="#rfc.xref.Part1.18">6.1</a>, <a class="iref" href="#rfc.xref.Part1.19">6.3</a></li> 
    2223                         <li class="indline1"><em>Section 9.2</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.Part1.8">1.3.2</a>, <a class="iref" href="#rfc.xref.Part1.16">3.1</a></li> 
    2224                         <li class="indline1"><em>Section 9.7</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.Part1.25">A.6</a></li> 
     2147                        <li class="indline1"><em>Section 1.2.2</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.Part1.2">1.3.1</a>, <a class="iref" href="#rfc.xref.Part1.3">1.3.1</a>, <a class="iref" href="#rfc.xref.Part1.4">1.3.1</a>, <a class="iref" href="#rfc.xref.Part1.5">1.3.1</a></li> 
     2148                        <li class="indline1"><em>Section 2.6</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.Part1.6">1.3.2</a>, <a class="iref" href="#rfc.xref.Part1.8">1.3.2</a></li> 
     2149                        <li class="indline1"><em>Section 3.3</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.Part1.16">3.2</a></li> 
     2150                        <li class="indline1"><em>Section 4.3</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.Part1.19">6.7</a></li> 
     2151                        <li class="indline1"><em>Section 6.1</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.Part1.23">A.3</a></li> 
     2152                        <li class="indline1"><em>Section 6.2</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.Part1.13">2.2.1</a></li> 
     2153                        <li class="indline1"><em>Section 6.2.2.1</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.Part1.10">2.2</a>, <a class="iref" href="#rfc.xref.Part1.20">7.2</a></li> 
     2154                        <li class="indline1"><em>Section 6.2.2</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.Part1.14">2.2.1</a></li> 
     2155                        <li class="indline1"><em>Section 6.2.2.2</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.Part1.11">2.2</a>, <a class="iref" href="#rfc.xref.Part1.21">7.2</a></li> 
     2156                        <li class="indline1"><em>Section 6.2.2.3</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.Part1.12">2.2</a>, <a class="iref" href="#rfc.xref.Part1.22">7.2</a></li> 
     2157                        <li class="indline1"><em>Section 6.4</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.Part1.9">1.3.2</a>, <a class="iref" href="#rfc.xref.Part1.17">6.1</a>, <a class="iref" href="#rfc.xref.Part1.18">6.3</a></li> 
     2158                        <li class="indline1"><em>Section 9.2</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.Part1.7">1.3.2</a>, <a class="iref" href="#rfc.xref.Part1.15">3.1</a></li> 
     2159                        <li class="indline1"><em>Section 9.7</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.Part1.24">A.6</a></li> 
    22252160                     </ul> 
    22262161                  </li> 
     
    22652200                  <li class="indline1"><em>RFC2076</em>&nbsp;&nbsp;<a class="iref" href="#RFC2076"><b>10.2</b></a>, <a class="iref" href="#rfc.xref.RFC2076.1">B</a></li> 
    22662201                  <li class="indline1"><em>RFC2119</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC2119.1">1.2</a>, <a class="iref" href="#RFC2119"><b>10.1</b></a></li> 
    2267                   <li class="indline1"><em>RFC2183</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC2183.1">8.2</a>, <a class="iref" href="#rfc.xref.RFC2183.2">8.2</a>, <a class="iref" href="#RFC2183"><b>10.2</b></a>, <a class="iref" href="#rfc.xref.RFC2183.3">B.1</a><ul class="ind"> 
    2268                         <li class="indline1"><em>Section 5</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC2183.2">8.2</a></li> 
    2269                      </ul> 
    2270                   </li> 
    22712202                  <li class="indline1"><em>RFC2277</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC2277.1">2.1</a>, <a class="iref" href="#RFC2277"><b>10.2</b></a></li> 
    22722203                  <li class="indline1"><em>RFC2295</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC2295.1">5</a>, <a class="iref" href="#RFC2295"><b>10.2</b></a></li> 
  • draft-ietf-httpbis/latest/p3-payload.xml

    r981 r987  
    304304 
    305305<section title="Core Rules" anchor="core.rules"> 
    306   <x:anchor-alias value="quoted-string"/> 
    307306  <x:anchor-alias value="token"/> 
    308307  <x:anchor-alias value="word"/> 
     
    312311</t> 
    313312<figure><artwork type="abnf2616"> 
    314   <x:ref>quoted-string</x:ref>  = &lt;quoted-string, defined in &basic-rules;&gt; 
    315313  <x:ref>token</x:ref>          = &lt;token, defined in &basic-rules;&gt; 
    316314  <x:ref>word</x:ref>           = &lt;word, defined in &basic-rules;&gt; 
     
    16381636   <c> 
    16391637      <xref target="header.accept-language"/> 
    1640    </c> 
    1641    <c>Content-Disposition</c> 
    1642    <c>http</c> 
    1643    <c>standard</c> 
    1644    <c> 
    1645       <xref target="content-disposition"/> 
    16461638   </c> 
    16471639   <c>Content-Encoding</c> 
     
    17771769</section> 
    17781770 
    1779 <section title="Content-Disposition Issues" anchor="content-disposition.issues"> 
    1780 <t> 
    1781    <xref target="RFC2183"/>, from which the often implemented Content-Disposition 
    1782    (see <xref target="content-disposition"/>) header in HTTP is derived, has a number of very 
    1783    serious security considerations. Content-Disposition is not part of 
    1784    the HTTP standard, but since it is widely implemented, we are 
    1785    documenting its use and risks for implementors. See <xref target="RFC2183" x:fmt="of" x:sec="5"/> 
    1786    for details. 
    1787 </t> 
    1788 </section> 
    1789  
    17901771</section> 
    17911772 
     
    23042285</reference> 
    23052286 
    2306 <reference anchor="RFC2183"> 
    2307   <front> 
    2308     <title abbrev="Content-Disposition">Communicating Presentation Information in Internet Messages: The Content-Disposition Header Field</title> 
    2309     <author initials="R." surname="Troost" fullname="Rens Troost"> 
    2310       <organization>New Century Systems</organization> 
    2311       <address><email>rens@century.com</email></address> 
    2312     </author> 
    2313     <author initials="S." surname="Dorner" fullname="Steve Dorner"> 
    2314       <organization>QUALCOMM Incorporated</organization> 
    2315       <address><email>sdorner@qualcomm.com</email></address> 
    2316     </author> 
    2317     <author initials="K." surname="Moore" fullname="Keith Moore"> 
    2318       <organization>Department of Computer Science</organization> 
    2319       <address><email>moore@cs.utk.edu</email></address> 
    2320     </author> 
    2321     <date month="August" year="1997"/> 
    2322   </front> 
    2323   <seriesInfo name="RFC" value="2183"/> 
    2324 </reference> 
    2325  
    23262287<reference anchor="RFC2277"> 
    23272288  <front> 
     
    26892650   from SMTP and MIME are also often implemented (see <xref target="RFC2076"/>). 
    26902651</t> 
    2691  
    2692 <section title="Content-Disposition" anchor="content-disposition"> 
    2693 <iref item="Headers" subitem="Content-Disposition" primary="true" x:for-anchor=""/> 
    2694 <iref item="Content-Disposition header" primary="true" x:for-anchor=""/> 
    2695   <x:anchor-alias value="content-disposition"/> 
    2696   <x:anchor-alias value="content-disposition-v"/> 
    2697   <x:anchor-alias value="disposition-type"/> 
    2698   <x:anchor-alias value="disposition-parm"/> 
    2699   <x:anchor-alias value="disp-extension-parm"/> 
    2700   <x:anchor-alias value="disp-extension-token"/> 
    2701   <x:anchor-alias value="filename-parm"/> 
    2702 <t> 
    2703    The "Content-Disposition" response-header field has been proposed as a 
    2704    means for the origin server to suggest a default filename if the user 
    2705    requests that the content is saved to a file. This usage is derived 
    2706    from the definition of Content-Disposition in <xref target="RFC2183"/>. 
    2707 </t> 
    2708 <figure><artwork type="abnf2616"><iref primary="true" item="Grammar" subitem="content-disposition"/><iref primary="true" item="Grammar" subitem="content-disposition-v"/><iref primary="true" item="Grammar" subitem="disposition-type"/><iref primary="true" item="Grammar" subitem="disposition-parm"/><iref primary="true" item="Grammar" subitem="filename-parm"/><iref primary="true" item="Grammar" subitem="disp-extension-token"/><iref primary="true" item="Grammar" subitem="disp-extension-parm"/> 
    2709   <x:ref>content-disposition</x:ref> = "Content-Disposition" ":" <x:ref>OWS</x:ref> 
    2710                         <x:ref>content-disposition-v</x:ref> 
    2711   <x:ref>content-disposition-v</x:ref> = <x:ref>disposition-type</x:ref> 
    2712                           *( <x:ref>OWS</x:ref> ";" <x:ref>OWS</x:ref> <x:ref>disposition-parm</x:ref> ) 
    2713   <x:ref>disposition-type</x:ref> = "attachment" / <x:ref>disp-extension-token</x:ref> 
    2714   <x:ref>disposition-parm</x:ref> = <x:ref>filename-parm</x:ref> / <x:ref>disp-extension-parm</x:ref> 
    2715   <x:ref>filename-parm</x:ref> = "filename" "=" <x:ref>quoted-string</x:ref> 
    2716   <x:ref>disp-extension-token</x:ref> = <x:ref>token</x:ref> 
    2717   <x:ref>disp-extension-parm</x:ref> = <x:ref>token</x:ref> "=" <x:ref>word</x:ref> 
    2718 </artwork></figure> 
    2719 <t> 
    2720    An example is 
    2721 </t> 
    2722 <figure><artwork type="example"> 
    2723   Content-Disposition: attachment; filename="fname.ext" 
    2724 </artwork></figure> 
    2725 <t> 
    2726    The receiving user agent &SHOULD-NOT;  respect any directory path 
    2727    information present in the filename-parm parameter, which is the only 
    2728    parameter believed to apply to HTTP implementations at this time. The 
    2729    filename &SHOULD; be treated as a terminal component only. 
    2730 </t> 
    2731 <t> 
    2732    If this header is used in a response with the application/octet-stream 
    2733    content-type, the implied suggestion is that the user agent 
    2734    should not display the response, but directly enter a "save response 
    2735    as..." dialog. 
    2736 </t> 
    2737 <t> 
    2738    See <xref target="content-disposition.issues"/> for Content-Disposition security issues. 
    2739 </t> 
    2740 </section> 
    27412652</section> 
    27422653 
     
    28102721<x:ref>codings</x:ref> = ( content-coding / "*" ) 
    28112722<x:ref>content-coding</x:ref> = token 
    2812 <x:ref>content-disposition</x:ref> = "Content-Disposition:" OWS 
    2813  content-disposition-v 
    2814 <x:ref>content-disposition-v</x:ref> = disposition-type *( OWS ";" OWS 
    2815  disposition-parm ) 
    2816  
    2817 <x:ref>disp-extension-parm</x:ref> = token "=" word 
    2818 <x:ref>disp-extension-token</x:ref> = token 
    2819 <x:ref>disposition-parm</x:ref> = filename-parm / disp-extension-parm 
    2820 <x:ref>disposition-type</x:ref> = "attachment" / disp-extension-token 
    2821  
    2822 <x:ref>filename-parm</x:ref> = "filename=" quoted-string 
    28232723 
    28242724<x:ref>language-range</x:ref> = &lt;language-range, defined in [RFC4647], Section 2.1&gt; 
     
    28322732<x:ref>partial-URI</x:ref> = &lt;partial-URI, defined in [Part1], Section 2.6&gt; 
    28332733 
    2834 <x:ref>quoted-string</x:ref> = &lt;quoted-string, defined in [Part1], Section 1.2.2&gt; 
    28352734<x:ref>qvalue</x:ref> = &lt;qvalue, defined in [Part1], Section 6.4&gt; 
    28362735 
     
    28602759; Last-Modified defined but not used 
    28612760; MIME-Version defined but not used 
    2862 ; content-disposition defined but not used 
    28632761</artwork></figure></section> 
    28642762<?ENDINC p3-payload.abnf-appendix ?> 
     
    32163114<section title="Since draft-ietf-httpbis-p3-payload-11" anchor="changes.since.11"> 
    32173115<t> 
    3218   None yet. 
     3116  Closed issues: 
     3117  <list style="symbols">  
     3118    <t> 
     3119      <eref target="http://tools.ietf.org/wg/httpbis/trac/ticket/123"/>: 
     3120      "Factor out Content-Disposition" 
     3121    </t> 
     3122  </list> 
    32193123</t> 
    32203124</section> 
Note: See TracChangeset for help on using the changeset viewer.