ietf 剛剛釋出了很多新的 rfcs 用以更新 http/1.1,包括:
rfc 7230: message syntax and routing
rfc 7231: semantics and content
rfc 7232: conditional requests
rfc 7233: range request
rfc 7234: caching
rfc 7235: authentication
rfc 7236: authentication scheme registrations
rfc 7237: method registrations
rfc 7238: the 308 status code
rfc 7239: forwarded http extension
這些文檔讓原來的 http/1.1 變得過時,對一個 http 極客來說,這事兒很大!
rfc 2616, 已經推出 15 年了,而 http/2.0 還在開發中。推出的更新主要包括:
clarifications around dealing with unexpected whitespace, which should fix response splitting vulnerabilities.
the limit of two connections per server has been removed.
http/0.9 support has been dropped.
default charset of iso-8859-1 has been removed.
servers are no longer required to handle all content-* header fields.
content-range has been explicitly banned in put requests.
it's now suggested to use the about:blank uri in the referer header when no referer exists, to distinguish between "there was no referrer" and "i don't want to send a referrer".
the 204, 404, 405, 414 and 501 status codes are now cachable.
the status codes 301 and 302 have been changed to allow user agents to rewrite the method from post to get. this is a good example of a case where everybody has been (incorrectly) already doing this, and the spec now reflects the real world implementation.
the location header can now contain relative uri's as well as fragment identifiers.
content-md5 has been removed.
還有什麼我漏掉的嗎?