ietf 刚刚发布了很多新的 rfcs 用以更新 http/1.1,包括:
rfc 7230: message syntax and routing
rfc 7231: semantics and content
rfc 7232: conditional requests
rfc 7233: range request
rfc 7234: caching
rfc 7235: authentication
rfc 7236: authentication scheme registrations
rfc 7237: method registrations
rfc 7238: the 308 status code
rfc 7239: forwarded http extension
这些文档让原来的 http/1.1 变得过时,对一个 http 极客来说,这事儿很大!
rfc 2616, 已经推出 15 年了,而 http/2.0 还在开发中。推出的更新主要包括:
clarifications around dealing with unexpected whitespace, which should fix response splitting vulnerabilities.
the limit of two connections per server has been removed.
http/0.9 support has been dropped.
default charset of iso-8859-1 has been removed.
servers are no longer required to handle all content-* header fields.
content-range has been explicitly banned in put requests.
it's now suggested to use the about:blank uri in the referer header when no referer exists, to distinguish between "there was no referrer" and "i don't want to send a referrer".
the 204, 404, 405, 414 and 501 status codes are now cachable.
the status codes 301 and 302 have been changed to allow user agents to rewrite the method from post to get. this is a good example of a case where everybody has been (incorrectly) already doing this, and the spec now reflects the real world implementation.
the location header can now contain relative uri's as well as fragment identifiers.
content-md5 has been removed.
还有什么我漏掉的吗?