| draft-ietf-httpbis-safe-method-w-body-13.txt | draft-ietf-httpbis-safe-method-w-body-latest.txt | |||
|---|---|---|---|---|
| HTTP Working Group J. Reschke | HTTP Working Group J. Reschke | |||
| Internet-Draft greenbytes | Internet-Draft greenbytes | |||
| Intended status: Standards Track J.M. Snell | Intended status: Standards Track J.M. Snell | |||
| Expires: May 18, 2026 Cloudflare | Expires: May 22, 2026 Cloudflare | |||
| M. Bishop | M. Bishop | |||
| Akamai | Akamai | |||
| November 14, 2025 | November 18, 2025 | |||
| The HTTP QUERY Method | The HTTP QUERY Method | |||
| draft-ietf-httpbis-safe-method-w-body-13 | draft-ietf-httpbis-safe-method-w-body-latest | |||
| Abstract | Abstract | |||
| This specification defines the QUERY method for HTTP. A QUERY | This specification defines the QUERY method for HTTP. A QUERY | |||
| requests that the request target process the enclosed content in a | requests that the request target process the enclosed content in a | |||
| safe/idempotent manner and then respond with the result of that | safe and idempotent manner and then respond with the result of that | |||
| processing. This is similar to POST requests but can be | processing. This is similar to POST requests but can be | |||
| automatically repeated or restarted without concern for partial state | automatically repeated or restarted without concern for partial state | |||
| changes. | changes. | |||
| Editorial Note | Editorial Note | |||
| This note is to be removed before publishing as an RFC. | This note is to be removed before publishing as an RFC. | |||
| Discussion of this draft takes place on the HTTP working group | Discussion of this draft takes place on the HTTP working group | |||
| mailing list (ietf-http-wg@w3.org), which is archived at | mailing list (ietf-http-wg@w3.org), which is archived at | |||
| <https://lists.w3.org/Archives/Public/ietf-http-wg/>. | <https://lists.w3.org/Archives/Public/ietf-http-wg/>. | |||
| Working Group information can be found at <https://httpwg.org/>; | Working Group information can be found at <https://httpwg.org/>; | |||
| source code and issues list for this draft can be found at | source code and issues list for this draft can be found at | |||
| <https://github.com/httpwg/http-extensions/labels/query-method>. | <https://github.com/httpwg/http-extensions/labels/query-method>. | |||
| The changes in this draft are summarized in Appendix B.13. | The changes in this draft are summarized in Appendix B.14. | |||
| Status of This Memo | Status of This Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on May 18, 2026. | This Internet-Draft will expire on May 22, 2026. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2025 IETF Trust and the persons identified as the | Copyright (c) 2025 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents (https://trustee.ietf.org/ | Provisions Relating to IETF Documents (https://trustee.ietf.org/ | |||
| license-info) in effect on the date of publication of this document. | license-info) in effect on the date of publication of this document. | |||
| Please review these documents carefully, as they describe your rights | Please review these documents carefully, as they describe your rights | |||
| skipping to change at page 3, line 23 ¶ | skipping to change at page 3, line 23 ¶ | |||
| B.4. Since draft-ietf-httpbis-safe-method-w-body-03 . . . . . 26 | B.4. Since draft-ietf-httpbis-safe-method-w-body-03 . . . . . 26 | |||
| B.5. Since draft-ietf-httpbis-safe-method-w-body-04 . . . . . 26 | B.5. Since draft-ietf-httpbis-safe-method-w-body-04 . . . . . 26 | |||
| B.6. Since draft-ietf-httpbis-safe-method-w-body-05 . . . . . 26 | B.6. Since draft-ietf-httpbis-safe-method-w-body-05 . . . . . 26 | |||
| B.7. Since draft-ietf-httpbis-safe-method-w-body-06 . . . . . 27 | B.7. Since draft-ietf-httpbis-safe-method-w-body-06 . . . . . 27 | |||
| B.8. Since draft-ietf-httpbis-safe-method-w-body-07 . . . . . 28 | B.8. Since draft-ietf-httpbis-safe-method-w-body-07 . . . . . 28 | |||
| B.9. Since draft-ietf-httpbis-safe-method-w-body-08 . . . . . 28 | B.9. Since draft-ietf-httpbis-safe-method-w-body-08 . . . . . 28 | |||
| B.10. Since draft-ietf-httpbis-safe-method-w-body-09 . . . . . 28 | B.10. Since draft-ietf-httpbis-safe-method-w-body-09 . . . . . 28 | |||
| B.11. Since draft-ietf-httpbis-safe-method-w-body-10 . . . . . 28 | B.11. Since draft-ietf-httpbis-safe-method-w-body-10 . . . . . 28 | |||
| B.12. Since draft-ietf-httpbis-safe-method-w-body-11 . . . . . 29 | B.12. Since draft-ietf-httpbis-safe-method-w-body-11 . . . . . 29 | |||
| B.13. Since draft-ietf-httpbis-safe-method-w-body-12 . . . . . 29 | B.13. Since draft-ietf-httpbis-safe-method-w-body-12 . . . . . 29 | |||
| B.14. Since draft-ietf-httpbis-safe-method-w-body-13 . . . . . 30 | ||||
| Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 30 | Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 30 | |||
| Contributors . . . . . . . . . . . . . . . . . . . . . . . . . . 30 | Contributors . . . . . . . . . . . . . . . . . . . . . . . . . . 30 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 30 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 30 | |||
| 1. Introduction | 1. Introduction | |||
| This specification defines the HTTP QUERY request method as a means | This specification defines the HTTP QUERY request method as a means | |||
| of making a safe, idempotent request (Section 9.2 of [HTTP]) that | of making a safe, idempotent request (Section 9.2 of [HTTP]) that | |||
| encloses a representation describing how the request is to be | encloses a representation describing how the request is to be | |||
| processed by the target resource. | processed by the target resource. | |||
| Most often, this is desirable when the data conveyed in a request is | A common query pattern is: | |||
| too voluminous to be encoded into the request's URI. A common query | ||||
| pattern is: | ||||
| GET /feed?q=foo&limit=10&sort=-published HTTP/1.1 | GET /feed?q=foo&limit=10&sort=-published HTTP/1.1 | |||
| Host: example.org | Host: example.org | |||
| However, when the data conveyed is too voluminous to be encoded in | However, when the data conveyed is too voluminous to be encoded in | |||
| the request's URI, this pattern becomes problematic: | the request's URI, this pattern becomes problematic: | |||
| o often size limits are not known ahead of time because a request | o often size limits are not known ahead of time because a request | |||
| can pass through many uncoordinated systems (but note that | can pass through many uncoordinated systems (but note that | |||
| Section 4.1 of [HTTP] recommends senders and recipients to support | Section 4.1 of [HTTP] recommends senders and recipients to support | |||
| skipping to change at page 11, line 34 ¶ | skipping to change at page 11, line 34 ¶ | |||
| It can be used as an alternative to passing request information in | It can be used as an alternative to passing request information in | |||
| the URI (e.g., in the query component). This is preferred in some | the URI (e.g., in the query component). This is preferred in some | |||
| cases, as the URI is more likely to be logged or otherwise processed | cases, as the URI is more likely to be logged or otherwise processed | |||
| by intermediaries than the request content. In other cases, where | by intermediaries than the request content. In other cases, where | |||
| the query contains sensitive information, the potential for logging | the query contains sensitive information, the potential for logging | |||
| of the URI might motivate the use of QUERY over GET. | of the URI might motivate the use of QUERY over GET. | |||
| If a server creates a temporary resource to represent the results of | If a server creates a temporary resource to represent the results of | |||
| a QUERY request (e.g., for use in the Location or Content-Location | a QUERY request (e.g., for use in the Location or Content-Location | |||
| field) and the request contains sensitive information that cannot be | field), assigns a URI to that resource, and the request contains | |||
| logged, then the URI of this resource SHOULD be chosen such that it | sensitive information that cannot be logged, then that URI SHOULD be | |||
| does not include any sensitive portions of the original request | chosen such that it does not include any sensitive portions of the | |||
| content. | original request content. | |||
| Caches that normalize QUERY content incorrectly or in ways that are | Caches that normalize QUERY content incorrectly or in ways that are | |||
| significantly different from how the resource processes the content | significantly different from how the resource processes the content | |||
| can return an incorrect response if normalization results in a false | can return an incorrect response if normalization results in a false | |||
| positive. | positive. | |||
| A QUERY request from user agents implementing CORS (Cross-Origin | A QUERY request from user agents implementing CORS (Cross-Origin | |||
| Resource Sharing) will require a "preflight" request, as QUERY does | Resource Sharing) will require a "preflight" request, as QUERY does | |||
| not belong to the set of CORS-safelisted methods (see "Methods | not belong to the set of CORS-safelisted methods (see "Methods | |||
| (https://fetch.spec.whatwg.org/#methods)" in [FETCH]). | (https://fetch.spec.whatwg.org/#methods)" in [FETCH]). | |||
| skipping to change at page 13, line 19 ¶ | skipping to change at page 13, line 19 ¶ | |||
| [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | |||
| 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | |||
| May 2017, <https://www.rfc-editor.org/info/rfc8174>. | May 2017, <https://www.rfc-editor.org/info/rfc8174>. | |||
| [STRUCTURED-FIELDS] | [STRUCTURED-FIELDS] | |||
| Nottingham, M. and P-H. Kamp, "Structured Field Values for | Nottingham, M. and P-H. Kamp, "Structured Field Values for | |||
| HTTP", RFC 9651, DOI 10.17487/RFC9651, September 2024, | HTTP", RFC 9651, DOI 10.17487/RFC9651, September 2024, | |||
| <https://www.rfc-editor.org/info/rfc9651>. | <https://www.rfc-editor.org/info/rfc9651>. | |||
| [URI] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform | ||||
| Resource Identifier (URI): Generic Syntax", STD 66, | ||||
| RFC 3986, DOI 10.17487/RFC3986, January 2005, | ||||
| <https://www.rfc-editor.org/info/rfc3986>. | ||||
| 6.2. Informative References | 6.2. Informative References | |||
| [FETCH] WHATWG, "FETCH", <https://fetch.spec.whatwg.org>. | [FETCH] WHATWG, "FETCH", <https://fetch.spec.whatwg.org>. | |||
| [RFC6838] Freed, N., Klensin, J., and T. Hansen, "Media Type | [RFC6838] Freed, N., Klensin, J., and T. Hansen, "Media Type | |||
| Specifications and Registration Procedures", BCP 13, | Specifications and Registration Procedures", BCP 13, | |||
| RFC 6838, DOI 10.17487/RFC6838, January 2013, | RFC 6838, DOI 10.17487/RFC6838, January 2013, | |||
| <https://www.rfc-editor.org/info/rfc6838>. | <https://www.rfc-editor.org/info/rfc6838>. | |||
| [RFC8259] Bray, T., Ed., "The JavaScript Object Notation (JSON) Data | [RFC8259] Bray, T., Ed., "The JavaScript Object Notation (JSON) Data | |||
| Interchange Format", STD 90, RFC 8259, | Interchange Format", STD 90, RFC 8259, | |||
| DOI 10.17487/RFC8259, December 2017, | DOI 10.17487/RFC8259, December 2017, | |||
| <https://www.rfc-editor.org/info/rfc8259>. | <https://www.rfc-editor.org/info/rfc8259>. | |||
| [RFC9535] Gössner, S., Ed., Normington, G., Ed., and C. Bormann, | [RFC9535] Gössner, S., Ed., Normington, G., Ed., and C. Bormann, | |||
| Ed., "JSONPath: Query Expressions for JSON", RFC 9535, | Ed., "JSONPath: Query Expressions for JSON", RFC 9535, | |||
| DOI 10.17487/RFC9535, February 2024, | DOI 10.17487/RFC9535, February 2024, | |||
| <https://www.rfc-editor.org/info/rfc9535>. | <https://www.rfc-editor.org/info/rfc9535>. | |||
| [URI] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform | ||||
| Resource Identifier (URI): Generic Syntax", STD 66, | ||||
| RFC 3986, DOI 10.17487/RFC3986, January 2005, | ||||
| <https://www.rfc-editor.org/info/rfc3986>. | ||||
| [URL] WHATWG, "URL", <https://url.spec.whatwg.org>. | [URL] WHATWG, "URL", <https://url.spec.whatwg.org>. | |||
| [XSLT] Kay, M., "XSL Transformations (XSLT) Version 3.0", W3C | [XSLT] Kay, M., "XSL Transformations (XSLT) Version 3.0", W3C | |||
| Recommendation REC-xslt-30-20170608, June 8, 2017, | Recommendation REC-xslt-30-20170608, June 8, 2017, | |||
| <https://www.w3.org/TR/2017/REC-xslt-30-20170608/>. | <https://www.w3.org/TR/2017/REC-xslt-30-20170608/>. | |||
| Latest version available at | Latest version available at | |||
| <https://www.w3.org/TR/xslt-30/>. | <https://www.w3.org/TR/xslt-30/>. | |||
| Appendix A. Examples | Appendix A. Examples | |||
| skipping to change at page 30, line 10 ¶ | skipping to change at page 30, line 10 ¶ | |||
| o Extend discussion of Range Requests (<https://github.com/httpwg/ | o Extend discussion of Range Requests (<https://github.com/httpwg/ | |||
| http-extensions/issues/3151>) | http-extensions/issues/3151>) | |||
| B.13. Since draft-ietf-httpbis-safe-method-w-body-12 | B.13. Since draft-ietf-httpbis-safe-method-w-body-12 | |||
| o Ack Asbjørn Ulsberg (<https://github.com/httpwg/http-extensions/ | o Ack Asbjørn Ulsberg (<https://github.com/httpwg/http-extensions/ | |||
| issues/3299>) | issues/3299>) | |||
| o LC feedback from Rahul Gupta (<https://github.com/httpwg/http- | o LC feedback from Rahul Gupta (<https://github.com/httpwg/http- | |||
| extensions/issues/3315>) | extensions/issues/3315>) | |||
| B.14. Since draft-ietf-httpbis-safe-method-w-body-13 | ||||
| o URI reference is normative (<https://github.com/httpwg/http- | ||||
| extensions/issues/3331>) | ||||
| o inconsistency between Sections 2.4 and 4 wrt URI assignments | ||||
| (<https://github.com/httpwg/http-extensions/issues/3332>) | ||||
| o IESG review nits (<https://github.com/httpwg/http-extensions/ | ||||
| issues/3333>) | ||||
| Acknowledgements | Acknowledgements | |||
| We thank all members of the HTTP Working Group for ideas, reviews, | We thank all members of the HTTP Working Group for ideas, reviews, | |||
| and feedback. | and feedback. | |||
| The following individuals deserve special recognition: Carsten | The following individuals deserve special recognition: Carsten | |||
| Bormann, Mark Nottingham, Martin Thomson, Michael Thornburgh, Roberto | Bormann, Mark Nottingham, Martin Thomson, Michael Thornburgh, Roberto | |||
| Polli, Roy Fielding, and Will Hawkins. | Polli, Roy Fielding, and Will Hawkins. | |||
| Contributors | Contributors | |||
| End of changes. 12 change blocks. | ||||
| 18 lines changed or deleted | 28 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||