IETF 刚刚发布了很多新的 RFCs 用以更新 HTTP/1.1,包括:
- RFC 7230: Message Syntax and Routing
- RFC 7231: Semantics and Content
- RFC 7232: Conditional Requests
- RFC 7233: Range Request
- RFC 7234: Caching
- RFC 7235: Authentication
- RFC 7236: Authentication Scheme Registrations
- RFC 7237: Method Registrations
- RFC 7238: the 308 status code
- RFC 7239: Forwarded HTTP extension
这些文档让原来的 HTTP/1.1 变得过时,对一个 HTTP 极客来说,这事儿很大!
RFC 2616, 已经推出 15 年了,而 HTTP/2.0 还在开发中。推出的更新主要包括:
- Clarifications around dealing with unexpected whitespace, which should fix response splitting vulnerabilities.
- The limit of two connections per server has been removed.
- HTTP/0.9 support has been dropped.
- Default charset of ISO-8859-1 has been removed.
- Servers are no longer required to handle all Content-* header fields.
- Content-Range has been explicitly banned in PUT requests.
- It's now suggested to use the about:blank uri in the Referer header when no referer exists, to distinguish between "there was no referrer" and "I don't want to send a referrer".
- The 204, 404, 405, 414 and 501 status codes are now cachable.
- The status codes 301 and 302 have been changed to allow user agents to rewrite the method from POST to GET. This is a good example of a case where everybody has been (incorrectly) already doing this, and the spec now reflects the real world implementation.
- The Location header can now contain relative uri's as well as fragment identifiers.
- Content-MD5 has been removed.
还有什么我漏掉的吗?