| draft-ietf-httpbis-no-vary-search-01.txt | draft-ietf-httpbis-no-vary-search-latest.txt | |||
|---|---|---|---|---|
| HyperText Transfer Protocol | HyperText Transfer Protocol | |||
| Internet-Draft | Internet-Draft | |||
| Intended status: Standards Track Google LLC | Intended status: Standards Track Google LLC | |||
| Expires: September 22, 2025 March 21, 2025 | Expires: December 7, 2025 June 05, 2025 | |||
| No-Vary-Search | The No-Vary-Search HTTP Response Header Field | |||
| draft-ietf-httpbis-no-vary-search-latest | draft-ietf-httpbis-no-vary-search-latest | |||
| Abstract | Abstract | |||
| This specification defines a proposed HTTP header field for changing | This specification defines a proposed HTTP response header field for | |||
| how URL search parameters impact caching. | changing how URL search parameters impact caching. | |||
| About This Document | About This Document | |||
| This note is to be removed before publishing as an RFC. | This note is to be removed before publishing as an RFC. | |||
| The latest revision of this draft can be found at | The latest revision of this draft can be found at | |||
| <https://httpwg.org/http-extensions/draft-ietf-httpbis-no-vary- | <https://httpwg.org/http-extensions/draft-ietf-httpbis-no-vary- | |||
| search.html>. Status information for this document may be found at | search.html>. Status information for this document may be found at | |||
| <https://datatracker.ietf.org/doc/draft-ietf-httpbis-no-vary- | <https://datatracker.ietf.org/doc/draft-ietf-httpbis-no-vary- | |||
| search/>. | search/>. | |||
| skipping to change at page 1, line 49 ¶ | skipping to change at page 1, line 49 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on September 22, 2025. | This Internet-Draft will expire on December 7, 2025. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2025 IETF Trust and the persons identified as the | Copyright (c) 2025 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 13, line 18 ¶ | skipping to change at page 13, line 18 ¶ | |||
| In this case, even URL pairs that might appear the same after | In this case, even URL pairs that might appear the same after | |||
| running the application/x-www-form-urlencoded parser [10] | running the application/x-www-form-urlencoded parser [10] | |||
| [WHATWG-URL] on their queries, such as "https://example.com/a" | [WHATWG-URL] on their queries, such as "https://example.com/a" | |||
| and "https://example.com/a?", or "https://example.com/ | and "https://example.com/a?", or "https://example.com/ | |||
| foo?a=b&&&c" and "https://example.com/foo?a=b&c=", will be | foo?a=b&&&c" and "https://example.com/foo?a=b&c=", will be | |||
| treated as inequivalent. | treated as inequivalent. | |||
| 3. Let _searchParamsA_ and _searchParamsB_ be empty lists. | 3. Let _searchParamsA_ and _searchParamsB_ be empty lists. | |||
| 4. If _wrlA_'s query is not null, then set _searchParamsA_ to the | 4. If _urlA_'s query is not null, then set _searchParamsA_ to the | |||
| result of running the application/x-www-form-urlencoded parser | result of running the application/x-www-form-urlencoded parser | |||
| [11] [WHATWG-URL] given the isomorphic encoding [12] | [11] [WHATWG-URL] given the isomorphic encoding [12] | |||
| [WHATWG-INFRA] of _urlA_'s query. | [WHATWG-INFRA] of _urlA_'s query. | |||
| 5. If _wrlB_'s query is not null, then set _searchParamsB_ to the | 5. If _urlB_'s query is not null, then set _searchParamsB_ to the | |||
| result of running the application/x-www-form-urlencoded parser | result of running the application/x-www-form-urlencoded parser | |||
| [13] [WHATWG-URL] given the isomorphic encoding [14] | [13] [WHATWG-URL] given the isomorphic encoding [14] | |||
| [WHATWG-INFRA] of _urlB_'s query. | [WHATWG-INFRA] of _urlB_'s query. | |||
| 6. If _searchVariance_'s no-vary params is a list, then: | 6. If _searchVariance_'s no-vary params is a list, then: | |||
| 1. Set _searchParamsA_ to a list containing those items _pair_ | 1. Set _searchParamsA_ to a list containing those items _pair_ | |||
| in _searchParamsA_ where _searchVariance_'s no-vary params | in _searchParamsA_ where _searchVariance_'s no-vary params | |||
| does not contain _pair_[0]. | does not contain _pair_[0]. | |||
| skipping to change at page 16, line 28 ¶ | skipping to change at page 16, line 28 ¶ | |||
| o one of the following: | o one of the following: | |||
| * the presented target URI (Section 7.1 of [HTTP]) and that of | * the presented target URI (Section 7.1 of [HTTP]) and that of | |||
| the stored response match, or | the stored response match, or | |||
| * the presented target URI and that of the stored response are | * the presented target URI and that of the stored response are | |||
| equivalent modulo search variance (Section 6), given the | equivalent modulo search variance (Section 6), given the | |||
| variance obtained (Section 5.2) from the stored response. | variance obtained (Section 5.2) from the stored response. | |||
| Servers SHOULD send no more than one distinct non-empty value for the | ||||
| "No-Vary-Search" field in response to requests for a given pathname. | ||||
| Cache implementations MAY fail to reuse a stored response whose | Cache implementations MAY fail to reuse a stored response whose | |||
| target URI matches _only_ modulo URL search variance, if the cache | target URI matches _only_ modulo URL search variance, if the cache | |||
| has more recently stored a response which: | has more recently stored a response which: | |||
| o has a target URI which is equal to the presented target URI, | o has a target URI which is equal to the presented target URI, | |||
| excluding the query, and | excluding the query, and | |||
| o has a non-empty value for the "No-Vary-Search" field, and | o has a non-empty value for the "No-Vary-Search" field, and | |||
| o has a "No-Vary-Search" field value different from the stored | o has a "No-Vary-Search" field value different from the stored | |||
| response being considered for reuse. | response being considered for reuse. | |||
| Caches aren't required to reuse stored responses, generally. | Caches aren't required to reuse stored responses, generally. | |||
| However, the above expressly empowers caches to, if it is | However, the above expressly empowers caches to, if it is | |||
| advantageous for performance or other reasons, search a smaller | advantageous for performance or other reasons, search a smaller | |||
| number of stored responses. Such a cache might take steps like | number of stored responses. | |||
| the following to identify a stored response (before checking the | ||||
| other conditions in Section 4 of [HTTP-CACHING]): | That is, because caches might store more than one response for a | |||
| given pathname, they need a way to efficiently look up the No- | ||||
| Vary-Search value without accessing all cached responses. Such a | ||||
| cache might take steps like the following to identify a stored | ||||
| response in a performant way, before checking the other conditions | ||||
| in Section 4 of [HTTP-CACHING]: | ||||
| 1. Let exactMatch be cache[presentedTargetURI]. If it is a | 1. Let exactMatch be cache[presentedTargetURI]. If it is a | |||
| stored response that can be reused, return it. | stored response that can be reused, return it. | |||
| 2. Let targetPath be presentedTargetURI, with query parameters | 2. Let targetPath be presentedTargetURI, with query parameters | |||
| removed. | removed. | |||
| 3. Let lastNVS be mostRecentNVS[targetPath]. If it does not | 3. Let lastNVS be mostRecentNVS[targetPath]. If it does not | |||
| exist, return null. | exist, return null. | |||
| skipping to change at page 18, line 12 ¶ | skipping to change at page 18, line 12 ¶ | |||
| 6. Let searchVariance be obtained (Section 5.2) from nvsMatch. | 6. Let searchVariance be obtained (Section 5.2) from nvsMatch. | |||
| 7. If nvsMatch's target URI and presentedTargetURI are not | 7. If nvsMatch's target URI and presentedTargetURI are not | |||
| equivalent modulo search variance (Section 6) given | equivalent modulo search variance (Section 6) given | |||
| searchVariance, then return null. | searchVariance, then return null. | |||
| 8. If nvsMatch is a stored response that can be reused, return | 8. If nvsMatch is a stored response that can be reused, return | |||
| it. Otherwise, return null. | it. Otherwise, return null. | |||
| Such implementations might "miss" some stored responses that could | To aid cache implementation efficiency, servers SHOULD NOT send | |||
| otherwise have been reused. It is therefore useful for servers to | different non-empty values for the "No-Vary-Search" field in response | |||
| avoid sending different values for the "No-Vary-Search" field when | to requests for a given pathname over time, unless there is a need to | |||
| possible. | update how they handle the query component. Doing so would cause | |||
| cache implementations that use a strategy like the above to miss some | ||||
| stored responses that could otherwise have been reused. | ||||
| 8. Security Considerations | 8. Security Considerations | |||
| The main risk to be aware of is the impact of mismatched URLs. In | The main risk to be aware of is the impact of mismatched URLs. In | |||
| particular, this could cause the user to see a response that was | particular, this could cause the user to see a response that was | |||
| originally fetched from a URL different from the one displayed when | originally fetched from a URL different from the one displayed when | |||
| they hovered a link, or the URL displayed in the URL bar. | they hovered a link, or the URL displayed in the URL bar. | |||
| However, since the impact is limited to query parameters, this does | However, since the impact is limited to query parameters, this does | |||
| not cross the relevant security boundary, which is the origin [16] | not cross the relevant security boundary, which is the origin [16] | |||
| End of changes. 10 change blocks. | ||||
| 17 lines changed or deleted | 22 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||