W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 1997

Feedback on: draft-cohen-http305306-02.txt

From: David W. Morris <dwm@xpasc.com>
Date: Thu, 24 Jul 1997 23:27:15 -0700 (PDT)
To: http working group <http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com>
Cc: Josh Cohen <josh@netscape.com>
Message-Id: <Pine.GSO.3.96.970724231106.16884G-100000@shell1.aimnet.com>

My comments are interspersed with **DWM: prefixes below. Mostly minor
editorial except for the scope pattern which as I note I don't understand
what is being specified.


1.0 Response Codes

 1.1 305 Use Proxy

   The 305 is generated by an origin server to indicate that the client,
   or proxy, should use a proxy to access the requested resource.

   The request SHOULD be accompanied by a 'Set-proxy' response header
   indicating what proxy is to be used. The client will parse the 'Set-
   proxy' header as defined below to decide how long, for what URLs it
**DWM:                                              ^^^ insert 'and' 
**DWM:    and I believe delete the comma.

   should use the specified proxy.

   If the 305 response is not accompanied by a 'Set-proxy' header, it
   MUST be accompanied by a 'Location' header.  The 'Location' header
   will specify a URL to the proxy.

   If both headers are present in the response, the client SHOULD use
   the 'Set-proxy' header only.

**DWM: change the last phrase to read:  "the client SHOULD only use
**DWM: the 'Set-proxy' header."
**DWM: OR "the client SHOULD ignore the 'Location' header."

 1.2 306 Switch Proxy

   The 306 response is generated by a proxy server to indicate that the
   client or proxy should use the information in the accompanying 'Set-
   proxy' header to choose a proxy for subsequent requests.

   The 306 response code MUST be accompanied by the 'Set-proxy' response

J. Cohen          HTTP/1.1 305 and 306 Response Codes           [Page 2]

INTERNET-DRAFT                                              24 July 1997

   header.  The client or proxy will parse the 'Set-proxy' header to
   determine which proxy to use, how long to use it, and for which URLs
   to use it.

   The scope in the set-proxy header is considered an optional advisory.
   The client or proxy may choose to ignore it, and use it for just this
   request, for all requests, or for a scope previously or implicitly
   defined by another configuration method or autoconfiguration system.

 1.3 506 Redirection Failed

   The 506 response is returned when a redirection fails or is refused
   by a proxy or client.  If the redirection response included a body,
   then it SHOULD be included in the 506 response.

2.0 Headers

 2.1 'Set-proxy' Response Header

           The 'Set-proxy' header is defined as:

           Set-proxy: "Set-proxy" ":" action [ ";" parameters ]

**DWM:   I believe you need "1#parameters" meaning 1 or more comma
**DWM:   delimited terms?

           parameters = ( "scope" "=" scopePattern ) |
                   ( proxyURI "=" URI ) |

           lifetime = ( "seconds"  "=" integer )
                   | ( "hits"      "=" integer )

           action =  ( "DIRECT"
                   | "IPL"
                   | "SET" )

           scopePattern = "*" | "-" | URIpattern

           URIpattern = character | "*"

           character = Any character legal in the definition
                       of a URL/URI in the context of RFC2068

**DWM:  I can't make sense out of either the syntax description or
**DWM:  the words below for what you mean to provide syntactically
**DWM:  or semantically for URIpattern. So other than to say that
**DWM:  I don't understand, I can't offer a suggestion.

   An example header:
       Set-proxy: SET ; proxyURI = "http://proxy.me.com:8080/",
           scope="http://", seconds=5


   The first item, "action" specifies the type or mode of the change.
   Possible modes are:

    Attempt to connect directly, with no proxy

    Initial Program Load, the client or proxy should attempt to revert
    back to its default or initial proxy setting.  This is meant to
    instruct a client to re-fetch its proxy configuration, or PAC file.
    When set, the accompanying scope field MUST be "*" A client receiv-
    ing this response SHOULD prompt the user for confirmation.

    If accompanied by a 'proxyURI' parameter, a proxy or client MAY use
    the value as a URL containing a configuration to retrieve.  If a
    client  does so, it MUST prompt the user for confirmation.

    Set to parameter "proxyURI".  The client should use the URL speci-
    fied for "proxyURI" as the proxy.  If the SET mode is specified, the
    parameter, "proxyURI", MUST be present.


    Scope refers to an expression pattern that specifies which URIs are
    subject to this header setting.  URIs should be matched against the
    scope with this rule :

     The scope "*" means all requests
     The scope "-" means this EXACT URL ONLY

    Otherwise, the URL is compared with the scope in the following

    The Scope is a prefix of matching URLs.

    The character "*" is allowed in the dns name portion of a URL, or in
    the path portion of the URL, but ONLY when used with a 306, not a

    It matches any sequence of characters except '/'.

    This is intended to be a simple matching scheme to allow a prefix
    match to take place.

    See the examples section in "Operational Constraints"

    The lifetime parameter specifies how long the specified proxy should
    be used.  If lifetime is specified as "seconds" then the proxy set-
    ting remains in effect for 'integer' seconds.  If lifetime is speci-
    fied in 'hits' then the proxy setting remains in effect for
    'integer' transactions.

 2.2 Location Header

    In the original HTTP/1.1 spec, the 'Location' header was used to
    indicate the proxy setting.  Its use is DEPRECATED by the 'Set-
    proxy' header in the context of a 305 response. All new implementa-
    tions MUST send the Set-proxy header.  Implementations MAY send the
    'Location' header so as to allow backward compatibility.

    If the 'Location' header is specified, it should contain a URI of
    the proxy.  If the Set-proxy header is not specified, the client
    should use this proxy for just one request, and only for the origi-
    nally requested exact URL.

 3.0 Methods

    A client or proxy receiving a 305 or 306, should use the OPTIONS
    method to determine if the server or proxy it is talking to actually
    is an HTTP/1.1 server supporting 305 and 306 responses.

4.0 Operational Constraints

   * Both the 305 and 306 response codes are HOP by HOP.  A proxy server
     MUST not forward a 305 or 306 respose code (unless it generated the

   * A webserver MUST NOT send a 306 response under any circumstances

   * A proxy server MUST NOT generate a 305 response.

   * A client or proxy SHOULD NOT accept a 306 from a proxy that it
     learned of via a 305 response code.

   * A client or proxy MAY maintain state and allow a lifetime to extend
     beyond a session or restart.

   * A 'Set-proxy: IPL' SHOULD override any previous 'Set-proxy' header.

   * A 305 or 306 response MAY contain a body containing an explanation
     of the redirect for clients which do not understand the redirect

   * In the absence of any parameter, the following defaults should be

       lifetime = this transaction only
       scope = this exact URL only

   * When receiving a 305 response, the client or proxy will enforce the
     following rule with respect to the scope.

     The scope specified must be more restrictive than the transformed
     URL in question based on the rightmost slash in the URI.

     Example: (in order of restrictiveness)
       for URI = http://www.ups.com/services/index.html

       http://www.ups.com/services/  (allowed)
       http://www.ups.com/services/express/ ( allowed )
       http://www.ups.com/ (NOT allowed)

J. Cohen          HTTP/1.1 305 and 306 Response Codes           [Page 6]

INTERNET-DRAFT                                              24 July 1997

     Using "*" in a 306 response set-proxy: header:

     The scope may be set to:
         which would apply to all URLs in to domain foo.com

     If the scope returned with a 305 response is less restrictive than
     the requested URL, the client may reject the redirection and return
     506 Redirection Failed.  If the client wished to honor the
     redirect, it client MUST prompt the user for confirmation before
     accepting the new proxy setting.

**DWM:  This and the earlier discussion of 506 is confusing at best.
**DWM:  Who exactly is the client returning 506 to? In normal HTTP
**DWM:  lingo the client receives responses, it doesn't send them.
Received on Thursday, 24 July 1997 23:33:58 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:32:49 EDT