This document describes a set of data types and associated algorithms that are intended to make it easier and safer to define and handle HTTP header and trailer fields, known as “Structured Fields”, or “Structured Headers”. It is intended for use by specifications of new HTTP fields that wish to use a common syntax that is more restrictive than traditional HTTP field values.
RFC EDITOR: please remove this section before publication
Discussion of this draft takes place on the HTTP working group mailing list (firstname.lastname@example.org), which is archived at https://lists.w3.org/Archives/Public/ietf-http-wg/.
Working Group information can be found at https://httpwg.github.io/; source code and issues list for this draft can be found at https://github.com/httpwg/http-extensions/labels/header-structure.
Tests for implementations are collected at https://github.com/httpwg/structured-header-tests.
Implementations are tracked at https://github.com/httpwg/wiki/wiki/Structured-Headers.
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as “work in progress”.
This Internet-Draft will expire on October 3, 2020.
Copyright (c) 2020 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
Specifying the syntax of new HTTP header (and trailer) fields is an onerous task; even with the guidance in Section 8.3.1 of [RFC7231], there are many decisions – and pitfalls – for a prospective HTTP field author.
Once a field is defined, bespoke parsers and serializers often need to be written, because each field value has slightly different handling of what looks like common syntax.
This document introduces a set of common data structures for use in definitions of new HTTP field values to address these problems. In particular, it defines a generic, abstract model for them, along with a concrete serialization for expressing that model in HTTP [RFC7230] header and trailer fields.
A HTTP field that is defined as a “Structured Header” (or “Structured Trailer”, respectively; if the field can be either, it is a “Structured Field”) uses the types defined in this specification to define its syntax and basic handling rules, thereby simplifying both its definition by specification writers and handling by implementations.
Additionally, future versions of HTTP can define alternative serializations of the abstract model of these structures, allowing fields that use it to be transmitted more efficiently without being redefined.
Note that it is not a goal of this document to redefine the syntax of existing HTTP fields; the mechanisms described herein are only intended to be used with those that explicitly opt into them.
Section 2 describes how to specify a Structured Field.
Section 3 defines a number of abstract data types that can be used in Structured Fields.
Those abstract types can be serialized into and parsed from HTTP field values using the algorithms described in Section 4.
This specification intentionally defines strict parsing and serialization behaviors using step-by-step algorithms; the only error handling defined is to fail the operation altogether.
It is designed to encourage faithful implementation and therefore good interoperability. Therefore, an implementation that tried to be “helpful” by being more tolerant of input would make interoperability worse, since that would create pressure on other implementations to implement similar (but likely subtly different) workarounds.
In other words, strict processing is an intentional feature of this specification; it allows non-conformant input to be discovered and corrected by the producer early, and avoids both interoperability and security issues that might otherwise result.
Note that as a result of this strictness, if a field is appended to by multiple parties (e.g., intermediaries, or different components in the sender), an error in one party’s value is likely to cause the entire field value to fail parsing.
The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “NOT RECOMMENDED”, “MAY”, and “OPTIONAL” in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.
This document uses algorithms to specify parsing and serialization behaviors, and the Augmented Backus-Naur Form (ABNF) notation of [RFC5234] to illustrate expected syntax in HTTP header fields. In doing so, it uses the VCHAR, SP, DIGIT, ALPHA and DQUOTE rules from [RFC5234]. It also includes the tchar rule from [RFC7230].
When parsing from HTTP fields, implementations MUST follow the algorithms, but MAY vary in implementation so as the behaviors are indistinguishable from specified behavior. If there is disagreement between the parsing algorithms and ABNF, the specified algorithms take precedence. In some places, the algorithms are “greedy” with whitespace, but this should not affect conformance.
For serialization to HTTP fields, the ABNF illustrates the range of acceptable wire representations with as much fidelity as possible, and the algorithms define the recommended way to produce them. Implementations MAY vary from the specified behavior so long as the output still matches the ABNF.
To specify a HTTP field as a Structured Field, its authors needs to:
Typically, this means that a field definition will specify the top-level type – List, Dictionary or Item – and then define its allowable types, and constraints upon them. For example, a header defined as a List might have all Integer members, or a mix of types; a header defined as an Item might allow only Strings, and additionally only strings beginning with the letter “Q”. Likewise, Inner Lists are only valid when a field definition explicitly allows them.
When parsing fails, the entire field is ignored (see Section 4.2); in most situations, violating field-specific constraints should have the same effect. Thus, if a header is defined as an Item and required to be an Integer, but a String is received, the field will by default be ignored. If the field requires different error handling, this should be explicitly specified.
Both Items and Inner Lists allow parameters as an extensibility mechanism; this means that values can later be extended to accommodate more information, if need be. To preserve forward compatibility, field specifications are discouraged from defining the presence of an unrecognized Parameter as an error condition.
To further assure that this extensibility is available in the future, and to encourage consumers to use a complete parser implementation, a field definition can specify that “grease” Parameters be added by senders. A specification could stipulate that all Parameters that fit a defined pattern are reserved for this use and then encourage them to be sent on some portion of requests. This helps to discourage recipients from writing a parser that does not account for Parameters.
Specifications that use Dictionaries can also allow for forward compatibility by requiring that the presence of – as well as value and type associated with – unknown members be ignored. Later specifications can then add additional members, specifying constraints on them as appropriate.
An extension to a structured field can then require that an entire field value be ignored by a recipient that understands the extension if constraints on the value it defines are not met.
A field definition cannot relax the requirements of this specification because doing so would preclude handling by generic software; they can only add additional constraints (for example, on the numeric range of Integers and Decimals, the format of Strings and Tokens, the types allowed in a Dictionary’s values, or the number of Items in a List). Likewise, field definitions can only use this specification for the entire field value, not a portion thereof.
This specification defines minimums for the length or number of various structures supported by implementations. It does not specify maximum sizes in most cases, but authors should be aware that HTTP implementations do impose various limits on the size of individual fields, the total number of fields, and/or the size of the entire header or trailer section.
Specifications can refer to a field name as a “structured header name”, “structured trailer name” or “structured field name” as appropriate. Likewise, they can refer its field value as a “structured header value”, “structured trailer value” or “structured field value” as necessary. Field definitions are encouraged to use the ABNF rules beginning with “sh-“ defined in this specification; other rules in this specification are not intended for their use.
For example, a fictitious Foo-Example header field might be specified as:
42. Foo-Example Header The Foo-Example HTTP header field conveys information about how much Foo the message has. Foo-Example is a Item Structured Header [RFCxxxx]. Its value MUST be an Integer (Section Y.Y of [RFCxxxx]). Its ABNF is: Foo-Example = sh-integer Its value indicates the amount of Foo in the message, and MUST be between 0 and 10, inclusive; other values MUST cause the entire header field to be ignored. The following parameters are defined: * A Parameter whose name is "foourl", and whose value is a String (Section Y.Y of [RFCxxxx]), conveying the Foo URL for the message. See below for processing requirements. "foourl" contains a URI-reference (Section 4.1 of [RFC3986]). If its value is not a valid URI-reference, the entire header field MUST be ignored. If its value is a relative reference (Section 4.2 of [RFC3986]), it MUST be resolved (Section 5 of [RFC3986]) before being used. For example: Foo-Example: 2; foourl="https://foo.example.com/"
This section defines the abstract value types that can be composed into Structured Fields. The ABNF provided represents the on-wire format in HTTP field values.
The ABNF for Lists in HTTP fields is:
sh-list = list-member *( *SP "," *SP list-member ) list-member = sh-item / inner-list
Each member is separated by a comma and optional whitespace. For example, a field whose value is defined as a List of Strings could look like:
Example-StrListHeader: "foo", "bar", "It was the best of times."
An empty List is denoted by not serializing the field at all.
Note that Lists can have their members split across multiple lines inside a header or trailer section, as per Section 3.2.2 of [RFC7230]; for example, the following are equivalent:
Example-Hdr: foo, bar
Example-Hdr: foo Example-Hdr: bar
However, individual members of a List cannot be safely split between across lines; see Section 4.2 for details.
Parsers MUST support Lists containing at least 1024 members. Field specifications can constrain the types and cardinality of individual List values as they require.
The ABNF for Inner Lists is:
inner-list = "(" *SP [ sh-item *( 1*SP sh-item ) *SP ] ")" parameters
Inner Lists are denoted by surrounding parenthesis, and have their values delimited by a single space. A field whose value is defined as a list of Inner Lists of Strings could look like:
Example-StrListListHeader: ("foo" "bar"), ("baz"), ("bat" "one"), ()
Note that the last member in this example is an empty Inner List.
A header field whose value is defined as a list of Inner Lists with Parameters at both levels could look like:
Example-ListListParam: ("foo"; a=1;b=2);lvl=5, ("bar" "baz");lvl=1
Parsers MUST support Inner Lists containing at least 256 members. Field specifications can constrain the types and cardinality of individual Inner List members as they require.
Parameters are an ordered map of key-values pairs that are associated with an Item (Section 3.3) or Inner List (Section 3.1.1). The keys are unique within the scope the Parameters they occur within, and the values are bare items (i.e., they themselves cannot be parameterized; see Section 3.3).
The ABNF for Parameters is:
parameters = *( ";" *SP parameter ) parameter = param-name [ "=" param-value ] param-name = key key = ( lcalpha / "*" ) *( lcalpha / DIGIT / "_" / "-" / "." / "*" ) lcalpha = %x61-7A ; a-z param-value = bare-item
A parameter is separated from its Item or Inner List and other parameters by a semicolon. For example:
Example-ParamListHeader: abc;a=1;b=2; cde_456, (ghi;jk=4 l);q="9";r=w
Parameters whose value is Boolean true MUST omit that value when serialized. For example:
Example-IntHeader: 1; a; b=?0
Note that this requirement is only on serialization; parsers are still required to correctly handle the true value when it appears in a parameter.
Parsers MUST support at least 256 parameters on an Item or Inner List, and support parameter keys with at least 64 characters. Field specifications can constrain the types and cardinality of individual parameter names and values as they require.
Dictionaries are ordered maps of name-value pairs, where the names are short, textual strings and the values are items (Section 3.3) or arrays of items, both of which can be Parameterized (Section 3.1.2). There can be zero or more members, and their names are unique in the scope of the Dictionary they occur within.
Implementations MUST provide access to Dictionaries both by index and by name. Specifications MAY use either means of accessing the members.
The ABNF for Dictionaries is:
sh-dictionary = dict-member *( *SP "," *SP dict-member ) dict-member = member-name [ "=" member-value ] member-name = key member-value = sh-item / inner-list
Members are separated by a comma with optional whitespace, while names and values are separated by “=” (without whitespace). For example:
Example-DictHeader: en="Applepie", da=:w4ZibGV0w6ZydGU=:
Members whose value is Boolean true MUST omit that value when serialized. For example, here both “b” and “c” are true:
Example-DictHeader: a=?0, b, c; foo=bar
Note that this requirement is only on serialization; parsers are still required to correctly handle the true Boolean value when it appears in Dictionary values.
A Dictionary with a member whose value is an Inner List of tokens:
Example-DictListHeader: rating=1.5, feelings=(joy sadness)
A Dictionary with a mix of singular and list values, some with Parameters:
Example-MixDict: a=(1 2), b=3, c=4;aa=bb, d=(5 6);valid
As with lists, an empty Dictionary is represented by omitting the entire field.
Typically, a field specification will define the semantics of Dictionaries by specifying the allowed type(s) for individual member names, as well as whether their presence is required or optional. Recipients MUST ignore names that are undefined or unknown, unless the field’s specification specifically disallows them.
Note that dictionaries can have their members split across multiple lines inside a header or trailer section; for example, the following are equivalent:
Example-Hdr: foo=1, bar=2
Example-Hdr: foo=1 Example-Hdr: bar=2
However, individual members of a Dictionary cannot be safely split between lines; see Section 4.2 for details.
Parsers MUST support Dictionaries containing at least 1024 name/value pairs, and names with at least 64 characters.
An Item can be a Integer (Section 3.3.1), Decimal (Section 3.3.2), String (Section 3.3.3), Token (Section 3.3.4), Byte Sequence (Section 3.3.5), or Boolean (Section 3.3.6). It can have associated Parameters (Section 3.1.2).
The ABNF for Items is:
sh-item = bare-item parameters bare-item = sh-integer / sh-decimal / sh-string / sh-token / sh-binary / sh-boolean
For example, a header field that is defined to be an Item that is an Integer might look like:
or with Parameters:
Example-IntItemHeader: 5; foo=bar
Integers have a range of -999,999,999,999,999 to 999,999,999,999,999 inclusive (i.e., up to fifteen digits, signed), for IEEE 754 compatibility ([IEEE754]).
The ABNF for Integers is:
sh-integer = ["-"] 1*15DIGIT
Note that commas in Integers are used in this section’s prose only for readability; they are not valid in the wire format.
Decimals are numbers with an integer and a fractional component. The integer component has at most 12 digits; the fractional component has at most three digits.
The ABNF for decimals is:
sh-decimal = ["-"] 1*12DIGIT "." 1*3DIGIT
For example, a header whose value is defined as a Decimal could look like:
Note that the serialisation algorithm (Section 4.1.5) rounds input with more than three digits of precision in the fractional component. If an alternative rounding strategy is desired, this should be specified by the header definition to occur before serialisation.
Strings are zero or more printable ASCII [RFC0020] characters (i.e., the range %x20 to %x7E). Note that this excludes tabs, newlines, carriage returns, etc.
The ABNF for Strings is:
sh-string = DQUOTE *(chr) DQUOTE chr = unescaped / escaped unescaped = %x20-21 / %x23-5B / %x5D-7E escaped = "\" ( DQUOTE / "\" )
Strings are delimited with double quotes, using a backslash (“\”) to escape double quotes and backslashes. For example:
Example-StringHeader: "hello world"
Note that Strings only use DQUOTE as a delimiter; single quotes do not delimit Strings. Furthermore, only DQUOTE and “\” can be escaped; other characters after “\” MUST cause parsing to fail.
Unicode is not directly supported in Strings, because it causes a number of interoperability issues, and – with few exceptions – field values do not require it.
Parsers MUST support Strings (after any decoding) with at least 1024 characters.
Tokens are short textual words; their abstract model is identical to their expression in the HTTP field value serialization.
The ABNF for Tokens is:
sh-token = ( ALPHA / "*" ) *( tchar / ":" / "/" )
Parsers MUST support Tokens with at least 512 characters.
Note that Token allows the characters as the “token” ABNF rule defined in [RFC7230], with the exceptions that the first character is required to be either ALPHA or “*”, and “:” and “/” are also allowed in subsequent characters.
Byte Sequences can be conveyed in Structured Fields.
The ABNF for a Byte Sequence is:
sh-binary = ":" *(base64) ":" base64 = ALPHA / DIGIT / "+" / "/" / "="
A Byte Sequence is delimited with colons and encoded using base64 ([RFC4648], Section 4). For example:
Parsers MUST support Byte Sequences with at least 16384 octets after decoding.
Boolean values can be conveyed in Structured Fields.
The ABNF for a Boolean is:
sh-boolean = "?" boolean boolean = "0" / "1"
A Boolean is indicated with a leading “?” character followed by a “1” for a true value or “0” for false. For example:
Given a structure defined in this specification, return an ASCII string suitable for use in a HTTP field value.
Given an array of (member_value, parameters) tuples as input_list, return an ASCII string suitable for use in a HTTP field value.
Given an array of (member_value, parameters) tuples as inner_list, and parameters as list_parameters, return an ASCII string suitable for use in a HTTP field value.
Given an ordered Dictionary as input_parameters (each member having a param_name and a param_value), return an ASCII string suitable for use in a HTTP field value.
Given a key as input_key, return an ASCII string suitable for use in a HTTP field value.
Given an ordered Dictionary as input_dictionary (each member having a member_name and a tuple value of (member_value, parameters)), return an ASCII string suitable for use in a HTTP field value.
Given an Item as bare_item and Parameters as item_parameters, return an ASCII string suitable for use in a HTTP field value.
Given an Item as input_item, return an ASCII string suitable for use in a HTTP field value.
Given an Integer as input_integer, return an ASCII string suitable for use in a HTTP field value.
Given a decimal number as input_decimal, return an ASCII string suitable for use in a HTTP field value.
Given a String as input_string, return an ASCII string suitable for use in a HTTP field value.
Given a Token as input_token, return an ASCII string suitable for use in a HTTP field value.
Given a Byte Sequence as input_bytes, return an ASCII string suitable for use in a HTTP field value.
The encoded data is required to be padded with “=”, as per [RFC4648], Section 3.2.
Likewise, encoded data SHOULD have pad bits set to zero, as per [RFC4648], Section 3.5, unless it is not possible to do so due to implementation constraints.
Given a Boolean as input_boolean, return an ASCII string suitable for use in a HTTP field value.
When a receiving implementation parses HTTP fields that are known to be Structured Fields, it is important that care be taken, as there are a number of edge cases that can cause interoperability or even security problems. This section specifies the algorithm for doing so.
Given an array of bytes input_bytes that represents the chosen field’s field-value (which is empty if that field is not present), and field_type (one of “dictionary”, “list”, or “item”), return the parsed header value.
When generating input_bytes, parsers MUST combine all lines in the same section (header or trailer) that case-insensitively match the field name into one comma-separated field-value, as per [RFC7230], Section 3.2.2; this assures that the entire field value is processed correctly.
For Lists and Dictionaries, this has the effect of correctly concatenating all of the field’s lines, as long as individual members of the top-level data structure are not split across multiple header instances.
Strings split across multiple field lines will have unpredictable results, because comma(s) and whitespace inserted upon combination will become part of the string output by the parser. Since concatenation might be done by an upstream intermediary, the results are not under the control of the serializer or the parser.
Tokens, Integers, Decimals and Byte Sequences cannot be split across multiple field lines because the inserted commas will cause parsing to fail.
If parsing fails – including when calling another algorithm – the entire field value MUST be ignored (i.e., treated as if the field were not present in the section). This is intentionally strict, to improve interoperability and safety, and specifications referencing this document are not allowed to loosen this requirement.
Note that this requirement does not apply to an implementation that is not parsing the field; for example, an intermediary is not required to strip a failing header field from a message before forwarding it.
Given an ASCII string as input_string, return an array of (item_or_inner_list, parameters) tuples. input_string is modified to remove the parsed value.
Given an ASCII string as input_string, return the tuple (item_or_inner_list, parameters), where item_or_inner_list can be either a single bare item, or an array of (bare_item, parameters) tuples. input_string is modified to remove the parsed value.
Given an ASCII string as input_string, return the tuple (inner_list, parameters), where inner_list is an array of (bare_item, parameters) tuples. input_string is modified to remove the parsed value.
Given an ASCII string as input_string, return an ordered map whose values are (item_or_inner_list, parameters) tuples. input_string is modified to remove the parsed value.
Given an ASCII string as input_string, return a (bare_item, parameters) tuple. input_string is modified to remove the parsed value.
Given an ASCII string as input_string, return a bare Item. input_string is modified to remove the parsed value.
Given an ASCII string as input_string, return an ordered map whose values are bare Items. input_string is modified to remove the parsed value.
Given an ASCII string as input_string, return a key. input_string is modified to remove the parsed value.
Given an ASCII string as input_string, return an Integer or Decimal. input_string is modified to remove the parsed value.
Given an ASCII string as input_string, return an unquoted String. input_string is modified to remove the parsed value.
Given an ASCII string as input_string, return a Token. input_string is modified to remove the parsed value.
Given an ASCII string as input_string, return a Byte Sequence. input_string is modified to remove the parsed value.
Because some implementations of base64 do not allow reject of encoded data that is not properly “=” padded (see [RFC4648], Section 3.2), parsers SHOULD NOT fail when it is not present, unless they cannot be configured to do so.
Because some implementations of base64 do not allow rejection of encoded data that has non-zero pad bits (see [RFC4648], Section 3.5), parsers SHOULD NOT fail when it is present, unless they cannot be configured to do so.
This specification does not relax the requirements in [RFC4648], Section 3.1 and 3.3; therefore, parsers MUST fail on characters outside the base64 alphabet, and on line feeds in encoded data.
Given an ASCII string as input_string, return a Boolean. input_string is modified to remove the parsed value.
This document has no actions for IANA.
The size of most types defined by Structured Fields is not limited; as a result, extremely large fields could be an attack vector (e.g., for resource consumption). Most HTTP implementations limit the sizes of individual fields as well as the overall header or trailer section size to mitigate such attacks.
It is possible for parties with the ability to inject new HTTP fields to change the meaning of a Structured Field. In some circumstances, this will cause parsing to fail, but it is not possible to reliably fail in all such circumstances.
Earlier proposals for Structured Fields were based upon JSON [RFC8259]. However, constraining its use to make it suitable for HTTP header fields required senders and recipients to implement specific additional handling.
For example, JSON has specification issues around large numbers and objects with duplicate members. Although advice for avoiding these issues is available (e.g., [RFC7493]), it cannot be relied upon.
Likewise, JSON strings are by default Unicode strings, which have a number of potential interoperability issues (e.g., in comparison). Although implementers can be advised to avoid non-ASCII content where unnecessary, this is difficult to enforce.
Another example is JSON’s ability to nest content to arbitrary depths. Since the resulting memory commitment might be unsuitable (e.g., in embedded and other limited server deployments), it’s necessary to limit it in some fashion; however, existing JSON implementations have no such limits, and even if a limit is specified, it’s likely that some field definition will find a need to violate it.
Because of JSON’s broad adoption and implementation, it is difficult to impose such additional constraints across all implementations; some deployments would fail to enforce them, thereby harming interoperability. In short, if it looks like JSON, people will be tempted to use a JSON parser / serializer on field values.
Since a major goal for Structured Fields is to improve interoperability and simplify implementation, these concerns led to a format that requires a dedicated parser and serializer.
Additionally, there were widely shared feelings that JSON doesn’t “look right” in HTTP fields.
A generic implementation of this specification should expose the top-level serialize (Section 4.1) and parse (Section 4.2) functions. They need not be functions; for example, it could be implemented as an object, with methods for each of the different top-level types.
For interoperability, it’s important that generic implementations be complete and follow the algorithms closely; see Section 1.1. To aid this, a common test suite is being maintained by the community at https://github.com/httpwg/structured-header-tests.
Implementers should note that Dictionaries and Parameters are order-preserving maps. Some fields may not convey meaning in the ordering of these data types, but it should still be exposed so that applications which need to use it will have it available.
Likewise, implementations should note that it’s important to preserve the distinction between Tokens and Strings. While most programming languages have native types that map to the other types well, it may be necessary to create a wrapper “token” object or use a parameter on functions to assure that these types remain separate.
The serialization algorithm is defined in a way that it is not strictly limited to the data types defined in Section 3 in every case. For example, Decimals are designed to take broader input and round to allowed values.
RFC Editor: Please remove this section before publication.
Many thanks to Matthew Kerwin for his detailed feedback and careful consideration during the development of this specification.
Thanks also to Ian Clelland, Roy Fielding, Anne van Kesteren, Kazuho Oku, Evert Pot, Julian Reschke, Martin Thomson, Mike West, and Jeffrey Yasskin for their contributions.