idnits 2.17.00 (12 Aug 2021) /tmp/idnits24615/draft-ietf-httpbis-http2-14.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The abstract seems to contain references ([2], [3], [1]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (July 30, 2014) is 2851 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: '1' on line 3630 -- Looks like a reference, but probably isn't: '2' on line 3632 -- Looks like a reference, but probably isn't: '3' on line 3635 -- Looks like a reference, but probably isn't: '4' on line 2388 -- Looks like a reference, but probably isn't: '5' on line 3601 -- Looks like a reference, but probably isn't: '6' on line 3855 -- Looks like a reference, but probably isn't: '7' on line 3863 == Outdated reference: draft-ietf-httpbis-header-compression has been published as RFC 7541 -- Possible downref: Non-RFC (?) normative reference: ref. 'FIPS186' ** Downref: Normative reference to an Informational RFC: RFC 2818 ** Obsolete normative reference: RFC 5226 (Obsoleted by RFC 8126) ** Obsolete normative reference: RFC 5246 (ref. 'TLS12') (Obsoleted by RFC 8446) == Outdated reference: draft-ietf-httpbis-alt-svc has been published as RFC 7838 -- Obsolete informational reference (is this intentional?): RFC 1323 (Obsoleted by RFC 7323) -- Obsolete informational reference (is this intentional?): RFC 4492 (Obsoleted by RFC 8422) Summary: 4 errors (**), 0 flaws (~~), 3 warnings (==), 11 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 HTTPbis Working Group M. Belshe 3 Internet-Draft Twist 4 Intended status: Standards Track R. Peon 5 Expires: January 31, 2015 Google, Inc 6 M. Thomson, Ed. 7 Mozilla 8 July 30, 2014 10 Hypertext Transfer Protocol version 2 11 draft-ietf-httpbis-http2-14 13 Abstract 15 This specification describes an optimized expression of the syntax of 16 the Hypertext Transfer Protocol (HTTP). HTTP/2 enables a more 17 efficient use of network resources and a reduced perception of 18 latency by introducing header field compression and allowing multiple 19 concurrent messages on the same connection. It also introduces 20 unsolicited push of representations from servers to clients. 22 This specification is an alternative to, but does not obsolete, the 23 HTTP/1.1 message syntax. HTTP's existing semantics remain unchanged. 25 Editorial Note (To be removed by RFC Editor) 27 Discussion of this draft takes place on the HTTPBIS working group 28 mailing list (ietf-http-wg@w3.org), which is archived at [1]. 30 Working Group information can be found at [2]; that specific to 31 HTTP/2 are at [3]. 33 The changes in this draft are summarized in Appendix A. 35 Status of This Memo 37 This Internet-Draft is submitted in full conformance with the 38 provisions of BCP 78 and BCP 79. 40 Internet-Drafts are working documents of the Internet Engineering 41 Task Force (IETF). Note that other groups may also distribute 42 working documents as Internet-Drafts. The list of current Internet- 43 Drafts is at http://datatracker.ietf.org/drafts/current/. 45 Internet-Drafts are draft documents valid for a maximum of six months 46 and may be updated, replaced, or obsoleted by other documents at any 47 time. It is inappropriate to use Internet-Drafts as reference 48 material or to cite them other than as "work in progress." 49 This Internet-Draft will expire on January 31, 2015. 51 Copyright Notice 53 Copyright (c) 2014 IETF Trust and the persons identified as the 54 document authors. All rights reserved. 56 This document is subject to BCP 78 and the IETF Trust's Legal 57 Provisions Relating to IETF Documents 58 (http://trustee.ietf.org/license-info) in effect on the date of 59 publication of this document. Please review these documents 60 carefully, as they describe your rights and restrictions with respect 61 to this document. Code Components extracted from this document must 62 include Simplified BSD License text as described in Section 4.e of 63 the Trust Legal Provisions and are provided without warranty as 64 described in the Simplified BSD License. 66 Table of Contents 68 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4 69 2. HTTP/2 Protocol Overview . . . . . . . . . . . . . . . . . . 5 70 2.1. Document Organization . . . . . . . . . . . . . . . . . . 6 71 2.2. Conventions and Terminology . . . . . . . . . . . . . . . 6 72 3. Starting HTTP/2 . . . . . . . . . . . . . . . . . . . . . . . 7 73 3.1. HTTP/2 Version Identification . . . . . . . . . . . . . . 8 74 3.2. Starting HTTP/2 for "http" URIs . . . . . . . . . . . . . 9 75 3.2.1. HTTP2-Settings Header Field . . . . . . . . . . . . . 10 76 3.3. Starting HTTP/2 for "https" URIs . . . . . . . . . . . . 11 77 3.4. Starting HTTP/2 with Prior Knowledge . . . . . . . . . . 11 78 3.5. HTTP/2 Connection Preface . . . . . . . . . . . . . . . . 11 79 4. HTTP Frames . . . . . . . . . . . . . . . . . . . . . . . . . 12 80 4.1. Frame Format . . . . . . . . . . . . . . . . . . . . . . 12 81 4.2. Frame Size . . . . . . . . . . . . . . . . . . . . . . . 14 82 4.3. Header Compression and Decompression . . . . . . . . . . 14 83 5. Streams and Multiplexing . . . . . . . . . . . . . . . . . . 15 84 5.1. Stream States . . . . . . . . . . . . . . . . . . . . . . 16 85 5.1.1. Stream Identifiers . . . . . . . . . . . . . . . . . 20 86 5.1.2. Stream Concurrency . . . . . . . . . . . . . . . . . 21 87 5.2. Flow Control . . . . . . . . . . . . . . . . . . . . . . 22 88 5.2.1. Flow Control Principles . . . . . . . . . . . . . . . 22 89 5.2.2. Appropriate Use of Flow Control . . . . . . . . . . . 23 90 5.3. Stream priority . . . . . . . . . . . . . . . . . . . . . 23 91 5.3.1. Stream Dependencies . . . . . . . . . . . . . . . . . 24 92 5.3.2. Dependency Weighting . . . . . . . . . . . . . . . . 25 93 5.3.3. Reprioritization . . . . . . . . . . . . . . . . . . 25 94 5.3.4. Prioritization State Management . . . . . . . . . . . 26 95 5.3.5. Default Priorities . . . . . . . . . . . . . . . . . 27 96 5.4. Error Handling . . . . . . . . . . . . . . . . . . . . . 27 97 5.4.1. Connection Error Handling . . . . . . . . . . . . . . 28 98 5.4.2. Stream Error Handling . . . . . . . . . . . . . . . . 28 99 5.4.3. Connection Termination . . . . . . . . . . . . . . . 29 100 5.5. Extending HTTP/2 . . . . . . . . . . . . . . . . . . . . 29 101 6. Frame Definitions . . . . . . . . . . . . . . . . . . . . . . 30 102 6.1. DATA . . . . . . . . . . . . . . . . . . . . . . . . . . 30 103 6.2. HEADERS . . . . . . . . . . . . . . . . . . . . . . . . . 31 104 6.3. PRIORITY . . . . . . . . . . . . . . . . . . . . . . . . 33 105 6.4. RST_STREAM . . . . . . . . . . . . . . . . . . . . . . . 34 106 6.5. SETTINGS . . . . . . . . . . . . . . . . . . . . . . . . 35 107 6.5.1. SETTINGS Format . . . . . . . . . . . . . . . . . . . 36 108 6.5.2. Defined SETTINGS Parameters . . . . . . . . . . . . . 37 109 6.5.3. Settings Synchronization . . . . . . . . . . . . . . 38 110 6.6. PUSH_PROMISE . . . . . . . . . . . . . . . . . . . . . . 38 111 6.7. PING . . . . . . . . . . . . . . . . . . . . . . . . . . 41 112 6.8. GOAWAY . . . . . . . . . . . . . . . . . . . . . . . . . 41 113 6.9. WINDOW_UPDATE . . . . . . . . . . . . . . . . . . . . . . 44 114 6.9.1. The Flow Control Window . . . . . . . . . . . . . . . 45 115 6.9.2. Initial Flow Control Window Size . . . . . . . . . . 46 116 6.9.3. Reducing the Stream Window Size . . . . . . . . . . . 47 117 6.10. CONTINUATION . . . . . . . . . . . . . . . . . . . . . . 48 118 7. Error Codes . . . . . . . . . . . . . . . . . . . . . . . . . 48 119 8. HTTP Message Exchanges . . . . . . . . . . . . . . . . . . . 50 120 8.1. HTTP Request/Response Exchange . . . . . . . . . . . . . 50 121 8.1.1. Upgrading From HTTP/2 . . . . . . . . . . . . . . . . 51 122 8.1.2. HTTP Header Fields . . . . . . . . . . . . . . . . . 51 123 8.1.3. Examples . . . . . . . . . . . . . . . . . . . . . . 55 124 8.1.4. Request Reliability Mechanisms in HTTP/2 . . . . . . 57 125 8.2. Server Push . . . . . . . . . . . . . . . . . . . . . . . 58 126 8.2.1. Push Requests . . . . . . . . . . . . . . . . . . . . 59 127 8.2.2. Push Responses . . . . . . . . . . . . . . . . . . . 60 128 8.3. The CONNECT Method . . . . . . . . . . . . . . . . . . . 61 129 9. Additional HTTP Requirements/Considerations . . . . . . . . . 62 130 9.1. Connection Management . . . . . . . . . . . . . . . . . . 62 131 9.1.1. Connection Reuse . . . . . . . . . . . . . . . . . . 63 132 9.1.2. The 421 (Not Authoritative) Status Code . . . . . . . 63 133 9.2. Use of TLS Features . . . . . . . . . . . . . . . . . . . 64 134 9.2.1. TLS Features . . . . . . . . . . . . . . . . . . . . 64 135 9.2.2. TLS Cipher Suites . . . . . . . . . . . . . . . . . . 65 136 10. Security Considerations . . . . . . . . . . . . . . . . . . . 65 137 10.1. Server Authority . . . . . . . . . . . . . . . . . . . . 65 138 10.2. Cross-Protocol Attacks . . . . . . . . . . . . . . . . . 66 139 10.3. Intermediary Encapsulation Attacks . . . . . . . . . . . 66 140 10.4. Cacheability of Pushed Responses . . . . . . . . . . . . 67 141 10.5. Denial of Service Considerations . . . . . . . . . . . . 67 142 10.5.1. Limits on Header Block Size . . . . . . . . . . . . 68 143 10.6. Use of Compression . . . . . . . . . . . . . . . . . . . 69 144 10.7. Use of Padding . . . . . . . . . . . . . . . . . . . . . 69 145 10.8. Privacy Considerations . . . . . . . . . . . . . . . . . 70 146 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 70 147 11.1. Registration of HTTP/2 Identification Strings . . . . . 70 148 11.2. Frame Type Registry . . . . . . . . . . . . . . . . . . 71 149 11.3. Settings Registry . . . . . . . . . . . . . . . . . . . 72 150 11.4. Error Code Registry . . . . . . . . . . . . . . . . . . 72 151 11.5. HTTP2-Settings Header Field Registration . . . . . . . . 73 152 11.6. PRI Method Registration . . . . . . . . . . . . . . . . 74 153 11.7. The 421 Not Authoritative HTTP Status Code . . . . . . . 74 154 12. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 74 155 13. References . . . . . . . . . . . . . . . . . . . . . . . . . 75 156 13.1. Normative References . . . . . . . . . . . . . . . . . . 75 157 13.2. Informative References . . . . . . . . . . . . . . . . . 77 158 13.3. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 78 159 Appendix A. Change Log . . . . . . . . . . . . . . . . . . . . . 79 160 A.1. Since draft-ietf-httpbis-http2-13 . . . . . . . . . . . . 79 161 A.2. Since draft-ietf-httpbis-http2-12 . . . . . . . . . . . . 79 162 A.3. Since draft-ietf-httpbis-http2-11 . . . . . . . . . . . . 79 163 A.4. Since draft-ietf-httpbis-http2-10 . . . . . . . . . . . . 80 164 A.5. Since draft-ietf-httpbis-http2-09 . . . . . . . . . . . . 80 165 A.6. Since draft-ietf-httpbis-http2-08 . . . . . . . . . . . . 80 166 A.7. Since draft-ietf-httpbis-http2-07 . . . . . . . . . . . . 81 167 A.8. Since draft-ietf-httpbis-http2-06 . . . . . . . . . . . . 81 168 A.9. Since draft-ietf-httpbis-http2-05 . . . . . . . . . . . . 81 169 A.10. Since draft-ietf-httpbis-http2-04 . . . . . . . . . . . . 81 170 A.11. Since draft-ietf-httpbis-http2-03 . . . . . . . . . . . . 82 171 A.12. Since draft-ietf-httpbis-http2-02 . . . . . . . . . . . . 82 172 A.13. Since draft-ietf-httpbis-http2-01 . . . . . . . . . . . . 82 173 A.14. Since draft-ietf-httpbis-http2-00 . . . . . . . . . . . . 83 174 A.15. Since draft-mbelshe-httpbis-spdy-00 . . . . . . . . . . . 83 176 1. Introduction 178 The Hypertext Transfer Protocol (HTTP) is a wildly successful 179 protocol. However, the HTTP/1.1 message format ([RFC7230], 180 Section 3) was designed to be implemented with the tools at hand in 181 the 1990s, not modern Web application performance. As such it has 182 several characteristics that have a negative overall effect on 183 application performance today. 185 In particular, HTTP/1.0 only allows one request to be outstanding at 186 a time on a given connection. HTTP/1.1 pipelining only partially 187 addressed request concurrency and suffers from head-of-line blocking. 188 Therefore, clients that need to make many requests typically use 189 multiple connections to a server in order to reduce latency. 191 Furthermore, HTTP/1.1 header fields are often repetitive and verbose, 192 which, in addition to generating more or larger network packets, can 193 cause the small initial TCP [TCP] congestion window to quickly fill. 194 This can result in excessive latency when multiple requests are made 195 on a single new TCP connection. 197 This specification addresses these issues by defining an optimized 198 mapping of HTTP's semantics to an underlying connection. 199 Specifically, it allows interleaving of request and response messages 200 on the same connection and uses an efficient coding for HTTP header 201 fields. It also allows prioritization of requests, letting more 202 important requests complete more quickly, further improving 203 performance. 205 The resulting protocol is designed to be more friendly to the 206 network, because fewer TCP connections can be used in comparison to 207 HTTP/1.x. This means less competition with other flows, and longer- 208 lived connections, which in turn leads to better utilization of 209 available network capacity. 211 Finally, this encapsulation also enables more efficient processing of 212 messages through use of binary message framing. 214 2. HTTP/2 Protocol Overview 216 HTTP/2 provides an optimized transport for HTTP semantics. HTTP/2 217 supports all of the core features of HTTP/1.1, but aims to be more 218 efficient in several ways. 220 The basic protocol unit in HTTP/2 is a frame (Section 4.1). Each 221 frame type serves a different purpose. For example, HEADERS and DATA 222 frames form the basis of HTTP requests and responses (Section 8.1); 223 other frame types like SETTINGS, WINDOW_UPDATE, and PUSH_PROMISE are 224 used in support of other HTTP/2 features. 226 Multiplexing of requests is achieved by having each HTTP request- 227 response exchanged assigned to a single stream (Section 5). Streams 228 are largely independent of each other, so a blocked or stalled 229 request does not prevent progress on other requests. 231 Flow control and prioritization ensure that it is possible to 232 properly use multiplexed streams. Flow control (Section 5.2) helps 233 to ensure that only data that can be used by a receiver is 234 transmitted. Prioritization (Section 5.3) ensures that limited 235 resources can be directed to the most important requests first. 237 HTTP/2 adds a new interaction mode, whereby a server can push 238 responses to a client (Section 8.2). Server push allows a server to 239 speculatively send a client data that the server anticipates the 240 client will need, trading off some network usage against a potential 241 latency gain. The server does this by synthesizing a request, which 242 it sends as a PUSH_PROMISE frame. The server is then able to send a 243 response to the synthetic request on a separate stream. 245 Frames that contain HTTP header fields are compressed (Section 4.3). 246 HTTP requests can be highly redundant, so compression can reduce the 247 size of requests and responses significantly. 249 2.1. Document Organization 251 The HTTP/2 specification is split into four parts: 253 o Starting HTTP/2 (Section 3) covers how an HTTP/2 connection is 254 initiated. 256 o The framing (Section 4) and streams (Section 5) layers describe 257 the way HTTP/2 frames are structured and formed into multiplexed 258 streams. 260 o Frame (Section 6) and error (Section 7) definitions include 261 details of the frame and error types used in HTTP/2. 263 o HTTP mappings (Section 8) and additional requirements (Section 9) 264 describe how HTTP semantics are expressed using frames and 265 streams. 267 While some of the frame and stream layer concepts are isolated from 268 HTTP, the intent is not to define a completely generic framing layer. 269 The framing and streams layers are tailored to the needs of the HTTP 270 protocol and server push. 272 2.2. Conventions and Terminology 274 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 275 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 276 document are to be interpreted as described in RFC 2119 [RFC2119]. 278 All numeric values are in network byte order. Values are unsigned 279 unless otherwise indicated. Literal values are provided in decimal 280 or hexadecimal as appropriate. Hexadecimal literals are prefixed 281 with "0x" to distinguish them from decimal literals. 283 The following terms are used: 285 client: The endpoint initiating the HTTP/2 connection. 287 connection: A transport-level connection between two endpoints. 289 connection error: An error that affects the entire HTTP/2 290 connection. 292 endpoint: Either the client or server of the connection. 294 frame: The smallest unit of communication within an HTTP/2 295 connection, consisting of a header and a variable-length sequence 296 of bytes structured according to the frame type. 298 peer: An endpoint. When discussing a particular endpoint, "peer" 299 refers to the endpoint that is remote to the primary subject of 300 discussion. 302 receiver: An endpoint that is receiving frames. 304 sender: An endpoint that is transmitting frames. 306 server: The endpoint which did not initiate the HTTP/2 connection. 308 stream: A bi-directional flow of frames across a virtual channel 309 within the HTTP/2 connection. 311 stream error: An error on the individual HTTP/2 stream. 313 Finally, the terms "gateway", "intermediary", "proxy", and "tunnel" 314 are defined in Section 2.3 of [RFC7230]. 316 3. Starting HTTP/2 318 An HTTP/2 connection is an application level protocol running on top 319 of a TCP connection ([TCP]). The client is the TCP connection 320 initiator. 322 HTTP/2 uses the same "http" and "https" URI schemes used by HTTP/1.1. 323 HTTP/2 shares the same default port numbers: 80 for "http" URIs and 324 443 for "https" URIs. As a result, implementations processing 325 requests for target resource URIs like "http://example.org/foo" or 326 "https://example.com/bar" are required to first discover whether the 327 upstream server (the immediate peer to which the client wishes to 328 establish a connection) supports HTTP/2. 330 The means by which support for HTTP/2 is determined is different for 331 "http" and "https" URIs. Discovery for "http" URIs is described in 332 Section 3.2. Discovery for "https" URIs is described in Section 3.3. 334 3.1. HTTP/2 Version Identification 336 The protocol defined in this document has two identifiers. 338 o The string "h2" identifies the protocol where HTTP/2 uses TLS 339 [TLS12]. This identifier is used in the TLS application layer 340 protocol negotiation extension (ALPN) [TLS-ALPN] field and any 341 place that HTTP/2 over TLS is identified. 343 The "h2" string is serialized into an ALPN protocol identifier as 344 the two octet sequence: 0x68, 0x32. 346 o The string "h2c" identifies the protocol where HTTP/2 is run over 347 cleartext TCP. This identifier is used in the HTTP/1.1 Upgrade 348 header field and any place that HTTP/2 over TCP is identified. 350 Negotiating "h2" or "h2c" implies the use of the transport, security, 351 framing and message semantics described in this document. 353 [[CREF1: RFC Editor's Note: please remove the remainder of this 354 section prior to the publication of a final version of this 355 document.]] 357 Only implementations of the final, published RFC can identify 358 themselves as "h2" or "h2c". Until such an RFC exists, 359 implementations MUST NOT identify themselves using these strings. 361 Examples and text throughout the rest of this document use "h2" as a 362 matter of editorial convenience only. Implementations of draft 363 versions MUST NOT identify using this string. 365 Implementations of draft versions of the protocol MUST add the string 366 "-" and the corresponding draft number to the identifier. For 367 example, draft-ietf-httpbis-http2-11 over TLS is identified using the 368 string "h2-11". 370 Non-compatible experiments that are based on these draft versions 371 MUST append the string "-" and an experiment name to the identifier. 372 For example, an experimental implementation of packet mood-based 373 encoding based on draft-ietf-httpbis-http2-09 might identify itself 374 as "h2-09-emo". Note that any label MUST conform to the "token" 375 syntax defined in Section 3.2.6 of [RFC7230]. Experimenters are 376 encouraged to coordinate their experiments on the ietf-http-wg@w3.org 377 mailing list. 379 3.2. Starting HTTP/2 for "http" URIs 381 A client that makes a request to an "http" URI without prior 382 knowledge about support for HTTP/2 uses the HTTP Upgrade mechanism 383 (Section 6.7 of [RFC7230]). The client makes an HTTP/1.1 request 384 that includes an Upgrade header field identifying HTTP/2 with the 385 "h2c" token. The HTTP/1.1 request MUST include exactly one 386 HTTP2-Settings (Section 3.2.1) header field. 388 For example: 390 GET / HTTP/1.1 391 Host: server.example.com 392 Connection: Upgrade, HTTP2-Settings 393 Upgrade: h2c 394 HTTP2-Settings: 396 Requests that contain an entity body MUST be sent in their entirety 397 before the client can send HTTP/2 frames. This means that a large 398 request entity can block the use of the connection until it is 399 completely sent. 401 If concurrency of an initial request with subsequent requests is 402 important, a small request can be used to perform the upgrade to 403 HTTP/2, at the cost of an additional round-trip. 405 A server that does not support HTTP/2 can respond to the request as 406 though the Upgrade header field were absent: 408 HTTP/1.1 200 OK 409 Content-Length: 243 410 Content-Type: text/html 412 ... 414 A server MUST ignore a "h2" token in an Upgrade header field. 415 Presence of a token with "h2" implies HTTP/2 over TLS, which is 416 instead negotiated as described in Section 3.3. 418 A server that supports HTTP/2 can accept the upgrade with a 101 419 (Switching Protocols) response. After the empty line that terminates 420 the 101 response, the server can begin sending HTTP/2 frames. These 421 frames MUST include a response to the request that initiated the 422 Upgrade. 424 HTTP/1.1 101 Switching Protocols 425 Connection: Upgrade 426 Upgrade: h2c 428 [ HTTP/2 connection ... 430 The first HTTP/2 frame sent by the server is a SETTINGS frame 431 (Section 6.5). Upon receiving the 101 response, the client sends a 432 connection preface (Section 3.5), which includes a SETTINGS frame. 434 The HTTP/1.1 request that is sent prior to upgrade is assigned stream 435 identifier 1 and is assigned default priority values (Section 5.3.5). 436 Stream 1 is implicitly half closed from the client toward the server, 437 since the request is completed as an HTTP/1.1 request. After 438 commencing the HTTP/2 connection, stream 1 is used for the response. 440 3.2.1. HTTP2-Settings Header Field 442 A request that upgrades from HTTP/1.1 to HTTP/2 MUST include exactly 443 one "HTTP2-Settings" header field. The "HTTP2-Settings" header field 444 is a hop-by-hop header field that includes parameters that govern the 445 HTTP/2 connection, provided in anticipation of the server accepting 446 the request to upgrade. 448 HTTP2-Settings = token68 450 A server MUST reject an attempt to upgrade if this header field is 451 not present. A server MUST NOT send this header field. 453 The content of the "HTTP2-Settings" header field is the payload of a 454 SETTINGS frame (Section 6.5), encoded as a base64url string (that is, 455 the URL- and filename-safe Base64 encoding described in Section 5 of 456 [RFC4648], with any trailing '=' characters omitted). The ABNF 457 [RFC5234] production for "token68" is defined in Section 2.1 of 458 [RFC7235]. 460 As a hop-by-hop header field, the "Connection" header field MUST 461 include a value of "HTTP2-Settings" in addition to "Upgrade" when 462 upgrading to HTTP/2. 464 A server decodes and interprets these values as it would any other 465 SETTINGS frame. Acknowledgement of the SETTINGS parameters 466 (Section 6.5.3) is not necessary, since a 101 response serves as 467 implicit acknowledgment. Providing these values in the Upgrade 468 request ensures that the protocol does not require default values for 469 the above SETTINGS parameters, and gives a client an opportunity to 470 provide other parameters prior to receiving any frames from the 471 server. 473 3.3. Starting HTTP/2 for "https" URIs 475 A client that makes a request to an "https" URI without prior 476 knowledge about support for HTTP/2 uses TLS [TLS12] with the 477 application layer protocol negotiation extension [TLS-ALPN]. 479 HTTP/2 over TLS uses the "h2" application token. The "h2c" token 480 MUST NOT be sent by a client or selected by a server. 482 Once TLS negotiation is complete, both the client and the server send 483 a connection preface (Section 3.5). 485 3.4. Starting HTTP/2 with Prior Knowledge 487 A client can learn that a particular server supports HTTP/2 by other 488 means. For example, [ALT-SVC] describes a mechanism for advertising 489 this capability. 491 A client MAY immediately send HTTP/2 frames to a server that is known 492 to support HTTP/2, after the connection preface (Section 3.5). A 493 server can identify such a connection by the use of the "PRI" method 494 in the connection preface. This only affects the establishment of 495 HTTP/2 connections over cleartext TCP; implementations that support 496 HTTP/2 over TLS MUST use protocol negotiation in TLS [TLS-ALPN]. 498 Prior support for HTTP/2 is not a strong signal that a given server 499 will support HTTP/2 for future connections. It is possible for 500 server configurations to change; for configurations to differ between 501 instances in clustered server; or network conditions to change. 503 3.5. HTTP/2 Connection Preface 505 Upon establishment of a TCP connection and determination that HTTP/2 506 will be used by both peers, each endpoint MUST send a connection 507 preface as a final confirmation and to establish the initial SETTINGS 508 parameters for the HTTP/2 connection. 510 The client connection preface starts with a sequence of 24 octets, 511 which in hex notation are: 513 0x505249202a20485454502f322e300d0a0d0a534d0d0a0d0a 515 (the string "PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n"). This sequence is 516 followed by a SETTINGS frame (Section 6.5). The SETTINGS frame MAY 517 be empty. The client sends the client connection preface immediately 518 upon receipt of a 101 Switching Protocols response (indicating a 519 successful upgrade), or as the first application data octets of a TLS 520 connection. If starting an HTTP/2 connection with prior knowledge of 521 server support for the protocol, the client connection preface is 522 sent upon connection establishment. 524 The client connection preface is selected so that a large 525 proportion of HTTP/1.1 or HTTP/1.0 servers and intermediaries do 526 not attempt to process further frames. Note that this does not 527 address the concerns raised in [TALKING]. 529 The server connection preface consists of a potentially empty 530 SETTINGS frame (Section 6.5) that MUST be the first frame the server 531 sends in the HTTP/2 connection. 533 To avoid unnecessary latency, clients are permitted to send 534 additional frames to the server immediately after sending the client 535 connection preface, without waiting to receive the server connection 536 preface. It is important to note, however, that the server 537 connection preface SETTINGS frame might include parameters that 538 necessarily alter how a client is expected to communicate with the 539 server. Upon receiving the SETTINGS frame, the client is expected to 540 honor any parameters established. In some configurations, it is 541 possible for the server to transmit SETTINGS before the client, 542 providing an opportunity to avoid this issue. 544 Clients and servers MUST terminate the TCP connection if either peer 545 does not begin with a valid connection preface. A GOAWAY frame 546 (Section 6.8) can be omitted if it is clear that the peer is not 547 using HTTP/2. 549 4. HTTP Frames 551 Once the HTTP/2 connection is established, endpoints can begin 552 exchanging frames. 554 4.1. Frame Format 556 All frames begin with a fixed 9-octet header followed by a variable- 557 length payload. 559 0 1 2 3 560 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 561 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 562 | Length (24) | 563 +---------------+---------------+---------------+ 564 | Type (8) | Flags (8) | 565 +-+-+-----------+---------------+-------------------------------+ 566 |R| Stream Identifier (31) | 567 +=+=============================================================+ 568 | Frame Payload (0...) ... 569 +---------------------------------------------------------------+ 571 Frame Layout 573 The fields of the frame header are defined as: 575 Length: The length of the frame payload expressed as an unsigned 576 24-bit integer. Values greater than 2^14 (16,384) MUST NOT be 577 sent unless the receiver has set a larger value for 578 SETTINGS_MAX_FRAME_SIZE. 580 The 9 octets of the frame header are not included in this value. 582 Type: The 8-bit type of the frame. The frame type determines the 583 format and semantics of the frame. Implementations MUST ignore 584 and discard any frame that has a type that is unknown. 586 Flags: An 8-bit field reserved for frame-type specific boolean 587 flags. 589 Flags are assigned semantics specific to the indicated frame type. 590 Flags that have no defined semantics for a particular frame type 591 MUST be ignored, and MUST be left unset (0) when sending. 593 R: A reserved 1-bit field. The semantics of this bit are undefined 594 and the bit MUST remain unset (0) when sending and MUST be ignored 595 when receiving. 597 Stream Identifier: A 31-bit stream identifier (see Section 5.1.1). 598 The value 0 is reserved for frames that are associated with the 599 connection as a whole as opposed to an individual stream. 601 The structure and content of the frame payload is dependent entirely 602 on the frame type. 604 4.2. Frame Size 606 The size of a frame payload is limited by the maximum size that a 607 receiver advertises in the SETTINGS_MAX_FRAME_SIZE setting. This 608 setting can have any value between 2^14 (16,384) and 2^24-1 609 (16,777,215) octets, inclusive. 611 All implementations MUST be capable of receiving and minimally 612 processing frames up to 2^14 octets in length, plus the 9 octet frame 613 header (Section 4.1). The size of the frame header is not included 614 when describing frame sizes. 616 Note: Certain frame types, such as PING (Section 6.7), impose 617 additional limits on the amount of payload data allowed. 619 If a frame size exceeds any defined limit, or is too small to contain 620 mandatory frame data, the endpoint MUST send a FRAME_SIZE_ERROR 621 error. A frame size error in a frame that could alter the state of 622 the entire connection MUST be treated as a connection error 623 (Section 5.4.1); this includes any frame carrying a header block 624 (Section 4.3) (that is, HEADERS, PUSH_PROMISE, and CONTINUATION), 625 SETTINGS, and any WINDOW_UPDATE frame with a stream identifier of 0. 627 Endpoints are not obligated to use all available space in a frame. 628 Responsiveness can be improved by using frames that are smaller than 629 the permitted maximum size. Sending large frames can result in 630 delays in sending maintenance frames, such RST_STREAM, WINDOW_UPDATE, 631 or PRIORITY, which if blocked by the transmission of a large frame, 632 could affect performance. 634 4.3. Header Compression and Decompression 636 A header field in HTTP/2 is a name with one or more associated 637 values. They are used within HTTP request and response messages as 638 well as server push operations (see Section 8.2). 640 Header lists are collections of zero or more header fields. When 641 transmitted over a connection, a header list is serialized into a 642 header block using HTTP Header Compression [COMPRESSION]. The 643 serialized header block is then divided into one or more octet 644 sequences, called header block fragments, and transmitted within the 645 payload of HEADERS (Section 6.2), PUSH_PROMISE (Section 6.6) or 646 CONTINUATION (Section 6.10) frames. 648 The Cookie header field [COOKIE] is treated specially by the HTTP 649 mapping (see Section 8.1.2.5). 651 A receiving endpoint reassembles the header block by concatenating 652 its fragments, then decompresses the block to reconstruct the header 653 list. 655 A complete header block consists of either: 657 o a single HEADERS or PUSH_PROMISE frame, with the END_HEADERS flag 658 set, or 660 o a HEADERS or PUSH_PROMISE frame with the END_HEADERS flag cleared 661 and one or more CONTINUATION frames, where the last CONTINUATION 662 frame has the END_HEADERS flag set. 664 Header compression is stateful, using a single compression context 665 for the entire connection. Each header block is processed as a 666 discrete unit. Header blocks MUST be transmitted as a contiguous 667 sequence of frames, with no interleaved frames of any other type or 668 from any other stream. The last frame in a sequence of HEADERS or 669 CONTINUATION frames MUST have the END_HEADERS flag set. The last 670 frame in a sequence of PUSH_PROMISE or CONTINUATION frames MUST have 671 the END_HEADERS flag set. This allows a header block to be logically 672 equivalent to a single frame. 674 Header block fragments can only be sent as the payload of HEADERS, 675 PUSH_PROMISE or CONTINUATION frames, because these frames carry data 676 that can modify the compression context maintained by a receiver. An 677 endpoint receiving HEADERS, PUSH_PROMISE or CONTINUATION frames MUST 678 reassemble header blocks and perform decompression even if the frames 679 are to be discarded. A receiver MUST terminate the connection with a 680 connection error (Section 5.4.1) of type COMPRESSION_ERROR if it does 681 not decompress a header block. 683 5. Streams and Multiplexing 685 A "stream" is an independent, bi-directional sequence of frames 686 exchanged between the client and server within an HTTP/2 connection. 687 Streams have several important characteristics: 689 o A single HTTP/2 connection can contain multiple concurrently open 690 streams, with either endpoint interleaving frames from multiple 691 streams. 693 o Streams can be established and used unilaterally or shared by 694 either the client or server. 696 o Streams can be closed by either endpoint. 698 o The order in which frames are sent on a stream is significant. 699 Recipients process frames in the order they are received. In 700 particular, the order of HEADERS, and DATA frames is semantically 701 significant. 703 o Streams are identified by an integer. Stream identifiers are 704 assigned to streams by the endpoint initiating the stream. 706 5.1. Stream States 708 The lifecycle of a stream is shown in Figure 1. 710 +--------+ 711 PP | | PP 712 ,--------| idle |--------. 713 / | | \ 714 v +--------+ v 715 +----------+ | +----------+ 716 | | | H | | 717 ,---| reserved | | | reserved |---. 718 | | (local) | v | (remote) | | 719 | +----------+ +--------+ +----------+ | 720 | | ES | | ES | | 721 | | H ,-------| open |-------. | H | 722 | | / | | \ | | 723 | v v +--------+ v v | 724 | +----------+ | +----------+ | 725 | | half | | | half | | 726 | | closed | | R | closed | | 727 | | (remote) | | | (local) | | 728 | +----------+ | +----------+ | 729 | | v | | 730 | | ES / R +--------+ ES / R | | 731 | `----------->| |<-----------' | 732 | R | closed | R | 733 `-------------------->| |<--------------------' 734 +--------+ 736 H: HEADERS frame (with implied CONTINUATIONs) 737 PP: PUSH_PROMISE frame (with implied CONTINUATIONs) 738 ES: END_STREAM flag 739 R: RST_STREAM frame 741 Figure 1: Stream States 743 Note that this diagram shows stream state transitions and frames that 744 affect those transitions only. In this regard, CONTINUATION frames 745 do not result in state transitions and are effectively part of the 746 HEADERS or PUSH_PROMISE that they follow. 748 Both endpoints have a subjective view of the state of a stream that 749 could be different when frames are in transit. Endpoints do not 750 coordinate the creation of streams; they are created unilaterally by 751 either endpoint. The negative consequences of a mismatch in states 752 are limited to the "closed" state after sending RST_STREAM, where 753 frames might be received for some time after closing. 755 Streams have the following states: 757 idle: 758 All streams start in the "idle" state. In this state, no frames 759 have been exchanged. 761 The following transitions are valid from this state: 763 * Sending or receiving a HEADERS frame causes the stream to 764 become "open". The stream identifier is selected as described 765 in Section 5.1.1. The same HEADERS frame can also cause a 766 stream to immediately become "half closed". 768 * Sending a PUSH_PROMISE frame marks the associated stream for 769 later use. The stream state for the reserved stream 770 transitions to "reserved (local)". 772 * Receiving a PUSH_PROMISE frame marks the associated stream as 773 reserved by the remote peer. The state of the stream becomes 774 "reserved (remote)". 776 reserved (local): 777 A stream in the "reserved (local)" state is one that has been 778 promised by sending a PUSH_PROMISE frame. A PUSH_PROMISE frame 779 reserves an idle stream by associating the stream with an open 780 stream that was initiated by the remote peer (see Section 8.2). 782 In this state, only the following transitions are possible: 784 * The endpoint can send a HEADERS frame. This causes the stream 785 to open in a "half closed (remote)" state. 787 * Either endpoint can send a RST_STREAM frame to cause the stream 788 to become "closed". This releases the stream reservation. 790 An endpoint MUST NOT send frames other than HEADERS or RST_STREAM 791 in this state. 793 A PRIORITY frame MAY be received in this state. Receiving any 794 frames other than RST_STREAM, or PRIORITY MUST be treated as a 795 connection error (Section 5.4.1) of type PROTOCOL_ERROR. 797 reserved (remote): 798 A stream in the "reserved (remote)" state has been reserved by a 799 remote peer. 801 In this state, only the following transitions are possible: 803 * Receiving a HEADERS frame causes the stream to transition to 804 "half closed (local)". 806 * Either endpoint can send a RST_STREAM frame to cause the stream 807 to become "closed". This releases the stream reservation. 809 An endpoint MAY send a PRIORITY frame in this state to 810 reprioritize the reserved stream. An endpoint MUST NOT send any 811 other type of frame other than RST_STREAM or PRIORITY. 813 Receiving any other type of frame other than HEADERS or RST_STREAM 814 MUST be treated as a connection error (Section 5.4.1) of type 815 PROTOCOL_ERROR. 817 open: 818 A stream in the "open" state may be used by both peers to send 819 frames of any type. In this state, sending peers observe 820 advertised stream level flow control limits (Section 5.2). 822 From this state either endpoint can send a frame with an 823 END_STREAM flag set, which causes the stream to transition into 824 one of the "half closed" states: an endpoint sending an END_STREAM 825 flag causes the stream state to become "half closed (local)"; an 826 endpoint receiving an END_STREAM flag causes the stream state to 827 become "half closed (remote)". 829 Either endpoint can send a RST_STREAM frame from this state, 830 causing it to transition immediately to "closed". 832 half closed (local): 833 A stream that is in the "half closed (local)" state cannot be used 834 for sending frames. Only WINDOW_UPDATE, PRIORITY and RST_STREAM 835 frames can be sent in this state. 837 A stream transitions from this state to "closed" when a frame that 838 contains an END_STREAM flag is received, or when either peer sends 839 a RST_STREAM frame. 841 A receiver can ignore WINDOW_UPDATE frames in this state, which 842 might arrive for a short period after a frame bearing the 843 END_STREAM flag is sent. 845 PRIORITY frames received in this state are used to reprioritize 846 streams that depend on the current stream. 848 half closed (remote): 849 A stream that is "half closed (remote)" is no longer being used by 850 the peer to send frames. In this state, an endpoint is no longer 851 obligated to maintain a receiver flow control window if it 852 performs flow control. 854 If an endpoint receives additional frames for a stream that is in 855 this state, other than WINDOW_UPDATE, PRIORITY or RST_STREAM, it 856 MUST respond with a stream error (Section 5.4.2) of type 857 STREAM_CLOSED. 859 A stream that is "half closed (remote)" can be used by the 860 endpoint to send frames of any type. In this state, the endpoint 861 continues to observe advertised stream level flow control limits 862 (Section 5.2). 864 A stream can transition from this state to "closed" by sending a 865 frame that contains an END_STREAM flag, or when either peer sends 866 a RST_STREAM frame. 868 closed: 869 The "closed" state is the terminal state. 871 An endpoint MUST NOT send frames on a closed stream. An endpoint 872 that receives any frame other than PRIORITY after receiving a 873 RST_STREAM MUST treat that as a stream error (Section 5.4.2) of 874 type STREAM_CLOSED. Similarly, an endpoint that receives any 875 frames after receiving a frame with the END_STREAM flag set MUST 876 treat that as a connection error (Section 5.4.1) of type 877 STREAM_CLOSED, unless the frame is permitted as described below. 879 WINDOW_UPDATE or RST_STREAM frames can be received in this state 880 for a short period after a DATA or HEADERS frame containing an 881 END_STREAM flag is sent. Until the remote peer receives and 882 processes the frame bearing the END_STREAM flag, it might send 883 frames of these types. Endpoints MUST ignore WINDOW_UPDATE or 884 RST_STREAM frames received in this state, though endpoints MAY 885 choose to treat frames that arrive a significant time after 886 sending END_STREAM as a connection error (Section 5.4.1) of type 887 PROTOCOL_ERROR. 889 PRIORITY frames can be sent on closed streams to prioritize 890 streams that are dependent on the closed stream. Endpoints SHOULD 891 process PRIORITY frame, though they can be ignored if the stream 892 has been removed from the dependency tree (see Section 5.3.4). 894 If this state is reached as a result of sending a RST_STREAM 895 frame, the peer that receives the RST_STREAM might have already 896 sent - or enqueued for sending - frames on the stream that cannot 897 be withdrawn. An endpoint MUST ignore frames that it receives on 898 closed streams after it has sent a RST_STREAM frame. An endpoint 899 MAY choose to limit the period over which it ignores frames and 900 treat frames that arrive after this time as being in error. 902 Flow controlled frames (i.e., DATA) received after sending 903 RST_STREAM are counted toward the connection flow control window. 904 Even though these frames might be ignored, because they are sent 905 before the sender receives the RST_STREAM, the sender will 906 consider the frames to count against the flow control window. 908 An endpoint might receive a PUSH_PROMISE frame after it sends 909 RST_STREAM. PUSH_PROMISE causes a stream to become "reserved" 910 even if the associated stream has been reset. Therefore, a 911 RST_STREAM is needed to close an unwanted promised stream. 913 In the absence of more specific guidance elsewhere in this document, 914 implementations SHOULD treat the receipt of a message that is not 915 expressly permitted in the description of a state as a connection 916 error (Section 5.4.1) of type PROTOCOL_ERROR. 918 An example of the state transitions for an HTTP request/response 919 exchange can be found in Section 8.1. An example of the state 920 transitions for server push can be found in Section 8.2.1 and 921 Section 8.2.2. 923 5.1.1. Stream Identifiers 925 Streams are identified with an unsigned 31-bit integer. Streams 926 initiated by a client MUST use odd-numbered stream identifiers; those 927 initiated by the server MUST use even-numbered stream identifiers. A 928 stream identifier of zero (0x0) is used for connection control 929 messages; the stream identifier zero cannot be used to establish a 930 new stream. 932 HTTP/1.1 requests that are upgraded to HTTP/2 (see Section 3.2) are 933 responded to with a stream identifier of one (0x1). After the 934 upgrade completes, stream 0x1 is "half closed (local)" to the client. 935 Therefore, stream 0x1 cannot be selected as a new stream identifier 936 by a client that upgrades from HTTP/1.1. 938 The identifier of a newly established stream MUST be numerically 939 greater than all streams that the initiating endpoint has opened or 940 reserved. This governs streams that are opened using a HEADERS frame 941 and streams that are reserved using PUSH_PROMISE. An endpoint that 942 receives an unexpected stream identifier MUST respond with a 943 connection error (Section 5.4.1) of type PROTOCOL_ERROR. 945 The first use of a new stream identifier implicitly closes all 946 streams in the "idle" state that might have been initiated by that 947 peer with a lower-valued stream identifier. For example, if a client 948 sends a HEADERS frame on stream 7 without ever sending a frame on 949 stream 5, then stream 5 transitions to the "closed" state when the 950 first frame for stream 7 is sent or received. 952 Stream identifiers cannot be reused. Long-lived connections can 953 result in an endpoint exhausting the available range of stream 954 identifiers. A client that is unable to establish a new stream 955 identifier can establish a new connection for new streams. A server 956 that is unable to establish a new stream identifier can send a GOAWAY 957 frame so that the client is forced to open a new connection for new 958 streams. 960 5.1.2. Stream Concurrency 962 A peer can limit the number of concurrently active streams using the 963 SETTINGS_MAX_CONCURRENT_STREAMS parameter (see Section 6.5.2) within 964 a SETTINGS frame. The maximum concurrent streams setting is specific 965 to each endpoint and applies only to the peer that receives the 966 setting. That is, clients specify the maximum number of concurrent 967 streams the server can initiate, and servers specify the maximum 968 number of concurrent streams the client can initiate. 970 Streams that are in the "open" state, or either of the "half closed" 971 states count toward the maximum number of streams that an endpoint is 972 permitted to open. Streams in any of these three states count toward 973 the limit advertised in the SETTINGS_MAX_CONCURRENT_STREAMS setting. 974 Streams in either of the "reserved" states do not count toward the 975 stream limit. 977 Endpoints MUST NOT exceed the limit set by their peer. An endpoint 978 that receives a HEADERS frame that causes their advertised concurrent 979 stream limit to be exceeded MUST treat this as a stream error 980 (Section 5.4.2). An endpoint that wishes to reduce the value of 981 SETTINGS_MAX_CONCURRENT_STREAMS to a value that is below the current 982 number of open streams can either close streams that exceed the new 983 value or allow streams to complete. 985 5.2. Flow Control 987 Using streams for multiplexing introduces contention over use of the 988 TCP connection, resulting in blocked streams. A flow control scheme 989 ensures that streams on the same connection do not destructively 990 interfere with each other. Flow control is used for both individual 991 streams and for the connection as a whole. 993 HTTP/2 provides for flow control through use of the WINDOW_UPDATE 994 frame (Section 6.9). 996 5.2.1. Flow Control Principles 998 HTTP/2 stream flow control aims to allow for future improvements to 999 flow control algorithms without requiring protocol changes. Flow 1000 control in HTTP/2 has the following characteristics: 1002 1. Flow control is hop-by-hop, not end-to-end. 1004 2. Flow control is based on window update frames. Receivers 1005 advertise how many bytes they are prepared to receive on a stream 1006 and for the entire connection. This is a credit-based scheme. 1008 3. Flow control is directional with overall control provided by the 1009 receiver. A receiver MAY choose to set any window size that it 1010 desires for each stream and for the entire connection. A sender 1011 MUST respect flow control limits imposed by a receiver. Clients, 1012 servers and intermediaries all independently advertise their flow 1013 control window as a receiver and abide by the flow control limits 1014 set by their peer when sending. 1016 4. The initial value for the flow control window is 65,535 bytes for 1017 both new streams and the overall connection. 1019 5. The frame type determines whether flow control applies to a 1020 frame. Of the frames specified in this document, only DATA 1021 frames are subject to flow control; all other frame types do not 1022 consume space in the advertised flow control window. This 1023 ensures that important control frames are not blocked by flow 1024 control. 1026 6. Flow control cannot be disabled. 1028 7. HTTP/2 defines only the format and semantics of the WINDOW_UPDATE 1029 frame (Section 6.9). This document does not stipulate how a 1030 receiver decides when to send this frame or the value that it 1031 sends. Nor does it specify how a sender chooses to send packets. 1032 Implementations are able to select any algorithm that suits their 1033 needs. 1035 Implementations are also responsible for managing how requests and 1036 responses are sent based on priority; choosing how to avoid head of 1037 line blocking for requests; and managing the creation of new streams. 1038 Algorithm choices for these could interact with any flow control 1039 algorithm. 1041 5.2.2. Appropriate Use of Flow Control 1043 Flow control is defined to protect endpoints that are operating under 1044 resource constraints. For example, a proxy needs to share memory 1045 between many connections, and also might have a slow upstream 1046 connection and a fast downstream one. Flow control addresses cases 1047 where the receiver is unable process data on one stream, yet wants to 1048 continue to process other streams in the same connection. 1050 Deployments that do not require this capability can advertise a flow 1051 control window of the maximum size, incrementing the available space 1052 when new data is received. This effectively disables flow control 1053 for that receiver. Conversely, a sender is always subject to the 1054 flow control window advertised by the receiver. 1056 Deployments with constrained resources (for example, memory) can 1057 employ flow control to limit the amount of memory a peer can consume. 1058 Note, however, that this can lead to suboptimal use of available 1059 network resources if flow control is enabled without knowledge of the 1060 bandwidth-delay product (see [RFC1323]). 1062 Even with full awareness of the current bandwidth-delay product, 1063 implementation of flow control can be difficult. When using flow 1064 control, the receiver MUST read from the TCP receive buffer in a 1065 timely fashion. Failure to do so could lead to a deadlock when 1066 critical frames, such as WINDOW_UPDATE, are not read and acted upon. 1068 5.3. Stream priority 1070 A client can assign a priority for a new stream by including 1071 prioritization information in the HEADERS frame (Section 6.2) that 1072 opens the stream. For an existing stream, the PRIORITY frame 1073 (Section 6.3) can be used to change the priority. 1075 The purpose of prioritization is to allow an endpoint to express how 1076 it would prefer its peer allocate resources when managing concurrent 1077 streams. Most importantly, priority can be used to select streams 1078 for transmitting frames when there is limited capacity for sending. 1080 Streams can be prioritized by marking them as dependent on the 1081 completion of other streams (Section 5.3.1). Each dependency is 1082 assigned a relative weight, a number that is used to determine the 1083 relative proportion of available resources that are assigned to 1084 streams dependent on the same stream. 1086 Explicitly setting the priority for a stream is input to a 1087 prioritization process. It does not guarantee any particular 1088 processing or transmission order for the stream relative to any other 1089 stream. An endpoint cannot force a peer to process concurrent 1090 streams in a particular order using priority. Expressing priority is 1091 therefore only ever a suggestion. 1093 Prioritization information can be specified explicitly for streams as 1094 they are created using the HEADERS frame, or changed using the 1095 PRIORITY frame. Providing prioritization information is optional, so 1096 default values are used if no explicit indicator is provided 1097 (Section 5.3.5). 1099 5.3.1. Stream Dependencies 1101 Each stream can be given an explicit dependency on another stream. 1102 Including a dependency expresses a preference to allocate resources 1103 to the identified stream rather than to the dependent stream. 1105 A stream that is not dependent on any other stream is given a stream 1106 dependency of 0x0. In other words, the non-existent stream 0 forms 1107 the root of the tree. 1109 A stream that depends on another stream is a dependent stream. The 1110 stream upon which a stream is dependent is a parent stream. A 1111 dependency on a stream that is not currently in the tree - such as a 1112 stream in the "idle" state - results in the stream being given a 1113 default priority (Section 5.3.5). 1115 When assigning a dependency on another stream, the stream is added as 1116 a new dependency of the parent stream. Dependent streams that share 1117 the same parent are not ordered with respect to each other. For 1118 example, if streams B and C are dependent on stream A, and if stream 1119 D is created with a dependency on stream A, this results in a 1120 dependency order of A followed by B, C, and D in any order. 1122 A A 1123 / \ ==> /|\ 1124 B C B D C 1126 Example of Default Dependency Creation 1128 An exclusive flag allows for the insertion of a new level of 1129 dependencies. The exclusive flag causes the stream to become the 1130 sole dependency of its parent stream, causing other dependencies to 1131 become dependent on the prioritized stream. In the previous example, 1132 if stream D is created with an exclusive dependency on stream A, this 1133 results in D becoming the dependency parent of B and C. 1135 A 1136 A | 1137 / \ ==> D 1138 B C / \ 1139 B C 1141 Example of Exclusive Dependency Creation 1143 Inside the dependency tree, a dependent stream SHOULD only be 1144 allocated resources if all of the streams that it depends on (the 1145 chain of parent streams up to 0x0) are either closed, or it is not 1146 possible to make progress on them. 1148 A stream cannot depend on itself. An endpoint MUST treat this as a 1149 stream error (Section 5.4.2) of type PROTOCOL_ERROR. 1151 5.3.2. Dependency Weighting 1153 All dependent streams are allocated an integer weight between 1 to 1154 256 (inclusive). 1156 Streams with the same parent SHOULD be allocated resources 1157 proportionally based on their weight. Thus, if stream B depends on 1158 stream A with weight 4, and C depends on stream A with weight 12, and 1159 if no progress can be made on A, stream B ideally receives one third 1160 of the resources allocated to stream C. 1162 5.3.3. Reprioritization 1164 Stream priorities are changed using the PRIORITY frame. Setting a 1165 dependency causes a stream to become dependent on the identified 1166 parent stream. 1168 Dependent streams move with their parent stream if the parent is 1169 reprioritized. Setting a dependency with the exclusive flag for a 1170 reprioritized stream moves all the dependencies of the new parent 1171 stream to become dependent on the reprioritized stream. 1173 If a stream is made dependent on one of its own dependencies, the 1174 formerly dependent stream is first moved to be dependent on the 1175 reprioritized stream's previous parent. The moved dependency retains 1176 its weight. 1178 For example, consider an original dependency tree where B and C 1179 depend on A, D and E depend on C, and F depends on D. If A is made 1180 dependent on D, then D takes the place of A. All other dependency 1181 relationships stay the same, except for F, which becomes dependent on 1182 A if the reprioritization is exclusive. 1184 ? ? ? ? 1185 | / \ | | 1186 A D A D D 1187 / \ / / \ / \ | 1188 B C ==> F B C ==> F A OR A 1189 / \ | / \ /|\ 1190 D E E B C B C F 1191 | | | 1192 F E E 1193 (intermediate) (non-exclusive) (exclusive) 1195 Example of Dependency Reordering 1197 5.3.4. Prioritization State Management 1199 When a stream is removed from the dependency tree, its dependencies 1200 can be moved to become dependent on the parent of the closed stream. 1201 The weights of new dependencies are recalculated by distributing the 1202 weight of the dependency of the closed stream proportionally based on 1203 the weights of its dependencies. 1205 Streams that are removed from the dependency tree cause some 1206 prioritization information to be lost. Resources are shared between 1207 streams with the same parent stream, which means that if a stream in 1208 that set closes or becomes blocked, any spare capacity allocated to a 1209 stream is distributed to the immediate neighbors of the stream. 1210 However, if the common dependency is removed from the tree, those 1211 streams share resources with streams at the next highest level. 1213 For example, assume streams A and B share a parent, and streams C and 1214 D both depend on stream A. Prior to the removal of stream A, if 1215 streams A and D are unable to proceed, then stream C receives all the 1216 resources dedicated to stream A. If stream A is removed from the 1217 tree, the weight of stream A is divided between streams C and D. If 1218 stream D is still unable to proceed, this results in stream C 1219 receiving a reduced proportion of resources. For equal starting 1220 weights, C receives one third, rather than one half, of available 1221 resources. 1223 It is possible for a stream to become closed while prioritization 1224 information that creates a dependency on that stream is in transit. 1225 If a stream identified in a dependency has had any associated 1226 priority information destroyed, then the dependent stream is instead 1227 assigned a default priority. This potentially creates suboptimal 1228 prioritization, since the stream could be given a priority that is 1229 higher than intended. 1231 To avoid these problems, an endpoint SHOULD retain stream 1232 prioritization state for a period after streams become closed. The 1233 longer state is retained, the lower the chance that streams are 1234 assigned incorrect or default priority values. 1236 This could create a large state burden for an endpoint, so this state 1237 MAY be limited. An endpoint MAY apply a fixed upper limit on the 1238 number of closed streams for which prioritization state is tracked to 1239 limit state exposure. The amount of additional state an endpoint 1240 maintains could be dependent on load; under high load, prioritization 1241 state can be discarded to limit resource commitments. In extreme 1242 cases, an endpoint could even discard prioritization state for active 1243 or reserved streams. If a fixed limit is applied, endpoints SHOULD 1244 maintain state for at least as many streams as allowed by their 1245 setting for SETTINGS_MAX_CONCURRENT_STREAMS. 1247 An endpoint receiving a PRIORITY frame that changes the priority of a 1248 closed stream SHOULD alter the dependencies of the streams that 1249 depend on it, if it has retained enough state to do so. 1251 5.3.5. Default Priorities 1253 Providing priority information is optional. Streams are assigned a 1254 non-exclusive dependency on stream 0x0 by default. Pushed streams 1255 (Section 8.2) initially depend on their associated stream. In both 1256 cases, streams are assigned a default weight of 16. 1258 5.4. Error Handling 1260 HTTP/2 framing permits two classes of error: 1262 o An error condition that renders the entire connection unusable is 1263 a connection error. 1265 o An error in an individual stream is a stream error. 1267 A list of error codes is included in Section 7. 1269 5.4.1. Connection Error Handling 1271 A connection error is any error which prevents further processing of 1272 the framing layer, or which corrupts any connection state. 1274 An endpoint that encounters a connection error SHOULD first send a 1275 GOAWAY frame (Section 6.8) with the stream identifier of the last 1276 stream that it successfully received from its peer. The GOAWAY frame 1277 includes an error code that indicates why the connection is 1278 terminating. After sending the GOAWAY frame, the endpoint MUST close 1279 the TCP connection. 1281 It is possible that the GOAWAY will not be reliably received by the 1282 receiving endpoint. In the event of a connection error, GOAWAY only 1283 provides a best effort attempt to communicate with the peer about why 1284 the connection is being terminated. 1286 An endpoint can end a connection at any time. In particular, an 1287 endpoint MAY choose to treat a stream error as a connection error. 1288 Endpoints SHOULD send a GOAWAY frame when ending a connection, 1289 providing that circumstances permit it. 1291 5.4.2. Stream Error Handling 1293 A stream error is an error related to a specific stream that does not 1294 affect processing of other streams. 1296 An endpoint that detects a stream error sends a RST_STREAM frame 1297 (Section 6.4) that contains the stream identifier of the stream where 1298 the error occurred. The RST_STREAM frame includes an error code that 1299 indicates the type of error. 1301 A RST_STREAM is the last frame that an endpoint can send on a stream. 1302 The peer that sends the RST_STREAM frame MUST be prepared to receive 1303 any frames that were sent or enqueued for sending by the remote peer. 1304 These frames can be ignored, except where they modify connection 1305 state (such as the state maintained for header compression 1306 (Section 4.3), or flow control). 1308 Normally, an endpoint SHOULD NOT send more than one RST_STREAM frame 1309 for any stream. However, an endpoint MAY send additional RST_STREAM 1310 frames if it receives frames on a closed stream after more than a 1311 round-trip time. This behavior is permitted to deal with misbehaving 1312 implementations. 1314 An endpoint MUST NOT send a RST_STREAM in response to an RST_STREAM 1315 frame, to avoid looping. 1317 5.4.3. Connection Termination 1319 If the TCP connection is torn down while streams remain in open or 1320 half closed states, then the endpoint MUST assume that those streams 1321 were abnormally interrupted and could be incomplete. 1323 5.5. Extending HTTP/2 1325 HTTP/2 permits extension of the protocol. Protocol extensions can be 1326 used to provide additional services or alter any aspect of the 1327 protocol, within the limitations described in this section. 1328 Extensions are effective only within the scope of a single HTTP/2 1329 connection. 1331 Extensions are permitted to use new frame types (Section 4.1), new 1332 settings (Section 6.5.2), or new error codes (Section 7). Registries 1333 are established for managing these extension points: frame types 1334 (Section 11.2), settings (Section 11.3) and error codes 1335 (Section 11.4). 1337 Implementations MUST ignore unknown or unsupported values in all 1338 extensible protocol elements. Implementations MUST discard frames 1339 that have unknown or unsupported types. This means that any of these 1340 extension points can be safely used by extensions without prior 1341 arrangement or negotiation. 1343 However, extensions that could change the semantics of existing 1344 protocol components MUST be negotiated before being used. For 1345 example, an extension that changes the layout of the HEADERS frame 1346 cannot be used until the peer has given a positive signal that this 1347 is acceptable. In this case, it could also be necessary to 1348 coordinate when the revised layout comes into effect. Note that 1349 treating any frame other than DATA frames as flow controlled is such 1350 a change in semantics, and can only be done through negotiation. 1352 This document doesn't mandate a specific method for negotiating the 1353 use of an extension, but notes that a setting (Section 6.5.2) could 1354 be used for that purpose. If both peers set a value that indicates 1355 willingness to use the extension, then the extension can be used. If 1356 a setting is used for extension negotiation, the initial value MUST 1357 be defined so that the extension is initially disabled. 1359 6. Frame Definitions 1361 This specification defines a number of frame types, each identified 1362 by a unique 8-bit type code. Each frame type serves a distinct 1363 purpose either in the establishment and management of the connection 1364 as a whole, or of individual streams. 1366 The transmission of specific frame types can alter the state of a 1367 connection. If endpoints fail to maintain a synchronized view of the 1368 connection state, successful communication within the connection will 1369 no longer be possible. Therefore, it is important that endpoints 1370 have a shared comprehension of how the state is affected by the use 1371 any given frame. 1373 6.1. DATA 1375 DATA frames (type=0x0) convey arbitrary, variable-length sequences of 1376 octets associated with a stream. One or more DATA frames are used, 1377 for instance, to carry HTTP request or response payloads. 1379 DATA frames MAY also contain arbitrary padding. Padding can be added 1380 to DATA frames to obscure the size of messages. 1382 0 1 2 3 1383 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1384 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1385 |Pad Length? (8)| 1386 +---------------+-----------------------------------------------+ 1387 | Data (*) ... 1388 +---------------------------------------------------------------+ 1389 | Padding (*) ... 1390 +---------------------------------------------------------------+ 1392 DATA Frame Payload 1394 The DATA frame contains the following fields: 1396 Pad Length: An 8-bit field containing the length of the frame 1397 padding in units of octets. This field is optional and is only 1398 present if the PADDED flag is set. 1400 Data: Application data. The amount of data is the remainder of the 1401 frame payload after subtracting the length of the other fields 1402 that are present. 1404 Padding: Padding octets that contain no application semantic value. 1405 Padding octets MUST be set to zero when sending and ignored when 1406 receiving. 1408 The DATA frame defines the following flags: 1410 END_STREAM (0x1): Bit 1 being set indicates that this frame is the 1411 last that the endpoint will send for the identified stream. 1412 Setting this flag causes the stream to enter one of the "half 1413 closed" states or the "closed" state (Section 5.1). 1415 PADDED (0x8): Bit 4 being set indicates that the Pad Length field is 1416 present. 1418 DATA frames MUST be associated with a stream. If a DATA frame is 1419 received whose stream identifier field is 0x0, the recipient MUST 1420 respond with a connection error (Section 5.4.1) of type 1421 PROTOCOL_ERROR. 1423 DATA frames are subject to flow control and can only be sent when a 1424 stream is in the "open" or "half closed (remote)" states. The entire 1425 DATA frame payload is included in flow control, including Pad Length 1426 and Padding fields if present. If a DATA frame is received whose 1427 stream is not in "open" or "half closed (local)" state, the recipient 1428 MUST respond with a stream error (Section 5.4.2) of type 1429 STREAM_CLOSED. 1431 The total number of padding octets is determined by the value of the 1432 Pad Length field. If the length of the padding is greater than the 1433 length of the remainder of the frame payload, the recipient MUST 1434 treat this as a connection error (Section 5.4.1) of type 1435 PROTOCOL_ERROR. 1437 Note: A frame can be increased in size by one octet by including a 1438 Pad Length field with a value of zero. 1440 Use of padding is a security feature; as such, its use demands some 1441 care, see Section 10.7. 1443 6.2. HEADERS 1445 The HEADERS frame (type=0x1) carries name-value pairs. It is used to 1446 open a stream (Section 5.1). HEADERS frames can be sent on a stream 1447 in the "open" or "half closed (remote)" states. 1449 0 1 2 3 1450 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1451 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1452 |Pad Length? (8)| 1453 +-+-------------+-----------------------------------------------+ 1454 |E| Stream Dependency? (31) | 1455 +-+-------------+-----------------------------------------------+ 1456 | Weight? (8) | 1457 +-+-------------+-----------------------------------------------+ 1458 | Header Block Fragment (*) ... 1459 +---------------------------------------------------------------+ 1460 | Padding (*) ... 1461 +---------------------------------------------------------------+ 1463 HEADERS Frame Payload 1465 The HEADERS frame payload has the following fields: 1467 Pad Length: An 8-bit field containing the length of the frame 1468 padding in units of octets. This field is optional and is only 1469 present if the PADDED flag is set. 1471 E: A single bit flag indicates that the stream dependency is 1472 exclusive, see Section 5.3. This field is optional and is only 1473 present if the PRIORITY flag is set. 1475 Stream Dependency: A 31-bit stream identifier for the stream that 1476 this stream depends on, see Section 5.3. This field is optional 1477 and is only present if the PRIORITY flag is set. 1479 Weight: An 8-bit weight for the stream, see Section 5.3. Add one to 1480 the value to obtain a weight between 1 and 256. This field is 1481 optional and is only present if the PRIORITY flag is set. 1483 Header Block Fragment: A header block fragment (Section 4.3). 1485 Padding: Padding octets. 1487 The HEADERS frame defines the following flags: 1489 END_STREAM (0x1): Bit 1 being set indicates that the header block 1490 (Section 4.3) is the last that the endpoint will send for the 1491 identified stream. Setting this flag causes the stream to enter 1492 one of "half closed" states (Section 5.1). 1494 A HEADERS frame that is followed by CONTINUATION frames carries 1495 the END_STREAM flag that signals the end of a stream. A 1496 CONTINUATION frame cannot be used to terminate a stream. 1498 END_HEADERS (0x4): Bit 3 being set indicates that this frame 1499 contains an entire header block (Section 4.3) and is not followed 1500 by any CONTINUATION frames. 1502 A HEADERS frame without the END_HEADERS flag set MUST be followed 1503 by a CONTINUATION frame for the same stream. A receiver MUST 1504 treat the receipt of any other type of frame or a frame on a 1505 different stream as a connection error (Section 5.4.1) of type 1506 PROTOCOL_ERROR. 1508 PADDED (0x8): Bit 4 being set indicates that the Pad Length field is 1509 present. 1511 PRIORITY (0x20): Bit 6 being set indicates that the Exclusive Flag 1512 (E), Stream Dependency, and Weight fields are present; see 1513 Section 5.3. 1515 The payload of a HEADERS frame contains a header block fragment 1516 (Section 4.3). A header block that does not fit within a HEADERS 1517 frame is continued in a CONTINUATION frame (Section 6.10). 1519 HEADERS frames MUST be associated with a stream. If a HEADERS frame 1520 is received whose stream identifier field is 0x0, the recipient MUST 1521 respond with a connection error (Section 5.4.1) of type 1522 PROTOCOL_ERROR. 1524 The HEADERS frame changes the connection state as described in 1525 Section 4.3. 1527 The HEADERS frame includes optional padding. Padding fields and 1528 flags are identical to those defined for DATA frames (Section 6.1). 1530 6.3. PRIORITY 1532 The PRIORITY frame (type=0x2) specifies the sender-advised priority 1533 of a stream (Section 5.3). It can be sent at any time for an 1534 existing stream, including closed streams. This enables 1535 reprioritization of existing streams. 1537 0 1 2 3 1538 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1539 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1540 |E| Stream Dependency (31) | 1541 +-+-------------+-----------------------------------------------+ 1542 | Weight (8) | 1543 +-+-------------+ 1545 PRIORITY Frame Payload 1547 The payload of a PRIORITY frame contains the following fields: 1549 E: A single bit flag indicates that the stream dependency is 1550 exclusive, see Section 5.3. 1552 Stream Dependency: A 31-bit stream identifier for the stream that 1553 this stream depends on, see Section 5.3. 1555 Weight: An 8-bit weight for the identified stream dependency, see 1556 Section 5.3. Add one to the value to obtain a weight between 1 1557 and 256. 1559 The PRIORITY frame does not define any flags. 1561 The PRIORITY frame is associated with an existing stream. If a 1562 PRIORITY frame is received with a stream identifier of 0x0, the 1563 recipient MUST respond with a connection error (Section 5.4.1) of 1564 type PROTOCOL_ERROR. 1566 The PRIORITY frame can be sent on a stream in any of the "reserved 1567 (remote)", "open", "half closed (local)", "half closed (remote)", or 1568 "closed" states, though it cannot be sent between consecutive frames 1569 that comprise a single header block (Section 4.3). Note that this 1570 frame could arrive after processing or frame sending has completed, 1571 which would cause it to have no effect on the current stream. For a 1572 stream that is in the "half closed (remote)" or "closed" - state, 1573 this frame can only affect processing of the current stream and not 1574 frame transmission. 1576 The PRIORITY frame is the only frame that can be sent for a stream in 1577 the "closed" state. This allows for the reprioritization of a group 1578 of dependent streams by altering the priority of a parent stream, 1579 which might be closed. However, a PRIORITY frame sent on a closed 1580 stream risks being ignored due to the peer having discarded priority 1581 state information for that stream. 1583 6.4. RST_STREAM 1585 The RST_STREAM frame (type=0x3) allows for abnormal termination of a 1586 stream. When sent by the initiator of a stream, it indicates that 1587 they wish to cancel the stream or that an error condition has 1588 occurred. When sent by the receiver of a stream, it indicates that 1589 either the receiver is rejecting the stream, requesting that the 1590 stream be cancelled, or that an error condition has occurred. 1592 0 1 2 3 1593 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1594 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1595 | Error Code (32) | 1596 +---------------------------------------------------------------+ 1598 RST_STREAM Frame Payload 1600 The RST_STREAM frame contains a single unsigned, 32-bit integer 1601 identifying the error code (Section 7). The error code indicates why 1602 the stream is being terminated. 1604 The RST_STREAM frame does not define any flags. 1606 The RST_STREAM frame fully terminates the referenced stream and 1607 causes it to enter the closed state. After receiving a RST_STREAM on 1608 a stream, the receiver MUST NOT send additional frames for that 1609 stream. However, after sending the RST_STREAM, the sending endpoint 1610 MUST be prepared to receive and process additional frames sent on the 1611 stream that might have been sent by the peer prior to the arrival of 1612 the RST_STREAM. 1614 RST_STREAM frames MUST be associated with a stream. If a RST_STREAM 1615 frame is received with a stream identifier of 0x0, the recipient MUST 1616 treat this as a connection error (Section 5.4.1) of type 1617 PROTOCOL_ERROR. 1619 RST_STREAM frames MUST NOT be sent for a stream in the "idle" state. 1620 If a RST_STREAM frame identifying an idle stream is received, the 1621 recipient MUST treat this as a connection error (Section 5.4.1) of 1622 type PROTOCOL_ERROR. 1624 6.5. SETTINGS 1626 The SETTINGS frame (type=0x4) conveys configuration parameters that 1627 affect how endpoints communicate, such as preferences and constraints 1628 on peer behavior. The SETTINGS frame is also used to acknowledge the 1629 receipt of those parameters. Individually, a SETTINGS parameter can 1630 also be referred to as a "setting". 1632 SETTINGS parameters are not negotiated; they describe characteristics 1633 of the sending peer, which are used by the receiving peer. Different 1634 values for the same parameter can be advertised by each peer. For 1635 example, a client might set a high initial flow control window, 1636 whereas a server might set a lower value to conserve resources. 1638 A SETTINGS frame MUST be sent by both endpoints at the start of a 1639 connection, and MAY be sent at any other time by either endpoint over 1640 the lifetime of the connection. Implementations MUST support all of 1641 the parameters defined by this specification. 1643 Each parameter in a SETTINGS frame replaces any existing value for 1644 that parameter. Parameters are processed in the order in which they 1645 appear, and a receiver of a SETTINGS frame does not need to maintain 1646 any state other than the current value of its parameters. Therefore, 1647 the value of a SETTINGS parameter is the last value that is seen by a 1648 receiver. 1650 SETTINGS parameters are acknowledged by the receiving peer. To 1651 enable this, the SETTINGS frame defines the following flag: 1653 ACK (0x1): Bit 1 being set indicates that this frame acknowledges 1654 receipt and application of the peer's SETTINGS frame. When this 1655 bit is set, the payload of the SETTINGS frame MUST be empty. 1656 Receipt of a SETTINGS frame with the ACK flag set and a length 1657 field value other than 0 MUST be treated as a connection error 1658 (Section 5.4.1) of type FRAME_SIZE_ERROR. For more info, see 1659 Settings Synchronization (Section 6.5.3). 1661 SETTINGS frames always apply to a connection, never a single stream. 1662 The stream identifier for a SETTINGS frame MUST be zero (0x0). If an 1663 endpoint receives a SETTINGS frame whose stream identifier field is 1664 anything other than 0x0, the endpoint MUST respond with a connection 1665 error (Section 5.4.1) of type PROTOCOL_ERROR. 1667 The SETTINGS frame affects connection state. A badly formed or 1668 incomplete SETTINGS frame MUST be treated as a connection error 1669 (Section 5.4.1) of type PROTOCOL_ERROR. 1671 6.5.1. SETTINGS Format 1673 The payload of a SETTINGS frame consists of zero or more parameters, 1674 each consisting of an unsigned 16-bit setting identifier and an 1675 unsigned 32-bit value. 1677 0 1 2 3 1678 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1679 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1680 | Identifier (16) | 1681 +-------------------------------+-------------------------------+ 1682 | Value (32) | 1683 +---------------------------------------------------------------+ 1685 Setting Format 1687 6.5.2. Defined SETTINGS Parameters 1689 The following parameters are defined: 1691 SETTINGS_HEADER_TABLE_SIZE (0x1): Allows the sender to inform the 1692 remote endpoint of the maximum size of the header compression 1693 table used to decode header blocks. The encoder can select any 1694 size equal to or less than this value by using signaling specific 1695 to the header compression format inside a header block. The 1696 initial value is 4,096 bytes. 1698 SETTINGS_ENABLE_PUSH (0x2): This setting can be use to disable 1699 server push (Section 8.2). An endpoint MUST NOT send a 1700 PUSH_PROMISE frame if it receives this parameter set to a value of 1701 0. An endpoint that has both set this parameter to 0 and had it 1702 acknowledged MUST treat the receipt of a PUSH_PROMISE frame as a 1703 connection error (Section 5.4.1) of type PROTOCOL_ERROR. 1705 The initial value is 1, which indicates that server push is 1706 permitted. Any value other than 0 or 1 MUST be treated as a 1707 connection error (Section 5.4.1) of type PROTOCOL_ERROR. 1709 SETTINGS_MAX_CONCURRENT_STREAMS (0x3): Indicates the maximum number 1710 of concurrent streams that the sender will allow. This limit is 1711 directional: it applies to the number of streams that the sender 1712 permits the receiver to create. Initially there is no limit to 1713 this value. It is recommended that this value be no smaller than 1714 100, so as to not unnecessarily limit parallelism. 1716 A value of 0 for SETTINGS_MAX_CONCURRENT_STREAMS SHOULD NOT be 1717 treated as special by endpoints. A zero value does prevent the 1718 creation of new streams, however this can also happen for any 1719 limit that is exhausted with active streams. Servers SHOULD only 1720 set a zero value for short durations; if a server does not wish to 1721 accept requests, closing the connection could be preferable. 1723 SETTINGS_INITIAL_WINDOW_SIZE (0x4): Indicates the sender's initial 1724 window size (in bytes) for stream level flow control. The initial 1725 value is 2^16-1 (65,535) octets. 1727 This setting affects the window size of all streams, including 1728 existing streams, see Section 6.9.2. 1730 Values above the maximum flow control window size of 2^31-1 MUST 1731 be treated as a connection error (Section 5.4.1) of type 1732 FLOW_CONTROL_ERROR. 1734 SETTINGS_MAX_FRAME_SIZE (0x5): Indicates the size of the largest 1735 frame payload that a receiver is willing to accept. 1737 The initial value is 2^14 (16,384) octets. The value advertised 1738 by an endpoint MUST be between this initial value and the maximum 1739 allowed frame size (2^24-1 or 16,777,215 octets), inclusive. 1740 Values outside this range MUST be treated as a connection error 1741 (Section 5.4.1) of type PROTOCOL_ERROR. 1743 SETTINGS_MAX_HEADER_LIST_SIZE (0x6): This advisory setting informs a 1744 peer of the maximum size of header list that the sender is 1745 prepared to accept. The value is based on the uncompressed size 1746 of header fields, including the length of the name and value in 1747 octets plus an overhead of 32 octets for each header field. 1749 For any given request, a lower limit than what is advertised MAY 1750 be enforced. The initial value of this setting is unlimited. 1752 An endpoint that receives a SETTINGS frame with any unknown or 1753 unsupported identifier MUST ignore that setting. 1755 6.5.3. Settings Synchronization 1757 Most values in SETTINGS benefit from or require an understanding of 1758 when the peer has received and applied the changed parameter values. 1759 In order to provide such synchronization timepoints, the recipient of 1760 a SETTINGS frame in which the ACK flag is not set MUST apply the 1761 updated parameters as soon as possible upon receipt. 1763 The values in the SETTINGS frame MUST be processed in the order they 1764 appear, with no other frame processing between values. Unsupported 1765 parameters MUST be ignored. Once all values have been processed, the 1766 recipient MUST immediately emit a SETTINGS frame with the ACK flag 1767 set. Upon receiving a SETTINGS frame with the ACK flag set, the 1768 sender of the altered parameters can rely on the setting having been 1769 applied. 1771 If the sender of a SETTINGS frame does not receive an acknowledgement 1772 within a reasonable amount of time, it MAY issue a connection error 1773 (Section 5.4.1) of type SETTINGS_TIMEOUT. 1775 6.6. PUSH_PROMISE 1777 The PUSH_PROMISE frame (type=0x5) is used to notify the peer endpoint 1778 in advance of streams the sender intends to initiate. The 1779 PUSH_PROMISE frame includes the unsigned 31-bit identifier of the 1780 stream the endpoint plans to create along with a set of headers that 1781 provide additional context for the stream. Section 8.2 contains a 1782 thorough description of the use of PUSH_PROMISE frames. 1784 0 1 2 3 1785 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1786 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1787 |Pad Length? (8)| 1788 +-+-------------+-----------------------------------------------+ 1789 |R| Promised Stream ID (31) | 1790 +-+-----------------------------+-------------------------------+ 1791 | Header Block Fragment (*) ... 1792 +---------------------------------------------------------------+ 1793 | Padding (*) ... 1794 +---------------------------------------------------------------+ 1796 PUSH_PROMISE Payload Format 1798 The PUSH_PROMISE frame payload has the following fields: 1800 Pad Length: An 8-bit field containing the length of the frame 1801 padding in units of octets. This field is optional and is only 1802 present if the PADDED flag is set. 1804 R: A single reserved bit. 1806 Promised Stream ID: This unsigned 31-bit integer identifies the 1807 stream the endpoint intends to start sending frames for. The 1808 promised stream identifier MUST be a valid choice for the next 1809 stream sent by the sender (see new stream identifier 1810 (Section 5.1.1)). 1812 Header Block Fragment: A header block fragment (Section 4.3) 1813 containing request header fields. 1815 Padding: Padding octets. 1817 The PUSH_PROMISE frame defines the following flags: 1819 END_HEADERS (0x4): Bit 3 being set indicates that this frame 1820 contains an entire header block (Section 4.3) and is not followed 1821 by any CONTINUATION frames. 1823 A PUSH_PROMISE frame without the END_HEADERS flag set MUST be 1824 followed by a CONTINUATION frame for the same stream. A receiver 1825 MUST treat the receipt of any other type of frame or a frame on a 1826 different stream as a connection error (Section 5.4.1) of type 1827 PROTOCOL_ERROR. 1829 PADDED (0x8): Bit 4 being set indicates that the Pad Length field is 1830 present. 1832 PUSH_PROMISE frames MUST be associated with an existing, peer- 1833 initiated stream. The stream identifier of a PUSH_PROMISE frame 1834 indicates the stream it is associated with. If the stream identifier 1835 field specifies the value 0x0, a recipient MUST respond with a 1836 connection error (Section 5.4.1) of type PROTOCOL_ERROR. 1838 Promised streams are not required to be used in the order they are 1839 promised. The PUSH_PROMISE only reserves stream identifiers for 1840 later use. 1842 PUSH_PROMISE MUST NOT be sent if the SETTINGS_ENABLE_PUSH setting of 1843 the peer endpoint is set to 0. An endpoint that has set this setting 1844 and has received acknowledgement MUST treat the receipt of a 1845 PUSH_PROMISE frame as a connection error (Section 5.4.1) of type 1846 PROTOCOL_ERROR. 1848 Recipients of PUSH_PROMISE frames can choose to reject promised 1849 streams by returning a RST_STREAM referencing the promised stream 1850 identifier back to the sender of the PUSH_PROMISE. 1852 A PUSH_PROMISE frame modifies the connection state in two ways. The 1853 inclusion of a header block (Section 4.3) potentially modifies the 1854 state maintained for header compression. PUSH_PROMISE also reserves 1855 a stream for later use, causing the promised stream to enter the 1856 "reserved" state. A sender MUST NOT send a PUSH_PROMISE on a stream 1857 unless that stream is either "open" or "half closed (remote)"; the 1858 sender MUST ensure that the promised stream is a valid choice for a 1859 new stream identifier (Section 5.1.1) (that is, the promised stream 1860 MUST be in the "idle" state). 1862 Since PUSH_PROMISE reserves a stream, ignoring a PUSH_PROMISE frame 1863 causes the stream state to become indeterminate. A receiver MUST 1864 treat the receipt of a PUSH_PROMISE on a stream that is neither 1865 "open" nor "half closed (local)" as a connection error 1866 (Section 5.4.1) of type PROTOCOL_ERROR. Similarly, a receiver MUST 1867 treat the receipt of a PUSH_PROMISE that promises an illegal stream 1868 identifier (Section 5.1.1) (that is, an identifier for a stream that 1869 is not currently in the "idle" state) as a connection error 1870 (Section 5.4.1) of type PROTOCOL_ERROR. 1872 The PUSH_PROMISE frame includes optional padding. Padding fields and 1873 flags are identical to those defined for DATA frames (Section 6.1). 1875 6.7. PING 1877 The PING frame (type=0x6) is a mechanism for measuring a minimal 1878 round trip time from the sender, as well as determining whether an 1879 idle connection is still functional. PING frames can be sent from 1880 any endpoint. 1882 0 1 2 3 1883 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1884 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1885 | | 1886 | Opaque Data (64) | 1887 | | 1888 +---------------------------------------------------------------+ 1890 PING Payload Format 1892 In addition to the frame header, PING frames MUST contain 8 octets of 1893 data in the payload. A sender can include any value it chooses and 1894 use those bytes in any fashion. 1896 Receivers of a PING frame that does not include an ACK flag MUST send 1897 a PING frame with the ACK flag set in response, with an identical 1898 payload. PING responses SHOULD be given higher priority than any 1899 other frame. 1901 The PING frame defines the following flags: 1903 ACK (0x1): Bit 1 being set indicates that this PING frame is a PING 1904 response. An endpoint MUST set this flag in PING responses. An 1905 endpoint MUST NOT respond to PING frames containing this flag. 1907 PING frames are not associated with any individual stream. If a PING 1908 frame is received with a stream identifier field value other than 1909 0x0, the recipient MUST respond with a connection error 1910 (Section 5.4.1) of type PROTOCOL_ERROR. 1912 Receipt of a PING frame with a length field value other than 8 MUST 1913 be treated as a connection error (Section 5.4.1) of type 1914 FRAME_SIZE_ERROR. 1916 6.8. GOAWAY 1918 The GOAWAY frame (type=0x7) informs the remote peer to stop creating 1919 streams on this connection. GOAWAY can be sent by either the client 1920 or the server. Once sent, the sender will ignore frames sent on any 1921 new streams with identifiers higher than the included last stream 1922 identifier. Receivers of a GOAWAY frame MUST NOT open additional 1923 streams on the connection, although a new connection can be 1924 established for new streams. 1926 The purpose of this frame is to allow an endpoint to gracefully stop 1927 accepting new streams, while still finishing processing of previously 1928 established streams. This enables administrative actions, like 1929 server maintainence. 1931 There is an inherent race condition between an endpoint starting new 1932 streams and the remote sending a GOAWAY frame. To deal with this 1933 case, the GOAWAY contains the stream identifier of the last peer- 1934 initiated stream which was or might be processed on the sending 1935 endpoint in this connection. For instance, if the server sends a 1936 GOAWAY frame, the identifed stream is the highest numbered stream 1937 initiated by the client. 1939 If the receiver of the GOAWAY has sent data on streams with a higher 1940 stream identifier than what is indicated in the GOAWAY frame, those 1941 streams are not or will not be processed. The receiver of the GOAWAY 1942 frame can treat the streams as though they had never been created at 1943 all, thereby allowing those streams to be retried later on a new 1944 connection. 1946 Endpoints SHOULD always send a GOAWAY frame before closing a 1947 connection so that the remote can know whether a stream has been 1948 partially processed or not. For example, if an HTTP client sends a 1949 POST at the same time that a server closes a connection, the client 1950 cannot know if the server started to process that POST request if the 1951 server does not send a GOAWAY frame to indicate what streams it might 1952 have acted on. 1954 An endpoint might choose to close a connection without sending GOAWAY 1955 for misbehaving peers. 1957 0 1 2 3 1958 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1959 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1960 |R| Last-Stream-ID (31) | 1961 +-+-------------------------------------------------------------+ 1962 | Error Code (32) | 1963 +---------------------------------------------------------------+ 1964 | Additional Debug Data (*) | 1965 +---------------------------------------------------------------+ 1967 GOAWAY Payload Format 1969 The GOAWAY frame does not define any flags. 1971 The GOAWAY frame applies to the connection, not a specific stream. 1972 An endpoint MUST treat a GOAWAY frame with a stream identifier other 1973 than 0x0 as a connection error (Section 5.4.1) of type 1974 PROTOCOL_ERROR. 1976 The last stream identifier in the GOAWAY frame contains the highest 1977 numbered stream identifier for which the sender of the GOAWAY frame 1978 might have taken some action on, or might yet take action on. All 1979 streams up to and including the identified stream might have been 1980 processed in some way. The last stream identifier can be set to 0 if 1981 no streams were processed. 1983 Note: In this context, "processed" means that some data from the 1984 stream was passed to some higher layer of software that might have 1985 taken some action as a result. 1987 If a connection terminates without a GOAWAY frame, the last stream 1988 identifier is effectively the highest possible stream identifier. 1990 On streams with lower or equal numbered identifiers that were not 1991 closed completely prior to the connection being closed, re-attempting 1992 requests, transactions, or any protocol activity is not possible, 1993 with the exception of idempotent actions like HTTP GET, PUT, or 1994 DELETE. Any protocol activity that uses higher numbered streams can 1995 be safely retried using a new connection. 1997 Activity on streams numbered lower or equal to the last stream 1998 identifier might still complete successfully. The sender of a GOAWAY 1999 frame might gracefully shut down a connection by sending a GOAWAY 2000 frame, maintaining the connection in an open state until all in- 2001 progress streams complete. 2003 An endpoint MAY send multiple GOAWAY frames if circumstances change. 2004 For instance, an endpoint that sends GOAWAY with NO_ERROR during 2005 graceful shutdown could subsequently encounter an condition that 2006 requires immediate termination of the connection. The last stream 2007 identifier from the last GOAWAY frame received indicates which 2008 streams could have been acted upon. Endpoints MUST NOT increase the 2009 value they send in the last stream identifier, since the peers might 2010 already have retried unprocessed requests on another connection. 2012 A client that is unable to retry requests loses all requests that are 2013 in flight when the server closes the connection. This is especially 2014 true for intermediaries that might not be serving clients using 2015 HTTP/2. A server that is attempting to gracefully shut down a 2016 connection SHOULD send an initial GOAWAY frame with the last stream 2017 identifier set to 2^31-1 and a NO_ERROR code. This signals to the 2018 client that a shutdown is imminent and that no further requests can 2019 be initiated. After waiting at least one round trip time, the server 2020 can send another GOAWAY frame with an updated last stream identifier. 2021 This ensures that a connection can be cleanly shut down without 2022 losing requests. 2024 After sending a GOAWAY frame, the sender can discard frames for 2025 streams with identifiers higher than the identified last stream. 2026 However, any frames that alter connection state cannot be completely 2027 ignored. For instance, HEADERS, PUSH_PROMISE and CONTINUATION frames 2028 MUST be minimally processed to ensure the state maintained for header 2029 compression is consistent (see Section 4.3); similarly DATA frames 2030 MUST be counted toward the connection flow control window. Failure 2031 to process these frames can cause flow control or header compression 2032 state to become unsynchronized. 2034 The GOAWAY frame also contains a 32-bit error code (Section 7) that 2035 contains the reason for closing the connection. 2037 Endpoints MAY append opaque data to the payload of any GOAWAY frame. 2038 Additional debug data is intended for diagnostic purposes only and 2039 carries no semantic value. Debug information could contain security- 2040 or privacy-sensitive data. Logged or otherwise persistently stored 2041 debug data MUST have adequate safeguards to prevent unauthorized 2042 access. 2044 6.9. WINDOW_UPDATE 2046 The WINDOW_UPDATE frame (type=0x8) is used to implement flow control; 2047 see Section 5.2 for an overview. 2049 Flow control operates at two levels: on each individual stream and on 2050 the entire connection. 2052 Both types of flow control are hop-by-hop; that is, only between the 2053 two endpoints. Intermediaries do not forward WINDOW_UPDATE frames 2054 between dependent connections. However, throttling of data transfer 2055 by any receiver can indirectly cause the propagation of flow control 2056 information toward the original sender. 2058 Flow control only applies to frames that are identified as being 2059 subject to flow control. Of the frame types defined in this 2060 document, this includes only DATA frames. Frames that are exempt 2061 from flow control MUST be accepted and processed, unless the receiver 2062 is unable to assign resources to handling the frame. A receiver MAY 2063 respond with a stream error (Section 5.4.2) or connection error 2064 (Section 5.4.1) of type FLOW_CONTROL_ERROR if it is unable to accept 2065 a frame. 2067 0 1 2 3 2068 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2069 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2070 |R| Window Size Increment (31) | 2071 +-+-------------------------------------------------------------+ 2073 WINDOW_UPDATE Payload Format 2075 The payload of a WINDOW_UPDATE frame is one reserved bit, plus an 2076 unsigned 31-bit integer indicating the number of bytes that the 2077 sender can transmit in addition to the existing flow control window. 2078 The legal range for the increment to the flow control window is 1 to 2079 2^31-1 (0x7fffffff) bytes. 2081 The WINDOW_UPDATE frame does not define any flags. 2083 The WINDOW_UPDATE frame can be specific to a stream or to the entire 2084 connection. In the former case, the frame's stream identifier 2085 indicates the affected stream; in the latter, the value "0" indicates 2086 that the entire connection is the subject of the frame. 2088 A receiver MUST treat the recipt of a WINDOW_UPDATE frame with an 2089 flow control window increment of 0 as a stream error (Section 5.4.2) 2090 of type PROTOCOL_ERROR; errors on the connection flow control window 2091 MUST be treated as a connection error (Section 5.4.1). 2093 WINDOW_UPDATE can be sent by a peer that has sent a frame bearing the 2094 END_STREAM flag. This means that a receiver could receive a 2095 WINDOW_UPDATE frame on a "half closed (remote)" or "closed" stream. 2096 A receiver MUST NOT treat this as an error, see Section 5.1. 2098 A receiver that receives a flow controlled frame MUST always account 2099 for its contribution against the connection flow control window, 2100 unless the receiver treats this as a connection error 2101 (Section 5.4.1). This is necessary even if the frame is in error. 2102 Since the sender counts the frame toward the flow control window, if 2103 the receiver does not, the flow control window at sender and receiver 2104 can become different. 2106 6.9.1. The Flow Control Window 2108 Flow control in HTTP/2 is implemented using a window kept by each 2109 sender on every stream. The flow control window is a simple integer 2110 value that indicates how many bytes of data the sender is permitted 2111 to transmit; as such, its size is a measure of the buffering capacity 2112 of the receiver. 2114 Two flow control windows are applicable: the stream flow control 2115 window and the connection flow control window. The sender MUST NOT 2116 send a flow controlled frame with a length that exceeds the space 2117 available in either of the flow control windows advertised by the 2118 receiver. Frames with zero length with the END_STREAM flag set (that 2119 is, an empty DATA frame) MAY be sent if there is no available space 2120 in either flow control window. 2122 For flow control calculations, the 8 byte frame header is not 2123 counted. 2125 After sending a flow controlled frame, the sender reduces the space 2126 available in both windows by the length of the transmitted frame. 2128 The receiver of a frame sends a WINDOW_UPDATE frame as it consumes 2129 data and frees up space in flow control windows. Separate 2130 WINDOW_UPDATE frames are sent for the stream and connection level 2131 flow control windows. 2133 A sender that receives a WINDOW_UPDATE frame updates the 2134 corresponding window by the amount specified in the frame. 2136 A sender MUST NOT allow a flow control window to exceed 2^31-1 bytes. 2137 If a sender receives a WINDOW_UPDATE that causes a flow control 2138 window to exceed this maximum it MUST terminate either the stream or 2139 the connection, as appropriate. For streams, the sender sends a 2140 RST_STREAM with the error code of FLOW_CONTROL_ERROR code; for the 2141 connection, a GOAWAY frame with a FLOW_CONTROL_ERROR code. 2143 Flow controlled frames from the sender and WINDOW_UPDATE frames from 2144 the receiver are completely asynchronous with respect to each other. 2145 This property allows a receiver to aggressively update the window 2146 size kept by the sender to prevent streams from stalling. 2148 6.9.2. Initial Flow Control Window Size 2150 When an HTTP/2 connection is first established, new streams are 2151 created with an initial flow control window size of 65,535 bytes. 2152 The connection flow control window is 65,535 bytes. Both endpoints 2153 can adjust the initial window size for new streams by including a 2154 value for SETTINGS_INITIAL_WINDOW_SIZE in the SETTINGS frame that 2155 forms part of the connection preface. The connection flow control 2156 window can only be changed using WINDOW_UPDATE frames. 2158 Prior to receiving a SETTINGS frame that sets a value for 2159 SETTINGS_INITIAL_WINDOW_SIZE, an endpoint can only use the default 2160 initial window size when sending flow controlled frames. Similarly, 2161 the connection flow control window is set to the default initial 2162 window size until a WINDOW_UPDATE frame is received. 2164 A SETTINGS frame can alter the initial flow control window size for 2165 all current streams. When the value of SETTINGS_INITIAL_WINDOW_SIZE 2166 changes, a receiver MUST adjust the size of all stream flow control 2167 windows that it maintains by the difference between the new value and 2168 the old value. 2170 A change to SETTINGS_INITIAL_WINDOW_SIZE can cause the available 2171 space in a flow control window to become negative. A sender MUST 2172 track the negative flow control window, and MUST NOT send new flow 2173 controlled frames until it receives WINDOW_UPDATE frames that cause 2174 the flow control window to become positive. 2176 For example, if the client sends 60KB immediately on connection 2177 establishment, and the server sets the initial window size to be 2178 16KB, the client will recalculate the available flow control window 2179 to be -44KB on receipt of the SETTINGS frame. The client retains a 2180 negative flow control window until WINDOW_UPDATE frames restore the 2181 window to being positive, after which the client can resume sending. 2183 A SETTINGS frame cannot alter the connection flow control window. 2185 An endpoint MUST treat a change to SETTINGS_INITIAL_WINDOW_SIZE that 2186 causes any flow control window to exceed the maximum size as a 2187 connection error (Section 5.4.1) of type FLOW_CONTROL_ERROR. 2189 6.9.3. Reducing the Stream Window Size 2191 A receiver that wishes to use a smaller flow control window than the 2192 current size can send a new SETTINGS frame. However, the receiver 2193 MUST be prepared to receive data that exceeds this window size, since 2194 the sender might send data that exceeds the lower limit prior to 2195 processing the SETTINGS frame. 2197 After sending a SETTINGS frame that reduces the initial flow control 2198 window size, a receiver has two options for handling streams that 2199 exceed flow control limits: 2201 1. The receiver can immediately send RST_STREAM with 2202 FLOW_CONTROL_ERROR error code for the affected streams. 2204 2. The receiver can accept the streams and tolerate the resulting 2205 head of line blocking, sending WINDOW_UPDATE frames as it 2206 consumes data. 2208 6.10. CONTINUATION 2210 The CONTINUATION frame (type=0x9) is used to continue a sequence of 2211 header block fragments (Section 4.3). Any number of CONTINUATION 2212 frames can be sent on an existing stream, as long as the preceding 2213 frame is on the same stream and is a HEADERS, PUSH_PROMISE or 2214 CONTINUATION frame without the END_HEADERS flag set. 2216 0 1 2 3 2217 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2218 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2219 | Header Block Fragment (*) ... 2220 +---------------------------------------------------------------+ 2222 CONTINUATION Frame Payload 2224 The CONTINUATION frame payload contains a header block fragment 2225 (Section 4.3). 2227 The CONTINUATION frame defines the following flag: 2229 END_HEADERS (0x4): Bit 3 being set indicates that this frame ends a 2230 header block (Section 4.3). 2232 If the END_HEADERS bit is not set, this frame MUST be followed by 2233 another CONTINUATION frame. A receiver MUST treat the receipt of 2234 any other type of frame or a frame on a different stream as a 2235 connection error (Section 5.4.1) of type PROTOCOL_ERROR. 2237 The CONTINUATION frame changes the connection state as defined in 2238 Section 4.3. 2240 CONTINUATION frames MUST be associated with a stream. If a 2241 CONTINUATION frame is received whose stream identifier field is 0x0, 2242 the recipient MUST respond with a connection error (Section 5.4.1) of 2243 type PROTOCOL_ERROR. 2245 A CONTINUATION frame MUST be preceded by a HEADERS, PUSH_PROMISE or 2246 CONTINUATION frame without the END_HEADERS flag set. A recipient 2247 that observes violation of this rule MUST respond with a connection 2248 error (Section 5.4.1) of type PROTOCOL_ERROR. 2250 7. Error Codes 2252 Error codes are 32-bit fields that are used in RST_STREAM and GOAWAY 2253 frames to convey the reasons for the stream or connection error. 2255 Error codes share a common code space. Some error codes apply only 2256 to either streams or the entire connection and have no defined 2257 semantics in the other context. 2259 The following error codes are defined: 2261 NO_ERROR (0x0): The associated condition is not as a result of an 2262 error. For example, a GOAWAY might include this code to indicate 2263 graceful shutdown of a connection. 2265 PROTOCOL_ERROR (0x1): The endpoint detected an unspecific protocol 2266 error. This error is for use when a more specific error code is 2267 not available. 2269 INTERNAL_ERROR (0x2): The endpoint encountered an unexpected 2270 internal error. 2272 FLOW_CONTROL_ERROR (0x3): The endpoint detected that its peer 2273 violated the flow control protocol. 2275 SETTINGS_TIMEOUT (0x4): The endpoint sent a SETTINGS frame, but did 2276 not receive a response in a timely manner. See Settings 2277 Synchronization (Section 6.5.3). 2279 STREAM_CLOSED (0x5): The endpoint received a frame after a stream 2280 was half closed. 2282 FRAME_SIZE_ERROR (0x6): The endpoint received a frame that was 2283 larger than the maximum size that it supports. 2285 REFUSED_STREAM (0x7): The endpoint refuses the stream prior to 2286 performing any application processing, see Section 8.1.4 for 2287 details. 2289 CANCEL (0x8): Used by the endpoint to indicate that the stream is no 2290 longer needed. 2292 COMPRESSION_ERROR (0x9): The endpoint is unable to maintain the 2293 header compression context for the connection. 2295 CONNECT_ERROR (0xa): The connection established in response to a 2296 CONNECT request (Section 8.3) was reset or abnormally closed. 2298 ENHANCE_YOUR_CALM (0xb): The endpoint detected that its peer is 2299 exhibiting a behavior that might be generating excessive load. 2301 INADEQUATE_SECURITY (0xc): The underlying transport has properties 2302 that do not meet minimum security requirements (see Section 9.2). 2304 Unknown or unsupported error codes MUST NOT trigger any special 2305 behavior. These MAY be treated by an implementation as being 2306 equivalent to INTERNAL_ERROR. 2308 8. HTTP Message Exchanges 2310 HTTP/2 is intended to be as compatible as possible with current uses 2311 of HTTP. This means that, from the application perspective, the 2312 features of the protocol are largely unchanged. To achieve this, all 2313 request and response semantics are preserved, although the syntax of 2314 conveying those semantics has changed. 2316 Thus, the specification and requirements of HTTP/1.1 Semantics and 2317 Content [RFC7231], Conditional Requests [RFC7232], Range Requests 2318 [RFC7233], Caching [RFC7234] and Authentication [RFC7235] are 2319 applicable to HTTP/2. Selected portions of HTTP/1.1 Message Syntax 2320 and Routing [RFC7230], such as the HTTP and HTTPS URI schemes, are 2321 also applicable in HTTP/2, but the expression of those semantics for 2322 this protocol are defined in the sections below. 2324 8.1. HTTP Request/Response Exchange 2326 A client sends an HTTP request on a new stream, using a previously 2327 unused stream identifier (Section 5.1.1). A server sends an HTTP 2328 response on the same stream as the request. 2330 An HTTP message (request or response) consists of: 2332 1. for a response only, zero or more HEADERS frames (each followed 2333 by zero or more CONTINUATION frames) containing the message 2334 headers of informational (1xx) HTTP responses (see [RFC7230], 2335 Section 3.2 and [RFC7231], Section 6.2), and 2337 2. one HEADERS frame (followed by zero or more CONTINUATION frames) 2338 containing the message headers (see [RFC7230], Section 3.2), and 2340 3. zero or more DATA frames containing the message payload (see 2341 [RFC7230], Section 3.3), and 2343 4. optionally, one HEADERS frame, followed by zero or more 2344 CONTINUATION frames containing the trailer-part, if present (see 2345 [RFC7230], Section 4.1.2). 2347 The last frame in the sequence bears an END_STREAM flag, noting that 2348 a HEADERS frame bearing the END_STREAM flag can be followed by 2349 CONTINUATION frames that carry any remaining portions of the header 2350 block. 2352 Other frames (from any stream) MUST NOT occur between either HEADERS 2353 frame and any CONTINUATION frames that might follow. 2355 A HEADERS frame (and associated CONTINUATION frames) can only appear 2356 at the start or end of a stream. An endpoint that receives a second 2357 HEADERS frame without the END_STREAM flag set MUST treat the 2358 corresponding request or response as malformed (Section 8.1.2.6). 2360 Trailing header fields are carried in a header block that also 2361 terminates the stream. That is, a sequence starting with a HEADERS 2362 frame, followed by zero or more CONTINUATION frames, where the 2363 HEADERS frame bears an END_STREAM flag. Header blocks after the 2364 first that do not terminate the stream are not part of an HTTP 2365 request or response. 2367 An HTTP request/response exchange fully consumes a single stream. A 2368 request starts with the HEADERS frame that puts the stream into an 2369 "open" state. The request ends with a frame bearing END_STREAM, 2370 which causes the stream to become "half closed (local)" for the 2371 client and "half closed (remote)" for the server. A response starts 2372 with a HEADERS frame and ends with a frame bearing END_STREAM, which 2373 places the stream in the "closed" state. 2375 8.1.1. Upgrading From HTTP/2 2377 HTTP/2 removes support for the 101 (Switching Protocols) 2378 informational status code ([RFC7231], Section 6.2.2). 2380 The semantics of 101 (Switching Protocols) aren't applicable to a 2381 multiplexed protocol. Alternative protocols are able to use the same 2382 mechanisms that HTTP/2 uses to negotiate their use (see Section 3). 2384 8.1.2. HTTP Header Fields 2386 HTTP header fields carry information as a series of key-value pairs. 2387 For a listing of registered HTTP headers, see the Message Header 2388 Field Registry maintained at [4]. 2390 8.1.2.1. Pseudo-Header Fields 2392 While HTTP/1.x used the message start-line (see [RFC7230], 2393 Section 3.1) to convey the target URI and method of the request, and 2394 the status code for the response, HTTP/2 uses special pseudo-header 2395 fields beginning with ':' character (ASCII 0x3a) for this purpose. 2397 Pseudo-header fields are only valid in the HTTP/2 context. These are 2398 not HTTP header fields. Endpoints MUST NOT generate pseudo-header 2399 fields other than those defined in this document. 2401 Pseudo-header fields are only valid in the context in which they are 2402 defined. Pseudo-header fields defined for requests MUST NOT appear 2403 in responses; pseudo-header fields defined for responses MUST NOT 2404 appear in requests. Pseudo-header fields MUST NOT appear in 2405 trailers. Endpoints MUST treat a request or response that contains 2406 undefined or invalid pseudo-header fields as malformed 2407 (Section 8.1.2.6). 2409 Just as in HTTP/1.x, header field names are strings of ASCII 2410 characters that are compared in a case-insensitive fashion. However, 2411 header field names MUST be converted to lowercase prior to their 2412 encoding in HTTP/2. A request or response containing uppercase 2413 header field names MUST be treated as malformed (Section 8.1.2.6). 2415 All pseudo-header fields MUST appear in the header block before 2416 regular header fields. Any request or response that contains a 2417 pseudo-header field that appears in a header block after a regular 2418 header field MUST be treated as malformed (Section 8.1.2.6). 2420 8.1.2.2. Hop-by-Hop Header Fields 2422 HTTP/2 does not use the Connection header field to indicate "hop-by- 2423 hop" header fields; in this protocol, connection-specific metadata is 2424 conveyed by other means. As such, a HTTP/2 message containing 2425 Connection MUST be treated as malformed (Section 8.1.2.6). 2427 This means that an intermediary transforming an HTTP/1.x message to 2428 HTTP/2 will need to remove any header fields nominated by the 2429 Connection header field, along with the Connection header field 2430 itself. Such intermediaries SHOULD also remove other connection- 2431 specific header fields, such as Keep-Alive, Proxy-Connection, 2432 Transfer-Encoding and Upgrade, even if they are not nominated by 2433 Connection. 2435 One exception to this is the TE header field, which MAY be present in 2436 an HTTP/2 request, but when it is MUST NOT contain any value other 2437 than "trailers". 2439 Note: HTTP/2 purposefully does not support upgrade to another 2440 protocol. The handshake methods described in Section 3 are 2441 believed sufficient to negotiate the use of alternative protocols. 2443 8.1.2.3. Request Header Fields 2445 HTTP/2 defines a number of pseudo header fields starting with a colon 2446 ':' character that carry information about the request target: 2448 o The ":method" header field includes the HTTP method ([RFC7231], 2449 Section 4). 2451 o The ":scheme" header field includes the scheme portion of the 2452 target URI ([RFC3986], Section 3.1). 2454 ":scheme" is not restricted to "http" and "https" schemed URIs. A 2455 proxy or gateway can translate requests for non-HTTP schemes, 2456 enabling the use of HTTP to interact with non-HTTP services. 2458 o The ":authority" header field includes the authority portion of 2459 the target URI ([RFC3986], Section 3.2). The authority MUST NOT 2460 include the deprecated "userinfo" subcomponent for "http" or 2461 "https" schemed URIs. 2463 To ensure that the HTTP/1.1 request line can be reproduced 2464 accurately, this header field MUST be omitted when translating 2465 from an HTTP/1.1 request that has a request target in origin or 2466 asterisk form (see [RFC7230], Section 5.3). Clients that generate 2467 HTTP/2 requests directly SHOULD instead omit the "Host" header 2468 field. An intermediary that converts an HTTP/2 request to 2469 HTTP/1.1 MUST create a "Host" header field if one is not present 2470 in a request by copying the value of the ":authority" header 2471 field. 2473 o The ":path" header field includes the path and query parts of the 2474 target URI (the "path-absolute" production from [RFC3986] and 2475 optionally a '?' character followed by the "query" production, see 2476 [RFC3986], Section 3.3 and [RFC3986], Section 3.4). A request in 2477 asterisk form includes the value '*' for the ":path" header field. 2479 This field MUST NOT be empty for "http" or "https" URIs; "http" or 2480 "https" URIs that do not contain a path component MUST include a 2481 value of '/'. The exception to this rule is an OPTIONS request 2482 for an "http" or "https" URI that does not include a path 2483 component; these MUST include a ":path" header field with a value 2484 of '*' (see [RFC7230], Section 5.3.4). 2486 All HTTP/2 requests MUST include exactly one valid value for the 2487 ":method", ":scheme", and ":path" header fields, unless this is a 2488 CONNECT request (Section 8.3). An HTTP request that omits mandatory 2489 header fields is malformed (Section 8.1.2.6). 2491 HTTP/2 does not define a way to carry the version identifier that is 2492 included in the HTTP/1.1 request line. 2494 8.1.2.4. Response Header Fields 2496 A single ":status" header field is defined that carries the HTTP 2497 status code field (see [RFC7231], Section 6). This header field MUST 2498 be included in all responses, otherwise the response is malformed 2499 (Section 8.1.2.6). 2501 HTTP/2 does not define a way to carry the version or reason phrase 2502 that is included in an HTTP/1.1 status line. 2504 8.1.2.5. Compressing the Cookie Header Field 2506 The Cookie header field [COOKIE] can carry a significant amount of 2507 redundant data. 2509 The Cookie header field uses a semi-colon (";") to delimit cookie- 2510 pairs (or "crumbs"). This header field doesn't follow the list 2511 construction rules in HTTP (see [RFC7230], Section 3.2.2), which 2512 prevents cookie-pairs from being separated into different name-value 2513 pairs. This can significantly reduce compression efficiency as 2514 individual cookie-pairs are updated. 2516 To allow for better compression efficiency, the Cookie header field 2517 MAY be split into separate header fields, each with one or more 2518 cookie-pairs. If there are multiple Cookie header fields after 2519 decompression, these MUST be concatenated into a single octet string 2520 using the two octet delimiter of 0x3B, 0x20 (the ASCII string "; ") 2521 before being passed into a non-HTTP/2 context, such as an HTTP/1.1 2522 connection, or a generic HTTP server application. 2524 Therefore, the following two lists of Cookie header fields are 2525 semantically equivalent. 2527 cookie: a=b; c=d; e=f 2529 cookie: a=b 2530 cookie: c=d 2531 cookie: e=f 2533 8.1.2.6. Malformed Requests and Responses 2535 A malformed request or response is one that is an otherwise valid 2536 sequence of HTTP/2 frames, but is otherwise invalid due to the 2537 presence of extraneous frames, prohibited header fields, the absence 2538 of mandatory header fields, or the inclusion of uppercase header 2539 field names. 2541 A request or response that includes an entity body can include a 2542 "content-length" header field. A request or response is also 2543 malformed if the value of a "content-length" header field does not 2544 equal the sum of the DATA frame payload lengths that form the body, 2545 with the exception of responses to HEAD requests, which always 2546 contain no DATA frames. 2548 Intermediaries that process HTTP requests or responses (i.e., any 2549 intermediary not acting as a tunnel) MUST NOT forward a malformed 2550 request or response. Malformed requests or responses that are 2551 detected MUST be treated as a stream error (Section 5.4.2) of type 2552 PROTOCOL_ERROR. 2554 For malformed requests, a server MAY send an HTTP response prior to 2555 closing or resetting the stream. Clients MUST NOT accept a malformed 2556 response. Note that these requirements are intended to protect 2557 against several types of common attacks against HTTP; they are 2558 deliberately strict, because being permissive can expose 2559 implementations to these vulnerabilities. 2561 8.1.3. Examples 2563 This section shows HTTP/1.1 requests and responses, with 2564 illustrations of equivalent HTTP/2 requests and responses. 2566 An HTTP GET request includes request header fields and no body and is 2567 therefore transmitted as a single HEADERS frame, followed by zero or 2568 more CONTINUATION frames containing the serialized block of request 2569 header fields. The HEADERS frame in the following has both the 2570 END_HEADERS and END_STREAM flags set; no CONTINUATION frames are 2571 sent: 2573 GET /resource HTTP/1.1 HEADERS 2574 Host: example.org ==> + END_STREAM 2575 Accept: image/jpeg + END_HEADERS 2576 :method = GET 2577 :scheme = https 2578 :path = /resource 2579 host = example.org 2580 accept = image/jpeg 2582 Similarly, a response that includes only response header fields is 2583 transmitted as a HEADERS frame (again, followed by zero or more 2584 CONTINUATION frames) containing the serialized block of response 2585 header fields. 2587 HTTP/1.1 304 Not Modified HEADERS 2588 ETag: "xyzzy" ==> + END_STREAM 2589 Expires: Thu, 23 Jan ... + END_HEADERS 2590 :status = 304 2591 etag = "xyzzy" 2592 expires = Thu, 23 Jan ... 2594 An HTTP POST request that includes request header fields and payload 2595 data is transmitted as one HEADERS frame, followed by zero or more 2596 CONTINUATION frames containing the request header fields, followed by 2597 one or more DATA frames, with the last CONTINUATION (or HEADERS) 2598 frame having the END_HEADERS flag set and the final DATA frame having 2599 the END_STREAM flag set: 2601 POST /resource HTTP/1.1 HEADERS 2602 Host: example.org ==> - END_STREAM 2603 Content-Type: image/jpeg - END_HEADERS 2604 Content-Length: 123 :method = POST 2605 :path = /resource 2606 {binary data} content-type = image/jpeg 2608 CONTINUATION 2609 + END_HEADERS 2610 host = example.org 2611 :scheme = https 2612 content-length = 123 2614 DATA 2615 + END_STREAM 2616 {binary data} 2618 Note that data contributing to any given header field could be spread 2619 between header block fragments. The allocation of header fields to 2620 frames in this example is illustrative only. 2622 A response that includes header fields and payload data is 2623 transmitted as a HEADERS frame, followed by zero or more CONTINUATION 2624 frames, followed by one or more DATA frames, with the last DATA frame 2625 in the sequence having the END_STREAM flag set: 2627 HTTP/1.1 200 OK HEADERS 2628 Content-Type: image/jpeg ==> - END_STREAM 2629 Content-Length: 123 + END_HEADERS 2630 :status = 200 2631 {binary data} content-type = image/jpeg 2632 content-length = 123 2634 DATA 2635 + END_STREAM 2636 {binary data} 2638 Trailing header fields are sent as a header block after both the 2639 request or response header block and all the DATA frames have been 2640 sent. The HEADERS frame starting the trailers header block has the 2641 END_STREAM flag set. 2643 HTTP/1.1 200 OK HEADERS 2644 Content-Type: image/jpeg ==> - END_STREAM 2645 Transfer-Encoding: chunked + END_HEADERS 2646 Trailer: Foo :status = 200 2647 content-length = 123 2648 123 content-type = image/jpeg 2649 {binary data} trailer = Foo 2650 0 2651 Foo: bar DATA 2652 - END_STREAM 2653 {binary data} 2655 HEADERS 2656 + END_STREAM 2657 + END_HEADERS 2658 foo = bar 2660 An informational response using a 1xx status code other than 101 is 2661 transmitted as a HEADERS frame, followed by zero or more CONTINUATION 2662 frames: 2664 HTTP/1.1 103 BAR HEADERS 2665 Extension-Field: bar ==> - END_STREAM 2666 + END_HEADERS 2667 :status = 103 2668 extension-field = bar 2670 8.1.4. Request Reliability Mechanisms in HTTP/2 2672 In HTTP/1.1, an HTTP client is unable to retry a non-idempotent 2673 request when an error occurs, because there is no means to determine 2674 the nature of the error. It is possible that some server processing 2675 occurred prior to the error, which could result in undesirable 2676 effects if the request were reattempted. 2678 HTTP/2 provides two mechanisms for providing a guarantee to a client 2679 that a request has not been processed: 2681 o The GOAWAY frame indicates the highest stream number that might 2682 have been processed. Requests on streams with higher numbers are 2683 therefore guaranteed to be safe to retry. 2685 o The REFUSED_STREAM error code can be included in a RST_STREAM 2686 frame to indicate that the stream is being closed prior to any 2687 processing having occurred. Any request that was sent on the 2688 reset stream can be safely retried. 2690 Requests that have not been processed have not failed; clients MAY 2691 automatically retry them, even those with non-idempotent methods. 2693 A server MUST NOT indicate that a stream has not been processed 2694 unless it can guarantee that fact. If frames that are on a stream 2695 are passed to the application layer for any stream, then 2696 REFUSED_STREAM MUST NOT be used for that stream, and a GOAWAY frame 2697 MUST include a stream identifier that is greater than or equal to the 2698 given stream identifier. 2700 In addition to these mechanisms, the PING frame provides a way for a 2701 client to easily test a connection. Connections that remain idle can 2702 become broken as some middleboxes (for instance, network address 2703 translators, or load balancers) silently discard connection bindings. 2704 The PING frame allows a client to safely test whether a connection is 2705 still active without sending a request. 2707 8.2. Server Push 2709 HTTP/2 enables a server to pre-emptively send (or "push") one or more 2710 associated responses to a client in response to a single request. 2711 This feature becomes particularly helpful when the server knows the 2712 client will need to have those responses available in order to fully 2713 process the response to the original request. 2715 Pushing additional responses is optional, and is negotiated between 2716 individual endpoints. The SETTINGS_ENABLE_PUSH setting can be set to 2717 0 to indicate that server push is disabled. 2719 Because pushing responses is effectively hop-by-hop, an intermediary 2720 could receive pushed responses from the server and choose not to 2721 forward those on to the client. In other words, how to make use of 2722 the pushed responses is up to that intermediary. Equally, the 2723 intermediary might choose to push additional responses to the client, 2724 without any action taken by the server. 2726 A client cannot push. Thus, servers MUST treat the receipt of a 2727 PUSH_PROMISE frame as a connection error (Section 5.4.1) of type 2728 PROTOCOL_ERROR. Clients MUST reject any attempt to change the 2729 SETTINGS_ENABLE_PUSH setting to a value other than 0 by treating the 2730 message as a connection error (Section 5.4.1) of type PROTOCOL_ERROR. 2732 A server can only push responses that are cacheable (see [RFC7234], 2733 Section 3); promised requests MUST be safe (see [RFC7231], 2734 Section 4.2.1) and MUST NOT include a request body. 2736 8.2.1. Push Requests 2738 Server push is semantically equivalent to a server responding to a 2739 request; however, in this case that request is also sent by the 2740 server, as a PUSH_PROMISE frame. 2742 The PUSH_PROMISE frame includes a header block that contains a 2743 complete set of request header fields that the server attributes to 2744 the request. It is not possible to push a response to a request that 2745 includes a request body. 2747 Pushed responses are always associated with an explicit request from 2748 the client. The PUSH_PROMISE frames sent by the server are sent on 2749 that explicit request's stream. The PUSH_PROMISE frame also includes 2750 a promised stream identifier, chosen from the stream identifiers 2751 available to the server (see Section 5.1.1). 2753 The header fields in PUSH_PROMISE and any subsequent CONTINUATION 2754 frames MUST be a valid and complete set of request header fields 2755 (Section 8.1.2.3). The server MUST include a method in the ":method" 2756 header field that is safe and cacheable. If a client receives a 2757 PUSH_PROMISE that does not include a complete and valid set of header 2758 fields, or the ":method" header field identifies a method that is not 2759 safe, it MUST respond with a stream error (Section 5.4.2) of type 2760 PROTOCOL_ERROR. 2762 The server SHOULD send PUSH_PROMISE (Section 6.6) frames prior to 2763 sending any frames that reference the promised responses. This 2764 avoids a race where clients issue requests prior to receiving any 2765 PUSH_PROMISE frames. 2767 For example, if the server receives a request for a document 2768 containing embedded links to multiple image files, and the server 2769 chooses to push those additional images to the client, sending push 2770 promises before the DATA frames that contain the image links ensures 2771 that the client is able to see the promises before discovering 2772 embedded links. Similarly, if the server pushes responses referenced 2773 by the header block (for instance, in Link header fields), sending 2774 the push promises before sending the header block ensures that 2775 clients do not request them. 2777 PUSH_PROMISE frames MUST NOT be sent by the client. 2779 PUSH_PROMISE frames can be sent by the server in response to any 2780 client-initiated stream, but the stream MUST be in either the "open" 2781 or "half closed (remote)" state with respect to the server. 2782 PUSH_PROMISE frames are interspersed with the frames that comprise a 2783 response, though they cannot be interspersed with HEADERS and 2784 CONTINUATION frames that comprise a single header block. 2786 Sending a PUSH_PROMISE frame creates a new stream and puts the stream 2787 into the "reserved (local)" state for the server and the "reserved 2788 (remote)" state for the client. 2790 8.2.2. Push Responses 2792 After sending the PUSH_PROMISE frame, the server can begin delivering 2793 the pushed response as a response (Section 8.1.2.4) on a server- 2794 initiated stream that uses the promised stream identifier. The 2795 server uses this stream to transmit an HTTP response, using the same 2796 sequence of frames as defined in Section 8.1. This stream becomes 2797 "half closed" to the client (Section 5.1) after the initial HEADERS 2798 frame is sent. 2800 Once a client receives a PUSH_PROMISE frame and chooses to accept the 2801 pushed response, the client SHOULD NOT issue any requests for the 2802 promised response until after the promised stream has closed. 2804 If the client determines, for any reason, that it does not wish to 2805 receive the pushed response from the server, or if the server takes 2806 too long to begin sending the promised response, the client can send 2807 an RST_STREAM frame, using either the CANCEL or REFUSED_STREAM codes, 2808 and referencing the pushed stream's identifier. 2810 A client can use the SETTINGS_MAX_CONCURRENT_STREAMS setting to limit 2811 the number of responses that can be concurrently pushed by a server. 2812 Advertising a SETTINGS_MAX_CONCURRENT_STREAMS value of zero disables 2813 server push by preventing the server from creating the necessary 2814 streams. This does not prohibit a server from sending PUSH_PROMISE 2815 frames; clients need to reset any promised streams that are not 2816 wanted. 2818 Clients receiving a pushed response MUST validate that the server is 2819 authorized to provide the response, see Section 10.1. For example, a 2820 server that offers a certificate for only the "example.com" DNS-ID or 2821 Common Name is not permitted to push a response for 2822 "https://www.example.org/doc". 2824 The response for a PUSH_PROMISE stream begins with a HEADERS frame, 2825 which immediately puts the stream into the "half closed (remote)" 2826 state for the server and "half closed (local)" state for the client, 2827 and ends with a frame bearing END_STREAM, which places the stream in 2828 the "closed" state. 2830 Note: The client never sends a frame with the END_STREAM flag for a 2831 server push. 2833 8.3. The CONNECT Method 2835 In HTTP/1.x, the pseudo-method CONNECT ([RFC7231], Section 4.3.6) is 2836 used to convert an HTTP connection into a tunnel to a remote host. 2837 CONNECT is primarily used with HTTP proxies to establish a TLS 2838 session with an origin server for the purposes of interacting with 2839 "https" resources. 2841 In HTTP/2, the CONNECT method is used to establish a tunnel over a 2842 single HTTP/2 stream to a remote host, for similar purposes. The 2843 HTTP header field mapping works as mostly as defined in Request 2844 Header Fields (Section 8.1.2.3), with a few differences. 2845 Specifically: 2847 o The ":method" header field is set to "CONNECT". 2849 o The ":scheme" and ":path" header fields MUST be omitted. 2851 o The ":authority" header field contains the host and port to 2852 connect to (equivalent to the authority-form of the request-target 2853 of CONNECT requests, see [RFC7230], Section 5.3). 2855 A proxy that supports CONNECT establishes a TCP connection [TCP] to 2856 the server identified in the ":authority" header field. Once this 2857 connection is successfully established, the proxy sends a HEADERS 2858 frame containing a 2xx series status code to the client, as defined 2859 in [RFC7231], Section 4.3.6. 2861 After the initial HEADERS frame sent by each peer, all subsequent 2862 DATA frames correspond to data sent on the TCP connection. The 2863 payload of any DATA frames sent by the client are transmitted by the 2864 proxy to the TCP server; data received from the TCP server is 2865 assembled into DATA frames by the proxy. Frame types other than DATA 2866 or stream management frames (RST_STREAM, WINDOW_UPDATE, and PRIORITY) 2867 MUST NOT be sent on a connected stream, and MUST be treated as a 2868 stream error (Section 5.4.2) if received. 2870 The TCP connection can be closed by either peer. The END_STREAM flag 2871 on a DATA frame is treated as being equivalent to the TCP FIN bit. A 2872 client is expected to send a DATA frame with the END_STREAM flag set 2873 after receiving a frame bearing the END_STREAM flag. A proxy that 2874 receives a DATA frame with the END_STREAM flag set sends the attached 2875 data with the FIN bit set on the last TCP segment. A proxy that 2876 receives a TCP segment with the FIN bit set sends a DATA frame with 2877 the END_STREAM flag set. Note that the final TCP segment or DATA 2878 frame could be empty. 2880 A TCP connection error is signaled with RST_STREAM. A proxy treats 2881 any error in the TCP connection, which includes receiving a TCP 2882 segment with the RST bit set, as a stream error (Section 5.4.2) of 2883 type CONNECT_ERROR. Correspondingly, a proxy MUST send a TCP segment 2884 with the RST bit set if it detects an error with the stream or the 2885 HTTP/2 connection. 2887 9. Additional HTTP Requirements/Considerations 2889 This section outlines attributes of the HTTP protocol that improve 2890 interoperability, reduce exposure to known security vulnerabilities, 2891 or reduce the potential for implementation variation. 2893 9.1. Connection Management 2895 HTTP/2 connections are persistent. For best performance, it is 2896 expected clients will not close connections until it is determined 2897 that no further communication with a server is necessary (for 2898 example, when a user navigates away from a particular web page), or 2899 until the server closes the connection. 2901 Clients SHOULD NOT open more than one HTTP/2 connection to a given 2902 host and port pair, where host is derived from a URI, a selected 2903 alternative service [ALT-SVC], or a configured proxy. 2905 A client can create additional connections as replacements, either to 2906 replace connections that are near to exhausting the available stream 2907 identifier space (Section 5.1.1), to refresh the keying material for 2908 a TLS connection, or to replace connections that have encountered 2909 errors (Section 5.4.1). 2911 A client MAY open multiple connections to the same IP address and TCP 2912 port using different Server Name Indication [TLS-EXT] values or to 2913 provide different TLS client certificates, but SHOULD avoid creating 2914 multiple connections with the same configuration. 2916 Servers are encouraged to maintain open connections for as long as 2917 possible, but are permitted to terminate idle connections if 2918 necessary. When either endpoint chooses to close the transport-level 2919 TCP connection, the terminating endpoint SHOULD first send a GOAWAY 2920 (Section 6.8) frame so that both endpoints can reliably determine 2921 whether previously sent frames have been processed and gracefully 2922 complete or terminate any necessary remaining tasks. 2924 9.1.1. Connection Reuse 2926 Clients MAY use a single server connection to send requests for URIs 2927 with multiple different authority components as long as the server is 2928 authoritative (Section 10.1). For "http" resources, this depends on 2929 the host having resolved to the same IP address. 2931 For "https" resources, connection reuse additionally depends on 2932 having a certificate that is valid for the host in the URI. That is 2933 the use of server certificate with multiple "subjectAltName" 2934 attributes, or names with wildcards. For example, a certificate with 2935 a "subjectAltName" of "*.example.com" might permit the use of the 2936 same connection for "a.example.com" and "b.example.com". 2938 In some deployments, reusing a connection for multiple origins can 2939 result in requests being directed to the wrong origin server. For 2940 example, TLS termination might be performed by a middlebox that uses 2941 the TLS Server Name Indication (SNI) [TLS-EXT] extension to select 2942 the an origin server. This means that it is possible for clients to 2943 send confidential information to servers that might not be the 2944 intended target for the request, even though the server has valid 2945 authentication credentials. 2947 A server that does not wish clients to reuse connections can indicate 2948 that it is not authoritative for a request by sending a 421 (Not 2949 Authoritative) status code in response to the request (see 2950 Section 9.1.2). 2952 9.1.2. The 421 (Not Authoritative) Status Code 2954 The 421 (Not Authoritative) status code indicates that the current 2955 origin server is not authoritative for the requested resource, in the 2956 sense of [RFC7230], Section 9.1 (see also Section 10.1). 2958 Clients receiving a 421 (Not Authoritative) response from a server 2959 MAY retry the request - whether the request method is idempotent or 2960 not - over a different connection. This is possible if a connection 2961 is reused (Section 9.1.1) or if an alternative service is selected 2962 ([ALT-SVC]). 2964 This status code MUST NOT be generated by proxies. 2966 A 421 response is cacheable by default; i.e., unless otherwise 2967 indicated by the method definition or explicit cache controls (see 2968 Section 4.2.2 of [RFC7234]). 2970 9.2. Use of TLS Features 2972 Implementations of HTTP/2 MUST support TLS 1.2 [TLS12] for HTTP/2 2973 over TLS. The general TLS usage guidance in [TLSBCP] SHOULD be 2974 followed, with some additional restrictions that are specific to 2975 HTTP/2. 2977 An implementation of HTTP/2 over TLS MUST use TLS 1.2 or higher with 2978 the restrictions on feature set and cipher suite described in this 2979 section. Due to implementation limitations, it might not be possible 2980 to fail TLS negotiation. An endpoint MUST immediately terminate an 2981 HTTP/2 connection that does not meet these minimum requirements with 2982 a connection error (Section 5.4.1) of type INADEQUATE_SECURITY. 2984 9.2.1. TLS Features 2986 The TLS implementation MUST support the Server Name Indication (SNI) 2987 [TLS-EXT] extension to TLS. HTTP/2 clients MUST indicate the target 2988 domain name when negotiating TLS. 2990 The TLS implementation MUST disable compression. TLS compression can 2991 lead to the exposure of information that would not otherwise be 2992 revealed [RFC3749]. Generic compression is unnecessary since HTTP/2 2993 provides compression features that are more aware of context and 2994 therefore likely to be more appropriate for use for performance, 2995 security or other reasons. 2997 The TLS implementation MUST disable renegotiation. An endpoint MUST 2998 treat a TLS renegotiation as a connection error (Section 5.4.1) of 2999 type PROTOCOL_ERROR. Note that disabling renegotiation can result in 3000 long-lived connections becoming unusable due to limits on the number 3001 of messages the underlying cipher suite can encipher. 3003 A client MAY use renegotiation to provide confidentiality protection 3004 for client credentials offered in the handshake, but any 3005 renegotiation MUST occur prior to sending the connection preface. A 3006 server SHOULD request a client certificate if it sees a renegotiation 3007 request immediately after establishing a connection. 3009 This effectively prevents the use of renegotiation in response to a 3010 request for a specific protected resource. A future specification 3011 might provide a way to support this use case. 3013 9.2.2. TLS Cipher Suites 3015 The set of TLS cipher suites that are permitted in HTTP/2 is 3016 restricted. HTTP/2 MUST only be used with cipher suites that have 3017 ephemeral key exchange, such as the ephemeral Diffie-Hellman (DHE) 3018 [TLS12] or the elliptic curve variant (ECDHE) [RFC4492]. Ephemeral 3019 key exchange MUST have a minimum size of 2048 bits for DHE or 3020 security level of 128 bits for ECDHE. Clients MUST accept DHE sizes 3021 of up to 4096 bits. HTTP MUST NOT be used with cipher suites that 3022 use stream or block ciphers. Authenticated Encryption with 3023 Additional Data (AEAD) modes, such as the Galois Counter Model (GCM) 3024 mode for AES [RFC5288] are acceptable. 3026 The effect of these restrictions is that TLS 1.2 implementations 3027 could have non-intersecting sets of available cipher suites, since 3028 these prevent the use of the cipher suite that TLS 1.2 makes 3029 mandatory. To avoid this problem, implementations of HTTP/2 that use 3030 TLS 1.2 MUST support TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 3031 [TLS-ECDHE] with P256 [FIPS186]. 3033 Clients MAY advertise support of cipher suites that are prohibited by 3034 the above restrictions in order to allow for connection to servers 3035 that do not support HTTP/2. This enables a fallback to protocols 3036 without these constraints without the additional latency imposed by 3037 using a separate connection for fallback. 3039 10. Security Considerations 3041 10.1. Server Authority 3043 A client is only able to accept HTTP/2 responses from servers that 3044 are authoritative for those resources. This is particularly 3045 important for server push (Section 8.2), where the client validates 3046 the PUSH_PROMISE before accepting the response. 3048 HTTP/2 relies on the HTTP/1.1 definition of authority for determining 3049 whether a server is authoritative in providing a given response, see 3050 [RFC7230], Section 9.1. This relies on local name resolution for the 3051 "http" URI scheme, and the authenticated server identity for the 3052 "https" scheme (see [RFC2818], Section 3). 3054 A client MUST discard responses provided by a server that is not 3055 authoritative for those resources. 3057 10.2. Cross-Protocol Attacks 3059 In a cross-protocol attack, an attacker causes a client to initiate a 3060 transaction in one protocol toward a server that understands a 3061 different protocol. An attacker might be able to cause the 3062 transaction to appear as valid transaction in the second protocol. 3063 In combination with the capabilities of the web context, this can be 3064 used to interact with poorly protected servers in private networks. 3066 Completing a TLS handshake with an ALPN identifier for HTTP/2 can be 3067 considered sufficient protection against cross protocol attacks. 3068 ALPN provides a positive indication that a server is willing to 3069 proceed with HTTP/2, which prevents attacks on other TLS-based 3070 protocols. 3072 The encryption in TLS makes it difficult for attackers to control the 3073 data which could be used in a cross-protocol attack on a cleartext 3074 protocol. 3076 The cleartext version of HTTP/2 has minimal protection against cross- 3077 protocol attacks. The connection preface (Section 3.5) contains a 3078 string that is designed to confuse HTTP/1.1 servers, but no special 3079 protection is offered for other protocols. A server that is willing 3080 to ignore parts of an HTTP/1.1 request containing an Upgrade header 3081 field in addition to the client connection preface could be exposed 3082 to a cross-protocol attack. 3084 10.3. Intermediary Encapsulation Attacks 3086 HTTP/2 header field names and values are encoded as sequences of 3087 octets with a length prefix. This enables HTTP/2 to carry any string 3088 of octets as the name or value of a header field. An intermediary 3089 that translates HTTP/2 requests or responses into HTTP/1.1 directly 3090 could permit the creation of corrupted HTTP/1.1 messages. An 3091 attacker might exploit this behavior to cause the intermediary to 3092 create HTTP/1.1 messages with illegal header fields, extra header 3093 fields, or even new messages that are entirely falsified. 3095 Header field names or values that contain characters not permitted by 3096 HTTP/1.1, including carriage return (ASCII 0xd) or line feed (ASCII 3097 0xa) MUST NOT be translated verbatim by an intermediary, as 3098 stipulated in [RFC7230], Section 3.2.4. 3100 Translation from HTTP/1.x to HTTP/2 does not produce the same 3101 opportunity to an attacker. Intermediaries that perform translation 3102 to HTTP/2 MUST remove any instances of the "obs-fold" production from 3103 header field values. 3105 10.4. Cacheability of Pushed Responses 3107 Pushed responses do not have an explicit request from the client; the 3108 request is provided by the server in the PUSH_PROMISE frame. 3110 Caching responses that are pushed is possible based on the guidance 3111 provided by the origin server in the Cache-Control header field. 3112 However, this can cause issues if a single server hosts more than one 3113 tenant. For example, a server might offer multiple users each a 3114 small portion of its URI space. 3116 Where multiple tenants share space on the same server, that server 3117 MUST ensure that tenants are not able to push representations of 3118 resources that they do not have authority over. Failure to enforce 3119 this would allow a tenant to provide a representation that would be 3120 served out of cache, overriding the actual representation that the 3121 authoritative tenant provides. 3123 Pushed responses for which an origin server is not authoritative (see 3124 Section 10.1) are never cached or used. 3126 10.5. Denial of Service Considerations 3128 An HTTP/2 connection can demand a greater commitment of resources to 3129 operate than a HTTP/1.1 connection. The use of header compression 3130 and flow control depend on a commitment of resources for storing a 3131 greater amount of state. Settings for these features ensure that 3132 memory commitments for these features are strictly bounded. 3134 The number of PUSH_PROMISE frames is not constrained in the same 3135 fashion. A client that accepts server push SHOULD limit the number 3136 of streams it allows to be in the "reserved (remote)" state. 3137 Excessive number of server push streams can be treated as a stream 3138 error (Section 5.4.2) of type ENHANCE_YOUR_CALM. 3140 Processing capacity cannot be guarded as effectively as state 3141 capacity. 3143 The SETTINGS frame can be abused to cause a peer to expend additional 3144 processing time. This might be done by pointlessly changing SETTINGS 3145 parameters, setting multiple undefined parameters, or changing the 3146 same setting multiple times in the same frame. WINDOW_UPDATE or 3147 PRIORITY frames can be abused to cause an unnecessary waste of 3148 resources. 3150 Large numbers of small or empty frames can be abused to cause a peer 3151 to expend time processing frame headers. Note however that some uses 3152 are entirely legitimate, such as the sending of an empty DATA frame 3153 to end a stream. 3155 Header compression also offers some opportunities to waste processing 3156 resources; see Section 8 of [COMPRESSION] for more details on 3157 potential abuses. 3159 Limits in SETTINGS parameters cannot be reduced instantaneously, 3160 which leaves an endpoint exposed to behavior from a peer that could 3161 exceed the new limits. In particular, immediately after establishing 3162 a connection, limits set by a server are not known to clients and 3163 could be exceeded without being an obvious protocol violation. 3165 All these features - i.e., SETTINGS changes, small frames, header 3166 compression - have legitimate uses. These features become a burden 3167 only when they are used unnecessarily or to excess. 3169 An endpoint that doesn't monitor this behavior exposes itself to a 3170 risk of denial of service attack. Implementations SHOULD track the 3171 use of these features and set limits on their use. An endpoint MAY 3172 treat activity that is suspicious as a connection error 3173 (Section 5.4.1) of type ENHANCE_YOUR_CALM. 3175 10.5.1. Limits on Header Block Size 3177 A large header block (Section 4.3) can cause an implementation to 3178 commit a large amount of state. In servers and intermediaries, 3179 header fields that are critical to routing, such as ":authority", 3180 ":path", and ":scheme" are not guaranteed to be present early in the 3181 header block. In particular, values that are in the reference set 3182 cannot be emitted until the header block ends. 3184 This can prevent streaming of the header fields to their ultimate 3185 destination, and forces the endpoint to buffer the entire header 3186 block. Since there is no hard limit to the size of a header block, 3187 an endpoint could be forced to exhaust available memory. 3189 An endpoint can use the SETTINGS_MAX_HEADER_LIST_SIZE to avise peers 3190 of limits that might apply on the size of header blocks. This 3191 setting is only advisory, so endpoints MAY choose to send header 3192 blocks that exceed this limit and risk having the request or response 3193 being treated as malformed. This setting is advertised hop-by-hop, 3194 so any request or response could encounter a hop with a lower, 3195 unknown limit. An intermediary can attempt to avoid this problem by 3196 passing on values presented by different peers, but they are not 3197 obligated to do so. 3199 A server that receives a larger header block than it is willing to 3200 handle can send an HTTP 431 (Request Header Fields Too Large) status 3201 code [RFC6585]. A client can discard responses that it cannot 3202 process. The header block MUST be processed to ensure a consistent 3203 connection state, unless the connection is closed. 3205 10.6. Use of Compression 3207 HTTP/2 enables greater use of compression for both header fields 3208 (Section 4.3) and entity bodies. Compression can allow an attacker 3209 to recover secret data when it is compressed in the same context as 3210 data under attacker control. 3212 There are demonstrable attacks on compression that exploit the 3213 characteristics of the web (e.g., [BREACH]). The attacker induces 3214 multiple requests containing varying plaintext, observing the length 3215 of the resulting ciphertext in each, which reveals a shorter length 3216 when a guess about the secret is correct. 3218 Implementations communicating on a secure channel MUST NOT compress 3219 content that includes both confidential and attacker-controlled data 3220 unless separate compression dictionaries are used for each source of 3221 data. Compression MUST NOT be used if the source of data cannot be 3222 reliably determined. 3224 Further considerations regarding the compression of header fields are 3225 described in [COMPRESSION]. 3227 10.7. Use of Padding 3229 Padding within HTTP/2 is not intended as a replacement for general 3230 purpose padding, such as might be provided by TLS [TLS12]. Redundant 3231 padding could even be counterproductive. Correct application can 3232 depend on having specific knowledge of the data that is being padded. 3234 To mitigate attacks that rely on compression, disabling or limiting 3235 compression might be preferable to padding as a countermeasure. 3237 Padding can be used to obscure the exact size of frame content, and 3238 is provided to mitigate specific attacks within HTTP. For example, 3239 attacks where compressed content includes both attacker-controlled 3240 plaintext and secret data (see for example, [BREACH]). 3242 Use of padding can result in less protection than might seem 3243 immediately obvious. At best, padding only makes it more difficult 3244 for an attacker to infer length information by increasing the number 3245 of frames an attacker has to observe. Incorrectly implemented 3246 padding schemes can be easily defeated. In particular, randomized 3247 padding with a predictable distribution provides very little 3248 protection; similarly, padding payloads to a fixed size exposes 3249 information as payload sizes cross the fixed size boundary, which 3250 could be possible if an attacker can control plaintext. 3252 Intermediaries SHOULD retain padding for DATA frames, but MAY drop 3253 padding for HEADERS and PUSH_PROMISE frames. A valid reason for an 3254 intermediary to change the amount of padding of frames is to improve 3255 the protections that padding provides. 3257 10.8. Privacy Considerations 3259 Several characteristics of HTTP/2 provide an observer an opportunity 3260 to correlate actions of a single client or server over time. This 3261 includes the value of settings, the manner in which flow control 3262 windows are managed, the way priorities are allocated to streams, 3263 timing of reactions to stimulus, and handling of any optional 3264 features. 3266 As far as this creates observable differences in behavior, they could 3267 be used as a basis for fingerprinting a specific client, as defined 3268 in Section 1.8 of [HTML5]. 3270 11. IANA Considerations 3272 A string for identifying HTTP/2 is entered into the "Application 3273 Layer Protocol Negotiation (ALPN) Protocol IDs" registry established 3274 in [TLS-ALPN]. 3276 This document establishes a registry for frame types, settings, and 3277 error codes. These new registries are entered into a new "Hypertext 3278 Transfer Protocol (HTTP) 2 Parameters" section. 3280 This document registers the "HTTP2-Settings" header field for use in 3281 HTTP; and the 421 (Not Authoritative) status code. 3283 This document registers the "PRI" method for use in HTTP, to avoid 3284 collisions with the connection preface (Section 3.5). 3286 11.1. Registration of HTTP/2 Identification Strings 3288 This document creates two registrations for the identification of 3289 HTTP/2 in the "Application Layer Protocol Negotiation (ALPN) Protocol 3290 IDs" registry established in [TLS-ALPN]. 3292 The "h2" string identifies HTTP/2 when used over TLS: 3294 Protocol: HTTP/2 over TLS 3295 Identification Sequence: 0x68 0x32 ("h2") 3297 Specification: This document 3299 The "h2c" string identifies HTTP/2 when used over cleartext TCP: 3301 Protocol: HTTP/2 over TCP 3303 Identification Sequence: 0x68 0x32 0x63 ("h2c") 3305 Specification: This document 3307 11.2. Frame Type Registry 3309 This document establishes a registry for HTTP/2 frame types codes. 3310 The "HTTP/2 Frame Type" registry manages an 8-bit space. The "HTTP/2 3311 Frame Type" registry operates under either of the "IETF Review" or 3312 "IESG Approval" policies [RFC5226] for values between 0x00 and 0xef, 3313 with values between 0xf0 and 0xff being reserved for experimental 3314 use. 3316 New entries in this registry require the following information: 3318 Frame Type: A name or label for the frame type. 3320 Code: The 8-bit code assigned to the frame type. 3322 Specification: A reference to a specification that includes a 3323 description of the frame layout, it's semantics and flags that the 3324 frame type uses, including any parts of the frame that are 3325 conditionally present based on the value of flags. 3327 The entries in the following table are registered by this document. 3329 +---------------+------+--------------+ 3330 | Frame Type | Code | Section | 3331 +---------------+------+--------------+ 3332 | DATA | 0x0 | Section 6.1 | 3333 | HEADERS | 0x1 | Section 6.2 | 3334 | PRIORITY | 0x2 | Section 6.3 | 3335 | RST_STREAM | 0x3 | Section 6.4 | 3336 | SETTINGS | 0x4 | Section 6.5 | 3337 | PUSH_PROMISE | 0x5 | Section 6.6 | 3338 | PING | 0x6 | Section 6.7 | 3339 | GOAWAY | 0x7 | Section 6.8 | 3340 | WINDOW_UPDATE | 0x8 | Section 6.9 | 3341 | CONTINUATION | 0x9 | Section 6.10 | 3342 +---------------+------+--------------+ 3344 11.3. Settings Registry 3346 This document establishes a registry for HTTP/2 settings. The 3347 "HTTP/2 Settings" registry manages a 16-bit space. The "HTTP/2 3348 Settings" registry operates under the "Expert Review" policy 3349 [RFC5226] for values in the range from 0x0000 to 0xefff, with values 3350 between and 0xf000 and 0xffff being reserved for experimental use. 3352 New registrations are advised to provide the following information: 3354 Name: A symbolic name for the setting. Specifying a setting name is 3355 optional. 3357 Code: The 16-bit code assigned to the setting. 3359 Initial Value: An initial value for the setting. 3361 Specification: A stable reference to a specification that describes 3362 the use of the setting. 3364 An initial set of setting registrations can be found in 3365 Section 6.5.2. 3367 +------------------------+------+---------------+---------------+ 3368 | Name | Code | Initial Value | Specification | 3369 +------------------------+------+---------------+---------------+ 3370 | HEADER_TABLE_SIZE | 0x1 | 4096 | Section 6.5.2 | 3371 | ENABLE_PUSH | 0x2 | 1 | Section 6.5.2 | 3372 | MAX_CONCURRENT_STREAMS | 0x3 | (infinite) | Section 6.5.2 | 3373 | INITIAL_WINDOW_SIZE | 0x4 | 65535 | Section 6.5.2 | 3374 | MAX_FRAME_SIZE | 0x5 | 65536 | Section 6.5.2 | 3375 | MAX_HEADER_LIST_SIZE | 0x6 | (infinite) | Section 6.5.2 | 3376 +------------------------+------+---------------+---------------+ 3378 11.4. Error Code Registry 3380 This document establishes a registry for HTTP/2 error codes. The 3381 "HTTP/2 Error Code" registry manages a 32-bit space. The "HTTP/2 3382 Error Code" registry operates under the "Expert Review" policy 3383 [RFC5226]. 3385 Registrations for error codes are required to include a description 3386 of the error code. An expert reviewer is advised to examine new 3387 registrations for possible duplication with existing error codes. 3388 Use of existing registrations is to be encouraged, but not mandated. 3390 New registrations are advised to provide the following information: 3392 Name: A name for the error code. Specifying an error code name is 3393 optional. 3395 Code: The 32-bit error code value. 3397 Description: A brief description of the error code semantics, longer 3398 if no detailed specification is provided. 3400 Specification: An optional reference for a specification that 3401 defines the error code. 3403 The entries in the following table are registered by this document. 3405 +---------------------+------+----------------------+---------------+ 3406 | Name | Code | Description | Specification | 3407 +---------------------+------+----------------------+---------------+ 3408 | NO_ERROR | 0x0 | Graceful shutdown | Section 7 | 3409 | PROTOCOL_ERROR | 0x1 | Protocol error | Section 7 | 3410 | | | detected | | 3411 | INTERNAL_ERROR | 0x2 | Implementation fault | Section 7 | 3412 | FLOW_CONTROL_ERROR | 0x3 | Flow control limits | Section 7 | 3413 | | | exceeded | | 3414 | SETTINGS_TIMEOUT | 0x4 | Settings not | Section 7 | 3415 | | | acknowledged | | 3416 | STREAM_CLOSED | 0x5 | Frame received for | Section 7 | 3417 | | | closed stream | | 3418 | FRAME_SIZE_ERROR | 0x6 | Frame size incorrect | Section 7 | 3419 | REFUSED_STREAM | 0x7 | Stream not processed | Section 7 | 3420 | CANCEL | 0x8 | Stream cancelled | Section 7 | 3421 | COMPRESSION_ERROR | 0x9 | Compression state | Section 7 | 3422 | | | not updated | | 3423 | CONNECT_ERROR | 0xa | TCP connection error | Section 7 | 3424 | | | for CONNECT method | | 3425 | ENHANCE_YOUR_CALM | 0xb | Processing capacity | Section 7 | 3426 | | | exceeded | | 3427 | INADEQUATE_SECURITY | 0xc | Negotiated TLS | Section 7 | 3428 | | | parameters not | | 3429 | | | acceptable | | 3430 +---------------------+------+----------------------+---------------+ 3432 11.5. HTTP2-Settings Header Field Registration 3434 This section registers the "HTTP2-Settings" header field in the 3435 Permanent Message Header Field Registry [BCP90]. 3437 Header field name: HTTP2-Settings 3439 Applicable protocol: http 3440 Status: standard 3442 Author/Change controller: IETF 3444 Specification document(s): Section 3.2.1 of this document 3446 Related information: This header field is only used by an HTTP/2 3447 client for Upgrade-based negotiation. 3449 11.6. PRI Method Registration 3451 This section registers the "PRI" method in the HTTP Method Registry 3452 ([RFC7231], Section 8.1). 3454 Method Name: PRI 3456 Safe No 3458 Idempotent No 3460 Specification document(s) Section 3.5 of this document 3462 Related information: This method is never used by an actual client. 3463 This method will appear to be used when an HTTP/1.1 server or 3464 intermediary attempts to parse an HTTP/2 connection preface. 3466 11.7. The 421 Not Authoritative HTTP Status Code 3468 This document registers the 421 (Not Authoritative) HTTP Status code 3469 in the Hypertext Transfer Protocol (HTTP) Status Code Registry 3470 ([RFC7231], Section 8.2). 3472 Status Code: 421 3474 Short Description: Not Authoritative 3476 Specification: Section 9.1.2 of this document 3478 12. Acknowledgements 3480 This document includes substantial input from the following 3481 individuals: 3483 o Adam Langley, Wan-Teh Chang, Jim Morrison, Mark Nottingham, Alyssa 3484 Wilk, Costin Manolache, William Chan, Vitaliy Lvin, Joe Chan, Adam 3485 Barth, Ryan Hamilton, Gavin Peters, Kent Alstad, Kevin Lindsay, 3486 Paul Amer, Fan Yang, Jonathan Leighton (SPDY contributors). 3488 o Gabriel Montenegro and Willy Tarreau (Upgrade mechanism). 3490 o William Chan, Salvatore Loreto, Osama Mazahir, Gabriel Montenegro, 3491 Jitu Padhye, Roberto Peon, Rob Trace (Flow control). 3493 o Mike Bishop (Extensibility). 3495 o Mark Nottingham, Julian Reschke, James Snell, Jeff Pinner, Mike 3496 Bishop, Herve Ruellan (Substantial editorial contributions). 3498 o Kari Hurtta, Tatsuhiro Tsujikawa, Greg Wilkins, Poul-Henning Kamp. 3500 o Alexey Melnikov was an editor of this document during 2013. 3502 o A substantial proportion of Martin's contribution was supported by 3503 Microsoft during his employment there. 3505 13. References 3507 13.1. Normative References 3509 [COMPRESSION] 3510 Ruellan, H. and R. Peon, "HPACK - Header Compression for 3511 HTTP/2", draft-ietf-httpbis-header-compression-09 (work in 3512 progress), July 2014. 3514 [COOKIE] Barth, A., "HTTP State Management Mechanism", RFC 6265, 3515 April 2011. 3517 [FIPS186] NIST, "Digital Signature Standard (DSS)", FIPS PUB 186-4, 3518 July 2013. 3520 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 3521 Requirement Levels", BCP 14, RFC 2119, March 1997. 3523 [RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000. 3525 [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform 3526 Resource Identifier (URI): Generic Syntax", STD 66, RFC 3527 3986, January 2005. 3529 [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data 3530 Encodings", RFC 4648, October 2006. 3532 [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an 3533 IANA Considerations Section in RFCs", BCP 26, RFC 5226, 3534 May 2008. 3536 [RFC5234] Crocker, D. and P. Overell, "Augmented BNF for Syntax 3537 Specifications: ABNF", STD 68, RFC 5234, January 2008. 3539 [RFC7230] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer 3540 Protocol (HTTP/1.1): Message Syntax and Routing", RFC 3541 7230, June 2014. 3543 [RFC7231] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer 3544 Protocol (HTTP/1.1): Semantics and Content", RFC 7231, 3545 June 2014. 3547 [RFC7232] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer 3548 Protocol (HTTP/1.1): Conditional Requests", RFC 7232, June 3549 2014. 3551 [RFC7233] Fielding, R., Ed., Lafon, Y., Ed., and J. Reschke, Ed., 3552 "Hypertext Transfer Protocol (HTTP/1.1): Range Requests", 3553 RFC 7233, June 2014. 3555 [RFC7234] Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke, 3556 Ed., "Hypertext Transfer Protocol (HTTP/1.1): Caching", 3557 RFC 7234, June 2014. 3559 [RFC7235] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer 3560 Protocol (HTTP/1.1): Authentication", RFC 7235, June 2014. 3562 [TCP] Postel, J., "Transmission Control Protocol", STD 7, RFC 3563 793, September 1981. 3565 [TLS-ALPN] 3566 Friedl, S., Popov, A., Langley, A., and E. Stephan, 3567 "Transport Layer Security (TLS) Application-Layer Protocol 3568 Negotiation Extension", RFC 7301, July 2014. 3570 [TLS-ECDHE] 3571 Rescorla, E., "TLS Elliptic Curve Cipher Suites with SHA- 3572 256/384 and AES Galois Counter Mode (GCM)", RFC 5289, 3573 August 2008. 3575 [TLS-EXT] Eastlake, D., "Transport Layer Security (TLS) Extensions: 3576 Extension Definitions", RFC 6066, January 2011. 3578 [TLS12] Dierks, T. and E. Rescorla, "The Transport Layer Security 3579 (TLS) Protocol Version 1.2", RFC 5246, August 2008. 3581 13.2. Informative References 3583 [ALT-SVC] Nottingham, M., McManus, P., and J. Reschke, "HTTP 3584 Alternative Services", draft-ietf-httpbis-alt-svc-01 (work 3585 in progress), April 2014. 3587 [BCP90] Klyne, G., Nottingham, M., and J. Mogul, "Registration 3588 Procedures for Message Header Fields", BCP 90, RFC 3864, 3589 September 2004. 3591 [BREACH] Gluck, Y., Harris, N., and A. Prado, "BREACH: Reviving the 3592 CRIME Attack", July 2013, 3593 . 3596 [HTML5] Berjon, R., Faulkner, S., Leithead, T., Doyle Navara, E., 3597 O'Connor, E., and S. Pfeiffer, "HTML5", W3C Candidate 3598 Recommendation CR-html5-20140204, Febuary 2014, 3599 . 3601 Latest version available at [5]. 3603 [RFC1323] Jacobson, V., Braden, B., and D. Borman, "TCP Extensions 3604 for High Performance", RFC 1323, May 1992. 3606 [RFC3749] Hollenbeck, S., "Transport Layer Security Protocol 3607 Compression Methods", RFC 3749, May 2004. 3609 [RFC4492] Blake-Wilson, S., Bolyard, N., Gupta, V., Hawk, C., and B. 3610 Moeller, "Elliptic Curve Cryptography (ECC) Cipher Suites 3611 for Transport Layer Security (TLS)", RFC 4492, May 2006. 3613 [RFC5288] Salowey, J., Choudhury, A., and D. McGrew, "AES Galois 3614 Counter Mode (GCM) Cipher Suites for TLS", RFC 5288, 3615 August 2008. 3617 [RFC6585] Nottingham, N. and R. Fielding, "Additional HTTP Status 3618 Codes", RFC 6585, April 2012. 3620 [TALKING] Huang, L-S., Chen, E., Barth, A., Rescorla, E., and C. 3621 Jackson, "Talking to Yourself for Fun and Profit", 2011, 3622 . 3624 [TLSBCP] Sheffer, Y., Holz, R., and P. Saint-Andre, 3625 "Recommendations for Secure Use of TLS and DTLS", draft- 3626 sheffer-tls-bcp-02 (work in progress), February 2014. 3628 13.3. URIs 3630 [1] https://www.iana.org/assignments/message-headers 3632 [2] https://groups.google.com/forum/?fromgroups#!topic/spdy-dev/ 3633 cfUef2gL3iU 3635 [3] https://tools.ietf.org/html/draft-montenegro-httpbis-http2-fc- 3636 principles-01 3638 Appendix A. Change Log 3640 This section is to be removed by RFC Editor before publication. 3642 A.1. Since draft-ietf-httpbis-http2-13 3644 Pseudo-header fields are now required to appear strictly before 3645 regular ones. 3647 Restored 1xx series status codes, except 101. 3649 Changed frame length field 24-bits. Expanded frame header to 9 3650 octets. Added a setting to limit the damage. 3652 Added a setting to advise peers of header set size limits. 3654 Removed segments. 3656 Made non-semantic-bearing HEADERS frames illegal in the HTTP mapping. 3658 A.2. Since draft-ietf-httpbis-http2-12 3660 Restored extensibility options. 3662 Restricting TLS cipher suites to AEAD only. 3664 Removing Content-Encoding requirements. 3666 Permitting the use of PRIORITY after stream close. 3668 Removed ALTSVC frame. 3670 Removed BLOCKED frame. 3672 Reducing the maximum padding size to 256 octets; removing padding 3673 from CONTINUATION frames. 3675 Removed per-frame GZIP compression. 3677 A.3. Since draft-ietf-httpbis-http2-11 3679 Added BLOCKED frame (at risk). 3681 Simplified priority scheme. 3683 Added DATA per-frame GZIP compression. 3685 A.4. Since draft-ietf-httpbis-http2-10 3687 Changed "connection header" to "connection preface" to avoid 3688 confusion. 3690 Added dependency-based stream prioritization. 3692 Added "h2c" identifier to distinguish between cleartext and secured 3693 HTTP/2. 3695 Adding missing padding to PUSH_PROMISE. 3697 Integrate ALTSVC frame and supporting text. 3699 Dropping requirement on "deflate" Content-Encoding. 3701 Improving security considerations around use of compression. 3703 A.5. Since draft-ietf-httpbis-http2-09 3705 Adding padding for data frames. 3707 Renumbering frame types, error codes, and settings. 3709 Adding INADEQUATE_SECURITY error code. 3711 Updating TLS usage requirements to 1.2; forbidding TLS compression. 3713 Removing extensibility for frames and settings. 3715 Changing setting identifier size. 3717 Removing the ability to disable flow control. 3719 Changing the protocol identification token to "h2". 3721 Changing the use of :authority to make it optional and to allow 3722 userinfo in non-HTTP cases. 3724 Allowing split on 0x0 for Cookie. 3726 Reserved PRI method in HTTP/1.1 to avoid possible future collisions. 3728 A.6. Since draft-ietf-httpbis-http2-08 3730 Added cookie crumbling for more efficient header compression. 3732 Added header field ordering with the value-concatenation mechanism. 3734 A.7. Since draft-ietf-httpbis-http2-07 3736 Marked draft for implementation. 3738 A.8. Since draft-ietf-httpbis-http2-06 3740 Adding definition for CONNECT method. 3742 Constraining the use of push to safe, cacheable methods with no 3743 request body. 3745 Changing from :host to :authority to remove any potential confusion. 3747 Adding setting for header compression table size. 3749 Adding settings acknowledgement. 3751 Removing unnecessary and potentially problematic flags from 3752 CONTINUATION. 3754 Added denial of service considerations. 3756 A.9. Since draft-ietf-httpbis-http2-05 3758 Marking the draft ready for implementation. 3760 Renumbering END_PUSH_PROMISE flag. 3762 Editorial clarifications and changes. 3764 A.10. Since draft-ietf-httpbis-http2-04 3766 Added CONTINUATION frame for HEADERS and PUSH_PROMISE. 3768 PUSH_PROMISE is no longer implicitly prohibited if 3769 SETTINGS_MAX_CONCURRENT_STREAMS is zero. 3771 Push expanded to allow all safe methods without a request body. 3773 Clarified the use of HTTP header fields in requests and responses. 3774 Prohibited HTTP/1.1 hop-by-hop header fields. 3776 Requiring that intermediaries not forward requests with missing or 3777 illegal routing :-headers. 3779 Clarified requirements around handling different frames after stream 3780 close, stream reset and GOAWAY. 3782 Added more specific prohibitions for sending of different frame types 3783 in various stream states. 3785 Making the last received setting value the effective value. 3787 Clarified requirements on TLS version, extension and ciphers. 3789 A.11. Since draft-ietf-httpbis-http2-03 3791 Committed major restructuring atrocities. 3793 Added reference to first header compression draft. 3795 Added more formal description of frame lifecycle. 3797 Moved END_STREAM (renamed from FINAL) back to HEADERS/DATA. 3799 Removed HEADERS+PRIORITY, added optional priority to HEADERS frame. 3801 Added PRIORITY frame. 3803 A.12. Since draft-ietf-httpbis-http2-02 3805 Added continuations to frames carrying header blocks. 3807 Replaced use of "session" with "connection" to avoid confusion with 3808 other HTTP stateful concepts, like cookies. 3810 Removed "message". 3812 Switched to TLS ALPN from NPN. 3814 Editorial changes. 3816 A.13. Since draft-ietf-httpbis-http2-01 3818 Added IANA considerations section for frame types, error codes and 3819 settings. 3821 Removed data frame compression. 3823 Added PUSH_PROMISE. 3825 Added globally applicable flags to framing. 3827 Removed zlib-based header compression mechanism. 3829 Updated references. 3831 Clarified stream identifier reuse. 3833 Removed CREDENTIALS frame and associated mechanisms. 3835 Added advice against naive implementation of flow control. 3837 Added session header section. 3839 Restructured frame header. Removed distinction between data and 3840 control frames. 3842 Altered flow control properties to include session-level limits. 3844 Added note on cacheability of pushed resources and multiple tenant 3845 servers. 3847 Changed protocol label form based on discussions. 3849 A.14. Since draft-ietf-httpbis-http2-00 3851 Changed title throughout. 3853 Removed section on Incompatibilities with SPDY draft#2. 3855 Changed INTERNAL_ERROR on GOAWAY to have a value of 2 [6]. 3857 Replaced abstract and introduction. 3859 Added section on starting HTTP/2.0, including upgrade mechanism. 3861 Removed unused references. 3863 Added flow control principles (Section 5.2.1) based on [7]. 3865 A.15. Since draft-mbelshe-httpbis-spdy-00 3867 Adopted as base for draft-ietf-httpbis-http2. 3869 Updated authors/editors list. 3871 Added status note. 3873 Authors' Addresses 3875 Mike Belshe 3876 Twist 3878 EMail: mbelshe@chromium.org 3879 Roberto Peon 3880 Google, Inc 3882 EMail: fenix@google.com 3884 Martin Thomson (editor) 3885 Mozilla 3886 331 E Evelyn Street 3887 Mountain View, CA 94041 3888 US 3890 EMail: martin.thomson@gmail.com