Internet Engineering Task Force (IETF)                        P. McManus
Request for Comments: 8246                                       Mozilla
Category: Standards Track                                 September 2017
ISSN: 2070-1721
        
Internet Engineering Task Force (IETF)                        P. McManus
Request for Comments: 8246                                       Mozilla
Category: Standards Track                                 September 2017
ISSN: 2070-1721
        

HTTP Immutable Responses

HTTP不可变响应

Abstract

摘要

The immutable HTTP response Cache-Control extension allows servers to identify resources that will not be updated during their freshness lifetime. This ensures that a client never needs to revalidate a cached fresh resource to be certain it has not been modified.

不可变HTTP响应缓存控制扩展允许服务器识别在其刷新生存期内不会更新的资源。这确保了客户端永远不需要重新验证缓存的新鲜资源以确保其未被修改。

Status of This Memo

关于下段备忘

This is an Internet Standards Track document.

这是一份互联网标准跟踪文件。

This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 7841.

本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。有关互联网标准的更多信息,请参见RFC 7841第2节。

Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at https://www.rfc-editor.org/info/rfc8246.

有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问https://www.rfc-editor.org/info/rfc8246.

Copyright Notice

版权公告

Copyright (c) 2017 IETF Trust and the persons identified as the document authors. All rights reserved.

版权所有(c)2017 IETF信托基金和确定为文件作者的人员。版权所有。

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.

本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(https://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。

Table of Contents

目录

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
     1.1.  Notational Conventions  . . . . . . . . . . . . . . . . .   3
   2.  The Immutable Cache-Control Extension . . . . . . . . . . . .   3
     2.1.  About Intermediaries  . . . . . . . . . . . . . . . . . .   4
     2.2.  Example . . . . . . . . . . . . . . . . . . . . . . . . .   4
   3.  Security Considerations . . . . . . . . . . . . . . . . . . .   4
   4.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   5
   5.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   5
     5.1.  Normative References  . . . . . . . . . . . . . . . . . .   5
     5.2.  Informative References  . . . . . . . . . . . . . . . . .   5
   Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . .   6
   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .   6
        
   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
     1.1.  Notational Conventions  . . . . . . . . . . . . . . . . .   3
   2.  The Immutable Cache-Control Extension . . . . . . . . . . . .   3
     2.1.  About Intermediaries  . . . . . . . . . . . . . . . . . .   4
     2.2.  Example . . . . . . . . . . . . . . . . . . . . . . . . .   4
   3.  Security Considerations . . . . . . . . . . . . . . . . . . .   4
   4.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   5
   5.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   5
     5.1.  Normative References  . . . . . . . . . . . . . . . . . .   5
     5.2.  Informative References  . . . . . . . . . . . . . . . . .   5
   Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . .   6
   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .   6
        
1. Introduction
1. 介绍

HTTP's freshness lifetime mechanism [RFC7234] allows a client to safely reuse a stored response to satisfy future requests for a specified period of time. However, it is still possible that the resource will be modified during that period.

HTTP的新鲜度生存期机制[RFC7234]允许客户端在指定的时间段内安全地重用存储的响应以满足未来的请求。但是,在这段时间内仍有可能修改资源。

For instance, a front-page newspaper photo with a freshness lifetime of one hour would mean that no user would see a cached photo more than one hour old. However, the photo could be updated at any time, resulting in different users seeing different photos depending on the contents of their caches for up to one hour. This is compliant with the caching mechanism defined in [RFC7234].

例如,新鲜期为一小时的头版报纸照片意味着用户不会看到超过一小时的缓存照片。但是,照片可以随时更新,导致不同的用户根据其缓存的内容看到不同的照片长达一小时。这符合[RFC7234]中定义的缓存机制。

Users that need to confirm there have been no updates to their cached responses typically use the reload (or refresh) mechanism in their user agents. This in turn generates a conditional request [RFC7232], and either a new representation or, if unmodified, a 304 (Not Modified) response [RFC7232] is returned. A user agent that understands HTML and fetches its dependent sub-resources might issue hundreds of conditional requests to refresh all portions of a common page [REQPERPAGE].

需要确认其缓存响应没有更新的用户通常在其用户代理中使用重新加载(或刷新)机制。这进而生成一个条件请求[RFC7232],并返回一个新的表示,或者如果未修改,返回一个304(未修改)响应[RFC7232]。理解HTML并获取其依赖子资源的用户代理可能会发出数百个条件请求来刷新公共页面[REQPERPAGE]的所有部分。

However, some content providers never create more than one variant of a sub-resource, because they use "versioned" URLs. When these resources need an update, they are simply published under a new URL, typically embedding an identifier unique to that version of the resource in the path, and references to the sub-resource are updated with the new path information.

但是,一些内容提供商从不创建子资源的多个变体,因为它们使用“版本化”URL。当这些资源需要更新时,它们只需在新的URL下发布,通常会在路径中嵌入该版本资源的唯一标识符,并使用新的路径信息更新对子资源的引用。

For example, "https://www.example.com/101016/main.css" might be updated and republished as "https://www.example.com/102026/main.css", with any links that reference it being changed at the same time.

例如,”https://www.example.com/101016/main.css“可能会更新并重新发布为”https://www.example.com/102026/main.css“,同时更改引用它的任何链接。

This design pattern allows a very large freshness lifetime to be used for the sub-resource without guessing when it will be updated in the future.

这种设计模式允许子资源使用非常大的新鲜度生命周期,而无需猜测将来何时更新它。

Unfortunately, the user agent does not know when this versioned URL design pattern is used. As a result, user-driven refreshes still translate into wasted conditional requests for each sub-resource as each will return 304 responses.

不幸的是,用户代理不知道何时使用这个版本化的URL设计模式。因此,用户驱动的刷新仍然会转化为浪费每个子资源的条件请求,因为每个子资源将返回304个响应。

The immutable HTTP response Cache-Control extension allows servers to identify responses that will not be updated during their freshness lifetimes.

不可变HTTP响应缓存控制扩展允许服务器识别在其刷新生存期内不会更新的响应。

This effectively informs clients that any conditional request for that response can be safely skipped without worrying that it has been updated.

这有效地通知客户端,可以安全地跳过对该响应的任何有条件请求,而不必担心它已被更新。

1.1. Notational Conventions
1.1. 符号约定

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.

本文件中的关键词“必须”、“不得”、“必需”、“应”、“不应”、“建议”、“不建议”、“可”和“可选”在所有大写字母出现时(如图所示)应按照BCP 14[RFC2119][RFC8174]所述进行解释。

2. The Immutable Cache-Control Extension
2. 不可变缓存控制扩展

When present in an HTTP response, the immutable Cache-Control extension indicates that the origin server will not update the representation of that resource during the freshness lifetime of the response.

当存在于HTTP响应中时,不可变缓存控制扩展指示源服务器在响应的刷新生存期内不会更新该资源的表示。

Clients SHOULD NOT issue a conditional request during the response's freshness lifetime (e.g., upon a reload) unless explicitly overridden by the user (e.g., a force reload).

除非用户明确重写(例如强制重新加载),否则客户端不应在响应的新鲜度生存期内(例如,重新加载时)发出条件请求。

The immutable extension only applies during the freshness lifetime of the stored response. Stale responses SHOULD be revalidated as they normally would be in the absence of the immutable extension.

不可变扩展仅在存储响应的新鲜度生存期内应用。过时的响应应该重新验证,因为它们通常在没有不可变扩展的情况下进行验证。

The immutable extension takes no arguments. If any arguments are present, they have no meaning and MUST be ignored. Multiple instances of the immutable extension are equivalent to one instance. The presence of an immutable Cache-Control extension in a request has no effect.

不可变扩展不接受任何参数。如果存在任何论点,它们就毫无意义,必须予以忽略。不可变扩展的多个实例相当于一个实例。请求中存在不可变的缓存控制扩展没有任何影响。

2.1. About Intermediaries
2.1. 关于中介机构

An immutable response has the same semantic meaning when received by proxy clients as it does when received by user-agent-based clients. Therefore, proxies SHOULD skip conditionally revalidating fresh responses containing the immutable extension unless there is a signal from the client that a validation is necessary (e.g., a no-cache Cache-Control request directive defined in Section 5.2.1.4 of [RFC7234]).

代理客户端接收到的不可变响应与基于用户代理的客户端接收到的响应具有相同的语义含义。因此,除非客户端发出需要验证的信号(例如,[RFC7234]第5.2.1.4节中定义的无缓存控制请求指令),否则代理应跳过有条件地重新验证包含不可变扩展的新响应。

A proxy that uses the immutable extension to bypass a conditional revalidation can choose whether to reply with a 304 or 200 response to its requesting client based on the request headers the proxy received.

使用不可变扩展绕过条件重新验证的代理可以根据代理接收到的请求头选择是否使用304或200响应回复其请求客户端。

2.2. Example
2.2. 实例

Cache-Control: max-age=31536000, immutable

缓存控制:最大年龄=31536000,不可变

3. Security Considerations
3. 安全考虑

The immutable mechanism acts as form of soft pinning and, as with all pinning mechanisms, creates a vector for amplification of cache corruption incidents. These incidents include cache-poisoning attacks. Three mechanisms are suggested for mitigation of this risk:

不可变机制作为软钉扎的形式,与所有钉扎机制一样,创建了一个用于放大缓存损坏事件的向量。这些事件包括缓存中毒攻击。建议采用三种机制来缓解该风险:

o Clients SHOULD ignore the immutable extension from resources that are not part of an authenticated context such as HTTPS. Authenticated resources are less vulnerable to cache poisoning.

o 客户端应该忽略不属于经过身份验证的上下文(如HTTPS)的资源的不可变扩展。经过身份验证的资源不易受到缓存中毒的影响。

o User agents often provide two different refresh mechanisms: reload and some form of force-reload. The latter is used to rectify interrupted loads and other corruption. These reloads, typically indicated through no-cache request attributes, SHOULD ignore the immutable extension as well.

o 用户代理通常提供两种不同的刷新机制:重新加载和某种形式的强制重新加载。后者用于纠正中断负载和其他损坏。这些重载(通常通过no-cache-request属性表示)也应该忽略不可变的扩展。

o Clients SHOULD ignore the immutable extension for resources that do not provide a strong indication that the stored response size is the correct response size such as responses delimited by connection close.

o 对于不提供存储的响应大小是正确响应大小的强烈指示的资源(例如由连接关闭分隔的响应),客户端应忽略不可变扩展。

4. IANA Considerations
4. IANA考虑

The immutable extension has been registered in the "Hypertext Transfer Protocol (HTTP) Cache Directive Registry" per the guidelines described in Section 7.1 of [RFC7234].

根据[RFC7234]第7.1节中描述的指南,不可变扩展已在“超文本传输协议(HTTP)缓存指令注册表”中注册。

o Cache Directive: immutable

o 缓存指令:不可变

o Reference: RFC 8246

o 参考:RFC 8246

5. References
5. 工具书类
5.1. Normative References
5.1. 规范性引用文件

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <https://www.rfc-editor.org/info/rfc2119>.

[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,DOI 10.17487/RFC2119,1997年3月<https://www.rfc-editor.org/info/rfc2119>.

[RFC7232] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer Protocol (HTTP/1.1): Conditional Requests", RFC 7232, DOI 10.17487/RFC7232, June 2014, <https://www.rfc-editor.org/info/rfc7232>.

[RFC7232]Fielding,R.,Ed.和J.Reschke,Ed.,“超文本传输协议(HTTP/1.1):有条件请求”,RFC 7232,DOI 10.17487/RFC72322014年6月<https://www.rfc-editor.org/info/rfc7232>.

[RFC7234] Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke, Ed., "Hypertext Transfer Protocol (HTTP/1.1): Caching", RFC 7234, DOI 10.17487/RFC7234, June 2014, <https://www.rfc-editor.org/info/rfc7234>.

[RFC7234]Fielding,R.,Ed.,Nottingham,M.,Ed.,和J.Reschke,Ed.,“超文本传输协议(HTTP/1.1):缓存”,RFC 7234,DOI 10.17487/RFC72342014年6月<https://www.rfc-editor.org/info/rfc7234>.

[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, <https://www.rfc-editor.org/info/rfc8174>.

[RFC8174]Leiba,B.,“RFC 2119关键词中大写与小写的歧义”,BCP 14,RFC 8174,DOI 10.17487/RFC8174,2017年5月<https://www.rfc-editor.org/info/rfc8174>.

5.2. Informative References
5.2. 资料性引用

[REQPERPAGE] HTTP Archive, "Total Requests per Page", <http://httparchive.org/interesting.php#reqTotal>.

[REQPERPAGE]HTTP存档,“每页请求总数”<http://httparchive.org/interesting.php#reqTotal>.

Acknowledgments

致谢

Thank you to Ben Maurer for partnership in developing and testing this idea. Thank you to Amos Jeffries for help with proxy interactions and to Mark Nottingham for help with the documentation.

感谢Ben Maurer在开发和测试此想法方面的合作。感谢阿莫斯·杰弗里斯(Amos Jeffries)对代理交互的帮助,以及马克·诺丁汉(Mark Nottingham)对文档的帮助。

Author's Address

作者地址

Patrick McManus Mozilla

帕特里克·麦克马纳斯·莫齐拉

   Email: mcmanus@ducksong.com
        
   Email: mcmanus@ducksong.com