HTTP/1.1, part 5: Range Requests and Partial ResponsesAdobe Systems Incorporated345 Park AveSan JoseCA95110USAfielding@gbiv.comhttp://roy.gbiv.com/Alcatel-Lucent Bell Labs21 Oak Knoll RoadCarlisleMA01741USAjg@freedesktop.orghttp://gettys.wordpress.com/Hewlett-Packard CompanyHP Labs, Large Scale Systems Group1501 Page Mill Road, MS 1177Palo AltoCA94304USAJeffMogul@acm.orgMicrosoft Corporation1 Microsoft WayRedmondWA98052USAhenrikn@microsoft.comAdobe Systems Incorporated345 Park AveSan JoseCA95110USALMM@acm.orghttp://larry.masinter.net/Microsoft Corporation1 Microsoft WayRedmondWA98052paulle@microsoft.comWorld Wide Web ConsortiumMIT Computer Science and Artificial Intelligence LaboratoryThe Stata Center, Building 3232 Vassar StreetCambridgeMA02139USAtimbl@w3.orghttp://www.w3.org/People/Berners-Lee/World Wide Web ConsortiumW3C / ERCIM2004, rte des LuciolesSophia-AntipolisAM06902Franceylafon@w3.orghttp://www.raubacapeu.net/people/yves/greenbytes GmbHHafenweg 16MuensterNW48155Germany+49 251 2807760+49 251 2807761julian.reschke@greenbytes.dehttp://greenbytes.de/tech/webdav/HTTPbis Working Group
The Hypertext Transfer Protocol (HTTP) is an application-level protocol for
distributed, collaborative, hypertext information systems. HTTP has been in
use by the World Wide Web global information initiative since 1990. This
document is Part 5 of the seven-part specification that defines the protocol
referred to as "HTTP/1.1" and, taken together, obsoletes RFC 2616.
Part 5 defines range-specific requests and the rules for constructing and
combining responses to those requests.
Discussion of this draft should take place on the HTTPBIS working group
mailing list (ietf-http-wg@w3.org), which is archived at
.
The current issues list is at
and related
documents (including fancy diffs) can be found at
.
The changes in this draft are summarized in .
HTTP clients often encounter interrupted data transfers as a result
of cancelled requests or dropped connections. When a client has stored
a partial representation, it is desirable to request the remainder
of that representation in a subsequent request rather than transfer
the entire representation.
There are also a number of Web applications that benefit from being
able to request only a subset of a larger representation, such as a
single page of a very large document or only part of an image to be
rendered by a device with limited local storage.
This document defines HTTP/1.1 range requests,
partial responses, and the multipart/byteranges media type.
The protocol for range requests is an OPTIONAL feature of HTTP,
designed so resources or recipients that do not implement this feature
can respond as if it is a normal GET request without impacting
interoperability. Partial responses are indicated by a distinct status
code to not be mistaken for full responses by intermediate caches
that might not implement the feature.
Although the HTTP range request mechanism is designed to allow for
extensible range types, this specification only defines requests for
byte ranges.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in .
This document defines conformance criteria for several roles in HTTP
communication, including Senders, Recipients, Clients, Servers, User-Agents,
Origin Servers, Intermediaries, Proxies and Gateways. See Section 2 of
for definitions of these terms.
An implementation is considered conformant if it complies with all of the
requirements associated with its role(s). Note that SHOULD-level requirements
are relevant here, unless one of the documented exceptions is applicable.
This document also uses ABNF to define valid protocol elements
(). In addition to the prose requirements placed
upon them, Senders MUST NOT generate protocol elements that are invalid.
Unless noted otherwise, Recipients MAY take steps to recover a usable
protocol element from an invalid construct. However, HTTP does not define
specific error handling mechanisms, except in cases where it has direct
impact on security. This is because different uses of the protocol require
different error handling strategies; for example, a Web browser may wish to
transparently recover from a response where the Location header field
doesn't parse according to the ABNF, whereby in a systems control protocol
using HTTP, this type of error recovery could lead to dangerous consequences.
This specification uses the ABNF syntax defined in Section 1.2 of (which
extends the syntax defined in with a list rule).
shows the collected ABNF, with the list
rule expanded.
The following core rules are included by
reference, as defined in , Appendix B.1:
ALPHA (letters), CR (carriage return), CRLF (CR LF), CTL (controls),
DIGIT (decimal 0-9), DQUOTE (double quote),
HEXDIG (hexadecimal 0-9/A-F/a-f), LF (line feed),
OCTET (any 8-bit sequence of data), SP (space), and
VCHAR (any visible US-ASCII character).
Note that all rules derived from token are to
be compared case-insensitively, like range-unit and
acceptable-ranges.
The core rules below are defined in and
:
The ABNF rules below are defined in other parts:
HTTP/1.1 allows a client to request that only part (a range) of the
representation be included within the response. HTTP/1.1 uses range
units in the Range () and Content-Range ()
header fields. A representation can be broken down into subranges according
to various structural units.
HTTP/1.1 has been designed to allow implementations of applications
that do not depend on knowledge of ranges. The only range unit defined
by HTTP/1.1 is "bytes". Additional specifiers can be defined as described
in .
If a range unit is not understood in a request, a server MUST ignore
the whole Range header field ().
If a range unit is not understood in a response, an intermediary
SHOULD pass the response to the client; a client MUST fail.
The HTTP Range Specifier Registry defines the name space for the range
specifier names.
Registrations MUST include the following fields:
NameDescriptionPointer to specification text
Values to be added to this name space are subject to IETF review
(, Section 4.1).
The registry itself is maintained at
.
The server has fulfilled the partial GET request for the resource.
The request MUST have included a Range header field ()
indicating the desired range, and MAY have included an If-Range
header field () to make the request conditional.
The response MUST include the following header fields:
Either a Content-Range header field () indicating
the range included with this response, or a multipart/byteranges
Content-Type including Content-Range fields for each part. If a
Content-Length header field is present in the response, its
value MUST match the actual number of octets transmitted in the
message-body.
Date
Cache-Control, ETag, Expires, Content-Location, Last-Modified,
and/or Vary, if the header field would have been sent in a 200
response to the same request
If the 206 response is the result of an If-Range request, the response
SHOULD NOT include other representation header fields. Otherwise, the response
MUST include all of the representation header fields that would have been returned
with a 200 (OK) response to the same request.
A server SHOULD return a response with this status code if a request
included a Range header field (), and none of
the ranges-specifier values in this field overlap the current extent
of the selected resource, and the request did not include an If-Range
header field (). (For byte-ranges,
this means that the first-byte-pos of all of the byte-range-spec values were
greater than the current length of the selected resource.)
When this status code is returned for a byte-range request, the
response SHOULD include a Content-Range header field
specifying the current length of the representation (see ).
This response MUST NOT use the multipart/byteranges content-type.
A response might transfer only a subrange of a representation if the
connection closed prematurely or if the request used one or more Range
specifications. After several such transfers, a client might have
received several ranges of the same representation. These ranges can only
be safely combined if they all have in common the same strong validator,
where "strong validator" is defined to be either an entity-tag that is
not marked as weak (Section 2.3 of ) or, if no entity-tag is provided, a
Last-Modified value that is strong in the sense defined by
Section 2.2.2 of .
When a client receives an incomplete 200 (OK) or 206 (Partial Content)
response and already has one or more stored responses for the same method
and effective request URI, all of the stored responses with the same
strong validator MAY be combined with the partial content in this new
response. If none of the stored responses contain the same strong
validator, then this new response corresponds to a new representation
and MUST NOT be combined with the existing stored responses.
If the new response is an incomplete 200 (OK) response, then the header
fields of that new response are used for any combined response and replace
those of the matching stored responses.
If the new response is a 206 (Partial Content) response and at least one
of the matching stored responses is a 200 (OK), then the combined response
header fields consist of the most recent 200 response's header fields.
If all of the matching stored responses are 206 responses, then the
stored response with the most header fields is used as the source of
header fields for the combined response, except that the client MUST
use other header fields provided in the new response, aside from
Content-Range, to replace all instances of the corresponding header
fields in the stored response.
The combined response message-body consists of the union of partial
content ranges in the new response and each of the selected responses.
If the union consists of the entire range of the representation, then the
combined response MUST be recorded as a complete 200 (OK) response
with a Content-Length header field that reflects the complete length.
Otherwise, the combined response(s) MUST include a Content-Range
header field describing the included range(s) and be recorded as
incomplete. If the union consists of a discontinuous range of the
representation, then the client MAY store it as either a multipart range
response or as multiple 206 responses with one continuous range each.
This section defines the syntax and semantics of HTTP/1.1 header fields
related to range requests and partial responses.
The "Accept-Ranges" header field allows a resource to indicate
its acceptance of range requests.
Origin servers that accept byte-range requests MAY send
but are not required to do so. Clients MAY generate range
requests without having received this header field for the resource
involved. Range units are defined in .
Servers that do not accept any kind of range request for a
resource MAY send
to advise the client not to attempt a range request.
The "Content-Range" header field is sent with a partial representation to
specify where in the full representation the payload body is intended to be
applied.
Range units are defined in .
The header field SHOULD indicate the total length of the full representation,
unless this length is unknown or difficult to determine. The asterisk
"*" character means that the instance-length is unknown at the time
when the response was generated.
Unlike byte-ranges-specifier values (see ), a byte-range-resp-spec
MUST only specify one range, and MUST contain
absolute byte positions for both the first and last byte of the
range.
A byte-content-range-spec with a byte-range-resp-spec whose last-byte-pos
value is less than its first-byte-pos value, or whose
instance-length value is less than or equal to its last-byte-pos
value, is invalid. The recipient of an invalid byte-content-range-spec
MUST ignore it and any content transferred along with it.
In the case of a byte range request:
A server sending a response with status code 416 (Requested range not
satisfiable) SHOULD include a Content-Range field with a byte-range-resp-spec
of "*". The instance-length specifies the current length of
the selected resource. A response with status code 206 (Partial
Content) MUST NOT include a Content-Range field with a byte-range-resp-spec of "*".
The "Content-Range" header field has no meaning for status codes that do not
explicitly describe its semantic. Currently, only status codes
206 (Partial Content) and 416 (Requested range not satisfiable) describe
the meaning of this header field.
Examples of byte-content-range-spec values, assuming that the representation
contains a total of 1234 bytes:
The first 500 bytes:
The second 500 bytes:
All except for the first 500 bytes:
The last 500 bytes:
When an HTTP message includes the content of a single range (for
example, a response to a request for a single range, or to a request
for a set of ranges that overlap without any holes), this content is
transmitted with a Content-Range header field, and a Content-Length header
field showing the number of bytes actually transferred. For example,
When an HTTP message includes the content of multiple ranges (for
example, a response to a request for multiple non-overlapping
ranges), these are transmitted as a multipart message. The multipart
media type used for this purpose is "multipart/byteranges" as defined
in .
A response to a request for a single range MUST NOT be sent using the
multipart/byteranges media type. A response to a request for
multiple ranges, whose result is a single range, MAY be sent as a
multipart/byteranges media type with one part. A client that cannot
decode a multipart/byteranges message MUST NOT ask for multiple
ranges in a single request.
When a client requests multiple ranges in one request, the
server SHOULD return them in the order that they appeared in the
request.
If the server ignores a byte-range-spec because it is syntactically
invalid, the server SHOULD treat the request as if the invalid Range
header field did not exist. (Normally, this means return a 200
response containing the full representation).
If the server receives a request (other than one including an If-Range
header field) with an unsatisfiable Range header
field (that is, all of whose byte-range-spec values have a
first-byte-pos value greater than the current length of the selected
resource), it SHOULD return a response code of 416 (Requested range
not satisfiable) ().
Note: Clients cannot depend on servers to send a 416 (Requested
range not satisfiable) response instead of a 200 (OK) response for
an unsatisfiable Range header field, since not all servers
implement this header field.
If a client has a partial copy of a representation and wishes
to have an up-to-date copy of the entire representation, it
could use the Range header field with a conditional GET (using
either or both of If-Unmodified-Since and If-Match.) However, if the
condition fails because the representation has been modified, the client
would then have to make a second request to obtain the entire current
representation.
The "If-Range" header field allows a client to "short-circuit" the second
request. Informally, its meaning is "if the representation is unchanged, send
me the part(s) that I am missing; otherwise, send me the entire new
representation".
Clients MUST NOT use an entity-tag marked as weak in an If-Range
field value and MUST NOT use a Last-Modified date in an If-Range
field value unless it has no entity-tag for the representation and
the Last-Modified date it does have for the representation is strong
in the sense defined by Section 2.2.2 of .
A server that evaluates a conditional range request that is applicable
to one of its representations MUST evaluate the condition as false if
the entity-tag used as a validator is marked as weak or, when an HTTP-date
is used as the validator, if the date value is not strong in the sense
defined by Section 2.2.2 of . (A server can distinguish between a
valid HTTP-date and any form of entity-tag by examining the first
two characters.)
The If-Range header field SHOULD only be sent by clients together with
a Range header field. The If-Range header field MUST be ignored if it
is received in a request that does not include a Range header field.
The If-Range header field MUST be ignored by a server that does not
support the sub-range operation.
If the validator given in the If-Range header field matches the current
validator for the selected representation of the target resource, then
the server SHOULD send the specified sub-range of the representation
using a 206 (Partial Content) response. If the validator does not match,
then the server SHOULD send the entire representation using a 200 (OK)
response.
Since all HTTP representations are transferred as sequences
of bytes, the concept of a byte range is meaningful for any HTTP
representation. (However, not all clients and servers need to support byte-range
operations.)
Byte range specifications in HTTP apply to the sequence of bytes in
the representation body (not necessarily the same as the message-body).
A byte range operation MAY specify a single range of bytes, or a set
of ranges within a single representation.
The first-byte-pos value in a byte-range-spec gives the byte-offset
of the first byte in a range. The last-byte-pos value gives the
byte-offset of the last byte in the range; that is, the byte
positions specified are inclusive. Byte offsets start at zero.
If the last-byte-pos value is present, it MUST be greater than or
equal to the first-byte-pos in that byte-range-spec, or the byte-range-spec
is syntactically invalid. The recipient of a byte-range-set
that includes one or more syntactically invalid byte-range-spec
values MUST ignore the header field that includes that byte-range-set.
If the last-byte-pos value is absent, or if the value is greater than
or equal to the current length of the representation body, last-byte-pos is
taken to be equal to one less than the current length of the representation
in bytes.
By its choice of last-byte-pos, a client can limit the number of
bytes retrieved without knowing the size of the representation.
A suffix-byte-range-spec is used to specify the suffix of the
representation body, of a length given by the suffix-length value. (That is,
this form specifies the last N bytes of a representation.) If the
representation is shorter than the specified suffix-length, the entire
representation is used.
If a syntactically valid byte-range-set includes at least one byte-range-spec
whose first-byte-pos is less than the current length of
the representation, or at least one suffix-byte-range-spec with a non-zero
suffix-length, then the byte-range-set is satisfiable.
Otherwise, the byte-range-set is unsatisfiable. If the byte-range-set
is unsatisfiable, the server SHOULD return a response with a
416 (Requested range not satisfiable) status code. Otherwise, the server
SHOULD return a response with a 206 (Partial Content) status code
containing the satisfiable ranges of the representation.
Examples of byte-ranges-specifier values (assuming a representation of
length 10000):
The first 500 bytes (byte offsets 0-499, inclusive):
The second 500 bytes (byte offsets 500-999, inclusive):
The final 500 bytes (byte offsets 9500-9999, inclusive):
Or:
The first and last bytes only (bytes 0 and 9999):
Several legal but not canonical specifications of the second 500
bytes (byte offsets 500-999, inclusive):
The "Range" header field defines the GET method (conditional or
not) to request one or more sub-ranges of the response representation body, instead
of the entire representation body.
A server MAY ignore the Range header field. However, origin
servers and intermediate caches ought to support byte ranges when
possible, since Range supports efficient recovery from partially
failed transfers, and supports efficient partial retrieval of large
representations.
If the server supports the Range header field and the specified range or
ranges are appropriate for the representation:
The presence of a Range header field in an unconditional GET modifies
what is returned if the GET is otherwise successful. In other
words, the response carries a status code of 206 (Partial
Content) instead of 200 (OK).The presence of a Range header field in a conditional GET (a request
using one or both of If-Modified-Since and If-None-Match, or
one or both of If-Unmodified-Since and If-Match) modifies what
is returned if the GET is otherwise successful and the
condition is true. It does not affect the 304 (Not Modified)
response returned if the conditional is false.
In some cases, it might be more appropriate to use the If-Range
header field (see ) in addition to the Range
header field.
If a proxy that supports ranges receives a Range request, forwards
the request to an inbound server, and receives an entire representation in
reply, it MAY only return the requested range to its client.
The HTTP Status Code Registry located at
shall be updated with the registrations below:
ValueDescriptionReference206Partial Content416Requested Range Not Satisfiable
The Message Header Field Registry located at shall be updated
with the permanent registrations below (see ):
Header Field NameProtocolStatusReferenceAccept-RangeshttpstandardContent-RangehttpstandardIf-RangehttpstandardRangehttpstandard
The change controller is: "IETF (iesg@ietf.org) - Internet Engineering Task Force".
The registration procedure for HTTP Range Specifiers is defined by
of this document.
The HTTP Range Specifier Registry shall be created at
and be populated with the registrations below:
Range Specifier NameDescriptionReferencebytesa range of octets(this specification)
The change controller is: "IETF (iesg@ietf.org) - Internet Engineering Task Force".
This section is meant to inform application developers, information
providers, and users of the security limitations in HTTP/1.1 as
described by this document. The discussion does not include
definitive solutions to the problems revealed, though it does make
some suggestions for reducing security risks.
Range requests containing overlapping ranges may lead to the situation
where a server is sending far more data than the size of the complete
resource representation.
See Section 11 of .
HTTP/1.1, part 1: URIs, Connections, and Message ParsingAdobe Systems Incorporatedfielding@gbiv.comAlcatel-Lucent Bell Labsjg@freedesktop.orgHewlett-Packard CompanyJeffMogul@acm.orgMicrosoft Corporationhenrikn@microsoft.comAdobe Systems IncorporatedLMM@acm.orgMicrosoft Corporationpaulle@microsoft.comWorld Wide Web Consortiumtimbl@w3.orgWorld Wide Web Consortiumylafon@w3.orggreenbytes GmbHjulian.reschke@greenbytes.deHTTP/1.1, part 2: Message SemanticsAdobe Systems Incorporatedfielding@gbiv.comAlcatel-Lucent Bell Labsjg@freedesktop.orgHewlett-Packard CompanyJeffMogul@acm.orgMicrosoft Corporationhenrikn@microsoft.comAdobe Systems IncorporatedLMM@acm.orgMicrosoft Corporationpaulle@microsoft.comWorld Wide Web Consortiumtimbl@w3.orgWorld Wide Web Consortiumylafon@w3.orggreenbytes GmbHjulian.reschke@greenbytes.deHTTP/1.1, part 4: Conditional RequestsAdobe Systems Incorporatedfielding@gbiv.comAlcatel-Lucent Bell Labsjg@freedesktop.orgHewlett-Packard CompanyJeffMogul@acm.orgMicrosoft Corporationhenrikn@microsoft.comAdobe Systems IncorporatedLMM@acm.orgMicrosoft Corporationpaulle@microsoft.comWorld Wide Web Consortiumtimbl@w3.orgWorld Wide Web Consortiumylafon@w3.orggreenbytes GmbHjulian.reschke@greenbytes.deMultipurpose Internet Mail Extensions (MIME) Part Two: Media TypesInnosoft International, Inc.ned@innosoft.comFirst Virtual Holdingsnsb@nsb.fv.comKey words for use in RFCs to Indicate Requirement LevelsHarvard Universitysob@harvard.eduAugmented BNF for Syntax Specifications: ABNFBrandenburg InternetWorkingdcrocker@bbiw.netTHUS plc.paul.overell@thus.netHypertext Transfer Protocol -- HTTP/1.1University of California, Irvinefielding@ics.uci.eduW3Cjg@w3.orgCompaq Computer Corporationmogul@wrl.dec.comMIT Laboratory for Computer Sciencefrystyk@w3.orgXerox Corporationmasinter@parc.xerox.comMicrosoft Corporationpaulle@microsoft.comW3Ctimbl@w3.orgRegistration Procedures for Message Header FieldsNine by NineGK-IETF@ninebynine.orgBEA Systemsmnot@pobox.comHP LabsJeffMogul@acm.orgMedia Type Specifications and Registration ProceduresSun Microsystemsned.freed@mrochek.comklensin+ietf@jck.comGuidelines for Writing an IANA Considerations Section in RFCsIBMnarten@us.ibm.comGoogleHarald@Alvestrand.no
When an HTTP 206 (Partial Content) response message includes the
content of multiple ranges (a response to a request for multiple
non-overlapping ranges), these are transmitted as a multipart
message-body (, Section 5.1). The media type for this purpose is called
"multipart/byteranges". The following is to be registered with IANA .
Note: Despite the name "multipart/byteranges" is not limited to the byte ranges only.
The multipart/byteranges media type includes one or more parts, each
with its own Content-Type and Content-Range fields. The required
boundary parameter specifies the boundary string used to separate
each body-part.
multipart
byteranges
boundary
none
only "7bit", "8bit", or "binary" are permitted
none
none
This specification (see ).
nonenonenone
See Authors Section.
COMMON
none
IESG
Notes:
Additional CRLFs MAY precede the first boundary string in the body.Although permits the boundary string to be
quoted, some existing implementations handle a quoted boundary
string incorrectly.A number of browsers and servers were coded to an early draft
of the byteranges specification to use a media type of
multipart/x-byteranges, which is almost, but not quite
compatible with the version documented in HTTP/1.1.
Clarify that it is not ok to use a weak validator in a 206 response.
()
Change ABNF productions for header fields to only define the field value.
()
Clarify that multipart/byteranges can consist of a single part.
()
Extracted relevant partitions from .
Closed issues:
:
"Cache validators in 206 responses"
()
:
"Normative and Informative references"
:
"Normative up-to-date references"
Closed issues:
:
"Updating to RFC4288"
Ongoing work on ABNF conversion ():
Add explicit references to BNF syntax and rules imported from other parts of the specification.
Ongoing work on IANA Message Header Field Registration ():
Reference RFC 3984, and update header field registrations for headers defined
in this document.
None.
Closed issues:
:
"multipart/byteranges minimum number of parts"
Ongoing work on ABNF conversion ():
Use "/" instead of "|" for alternatives.
Introduce new ABNF rules for "bad" whitespace ("BWS"), optional
whitespace ("OWS") and required whitespace ("RWS").
Rewrite ABNFs to spell out whitespace rules, factor out
header field value format definitions.
Closed issues:
:
"State base for *-byte-pos and suffix-length"
Ongoing work on Custom Ranges ():
Remove bias in favor of byte ranges; allow custom ranges in ABNF.
Final work on ABNF conversion ():
Add appendix containing collected and expanded ABNF, reorganize ABNF introduction.
Closed issues:
:
"base for numeric protocol elements"
Closed issues:
Fixed discrepancy in the If-Range definition about allowed validators.
: "multipart/byteranges for custom range units"
: "range unit missing from other-ranges-specifier in Range header"
:
"move IANA registrations for optional status codes"
No significant changes.
No significant changes.
Closed issues:
:
"Clarify 'Requested Variant'"
:
"Clarify entity / representation / variant terminology"
:
"consider removing the 'changes from 2068' sections"
Ongoing work on Custom Ranges ():
Add IANA registry.
Closed issues:
:
"Caches can't be required to serve ranges"
Closed issues:
:
"Header Classification"
Closed issues:
:
"untangle ABNFs for header fields"
None.
Closed issues:
:
"Security consideration: range flooding"
Closed issues:
:
"Document HTTP's error-handling philosophy"
:
"Content-Range on responses other than 206"
:
"case sensitivity of ranges in p5"
None.