Incremental Forwarding of HTTP Messages

Incremental Forwarding of HTTP Messages Fastly

kazuhooku@gmail.com

Apple

tpauly@apple.com

Mozilla

mt@lowentropy.net

httpbis internet-draft This document specifies the "Incremental" HTTP header field, which instructs HTTP intermediaries to forward the HTTP message incrementally.

Introduction HTTP permits receivers to begin processing portions of HTTP messages as they arrive, rather than requiring them to wait for the entire HTTP message to be received before acting. Some applications are specifically designed to take advantage of this capability. For example, Server-Sent Events uses a long-running HTTP response, where the server continually sends notifications as they become available. In the case of Chunked Oblivious HTTP Messages , the client opens an HTTP request and incrementally sends application data, while the server can start responding even before the HTTP request is fully complete. In this way, the HTTP request-response pair could create what is, in effect, a bi-directional communication channel. Applications that rely on incremental delivery of data are fragile when HTTP intermediaries are involved. This is because HTTP intermediaries are not only permitted but are frequently deployed to buffer complete HTTP messages before forwarding them downstream (). If such a buffering HTTP intermediary exists between the client and the server, these applications may fail to function as intended. In the case of Server-Sent Events, an intermediary that tries to buffer the HTTP response completely before forwarding it could be left waiting indefinitely. A client might never receive any portion of the response. In the case of requests that involve any bi-directional exchange, an intermediary that tries to buffer entire messages -- either request or response -- prevents any data from being delivered. To help avoid such behavior, this document specifies the "Incremental" HTTP header field, which instructs HTTP intermediaries to begin forwarding the HTTP message downstream before receiving the complete message.

Conventions and Definitions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here. This document relies on structured field definitions of Item and Boolean .

The Incremental Header Field The Incremental HTTP header field expresses the sender's intent for HTTP intermediaries to start forwarding the message downstream before the entire message is received. The Incremental header field is defined as a structured field of type Item. Only Boolean values () are valid; a recipient ignores the field if it contains any other type. A true value ("?1") indicates that the sender requests intermediaries to forward the message incrementally, as described below. A false value ("?0") indicates the default behavior defined in , where intermediaries might buffer the entire message before forwarding it. However, this explicit signal might increase intermediaries' confidence in doing so. The Incremental HTTP header field applies to each HTTP message. Therefore, if both the HTTP request and response need to be forwarded incrementally, the Incremental HTTP header field MUST be set for both the HTTP request and the response. Upon receiving a header section that includes an Incremental header field with a true value, HTTP intermediaries SHOULD NOT buffer the entire message before forwarding it. Instead, intermediaries SHOULD transmit the header section downstream and continuously forward the bytes of the message content as they arrive. As the Incremental header field indicates only how the message content is to be forwarded, intermediaries can still buffer the entire header and trailer sections of the message before forwarding them downstream. If an intermediary decides outright to refuse forwarding the message body incrementally, the intermediary MUST generate an error response rather than buffering an entire message before forwarding. Typical scenarios under which an intermediary might refuse are discussed in . The request to use incremental forwarding also applies to HTTP implementations. Though most HTTP APIs provide the ability to incrementally transfer message content, those that do not for any reason, SHOULD use the presence of the Incremental header field to reduce or disable buffering. The Incremental field is advisory, as intermediaries that are unaware of the field or that do not support the field might buffer messages, even when explicitly requested otherwise. Clients and servers therefore cannot expect all intermediaries to understand and respect a request to deliver messages incrementally. Clients can rely on prior knowledge or probe for support on individual resources. The Incremental header field facilitates the establishment of a bidirectional byte channel over HTTP, as its presence in both requests and responses instructs intermediaries to forward early responses () and to transmit message contents incrementally in both directions. However, when developing bidirectional protocols over HTTP, Extended CONNECT is generally more consistent with HTTP's architecture. This document does not define any parameters for the Incremental header field value, but future documents might define parameters. Receivers MUST ignore unknown parameters.

Security Considerations When receiving a request or response that asks for incremental forwarding, intermediaries might reject the request due to security concerns. The following subsections explore typical scenarios under which the intermediaries might reject requests.

Permanent Rejection Some intermediaries inspect the content of HTTP messages and forward them only if their content is deemed safe. Any feature that depends on seeing the entirety of the message in this way is incompatible with incremental delivery. When an intermediary is asked to incrementally forward message and cannot -- whether that message is a request or a response -- due to security concerns about the message content, the intermediary SHOULD respond with a 501 (Not Implemented) error with an incremental_refused Proxy-Status response header field ().

Temporary Rejection To conserve resources required to handle HTTP requests or connections, it is common for intermediaries to impose limits on the maximum number of concurrent HTTP requests that they forward, while buffering requests that exceed this limit. Such intermediaries could apply a more restrictive concurrency limit to requests marked as incremental to ensure that capacity remains available for non-incremental requests, even when the maximum number of incremental requests is reached. This approach helps balance the processing of different types of requests and maintains service availability across all requests. When rejecting incremental requests due to reaching the concurrency limit, intermediaries SHOULD respond with a 429 (Too Many Requests) error (), accompanied by a connection_limit_reached Proxy-Status response header field ().

Handling of Small Packets For performance and efficiency reasons, a small amount of buffering might be used by intermediaries, even for incremental messages. Immediate forwarding might be exploited to cause an intermediary to waste effort on many small packets. Enabling incremental delivery might instead set limits on the number bytes that are buffered or the time that buffers are held before forwarding. Any buffering could adversely affect application latency, even if it improves efficiency. In all cases, intermediaries cannot hold data in buffers indefinitely, so data needs to be forwarded when either the time limit or the byte limit is reached.

IANA Considerations An HTTP field named Incremental is registered in the Hypertext Transfer Protocol (HTTP) Field Name Registry, following the procedures in . The following values are registered:

Field Name:: Incremental
Status:: permanent
Structured Type:: Item
Reference:: This document
Comments:: None

An HTTP Proxy Error Type is registered in the HTTP Proxy Error Types registry as shown below:

Name:: incremental_refused
Description:: The HTTP message contained the Incremental HTTP header field, but the intermediary refused to forward the message incrementally.
Extra Parameters:: none
Recommended HTTP Status Code:: 501
Response Only Generated By Intermediaries:: true
Reference:: This document

References Normative References Additional HTTP Status Codes This document specifies additional HyperText Transfer Protocol (HTTP) status codes for a variety of common situations. [STANDARDS-TRACK] The Proxy-Status HTTP Response Header Field This document defines the Proxy-Status HTTP response field to convey the details of an intermediary's response handling, including generated errors. Structured Field Values for HTTP This document describes a set of data types and associated algorithms that are intended to make it easier and safer to define and handle HTTP header and trailer fields, known as "Structured Fields", "Structured Headers", or "Structured Trailers". It is intended for use by specifications of new HTTP fields. This document obsoletes RFC 8941. HTTP Semantics The Hypertext Transfer Protocol (HTTP) is a stateless application-level protocol for distributed, collaborative, hypertext information systems. This document describes the overall architecture of HTTP, establishes common terminology, and defines aspects of the protocol that are shared by all versions. In this definition are core protocol elements, extensibility mechanisms, and the "http" and "https" Uniform Resource Identifier (URI) schemes. This document updates RFC 3864 and obsoletes RFCs 2818, 7231, 7232, 7233, 7235, 7538, 7615, 7694, and portions of 7230. Key words for use in RFCs to Indicate Requirement Levels In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings. Informative References Server-Sent Events WHATWG n.d. Chunked Oblivious HTTP Messages Apple Mozilla This document defines a variant of the Oblivious HTTP message format that allows chunks of requests and responses to be encrypted and decrypted before the entire request or response is processed. This allows incremental processing of Oblivious HTTP messages, which is particularly useful for handling large messages or systems that process messages slowly. Bootstrapping WebSockets with HTTP/2 This document defines a mechanism for running the WebSocket Protocol (RFC 6455) over a single stream of an HTTP/2 connection. Bootstrapping WebSockets with HTTP/3 The mechanism for running the WebSocket Protocol over a single stream of an HTTP/2 connection is equally applicable to HTTP/3, but the HTTP-version-specific details need to be specified. This document describes how the mechanism is adapted for HTTP/3.

Acknowledgments The authors would like to thank many members of the IETF HTTP working group for their discussions and feedback on this specification. In particular, the authors would like to thank , , , , , , , , and for close review and sugggested changes.