Internet Engineering Task Force (IETF) K. Murchison Request for Comments: 8144 CMU Updates: 7240 April 2017 Category: Standards Track ISSN: 2070-1721
Use of the Prefer Header Field in Web Distributed Authoring and Versioning (WebDAV)
Abstract
This document defines how the Prefer header field (RFC 7240) can be used by a Web Distributed Authoring and Versioning (WebDAV) client to request that certain behaviors be employed by a server while constructing a response to a request. Furthermore, it defines the new "depth-noroot" preference.
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 7841.
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc8144.
Copyright Notice
Copyright (c) 2017 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
[RFC7240] defines the Prefer header field and the "return=minimal" preference, which indicate that a client wishes for the server to return a minimal response to a successful request but states that what constitutes an appropriate minimal response is left solely to the discretion of the server. Section 2 of this specification defines precisely what is expected of a server when constructing minimal responses to successful WebDAV [RFC4918] requests.
[RFC7240] also defines the "return=representation" preference, which indicates that a client wishes for the server to include an entity representing the current state of the resource in the response to a successful request. Section 3 of this specification makes recommendations on when this preference should be used by clients and extends its applicability to 412 (Precondition Failed) [RFC7232] responses.
Finally, Section 4 of this specification defines the "depth-noroot" preference that can be used with HTTP methods that support the Depth header field.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].
This document references XML element types in the "DAV:" [RFC4918], "urn:ietf:params:xml:ns:caldav" [RFC4791], and "urn:ietf:params:xml:ns:carddav" [RFC6352] namespaces outside of the context of an XML fragment. When doing so, the strings "DAV:", "CALDAV:", and "CARDDAV:" will be prepended to the XML element types, respectively.
2. Reducing WebDAV Response Verbosity with "return=minimal"
Some payload bodies in responses to WebDAV requests, such as 207 (Multi-Status) [RFC4918] responses, can be quite verbose or even unnecessary at times. This specification defines how the Prefer header field, in conjunction with its "return=minimal" preference, can be used by clients to reduce the verbosity of such responses by requesting that the server omit those portions of the response that can be inferred by their absence.
When a PROPFIND [RFC4918] request, or a REPORT [RFC3253] request whose report type results in a 207 (Multi-Status) response, contains a Prefer header field with a preference of "return=minimal", the server SHOULD omit all DAV:propstat XML elements containing a DAV:status XML element of value 404 (Not Found) [RFC7231] from the 207 (Multi-Status) response. If the omission of such a DAV:propstat element would result in a DAV:response XML element containing zero DAV:propstat elements, the server MUST substitute one of the following in its place:
o a DAV:propstat element consisting of an empty DAV:prop element and a DAV:status element of value 200 (OK) [RFC7231]
o a DAV:status element of value 200 (OK)
The following report types are candidates that could benefit from use of the "return=minimal" preference. NOTE: This list is not intended to be normative or exhaustive.
When a PROPPATCH [RFC4918] request contains a Prefer header field with a preference of "return=minimal", and all instructions are processed successfully, the server SHOULD return one of the following responses rather than a 207 (Multi-Status) response:
Both the MKCALENDAR [RFC4791] and Extended MKCOL [RFC5689] specifications indicate that a server MAY return a message body in response to a successful request. This specification explicitly defines the intended behavior in the presence of the Prefer header field.
When a MKCALENDAR or an extended MKCOL request contains a Prefer header field with a preference of "return=minimal", and the collection is created with all requested properties being set successfully, the server SHOULD return a 201 (Created) [RFC7231] response with an empty (zero-length) message body.
Note that the rationale for requiring that a minimal success response have an empty body is twofold:
o [RFC4791], Section 5.3.1 states: "If a response body for a successful request is included, it MUST be a CALDAV:mkcalendar- response XML element."
o [RFC5689], Section 3 states: "When an empty response body is returned with a success request status code, the client can assume that all properties were set."
3. Reducing WebDAV Roundtrips with "return=representation"
[RFC7240] describes the "return=representation" preference as being intended to provide a means of optimizing communication between the client and server by eliminating the need for a subsequent GET request to retrieve the current representation of the resource following a modification. This preference is equally applicable to situations where the server itself modifies a resource, and where a resource has been modified by another client.
The state-changing methods PUT [RFC7231], COPY/MOVE [RFC4918], PATCH [RFC5789], and POST [RFC5995] can be used to create or update a resource. In some instances, such as with Calendaring Extensions to WebDAV (CalDAV) Scheduling [RFC6638], the created or updated resource representation may differ from the representation sent in the body of the request or from that referenced by the effective request URI. In cases where the client, upon receiving a 2xx (Successful) [RFC7231] response to its state-changing request, would normally issue a subsequent GET request to retrieve the current representation of the resource, the client can instead include a Prefer header field with the "return=representation" preference in the state-changing request.
When a state-changing request contains a Prefer header field with a preference of "return=representation", and the resource is created or updated successfully, the server SHOULD include an entity representing the current state of the resource in the resulting 201 (Created) or 200 (OK) [RFC7231] response. In addition to coalescing the create/update and retrieve operations into a single roundtrip, by returning the current representation of the resource in the response, the client will know that any changes to the resource were produced by the server rather than a concurrent client, thus providing a level of atomicity to the operation.
Frequently, clients using a state-changing method such as those listed above will make them conditional by including either an If-Match or an If-None-Match [RFC7232] header field in the request. This is done to prevent the client from accidentally overwriting a resource whose current state has been modified by another client acting in parallel. In cases where the client, upon receiving a 412 (Precondition Failed) [RFC7232] response to its conditional state- changing request, would normally issue a subsequent GET request to retrieve the current representation of the resource, the client can
Murchison Standards Track [Page 6]
RFC 8144 Prefer Header Field in WebDAV April 2017
instead include a Prefer header field with the "return=representation" preference in the conditional state-changing request.
When a conditional state-changing request contains a Prefer header field with a preference of "return=representation", and the specified condition evaluates to false, the server SHOULD include an entity representing the current state of the resource in the resulting 412 (Precondition Failed) [RFC7232] response.
The "depth-noroot" preference indicates that the client wishes for the server to exclude the target (root) resource from processing by the HTTP method and only apply the HTTP method to the target resource's subordinate resources.
This preference is only intended to be used with HTTP methods whose definitions explicitly provide support for the Depth [RFC4918] header field. Furthermore, this preference only applies when the Depth header field has a value of "1" or "infinity" (either implicitly or explicitly).
The "depth-noroot" preference MAY be used in conjunction with the "return=minimal" preference in a single request.
No new security considerations are introduced by use of the Prefer header field with WebDAV requests, beyond those discussed in [RFC7240] and those already inherent in those requests.
The following preference has been added to the HTTP Preferences Registry defined in Section 5.1 of [RFC7240].
Preference: depth-noroot
Description: The "depth-noroot" preference indicates that the client wishes for the server to exclude the target (root) resource from processing by the HTTP method and only apply the HTTP method to the target resource's subordinate resources.
Notes: This preference is only intended to be used with HTTP methods whose definitions explicitly provide support for the Depth [RFC4918] header field. Furthermore, this preference only applies when the Depth header field has a value of "1" or "infinity" (either implicitly or explicitly).
Appendix A. The Brief and Extended Depth Header Fields
This document is based heavily on the Brief [MSDN.aa563501] and extended Depth [MSDN.aa563950] header fields. The behaviors described in Sections 2.1 and 2.2 are identical to those provided by the Brief header field when used with the PROPFIND [MSDN.aa580336] and PROPPATCH [MSDN.aa493854] methods, respectively. The behavior described in Section 4 is identical to that provided by the "1,noroot" [MSDN.aa563950] and "infinity,noroot" [MSDN.aa563950] Depth header field values.
Client and server implementations that already support the Brief header field can add support for the "return=minimal" preference with nominal effort.
If a server supporting the Prefer header field receives both the Brief and Prefer header fields in a request, clients can expect the server to ignore the Brief header field and only use the Prefer header field preferences.
B.5.1. Typical Resource Creation and Retrieval via POST + GET
Note that this request is not conditional because by using the POST [RFC5995] method, the client lets the server choose the resource URI, thereby guaranteeing that it will not modify an existing resource.
Murchison Standards Track [Page 23]
RFC 8144 Prefer Header Field in WebDAV April 2017
>> Request <<
POST /container/work;add-member/ HTTP/1.1 Host: caldav.example.com Content-Type: text/calendar; charset=utf-8 Content-Length: 521
HTTP/1.1 201 Created Location: /container/work/abc.ics Content-Length: 0
Note that the server did not include any validator header fields (e.g., ETag) in the response, signaling that the created representation differs from the representation sent in the body of the request. The client has to send a separate GET request to retrieve the current representation:
>> Request <<
GET /container/work/abc.ics HTTP/1.1 Host: caldav.example.com
B.5.2. Streamlined Resource Creation and Retrieval via POST
Note that this request is not conditional because by using the POST [RFC5995] method, the client lets the server choose the resource URI, thereby guaranteeing that it will not modify an existing resource.
The resource has been modified by another user agent (ETag mismatch); therefore, the client has to send a separate GET request to retrieve the current representation:
>> Request <<
GET /container/motd.txt HTTP/1.1 Host: dav.example.com
>> Response <<
HTTP/1.1 200 OK Content-Type: text/plain Content-Length: 52 ETag: "789sdas"
An investment in knowledge pays the best interest.
B.6.2. Streamlined Conditional Resource Update Failure and Retrieval via PUT
>> Request <<
PUT /container/motd.txt HTTP/1.1 Host: dav.example.com Content-Type: text/plain
An investment in knowledge pays the best interest.
Acknowledgements
The author would like to thank the following individuals for contributing their ideas and support for writing this specification: Cyrus Daboo, Helge Hess, Andrew McMillan, Arnaud Quillaud, and Julian Reschke.
The author would also like to thank the Calendaring and Scheduling Consortium for advice with this specification and for organizing interoperability testing events to help refine it.
Author's Address
Kenneth Murchison Carnegie Mellon University 5000 Forbes Avenue Pittsburgh, PA 15213 United States of America