IETF 刚刚发布了很多新的 RFCs 用以更新 HTTP/1.1,包括:
这些文档让原来的 HTTP/1.1 变得过时,对一个 HTTP 极客来说,这事儿很大!
RFC 2616, 已经推出 15 年了,而 HTTP/2.0 还在开发中。推出的更新主要包括:
Clarifications around dealing with unexpected whitespace, which should
fix response splitting vulnerabilities. The limit of two connections per server has been removed. HTTP/0.9 support has been dropped. Default charset of ISO-8859-1 has been removed. Servers are no longer required to handle all Content-* header fields. Content-Range has been explicitly banned in PUT requests.
It's now suggested to use the about:blank uri in the Referer header
when no referer exists, to distinguish between "there was no referrer" and
"I don't want to send a referrer". The 204, 404, 405, 414 and 501 status codes are now cachable. The status codes 301 and 302 have been changed to allow user agents
to rewrite the method from POST to GET. This is a good example of a case
where everybody has been (incorrectly) already doing this, and the spec now
reflects the real world implementation. The Location header can now contain relative uri's as well as fragment
identifiers. Content-MD5 has been removed.
还有什么我漏掉的吗?
via evertpot | 
