1 | <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"
|
---|
2 | "http://www.w3.org/TR/REC-html40/loose.dtd">
|
---|
3 | <HTML>
|
---|
4 | <HEAD>
|
---|
5 | <TITLE>Common Gateway Interface - 1.1 *Draft 03* [http://cgi-spec.golux.com/draft-coar-cgi-v11-03-clean.html]
|
---|
6 | </TITLE>
|
---|
7 | <!--#if expr="$HTTP_USER_AGENT != /Lynx/" -->
|
---|
8 | <!--#set var="GUI" value="1" -->
|
---|
9 | <!--#endif -->
|
---|
10 | <LINK HREF="mailto:Ken.Coar@Golux.Com" rev="revised">
|
---|
11 | <LINK REL="STYLESHEET" HREF="cgip-style-rfc.css" TYPE="text/css">
|
---|
12 | <META name="latexstyle" content="rfc">
|
---|
13 | <META name="author" content="Ken A L Coar">
|
---|
14 | <META name="institute" content="IBM Corporation">
|
---|
15 | <META name="date" content="25 June 1999">
|
---|
16 | <META name="expires" content="Expires 31 December 1999">
|
---|
17 | <META name="document" content="INTERNET-DRAFT">
|
---|
18 | <META name="file" content="<draft-coar-cgi-v11-03.txt>">
|
---|
19 | <META name="group" content="INTERNET-DRAFT">
|
---|
20 | <!--
|
---|
21 | There are a lot of BNF fragments in this document. To make it work
|
---|
22 | in all possible browsers (including Lynx, which is used to turn it
|
---|
23 | into text/plain), we handle these by using PREformatted blocks with
|
---|
24 | a universal internal margin of 2, inside one-level DL blocks.
|
---|
25 | -->
|
---|
26 | </HEAD>
|
---|
27 | <BODY>
|
---|
28 | <!--
|
---|
29 | HTML doesn't do paper pagination, so we need to fake it out. Basing
|
---|
30 | our formatting upon RFC2068, there are four (4) lines of header and
|
---|
31 | four (4) lines of footer for each page.
|
---|
32 |
|
---|
33 | <DIV ALIGN="CENTER">
|
---|
34 | <PRE>
|
---|
35 |
|
---|
36 |
|
---|
37 |
|
---|
38 |
|
---|
39 | Coar, et al. CGI/1.1 Specification May, 1998
|
---|
40 | INTERNET-DRAFT Expires 1 December 1998 [Page 2]
|
---|
41 |
|
---|
42 |
|
---|
43 | </PRE>
|
---|
44 | </DIV>
|
---|
45 | -->
|
---|
46 | <!--
|
---|
47 | The following weirdness wrt non-breaking spaces is to get Lynx
|
---|
48 | (which is barely TABLE-aware) to line the left/right justified
|
---|
49 | text up properly.
|
---|
50 | -->
|
---|
51 | <DIV ALIGN="CENTER">
|
---|
52 | <TABLE WIDTH="100%" CELLPADDING=0 CELLSPACING=0>
|
---|
53 | <TR VALIGN="TOP">
|
---|
54 | <TD ALIGN="LEFT">
|
---|
55 | INTERNET-DRAFT
|
---|
56 | </TD>
|
---|
57 | <TD ALIGN="RIGHT">
|
---|
58 | Ken A L Coar
|
---|
59 | </TD>
|
---|
60 | </TR>
|
---|
61 | <TR VALIGN="TOP">
|
---|
62 | <TD ALIGN="LEFT">
|
---|
63 | draft-coar-cgi-v11-03.{html,txt}
|
---|
64 | </TD>
|
---|
65 | <TD ALIGN="RIGHT">
|
---|
66 | IBM Corporation
|
---|
67 | </TD>
|
---|
68 | </TR>
|
---|
69 | <TR VALIGN="TOP">
|
---|
70 | <TD ALIGN="LEFT">
|
---|
71 |
|
---|
72 | </TD>
|
---|
73 | <TD ALIGN="RIGHT">
|
---|
74 | D.R.T. Robinson
|
---|
75 | </TD>
|
---|
76 | </TR>
|
---|
77 | <TR VALIGN="TOP">
|
---|
78 | <TD ALIGN="LEFT">
|
---|
79 |
|
---|
80 | </TD>
|
---|
81 | <TD ALIGN="RIGHT">
|
---|
82 | E*TRADE UK Ltd.
|
---|
83 | </TD>
|
---|
84 | </TR>
|
---|
85 | <TR VALIGN="TOP">
|
---|
86 | <TD ALIGN="LEFT">
|
---|
87 |
|
---|
88 | </TD>
|
---|
89 | <TD ALIGN="RIGHT">
|
---|
90 | 25 June 1999
|
---|
91 | </TD>
|
---|
92 | </TR>
|
---|
93 | </TABLE>
|
---|
94 | </DIV>
|
---|
95 |
|
---|
96 | <H1 ALIGN="CENTER">
|
---|
97 | The WWW Common Gateway Interface
|
---|
98 | <BR>
|
---|
99 | Version 1.1
|
---|
100 | </H1>
|
---|
101 |
|
---|
102 | <!--#include virtual="I-D-statement" -->
|
---|
103 |
|
---|
104 | <H2>
|
---|
105 | <A NAME="Abstract">
|
---|
106 | Abstract
|
---|
107 | </A>
|
---|
108 | </H2>
|
---|
109 | <P>
|
---|
110 | The Common Gateway Interface (CGI) is a simple interface for running
|
---|
111 | external programs, software or gateways under an information server
|
---|
112 | in a platform-independent manner. Currently, the supported information
|
---|
113 | servers are HTTP servers.
|
---|
114 | </P>
|
---|
115 | <P>
|
---|
116 | The interface has been in use by the World-Wide Web since 1993. This
|
---|
117 | specification defines the
|
---|
118 | "current practice" parameters of the
|
---|
119 | 'CGI/1.1' interface developed and documented at the U.S. National
|
---|
120 | Centre for Supercomputing Applications [NCSA-CGI].
|
---|
121 | This document also defines the use of the CGI/1.1 interface
|
---|
122 | on the Unix and AmigaDOS(tm) systems.
|
---|
123 | </P>
|
---|
124 | <P>
|
---|
125 | Discussion of this draft occurs on the CGI-WG mailing list; see the
|
---|
126 | project Web page at
|
---|
127 | <SAMP><URL:<A HREF="http://CGI-Spec.Golux.Com/"
|
---|
128 | >http://CGI-Spec.Golux.Com/</A>></SAMP>
|
---|
129 | for details on the mailing list and the status of the project.
|
---|
130 | </P>
|
---|
131 |
|
---|
132 | <!--#if expr="$GUI" -->
|
---|
133 | <H2>
|
---|
134 | Revision History
|
---|
135 | </H2>
|
---|
136 | <P>
|
---|
137 | The revision history of this draft is being maintained using Web-based
|
---|
138 | GUI notation, such as struck-through characters and colour-coded
|
---|
139 | sections. The following legend describes how to determine the origin
|
---|
140 | of a particular revision according to the colour of the text:
|
---|
141 | </P>
|
---|
142 | <DL COMPACT>
|
---|
143 | <DT>Black
|
---|
144 | </DT>
|
---|
145 | <DD>Revision 00, released 28 May 1998
|
---|
146 | </DD>
|
---|
147 | <DT>Green
|
---|
148 | </DT>
|
---|
149 | <DD>Revision 01, released 28 December 1998
|
---|
150 | <BR>
|
---|
151 | Major structure change: Section 4, "Request Metadata (Meta-Variables)"
|
---|
152 | was moved entirely under <A HREF="#7.0">Section 7</A>, "Data Input to the
|
---|
153 | CGI Script."
|
---|
154 | Due to the size of this change, it is noted here and the text in its
|
---|
155 | former location does <EM>not</EM> appear as struckthrough. This has
|
---|
156 | caused major <A HREF="#6.0">sections 5</A> and following to decrement
|
---|
157 | by one. Other
|
---|
158 | large text movements are likewise not marked up. References to RFC
|
---|
159 | 1738 were changed to 2396 (1738's replacement).
|
---|
160 | </DD>
|
---|
161 | <DT>Red
|
---|
162 | </DT>
|
---|
163 | <DD>Revision 02, released 2 April, 1999
|
---|
164 | <BR>
|
---|
165 | Added text to <A HREF="#8.3">section 8.3</A> defining correct handling
|
---|
166 | of HTTP/1.1
|
---|
167 | requests using "chunked" Transfer-Encoding. Labelled metavariable
|
---|
168 | names in <A HREF="#8.0">section 8</A> with the appropriate detail section
|
---|
169 | numbers.
|
---|
170 | Clarified allowed usage of <SAMP>Status</SAMP> and
|
---|
171 | <SAMP>Location</SAMP> response header fields. Included new
|
---|
172 | Internet-Draft language.
|
---|
173 | </DD>
|
---|
174 | <DT>Fuchsia
|
---|
175 | </DT>
|
---|
176 | <DD>Revision 03, released 25 June 1999
|
---|
177 | <BR>
|
---|
178 | Changed references from "HTTP" to "Protocol-Specific" for the listing of
|
---|
179 | things like HTTP_ACCEPT. Changed 'entity-body' and 'content-body' to
|
---|
180 | 'message-body.' Added a note that response headers must comply with
|
---|
181 | requirements of the protocol level in use. Added a lot of stuff about
|
---|
182 | security (section 11). Clarified a bunch of productions. Pointed out
|
---|
183 | that zero-length and omitted values are indistinguishable in this
|
---|
184 | specification. Clarified production describing order of fields in
|
---|
185 | script response header. Clarified issues surrounding encoding of
|
---|
186 | data. Acknowledged additional contributors, and changed one of
|
---|
187 | the authors' addresses.
|
---|
188 | </DD>
|
---|
189 | </DL>
|
---|
190 | <!--#endif -->
|
---|
191 |
|
---|
192 | <H2>
|
---|
193 | <A NAME="Contents">
|
---|
194 | Table of Contents
|
---|
195 | </A>
|
---|
196 | </H2>
|
---|
197 | <DIV ALIGN="CENTER">
|
---|
198 | <PRE>
|
---|
199 | 1 Introduction..............................................<A
|
---|
200 | HREF="#1.0"
|
---|
201 | >TBD</A>
|
---|
202 | 1.1 Purpose................................................<A
|
---|
203 | HREF="#1.1"
|
---|
204 | >TBD</A>
|
---|
205 | 1.2 Requirements...........................................<A
|
---|
206 | HREF="#1.2"
|
---|
207 | >TBD</A>
|
---|
208 | 1.3 Specifications.........................................<A
|
---|
209 | HREF="#1.3"
|
---|
210 | >TBD</A>
|
---|
211 | 1.4 Terminology............................................<A
|
---|
212 | HREF="#1.4"
|
---|
213 | >TBD</A>
|
---|
214 | 2 Notational Conventions and Generic Grammar................<A
|
---|
215 | HREF="#2.0"
|
---|
216 | >TBD</A>
|
---|
217 | 2.1 Augmented BNF..........................................<A
|
---|
218 | HREF="#2.1"
|
---|
219 | >TBD</A>
|
---|
220 | 2.2 Basic Rules............................................<A
|
---|
221 | HREF="#2.2"
|
---|
222 | >TBD</A>
|
---|
223 | 3 Protocol Parameters.......................................<A
|
---|
224 | HREF="#3.0"
|
---|
225 | >TBD</A>
|
---|
226 | 3.1 URL Encoding...........................................<A
|
---|
227 | HREF="#3.1"
|
---|
228 | >TBD</A>
|
---|
229 | 3.2 The Script-URI.........................................<A
|
---|
230 | HREF="#3.2"
|
---|
231 | >TBD</A>
|
---|
232 | 4 Invoking the Script.......................................<A
|
---|
233 | HREF="#4.0"
|
---|
234 | >TBD</A>
|
---|
235 | 5 The CGI Script Command Line...............................<A
|
---|
236 | HREF="#5.0"
|
---|
237 | >TBD</A>
|
---|
238 | 6 Data Input to the CGI Script..............................<A
|
---|
239 | HREF="#6.0"
|
---|
240 | >TBD</A>
|
---|
241 | 6.1 Request Metadata (Metavariables).......................<A
|
---|
242 | HREF="#6.1"
|
---|
243 | >TBD</A>
|
---|
244 | 6.1.1 AUTH_TYPE...........................................<A
|
---|
245 | HREF="#6.1.1"
|
---|
246 | >TBD</A>
|
---|
247 | 6.1.2 CONTENT_LENGTH......................................<A
|
---|
248 | HREF="#6.1.2"
|
---|
249 | >TBD</A>
|
---|
250 | 6.1.3 CONTENT_TYPE........................................<A
|
---|
251 | HREF="#6.1.3"
|
---|
252 | >TBD</A>
|
---|
253 | 6.1.4 GATEWAY_INTERFACE...................................<A
|
---|
254 | HREF="#6.1.4"
|
---|
255 | >TBD</A>
|
---|
256 | 6.1.5 Protocol-Specific Metavariables.....................<A
|
---|
257 | HREF="#6.1.5"
|
---|
258 | >TBD</A>
|
---|
259 | 6.1.6 PATH_INFO...........................................<A
|
---|
260 | HREF="#6.1.6"
|
---|
261 | >TBD</A>
|
---|
262 | 6.1.7 PATH_TRANSLATED.....................................<A
|
---|
263 | HREF="#6.1.7"
|
---|
264 | >TBD</A>
|
---|
265 | 6.1.8 QUERY_STRING........................................<A
|
---|
266 | HREF="#6.1.8"
|
---|
267 | >TBD</A>
|
---|
268 | 6.1.9 REMOTE_ADDR.........................................<A
|
---|
269 | HREF="#6.1.9"
|
---|
270 | >TBD</A>
|
---|
271 | 6.1.10 REMOTE_HOST........................................<A
|
---|
272 | HREF="#6.1.10"
|
---|
273 | >TBD</A>
|
---|
274 | 6.1.11 REMOTE_IDENT.......................................<A
|
---|
275 | HREF="#6.1.11"
|
---|
276 | >TBD</A>
|
---|
277 | 6.1.12 REMOTE_USER........................................<A
|
---|
278 | HREF="#6.1.12"
|
---|
279 | >TBD</A>
|
---|
280 | 6.1.13 REQUEST_METHOD.....................................<A
|
---|
281 | HREF="#6.1.13"
|
---|
282 | >TBD</A>
|
---|
283 | 6.1.14 SCRIPT_NAME........................................<A
|
---|
284 | HREF="#6.1.14"
|
---|
285 | >TBD</A>
|
---|
286 | 6.1.15 SERVER_NAME........................................<A
|
---|
287 | HREF="#6.1.15"
|
---|
288 | >TBD</A>
|
---|
289 | 6.1.16 SERVER_PORT........................................<A
|
---|
290 | HREF="#6.1.16"
|
---|
291 | >TBD</A>
|
---|
292 | 6.1.17 SERVER_PROTOCOL....................................<A
|
---|
293 | HREF="#6.1.17"
|
---|
294 | >TBD</A>
|
---|
295 | 6.1.18 SERVER_SOFTWARE....................................<A
|
---|
296 | HREF="#6.1.18"
|
---|
297 | >TBD</A>
|
---|
298 | 6.2 Request Message-Bodies................................<A
|
---|
299 | HREF="#6.2"
|
---|
300 | >TBD</A>
|
---|
301 | 7 Data Output from the CGI Script...........................<A
|
---|
302 | HREF="#7.0"
|
---|
303 | >TBD</A>
|
---|
304 | 7.1 Non-Parsed Header Output...............................<A
|
---|
305 | HREF="#7.1"
|
---|
306 | >TBD</A>
|
---|
307 | 7.2 Parsed Header Output...................................<A
|
---|
308 | HREF="#7.2"
|
---|
309 | >TBD</A>
|
---|
310 | 7.2.1 CGI header fields...................................<A
|
---|
311 | HREF="#7.2.1"
|
---|
312 | >TBD</A>
|
---|
313 | 7.2.1.1 Content-Type.....................................<A
|
---|
314 | HREF="#7.2.1.1"
|
---|
315 | >TBD</A>
|
---|
316 | 7.2.1.2 Location.........................................<A
|
---|
317 | HREF="#7.2.1.2"
|
---|
318 | >TBD</A>
|
---|
319 | 7.2.1.3 Status...........................................<A
|
---|
320 | HREF="#7.2.1.3"
|
---|
321 | >TBD</A>
|
---|
322 | 7.2.1.4 Extension header fields..........................<A
|
---|
323 | HREF="#7.2.1.3"
|
---|
324 | >TBD</A>
|
---|
325 | 7.2.2 HTTP header fields..................................<A
|
---|
326 | HREF="#7.2.2"
|
---|
327 | >TBD</A>
|
---|
328 | 8 Server Implementation.....................................<A
|
---|
329 | HREF="#8.0"
|
---|
330 | >TBD</A>
|
---|
331 | 8.1 Requirements for Servers...............................<A
|
---|
332 | HREF="#8.1"
|
---|
333 | >TBD</A>
|
---|
334 | 8.1.1 Script-URI..........................................<A
|
---|
335 | HREF="#8.1"
|
---|
336 | >TBD</A>
|
---|
337 | 8.1.2 Request Message-body Handling.......................<A
|
---|
338 | HREF="#8.1.2"
|
---|
339 | >TBD</A>
|
---|
340 | 8.1.3 Required Metavariables..............................<A
|
---|
341 | HREF="#8.1.3"
|
---|
342 | >TBD</A>
|
---|
343 | 8.1.4 Response Compliance.................................<A
|
---|
344 | HREF="#8.1.4"
|
---|
345 | >TBD</A>
|
---|
346 | 8.2 Recommendations for Servers............................<A
|
---|
347 | HREF="#8.2"
|
---|
348 | >TBD</A>
|
---|
349 | 8.3 Summary of Metavariables...............................<A
|
---|
350 | HREF="#8.3"
|
---|
351 | >TBD</A>
|
---|
352 | 9 Script Implementation.....................................<A
|
---|
353 | HREF="#9.0"
|
---|
354 | >TBD</A>
|
---|
355 | 9.1 Requirements for Scripts...............................<A
|
---|
356 | HREF="#9.1"
|
---|
357 | >TBD</A>
|
---|
358 | 9.2 Recommendations for Scripts............................<A
|
---|
359 | HREF="#9.2"
|
---|
360 | >TBD</A>
|
---|
361 | 10 System Specifications....................................<A
|
---|
362 | HREF="#10.0"
|
---|
363 | >TBD</A>
|
---|
364 | 10.1 AmigaDOS..............................................<A
|
---|
365 | HREF="#10.1"
|
---|
366 | >TBD</A>
|
---|
367 | 10.2 Unix..................................................<A
|
---|
368 | HREF="#10.2"
|
---|
369 | >TBD</A>
|
---|
370 | 11 Security Considerations..................................<A
|
---|
371 | HREF="#11.0"
|
---|
372 | >TBD</A>
|
---|
373 | 11.1 Safe Methods..........................................<A
|
---|
374 | HREF="#11.1"
|
---|
375 | >TBD</A>
|
---|
376 | 11.2 HTTP Header Fields Containing Sensitive Information...<A
|
---|
377 | HREF="#11.2"
|
---|
378 | >TBD</A>
|
---|
379 | 11.3 Script Interference with the Server...................<A
|
---|
380 | HREF="#11.3"
|
---|
381 | >TBD</A>
|
---|
382 | 11.4 Data Length and Buffering Considerations..............<A
|
---|
383 | HREF="#11.4"
|
---|
384 | >TBD</A>
|
---|
385 | 11.5 Stateless Processing..................................<A
|
---|
386 | HREF="#11.5"
|
---|
387 | >TBD</A>
|
---|
388 | 12 Acknowledgments..........................................<A
|
---|
389 | HREF="#12.0"
|
---|
390 | >TBD</A>
|
---|
391 | 13 References...............................................<A
|
---|
392 | HREF="#13.0"
|
---|
393 | >TBD</A>
|
---|
394 | 14 Authors' Addresses.......................................<A
|
---|
395 | HREF="#14.0"
|
---|
396 | >TBD</A>
|
---|
397 | </PRE>
|
---|
398 | </DIV>
|
---|
399 |
|
---|
400 | <H2>
|
---|
401 | <A NAME="1.0">
|
---|
402 | 1. Introduction
|
---|
403 | </A>
|
---|
404 | </H2>
|
---|
405 |
|
---|
406 | <H3>
|
---|
407 | <A NAME="1.1">
|
---|
408 | 1.1. Purpose
|
---|
409 | </A>
|
---|
410 | </H3>
|
---|
411 | <P>
|
---|
412 | Together the HTTP [<A HREF="#[3]">3</A>,<A HREF="#[8]">8</A>] server
|
---|
413 | and the CGI script are responsible
|
---|
414 | for servicing a client
|
---|
415 | request by sending back responses. The client
|
---|
416 | request comprises a Universal Resource Identifier (URI)
|
---|
417 | [<A HREF="#[1]">1</A>], a
|
---|
418 | request method, and various ancillary
|
---|
419 | information about the request
|
---|
420 | provided by the transport mechanism.
|
---|
421 | </P>
|
---|
422 | <P>
|
---|
423 | The CGI defines the abstract parameters, known as
|
---|
424 | metavariables,
|
---|
425 | which describe the client's
|
---|
426 | request. Together with a
|
---|
427 | concrete programmer interface this specifies a platform-independent
|
---|
428 | interface between the script and the HTTP server.
|
---|
429 | </P>
|
---|
430 |
|
---|
431 | <H3>
|
---|
432 | <A NAME="1.2">
|
---|
433 | 1.2. Requirements
|
---|
434 | </A>
|
---|
435 | </H3>
|
---|
436 | <P>
|
---|
437 | This specification uses the same words as RFC 1123
|
---|
438 | [<A HREF="#[5]">5</A>] to define the
|
---|
439 | significance of each particular requirement. These are:
|
---|
440 | </P><!--#if expr="! $GUI" -->
|
---|
441 | <P></P><!--#endif -->
|
---|
442 | <DL>
|
---|
443 | <DT><EM>MUST</EM>
|
---|
444 | </DT>
|
---|
445 | <DD>
|
---|
446 | <P>
|
---|
447 | This word or the adjective 'required' means that the item is an
|
---|
448 | absolute requirement of the specification.
|
---|
449 | </P>
|
---|
450 | </DD>
|
---|
451 | <DT><EM>SHOULD</EM>
|
---|
452 | </DT>
|
---|
453 | <DD>
|
---|
454 | <P>
|
---|
455 | This word or the adjective 'recommended' means that there may
|
---|
456 | exist valid reasons in particular circumstances to ignore this
|
---|
457 | item, but the full implications should be understood and the case
|
---|
458 | carefully weighed before choosing a different course.
|
---|
459 | </P>
|
---|
460 | </DD>
|
---|
461 | <DT><EM>MAY</EM>
|
---|
462 | </DT>
|
---|
463 | <DD>
|
---|
464 | <P>
|
---|
465 | This word or the adjective 'optional' means that this item is
|
---|
466 | truly optional. One vendor may choose to include the item because
|
---|
467 | a particular marketplace requires it or because it enhances the
|
---|
468 | product, for example; another vendor may omit the same item.
|
---|
469 | </P>
|
---|
470 | </DD>
|
---|
471 | </DL>
|
---|
472 | <P>
|
---|
473 | An implementation is not compliant if it fails to satisfy one or more
|
---|
474 | of the 'must' requirements for the protocols it implements. An
|
---|
475 | implementation that satisfies all of the 'must' and all of the
|
---|
476 | 'should' requirements for its features is said to be 'unconditionally
|
---|
477 | compliant'; one that satisfies all of the 'must' requirements but not
|
---|
478 | all of the 'should' requirements for its features is said to be
|
---|
479 | 'conditionally compliant.'
|
---|
480 | </P>
|
---|
481 |
|
---|
482 | <H3>
|
---|
483 | <A NAME="1.3">
|
---|
484 | 1.3. Specifications
|
---|
485 | </A>
|
---|
486 | </H3>
|
---|
487 | <P>
|
---|
488 | Not all of the functions and features of the CGI are defined in the
|
---|
489 | main part of this specification. The following phrases are used to
|
---|
490 | describe the features which are not specified:
|
---|
491 | </P>
|
---|
492 | <DL>
|
---|
493 | <DT><EM>system defined</EM>
|
---|
494 | </DT>
|
---|
495 | <DD>
|
---|
496 | <P>
|
---|
497 | The feature may differ between systems, but must be the same for
|
---|
498 | different implementations using the same system. A system will
|
---|
499 | usually identify a class of operating-systems. Some systems are
|
---|
500 | defined in
|
---|
501 | <A HREF="#10.0"
|
---|
502 | >section 10</A> of this document.
|
---|
503 | New systems may be defined
|
---|
504 | by new specifications without revision of this document.
|
---|
505 | </P>
|
---|
506 | </DD>
|
---|
507 | <DT><EM>implementation defined</EM>
|
---|
508 | </DT>
|
---|
509 | <DD>
|
---|
510 | <P>
|
---|
511 | The behaviour of the feature may vary from implementation to
|
---|
512 | implementation, but a particular implementation must document its
|
---|
513 | behaviour.
|
---|
514 | </P>
|
---|
515 | </DD>
|
---|
516 | </DL>
|
---|
517 |
|
---|
518 | <H3>
|
---|
519 | <A NAME="1.4">
|
---|
520 | 1.4. Terminology
|
---|
521 | </A>
|
---|
522 | </H3>
|
---|
523 | <P>
|
---|
524 | This specification uses many terms defined in the HTTP/1.1
|
---|
525 | specification [<A HREF="#[8]">8</A>]; however, the following terms are
|
---|
526 | used here in a
|
---|
527 | sense which may not accord with their definitions in that document,
|
---|
528 | or with their common meaning.
|
---|
529 | </P>
|
---|
530 |
|
---|
531 | <DL>
|
---|
532 | <DT><EM>metavariable</EM>
|
---|
533 | </DT>
|
---|
534 | <DD>
|
---|
535 | <P>
|
---|
536 | A named parameter that carries information from the server to the
|
---|
537 | script. It is not necessarily a variable in the operating-system's
|
---|
538 | environment, although that is the most common implementation.
|
---|
539 | </P>
|
---|
540 | </DD>
|
---|
541 |
|
---|
542 | <DT><EM>script</EM>
|
---|
543 | </DT>
|
---|
544 | <DD>
|
---|
545 | <P>
|
---|
546 | The software which is invoked by the server <EM>via</EM> this
|
---|
547 | interface. It
|
---|
548 | need not be a standalone program, but could be a
|
---|
549 | dynamically-loaded or shared library, or even a subroutine in the
|
---|
550 | server. It <EM>may</EM> be a set of statements
|
---|
551 | interpreted at run-time, as the term 'script' is frequently
|
---|
552 | understood, but that is not a requirement and within the context
|
---|
553 | of this specification the term has the broader definition stated.
|
---|
554 | </P>
|
---|
555 | </DD>
|
---|
556 | <DT><EM>server</EM>
|
---|
557 | </DT>
|
---|
558 | <DD>
|
---|
559 | <P>
|
---|
560 | The application program which invokes the script in order to service
|
---|
561 | requests.
|
---|
562 | </P>
|
---|
563 | </DD>
|
---|
564 | </DL>
|
---|
565 |
|
---|
566 | <H2>
|
---|
567 | <A NAME="2.0">
|
---|
568 | 2. Notational Conventions and Generic Grammar
|
---|
569 | </A>
|
---|
570 | </H2>
|
---|
571 |
|
---|
572 | <H3>
|
---|
573 | <A NAME="2.1">
|
---|
574 | 2.1. Augmented BNF
|
---|
575 | </A>
|
---|
576 | </H3>
|
---|
577 | <P>
|
---|
578 | All of the mechanisms specified in this document are described in
|
---|
579 | both prose and an augmented Backus-Naur Form (BNF) similar to that
|
---|
580 | used by RFC 822 [<A HREF="#[6]">6</A>]. This augmented BNF contains
|
---|
581 | the following constructs:
|
---|
582 | </P>
|
---|
583 | <DL>
|
---|
584 | <DT>name = definition
|
---|
585 | </DT>
|
---|
586 | <DD>
|
---|
587 | <P>
|
---|
588 | The
|
---|
589 | definition by the equal character ("="). Whitespace is only
|
---|
590 | significant in that continuation lines of a definition are
|
---|
591 | indented.
|
---|
592 | </P>
|
---|
593 | </DD>
|
---|
594 | <DT>"literal"
|
---|
595 | </DT>
|
---|
596 | <DD>
|
---|
597 | <P>
|
---|
598 | Quotation marks (") surround literal text, except for a literal
|
---|
599 | quotation mark, which is surrounded by angle-brackets ("<" and ">").
|
---|
600 | Unless stated otherwise, the text is case-sensitive.
|
---|
601 | </P>
|
---|
602 | </DD>
|
---|
603 | <DT>rule1 | rule2
|
---|
604 | </DT>
|
---|
605 | <DD>
|
---|
606 | <P>
|
---|
607 | Alternative rules are separated by a vertical bar ("|").
|
---|
608 | </P>
|
---|
609 | </DD>
|
---|
610 | <DT>(rule1 rule2 rule3)
|
---|
611 | </DT>
|
---|
612 | <DD>
|
---|
613 | <P>
|
---|
614 | Elements enclosed in parentheses are treated as a single element.
|
---|
615 | </P>
|
---|
616 | </DD>
|
---|
617 | <DT>*rule
|
---|
618 | </DT>
|
---|
619 | <DD>
|
---|
620 | <P>
|
---|
621 | A rule preceded by an asterisk ("*") may have zero or more
|
---|
622 | occurrences. A rule preceded by an integer followed by an asterisk
|
---|
623 | must occur at least the specified number of times.
|
---|
624 | </P>
|
---|
625 | </DD>
|
---|
626 | <DT>[rule]
|
---|
627 | </DT>
|
---|
628 | <DD>
|
---|
629 | <P>
|
---|
630 | An element enclosed in square
|
---|
631 | brackets ("[" and "]") is optional.
|
---|
632 | </P>
|
---|
633 | </DD>
|
---|
634 | </DL>
|
---|
635 |
|
---|
636 | <H3>
|
---|
637 | <A NAME="2.2">
|
---|
638 | 2.2. Basic Rules
|
---|
639 | </A>
|
---|
640 | </H3>
|
---|
641 | <P>
|
---|
642 | The following rules are used throughout this specification to
|
---|
643 | describe basic parsing constructs.
|
---|
644 | </P><!--#if expr="! $GUI" -->
|
---|
645 | <P></P><!--#endif -->
|
---|
646 | <PRE>
|
---|
647 | alpha = lowalpha | hialpha
|
---|
648 | alphanum = alpha | digit
|
---|
649 | lowalpha = "a" | "b" | "c" | "d" | "e" | "f" | "g" | "h"
|
---|
650 | | "i" | "j" | "k" | "l" | "m" | "n" | "o" | "p"
|
---|
651 | | "q" | "r" | "s" | "t" | "u" | "v" | "w" | "x"
|
---|
652 | | "y" | "z"
|
---|
653 | hialpha = "A" | "B" | "C" | "D" | "E" | "F" | "G" | "H"
|
---|
654 | | "I" | "J" | "K" | "L" | "M" | "N" | "O" | "P"
|
---|
655 | | "Q" | "R" | "S" | "T" | "U" | "V" | "W" | "X"
|
---|
656 | | "Y" | "Z"
|
---|
657 | digit = "0" | "1" | "2" | "3" | "4" | "5" | "6" | "7"
|
---|
658 | | "8" | "9"
|
---|
659 | hex = digit | "A" | "B" | "C" | "D" | "E" | "F" | "a"
|
---|
660 | | "b" | "c" | "d" | "e" | "f"
|
---|
661 | escaped = "%" hex hex
|
---|
662 | OCTET = <any 8-bit sequence of data>
|
---|
663 | CHAR = <any US-ASCII character (octets 0 - 127)>
|
---|
664 | CTL = <any US-ASCII control character
|
---|
665 | (octets 0 - 31) and DEL (127)>
|
---|
666 | CR = <US-ASCII CR, carriage return (13)>
|
---|
667 | LF = <US-ASCII LF, linefeed (10)>
|
---|
668 | SP = <US-ASCII SP, space (32)>
|
---|
669 | HT = <US-ASCII HT, horizontal tab (9)>
|
---|
670 | NL = CR | LF
|
---|
671 | LWSP = SP | HT | NL
|
---|
672 | tspecial = "(" | ")" | "@" | "," | ";" | ":" | "\" | <">
|
---|
673 | | "/" | "[" | "]" | "?" | "<" | ">" | "{" | "}"
|
---|
674 | | SP | HT | NL
|
---|
675 | token = 1*<any CHAR except CTLs or tspecials>
|
---|
676 | quoted-string = ( <"> *qdtext <"> ) | ( "<" *qatext ">")
|
---|
677 | qdtext = <any CHAR except <"> and CTLs but including LWSP>
|
---|
678 | qatext = <any CHAR except "<", ">" and CTLs but
|
---|
679 | including LWSP>
|
---|
680 | mark = "-" | "_" | "." | "!" | "~" | "*" | "'" | "(" | ")"
|
---|
681 | unreserved = alphanum | mark
|
---|
682 | reserved = ";" | "/" | "?" | ":" | "@" | "&" | "=" |
|
---|
683 | "$" | ","
|
---|
684 | uric = reserved | unreserved | escaped
|
---|
685 | </PRE>
|
---|
686 | <P>
|
---|
687 | Note that newline (NL) need not be a single character, but can be a
|
---|
688 | character sequence.
|
---|
689 | </P>
|
---|
690 |
|
---|
691 | <H2>
|
---|
692 | <A NAME="3.0">
|
---|
693 | 3. Protocol Parameters
|
---|
694 | </A>
|
---|
695 | </H2>
|
---|
696 |
|
---|
697 | <H3>
|
---|
698 | <A NAME="3.1">
|
---|
699 | 3.1. URL Encoding
|
---|
700 | </A>
|
---|
701 | </H3>
|
---|
702 | <P>
|
---|
703 | Some variables and constructs used here are described as being
|
---|
704 | 'URL-encoded'. This encoding is described in section
|
---|
705 | 2 of RFC
|
---|
706 | 2396
|
---|
707 | [<A HREF="#[4]">4</A>].
|
---|
708 | </P>
|
---|
709 | <P>
|
---|
710 | An alternate "shortcut" encoding for representing the space
|
---|
711 | character exists and is in common use. Scripts MUST be prepared to
|
---|
712 | recognise both '+' and '%20' as an encoded space in a
|
---|
713 | URL-encoded value.
|
---|
714 | </P>
|
---|
715 | <P>
|
---|
716 | Note that some unsafe characters may have different semantics if
|
---|
717 | they are encoded. The definition of which characters are unsafe
|
---|
718 | depends on the context.
|
---|
719 | For example, the following two URLs do not
|
---|
720 | necessarily refer to the same resource:
|
---|
721 | </P><!--#if expr="! $GUI" -->
|
---|
722 | <P></P><!--#endif -->
|
---|
723 | <PRE>
|
---|
724 | http://somehost.com/somedir%2Fvalue
|
---|
725 | http://somehost.com/somedir/value
|
---|
726 | </PRE>
|
---|
727 | <P>
|
---|
728 | See section
|
---|
729 | 2 of RFC
|
---|
730 | 2396 [<A HREF="#[4]">4</A>]
|
---|
731 | for authoritative treatment of this issue.
|
---|
732 | </P>
|
---|
733 |
|
---|
734 | <H3>
|
---|
735 | <A NAME="3.2">
|
---|
736 | 3.2. The Script-URI
|
---|
737 | </A>
|
---|
738 | </H3>
|
---|
739 | <P>
|
---|
740 | The 'Script-URI' is defined as the URI of the resource identified
|
---|
741 | by the metavariables. Often,
|
---|
742 | this URI will be the same as
|
---|
743 | the URI requested by the client (the 'Client-URI'); however, it need
|
---|
744 | not be. Instead, it could be a URI invented by the server, and so it
|
---|
745 | can only be used in the context of the server and its CGI interface.
|
---|
746 | </P>
|
---|
747 | <P>
|
---|
748 | The Script-URI has the syntax of generic-RL as defined in section 2.1
|
---|
749 | of RFC 1808 [<A HREF="#[7]">7</A>], with the exception that object
|
---|
750 | parameters and
|
---|
751 | fragment identifiers are not permitted:
|
---|
752 | </P><!--#if expr="! $GUI" -->
|
---|
753 | <P></P><!--#endif -->
|
---|
754 | <PRE>
|
---|
755 | <scheme>://<host><port>/<path>?<query>
|
---|
756 | </PRE>
|
---|
757 | <P>
|
---|
758 | The various components of the
|
---|
759 | Script-URI
|
---|
760 | are defined by some of the
|
---|
761 | metavariables (see
|
---|
762 | <A HREF="#4.0">section 4</A>
|
---|
763 | below);
|
---|
764 | </P><!--#if expr="! $GUI" -->
|
---|
765 | <P></P><!--#endif -->
|
---|
766 | <PRE>
|
---|
767 | script-uri = protocol "://" SERVER_NAME ":" SERVER_PORT enc-script
|
---|
768 | enc-path-info "?" QUERY_STRING
|
---|
769 | </PRE>
|
---|
770 | <P>
|
---|
771 | where 'protocol' is obtained
|
---|
772 | from SERVER_PROTOCOL, 'enc-script' is a
|
---|
773 | URL-encoded version of SCRIPT_NAME and 'enc-path-info' is a
|
---|
774 | URL-encoded version of PATH_INFO. See
|
---|
775 | <A HREF="#4.6">section 4.6</A> for more information about the PATH_INFO
|
---|
776 | metavariable.
|
---|
777 | </P>
|
---|
778 | <P>
|
---|
779 | Note that the scheme and the protocol are <EM>not</EM> identical;
|
---|
780 | for instance, a resource accessed <EM>via</EM> an SSL mechanism
|
---|
781 | may have a Client-URI with a scheme of "<SAMP>https</SAMP>"
|
---|
782 | rather than "<SAMP>http</SAMP>". CGI/1.1 provides no means
|
---|
783 | for the script to reconstruct this, and therefore
|
---|
784 | the Script-URI includes the base protocol used.
|
---|
785 | </P>
|
---|
786 |
|
---|
787 | <H2>
|
---|
788 | <A NAME="4.0">
|
---|
789 | 4. Invoking the Script
|
---|
790 | </A>
|
---|
791 | </H2>
|
---|
792 | <P>
|
---|
793 | The
|
---|
794 | script is invoked in a system defined manner. Unless specified
|
---|
795 | otherwise, the file containing the script will be invoked as an
|
---|
796 | executable program.
|
---|
797 | </P>
|
---|
798 |
|
---|
799 | <H2>
|
---|
800 | <A NAME="5.0">
|
---|
801 | 5. The CGI Script Command Line
|
---|
802 | </A>
|
---|
803 | </H2>
|
---|
804 | <P>
|
---|
805 | Some systems support a method for supplying an array of strings to
|
---|
806 | the CGI script. This is only used in the case of an 'indexed' query.
|
---|
807 | This is identified by a "GET" or "HEAD" HTTP request with a URL
|
---|
808 | query
|
---|
809 | string not containing any unencoded "=" characters. For such a
|
---|
810 | request,
|
---|
811 | servers SHOULD parse the search string
|
---|
812 | into words, using the following rules:
|
---|
813 | </P><!--#if expr="! $GUI" -->
|
---|
814 | <P></P><!--#endif -->
|
---|
815 | <PRE>
|
---|
816 | search-string = search-word *( "+" search-word )
|
---|
817 | search-word = 1*schar
|
---|
818 | schar = xunreserved | escaped | xreserved
|
---|
819 | xunreserved = alpha | digit | xsafe | extra
|
---|
820 | xsafe = "$" | "-" | "_" | "."
|
---|
821 | xreserved = ";" | "/" | "?" | ":" | "@" | "&"
|
---|
822 | </PRE>
|
---|
823 | <P>
|
---|
824 | After parsing, each word is URL-decoded, optionally encoded in a
|
---|
825 | system defined manner,
|
---|
826 | and then the argument list is set to the list
|
---|
827 | of words.
|
---|
828 | </P>
|
---|
829 | <P>
|
---|
830 | If the server cannot create any part of the argument list, then the
|
---|
831 | server SHOULD NOT generate any command line information. For example, the
|
---|
832 | number of arguments may be greater than operating system or server
|
---|
833 | limitations permit, or one of the words may not be representable as an
|
---|
834 | argument.
|
---|
835 | </P>
|
---|
836 | <P>
|
---|
837 | Scripts SHOULD check to see if the QUERY_STRING value contains an
|
---|
838 | unencoded "=" character, and SHOULD NOT use the command line arguments
|
---|
839 | if it does.
|
---|
840 | </P>
|
---|
841 |
|
---|
842 | <H2>
|
---|
843 | <A NAME="6.0">
|
---|
844 | 6. Data Input to the CGI Script
|
---|
845 | </A>
|
---|
846 | </H2>
|
---|
847 | <P>
|
---|
848 | Information about a request comes from two different sources: the
|
---|
849 | request header, and any associated
|
---|
850 | message-body.
|
---|
851 | Servers MUST
|
---|
852 | make portions of this information available to
|
---|
853 | scripts.
|
---|
854 | </P>
|
---|
855 |
|
---|
856 | <H3>
|
---|
857 | <A NAME="6.1">
|
---|
858 | 6.1. Request Metadata
|
---|
859 | (Metavariables)
|
---|
860 | </A>
|
---|
861 | </H3>
|
---|
862 | <P>
|
---|
863 | Each CGI server
|
---|
864 | implementation MUST define a mechanism
|
---|
865 | to pass data about the request from
|
---|
866 | the server to the script.
|
---|
867 | The metavariables containing these
|
---|
868 | data
|
---|
869 | are accessed by the script in a system
|
---|
870 | defined manner.
|
---|
871 | The
|
---|
872 | representation of the characters in the
|
---|
873 | metavariables is
|
---|
874 | system defined.
|
---|
875 | </P>
|
---|
876 | <P>
|
---|
877 | This specification does not distinguish between the representation of
|
---|
878 | null values and missing ones. Whether null or missing values
|
---|
879 | (such as a query component of "?" or "", respectively) are represented
|
---|
880 | by undefined metavariables or by metavariables with values of "" is
|
---|
881 | implementation-defined.
|
---|
882 | </P>
|
---|
883 | <P>
|
---|
884 | Case is not significant in the
|
---|
885 | metavariable
|
---|
886 | names, in that there cannot be two
|
---|
887 | different variables
|
---|
888 | whose names differ in case only. Here they are
|
---|
889 | shown using a canonical representation of capitals plus underscore
|
---|
890 | ("_"). The actual representation of the names is system defined; for
|
---|
891 | a particular system the representation MAY be defined differently
|
---|
892 | than this.
|
---|
893 | </P>
|
---|
894 | <P>
|
---|
895 | Metavariable
|
---|
896 | values MUST be
|
---|
897 | considered case-sensitive except as noted
|
---|
898 | otherwise.
|
---|
899 | </P>
|
---|
900 | <P>
|
---|
901 | The canonical
|
---|
902 | metavariables
|
---|
903 | defined by this specification are:
|
---|
904 | </P><!--#if expr="! $GUI" -->
|
---|
905 | <P></P><!--#endif -->
|
---|
906 | <PRE>
|
---|
907 | AUTH_TYPE
|
---|
908 | CONTENT_LENGTH
|
---|
909 | CONTENT_TYPE
|
---|
910 | GATEWAY_INTERFACE
|
---|
911 | PATH_INFO
|
---|
912 | PATH_TRANSLATED
|
---|
913 | QUERY_STRING
|
---|
914 | REMOTE_ADDR
|
---|
915 | REMOTE_HOST
|
---|
916 | REMOTE_IDENT
|
---|
917 | REMOTE_USER
|
---|
918 | REQUEST_METHOD
|
---|
919 | SCRIPT_NAME
|
---|
920 | SERVER_NAME
|
---|
921 | SERVER_PORT
|
---|
922 | SERVER_PROTOCOL
|
---|
923 | SERVER_SOFTWARE
|
---|
924 | </PRE>
|
---|
925 | <P>
|
---|
926 | Metavariables with names beginning with the protocol name (<EM>e.g.</EM>,
|
---|
927 | "HTTP_ACCEPT") are also canonical in their description of request header
|
---|
928 | fields. The number and meaning of these fields may change independently
|
---|
929 | of this specification. (See also <A HREF="#6.1.5">section 6.1.5</A>.)
|
---|
930 | </P>
|
---|
931 |
|
---|
932 | <H4>
|
---|
933 | <A NAME="6.1.1">
|
---|
934 | 6.1.1. AUTH_TYPE
|
---|
935 | </A>
|
---|
936 | </H4>
|
---|
937 | <P>
|
---|
938 | This variable is specific to requests made
|
---|
939 | <EM>via</EM> the
|
---|
940 | "<CODE>http</CODE>"
|
---|
941 | scheme.
|
---|
942 | </P>
|
---|
943 | <P>
|
---|
944 | If the Script-URI
|
---|
945 | required access authentication for external
|
---|
946 | access, then the server
|
---|
947 | MUST set
|
---|
948 | the value of
|
---|
949 | this variable
|
---|
950 | from the '<SAMP>auth-scheme</SAMP>' token in
|
---|
951 | the request's "<SAMP>Authorization</SAMP>" header
|
---|
952 | field.
|
---|
953 | Otherwise
|
---|
954 | it is
|
---|
955 | set to NULL.
|
---|
956 | </P><!--#if expr="! $GUI" -->
|
---|
957 | <P></P><!--#endif -->
|
---|
958 | <PRE>
|
---|
959 | AUTH_TYPE = "" | auth-scheme
|
---|
960 | auth-scheme = "Basic" | "Digest" | token
|
---|
961 | </PRE>
|
---|
962 | <P>
|
---|
963 | HTTP access authentication schemes are described in section 11 of the
|
---|
964 | HTTP/1.1 specification [<A HREF="#[8]">8</A>]. The auth-scheme is
|
---|
965 | not case-sensitive.
|
---|
966 | </P>
|
---|
967 | <P>
|
---|
968 | Servers
|
---|
969 | MUST
|
---|
970 | provide this metavariable
|
---|
971 | to scripts if the request
|
---|
972 | header included an "<SAMP>Authorization</SAMP>" field
|
---|
973 | that was authenticated.
|
---|
974 | </P>
|
---|
975 |
|
---|
976 | <H4>
|
---|
977 | <A NAME="6.1.2">
|
---|
978 | 6.1.2. CONTENT_LENGTH
|
---|
979 | </A>
|
---|
980 | </H4>
|
---|
981 | <P>
|
---|
982 | This
|
---|
983 | metavariable
|
---|
984 | is set to the
|
---|
985 | size of the message-body
|
---|
986 | entity attached to the request, if any, in decimal
|
---|
987 | number of octets. If no data are attached, then this
|
---|
988 | metavariable
|
---|
989 | is either NULL or not
|
---|
990 | defined. The syntax is
|
---|
991 | the same as for
|
---|
992 | the HTTP "<SAMP>Content-Length</SAMP>" header field (section 14.14, HTTP/1.1
|
---|
993 | specification [<A HREF="#[8]">8</A>]).
|
---|
994 | </P><!--#if expr="! $GUI" -->
|
---|
995 | <P></P><!--#endif -->
|
---|
996 | <PRE>
|
---|
997 | CONTENT_LENGTH = "" | 1*digit
|
---|
998 | </PRE>
|
---|
999 | <P>
|
---|
1000 | Servers MUST provide this metavariable
|
---|
1001 | to scripts if the request
|
---|
1002 | was accompanied by a
|
---|
1003 | message-body entity.
|
---|
1004 | </P>
|
---|
1005 |
|
---|
1006 | <H4>
|
---|
1007 | <A NAME="6.1.3">
|
---|
1008 | 6.1.3. CONTENT_TYPE
|
---|
1009 | </A>
|
---|
1010 | </H4>
|
---|
1011 | <P>
|
---|
1012 | If the request includes a
|
---|
1013 | message-body,
|
---|
1014 | CONTENT_TYPE is set
|
---|
1015 | to
|
---|
1016 | the Internet Media Type
|
---|
1017 | [<A HREF="#[9]">9</A>] of the attached
|
---|
1018 | entity if the type was provided <EM>via</EM>
|
---|
1019 | a "<SAMP>Content-type</SAMP>" field in the
|
---|
1020 | request header, or if the server can determine it in the absence
|
---|
1021 | of a supplied "<SAMP>Content-type</SAMP>" field. The syntax is the
|
---|
1022 | same as for the HTTP
|
---|
1023 | "<SAMP>Content-Type</SAMP>" header field.
|
---|
1024 | </P><!--#if expr="! $GUI" -->
|
---|
1025 | <P></P><!--#endif -->
|
---|
1026 | <PRE>
|
---|
1027 | CONTENT_TYPE = "" | media-type
|
---|
1028 | media-type = type "/" subtype *( ";" parameter)
|
---|
1029 | type = token
|
---|
1030 | subtype = token
|
---|
1031 | parameter = attribute "=" value
|
---|
1032 | attribute = token
|
---|
1033 | value = token | quoted-string
|
---|
1034 | </PRE>
|
---|
1035 | <P>
|
---|
1036 | The type, subtype,
|
---|
1037 | and parameter attribute names are not
|
---|
1038 | case-sensitive. Parameter values MAY be case sensitive.
|
---|
1039 | Media types and their use in HTTP are described
|
---|
1040 | in section 3.7 of the
|
---|
1041 | HTTP/1.1 specification [<A HREF="#[8]">8</A>].
|
---|
1042 | </P>
|
---|
1043 | <P>
|
---|
1044 | Example:
|
---|
1045 | </P><!--#if expr="! $GUI" -->
|
---|
1046 | <P></P><!--#endif -->
|
---|
1047 | <PRE>
|
---|
1048 | application/x-www-form-urlencoded
|
---|
1049 | </PRE>
|
---|
1050 | <P>
|
---|
1051 | There is no default value for this variable. If and only if it is
|
---|
1052 | unset, then the script MAY attempt to determine the media type from
|
---|
1053 | the data received. If the type remains unknown, then
|
---|
1054 | the script MAY choose to either assume a
|
---|
1055 | content-type of
|
---|
1056 | <SAMP>application/octet-stream</SAMP>
|
---|
1057 | or reject the request with a 415 ("Unsupported Media Type")
|
---|
1058 | error. See <A HREF="#7.2.1.3">section 7.2.1.3</A>
|
---|
1059 | for more information about returning error status values.
|
---|
1060 | </P>
|
---|
1061 | <P>
|
---|
1062 | Servers MUST provide this metavariable
|
---|
1063 | to scripts if
|
---|
1064 | a "<SAMP>Content-Type</SAMP>" field was present
|
---|
1065 | in the original request header. If the server receives a request
|
---|
1066 | with an attached entity but no "<SAMP>Content-Type</SAMP>"
|
---|
1067 | header field, it MAY attempt to
|
---|
1068 | determine the correct datatype, or it MAY omit this
|
---|
1069 | metavariable when
|
---|
1070 | communicating the request information to the script.
|
---|
1071 | </P>
|
---|
1072 |
|
---|
1073 | <H4>
|
---|
1074 | <A NAME="6.1.4">
|
---|
1075 | 6.1.4. GATEWAY_INTERFACE
|
---|
1076 | </A>
|
---|
1077 | </H4>
|
---|
1078 | <P>
|
---|
1079 | This
|
---|
1080 | metavariable
|
---|
1081 | is set to
|
---|
1082 | the dialect of CGI being used
|
---|
1083 | by the server to communicate with the script.
|
---|
1084 | Syntax:
|
---|
1085 | </P><!--#if expr="! $GUI" -->
|
---|
1086 | <P></P><!--#endif -->
|
---|
1087 | <PRE>
|
---|
1088 | GATEWAY_INTERFACE = "CGI" "/" major "." minor
|
---|
1089 | major = 1*digit
|
---|
1090 | minor = 1*digit
|
---|
1091 | </PRE>
|
---|
1092 | <P>
|
---|
1093 | Note that the major and minor numbers are treated as separate
|
---|
1094 | integers and hence each may be
|
---|
1095 | more than a single
|
---|
1096 | digit. Thus CGI/2.4 is a lower version than CGI/2.13 which in turn
|
---|
1097 | is lower than CGI/12.3. Leading zeros in either
|
---|
1098 | the major or the minor number MUST be ignored by scripts and
|
---|
1099 | SHOULD NOT be generated by servers.
|
---|
1100 | </P>
|
---|
1101 | <P>
|
---|
1102 | This document defines the 1.1 version of the CGI interface
|
---|
1103 | ("CGI/1.1").
|
---|
1104 | </P>
|
---|
1105 | <P>
|
---|
1106 | Servers MUST provide this metavariable
|
---|
1107 | to scripts.
|
---|
1108 | </P>
|
---|
1109 |
|
---|
1110 | <H4>
|
---|
1111 | <A NAME="6.1.5">
|
---|
1112 | 6.1.5. Protocol-Specific Metavariables
|
---|
1113 | </A>
|
---|
1114 | </H4>
|
---|
1115 | <P>
|
---|
1116 | These metavariables are specific to
|
---|
1117 | the protocol
|
---|
1118 | <EM>via</EM> which the request is made.
|
---|
1119 | Interpretation of these variables depends on the value of
|
---|
1120 | the
|
---|
1121 | SERVER_PROTOCOL
|
---|
1122 | metavariable
|
---|
1123 | (see
|
---|
1124 | <A HREF="#6.1.17">section 6.1.17</A>).
|
---|
1125 | </P>
|
---|
1126 | <P>
|
---|
1127 | Metavariables
|
---|
1128 | with names beginning with "HTTP_" contain
|
---|
1129 | values from the request header, if the
|
---|
1130 | scheme used was HTTP.
|
---|
1131 | Each
|
---|
1132 | HTTP header field name is converted to upper case, has all occurrences of
|
---|
1133 | "-" replaced with "_",
|
---|
1134 | and has "HTTP_" prepended to form
|
---|
1135 | the metavariable name.
|
---|
1136 | Similar transformations are applied for other
|
---|
1137 | protocols.
|
---|
1138 | The header data MAY be presented as sent
|
---|
1139 | by the client, or MAY be rewritten in ways which do not change its
|
---|
1140 | semantics. If multiple header fields with the same field-name are received
|
---|
1141 | then the server
|
---|
1142 | MUST rewrite them as though they
|
---|
1143 | had been received as a single header field having the same
|
---|
1144 | semantics before being represented in a
|
---|
1145 | metavariable.
|
---|
1146 | Similarly, a header field that is received on more than one line
|
---|
1147 | MUST be merged into a single line. The server MUST, if necessary,
|
---|
1148 | change the representation of the data (for example, the character
|
---|
1149 | set) to be appropriate for a CGI
|
---|
1150 | metavariable.
|
---|
1151 | <!-- ###NOTE: See if 2068 describes this thoroughly, and
|
---|
1152 | point there if so. -->
|
---|
1153 | </P>
|
---|
1154 | <P>
|
---|
1155 | Servers are
|
---|
1156 | not required to create
|
---|
1157 | metavariables for all
|
---|
1158 | the request
|
---|
1159 | header fields that they
|
---|
1160 | receive. In particular,
|
---|
1161 | they MAY
|
---|
1162 | decline to make available any
|
---|
1163 | header fields carrying authentication information, such as
|
---|
1164 | "<SAMP>Authorization</SAMP>", or
|
---|
1165 | which are available to the script
|
---|
1166 | <EM>via</EM> other metavariables,
|
---|
1167 | such as "<SAMP>Content-Length</SAMP>" and "<SAMP>Content-Type</SAMP>".
|
---|
1168 | </P>
|
---|
1169 |
|
---|
1170 | <H4>
|
---|
1171 | <A NAME="6.1.6">
|
---|
1172 | 6.1.6. PATH_INFO
|
---|
1173 | </A>
|
---|
1174 | </H4>
|
---|
1175 | <P>
|
---|
1176 | The PATH_INFO
|
---|
1177 | metavariable
|
---|
1178 | specifies
|
---|
1179 | a path to be interpreted by the CGI script. It identifies the
|
---|
1180 | resource or sub-resource to be returned
|
---|
1181 | by the CGI
|
---|
1182 | script, and it is derived from the portion
|
---|
1183 | of the URI path following the script name but preceding
|
---|
1184 | any query data.
|
---|
1185 | The syntax
|
---|
1186 | and semantics are similar to a decoded HTTP URL
|
---|
1187 | 'path' token
|
---|
1188 | (defined in
|
---|
1189 | RFC 2396
|
---|
1190 | [<A HREF="#[4]">4</A>]), with the exception
|
---|
1191 | that a PATH_INFO of "/"
|
---|
1192 | represents a single void path segment.
|
---|
1193 | </P><!--#if expr="! $GUI" -->
|
---|
1194 | <P></P><!--#endif -->
|
---|
1195 | <PRE>
|
---|
1196 | PATH_INFO = "" | ( "/" path )
|
---|
1197 | path = segment *( "/" segment )
|
---|
1198 | segment = *pchar
|
---|
1199 | pchar = <any CHAR except "/">
|
---|
1200 | </PRE>
|
---|
1201 | <P>
|
---|
1202 | The PATH_INFO string is the trailing part of the <path> component of
|
---|
1203 | the Script-URI
|
---|
1204 | (see <A HREF="#3.2">section 3.2</A>)
|
---|
1205 | that follows the SCRIPT_NAME
|
---|
1206 | portion of the path.
|
---|
1207 | </P>
|
---|
1208 | <P>
|
---|
1209 | Servers MAY impose their own restrictions and
|
---|
1210 | limitations on what values they will accept for PATH_INFO, and MAY
|
---|
1211 | reject or edit any values they
|
---|
1212 | consider objectionable before passing
|
---|
1213 | them to the script.
|
---|
1214 | </P>
|
---|
1215 | <P>
|
---|
1216 | Servers MUST make this URI component available
|
---|
1217 | to CGI scripts. The PATH_INFO
|
---|
1218 | value is case-sensitive, and the
|
---|
1219 | server MUST preserve the case of the PATH_INFO element of the URI
|
---|
1220 | when making it available to scripts.
|
---|
1221 | </P>
|
---|
1222 |
|
---|
1223 | <H4>
|
---|
1224 | <A NAME="6.1.7">
|
---|
1225 | 6.1.7. PATH_TRANSLATED
|
---|
1226 | </A>
|
---|
1227 | </H4>
|
---|
1228 | <P>
|
---|
1229 | PATH_TRANSLATED is derived by taking any path-info component of the
|
---|
1230 | request URI (see
|
---|
1231 | <A HREF="#6.1.6">section 6.1.6</A>), decoding it
|
---|
1232 | (see <A HREF="#3.1">section 3.1</A>), parsing it as a URI in its own
|
---|
1233 | right, and performing any virtual-to-physical
|
---|
1234 | translation appropriate to map it onto the
|
---|
1235 | server's document repository structure.
|
---|
1236 | If the request URI includes no path-info
|
---|
1237 | component, the PATH_TRANSLATED metavariable SHOULD NOT be defined.
|
---|
1238 | </P><!--#if expr="! $GUI" -->
|
---|
1239 | <P></P><!--#endif -->
|
---|
1240 | <PRE>
|
---|
1241 | PATH_TRANSLATED = *CHAR
|
---|
1242 | </PRE>
|
---|
1243 | <P>
|
---|
1244 | For a request such as the following:
|
---|
1245 | </P><!--#if expr="! $GUI" -->
|
---|
1246 | <P></P><!--#endif -->
|
---|
1247 | <PRE>
|
---|
1248 | http://somehost.com/cgi-bin/somescript/this%2eis%2epath%2einfo
|
---|
1249 | </PRE>
|
---|
1250 | <P>
|
---|
1251 | the PATH_INFO component would be decoded, and the result
|
---|
1252 | parsed as though it were a request for the following:
|
---|
1253 | </P><!--#if expr="! $GUI" -->
|
---|
1254 | <P></P><!--#endif -->
|
---|
1255 | <PRE>
|
---|
1256 | http://somehost.com/this.is.the.path.info
|
---|
1257 | </PRE>
|
---|
1258 | <P>
|
---|
1259 | This would then be translated to a
|
---|
1260 | location in the server's document repository,
|
---|
1261 | perhaps a filesystem path something
|
---|
1262 | like this:
|
---|
1263 | </P><!--#if expr="! $GUI" -->
|
---|
1264 | <P></P><!--#endif -->
|
---|
1265 | <PRE>
|
---|
1266 | /usr/local/www/htdocs/this.is.the.path.info
|
---|
1267 | </PRE>
|
---|
1268 | <P>
|
---|
1269 | The result of the translation is the value of PATH_TRANSLATED.
|
---|
1270 | </P>
|
---|
1271 | <P>
|
---|
1272 | The value of PATH_TRANSLATED may or may not map to a valid
|
---|
1273 | repository
|
---|
1274 | location.
|
---|
1275 | Servers MUST preserve the case of the path-info
|
---|
1276 | segment if and only if the underlying
|
---|
1277 | repository
|
---|
1278 | supports case-sensitive
|
---|
1279 | names. If the
|
---|
1280 | repository
|
---|
1281 | is only case-aware, case-preserving, or case-blind
|
---|
1282 | with regard to
|
---|
1283 | document names,
|
---|
1284 | servers are not required to preserve the
|
---|
1285 | case of the original segment through the translation.
|
---|
1286 | </P>
|
---|
1287 | <P>
|
---|
1288 | The
|
---|
1289 | translation
|
---|
1290 | algorithm the server uses to derive PATH_TRANSLATED is
|
---|
1291 | implementation defined; CGI scripts which use this variable may
|
---|
1292 | suffer limited portability.
|
---|
1293 | </P>
|
---|
1294 | <P>
|
---|
1295 | Servers SHOULD provide this metavariable
|
---|
1296 | to scripts if and only if the request URI includes a
|
---|
1297 | path-info component.
|
---|
1298 | </P>
|
---|
1299 |
|
---|
1300 | <H4>
|
---|
1301 | <A NAME="6.1.8">
|
---|
1302 | 6.1.8. QUERY_STRING
|
---|
1303 | </A>
|
---|
1304 | </H4>
|
---|
1305 | <P>
|
---|
1306 | A URL-encoded
|
---|
1307 | string; the <query> part of the
|
---|
1308 | Script-URI.
|
---|
1309 | (See
|
---|
1310 | <A HREF="#3.2">section 3.2</A>.)
|
---|
1311 | </P><!--#if expr="! $GUI" -->
|
---|
1312 | <P></P><!--#endif -->
|
---|
1313 | <PRE>
|
---|
1314 | QUERY_STRING = query-string
|
---|
1315 | query-string = *uric
|
---|
1316 | </PRE>
|
---|
1317 | <P>
|
---|
1318 | The URL syntax for a query
|
---|
1319 | string is described in
|
---|
1320 | section 3 of
|
---|
1321 | RFC 2396
|
---|
1322 | [<A HREF="#[4]">4</A>].
|
---|
1323 | </P>
|
---|
1324 | <P>
|
---|
1325 | Servers MUST supply this value to scripts.
|
---|
1326 | The QUERY_STRING value is case-sensitive.
|
---|
1327 | If the Script-URI does not include a query component,
|
---|
1328 | the QUERY_STRING metavariable MUST be defined as an empty string ("").
|
---|
1329 | </P>
|
---|
1330 |
|
---|
1331 | <H4>
|
---|
1332 | <A NAME="6.1.9">
|
---|
1333 | 6.1.9. REMOTE_ADDR
|
---|
1334 | </A>
|
---|
1335 | </H4>
|
---|
1336 | <P>
|
---|
1337 | The IP address of the client
|
---|
1338 | sending the request to the server. This
|
---|
1339 | is not necessarily that of the user
|
---|
1340 | agent
|
---|
1341 | (such as if the request came through a proxy).
|
---|
1342 | </P><!--#if expr="! $GUI" -->
|
---|
1343 | <P></P><!--#endif -->
|
---|
1344 | <PRE>
|
---|
1345 | REMOTE_ADDR = hostnumber
|
---|
1346 | hostnumber = ipv4-address | ipv6-address
|
---|
1347 | </PRE>
|
---|
1348 | <P>
|
---|
1349 | The definitions of <SAMP>ipv4-address</SAMP> and <SAMP>ipv6-address</SAMP>
|
---|
1350 | are provided in Appendix B of RFC 2373 [<A HREF="#[13]">13</A>].
|
---|
1351 | </P>
|
---|
1352 | <P>
|
---|
1353 | Servers MUST supply this value to scripts.
|
---|
1354 | </P>
|
---|
1355 |
|
---|
1356 | <H4>
|
---|
1357 | <A NAME="6.1.10">
|
---|
1358 | 6.1.10. REMOTE_HOST
|
---|
1359 | </A>
|
---|
1360 | </H4>
|
---|
1361 | <P>
|
---|
1362 | The fully qualified domain name of the
|
---|
1363 | client sending the request to
|
---|
1364 | the server, if available, otherwise NULL.
|
---|
1365 | (See <A HREF="#6.1.9">section 6.1.9</A>.)
|
---|
1366 | Fully qualified domain names take the form as described in
|
---|
1367 | section 3.5 of RFC 1034 [<A HREF="#[10]">10</A>] and section 2.1 of
|
---|
1368 | RFC 1123 [<A HREF="#[5]">5</A>]. Domain names are not case sensitive.
|
---|
1369 | </P>
|
---|
1370 | <P>
|
---|
1371 | Servers SHOULD provide this information to
|
---|
1372 | scripts.
|
---|
1373 | </P>
|
---|
1374 |
|
---|
1375 | <H4>
|
---|
1376 | <A NAME="6.1.11">
|
---|
1377 | 6.1.11. REMOTE_IDENT
|
---|
1378 | </A>
|
---|
1379 | </H4>
|
---|
1380 | <P>
|
---|
1381 | The identity information reported about the connection by a
|
---|
1382 | RFC 1413 [<A HREF="#[11]">11</A>] request to the remote agent, if
|
---|
1383 | available. Servers
|
---|
1384 | MAY choose not
|
---|
1385 | to support this feature, or not to request the data
|
---|
1386 | for efficiency reasons.
|
---|
1387 | </P><!--#if expr="! $GUI" -->
|
---|
1388 | <P></P><!--#endif -->
|
---|
1389 | <PRE>
|
---|
1390 | REMOTE_IDENT = *CHAR
|
---|
1391 | </PRE>
|
---|
1392 | <P>
|
---|
1393 | The data returned
|
---|
1394 | may be used for authentication purposes, but the level
|
---|
1395 | of trust reposed in them should be minimal.
|
---|
1396 | </P>
|
---|
1397 | <P>
|
---|
1398 | Servers MAY supply this information to scripts if the
|
---|
1399 | RFC1413 [<A HREF="#[11]">11</A>] lookup is performed.
|
---|
1400 | </P>
|
---|
1401 |
|
---|
1402 | <H4>
|
---|
1403 | <A NAME="6.1.12">
|
---|
1404 | 6.1.12. REMOTE_USER
|
---|
1405 | </A>
|
---|
1406 | </H4>
|
---|
1407 | <P>
|
---|
1408 | If the request required authentication using the "Basic"
|
---|
1409 | mechanism (<EM>i.e.</EM>, the AUTH_TYPE
|
---|
1410 | metavariable is set
|
---|
1411 | to "Basic"), then the value of the REMOTE_USER
|
---|
1412 | metavariable is set to the
|
---|
1413 | user-ID supplied. In all other cases
|
---|
1414 | the value of this metavariable
|
---|
1415 | is undefined.
|
---|
1416 | </P><!--#if expr="! $GUI" -->
|
---|
1417 | <P></P><!--#endif -->
|
---|
1418 | <PRE>
|
---|
1419 | REMOTE_USER = *OCTET
|
---|
1420 | </PRE>
|
---|
1421 | <P>
|
---|
1422 | This variable is specific to requests made <EM>via</EM> the
|
---|
1423 | HTTP protocol.
|
---|
1424 | </P>
|
---|
1425 | <P>
|
---|
1426 | Servers SHOULD provide this metavariable
|
---|
1427 | to scripts.
|
---|
1428 | </P>
|
---|
1429 |
|
---|
1430 | <H4>
|
---|
1431 | <A NAME="6.1.13">
|
---|
1432 | 6.1.13. REQUEST_METHOD
|
---|
1433 | </A>
|
---|
1434 | </H4>
|
---|
1435 | <P>
|
---|
1436 | The REQUEST_METHOD
|
---|
1437 | metavariable
|
---|
1438 | is set to the
|
---|
1439 | method with which the request was made, as described in section
|
---|
1440 | 5.1.1 of the HTTP/1.0 specification [<A HREF="#[3]">3</A>] and
|
---|
1441 | section 5.1.1 of the
|
---|
1442 | HTTP/1.1 specification [<A HREF="#[8]">8</A>].
|
---|
1443 | </P><!--#if expr="! $GUI" -->
|
---|
1444 | <P></P><!--#endif -->
|
---|
1445 | <PRE>
|
---|
1446 | REQUEST_METHOD = http-method
|
---|
1447 | http-method = "GET" | "HEAD" | "POST" | "PUT" | "DELETE"
|
---|
1448 | | "OPTIONS" | "TRACE" | extension-method
|
---|
1449 | extension-method = token
|
---|
1450 | </PRE>
|
---|
1451 | <P>
|
---|
1452 | The method is case sensitive.
|
---|
1453 | CGI/1.1 servers MAY choose to process some methods
|
---|
1454 | directly rather than passing them to scripts.
|
---|
1455 | </P>
|
---|
1456 | <P>
|
---|
1457 | This variable is specific to requests made with HTTP.
|
---|
1458 | </P>
|
---|
1459 | <P>
|
---|
1460 | Servers MUST provide this metavariable
|
---|
1461 | to scripts.
|
---|
1462 | </P>
|
---|
1463 |
|
---|
1464 | <H4>
|
---|
1465 | <A NAME="6.1.14">
|
---|
1466 | 6.1.14. SCRIPT_NAME
|
---|
1467 | </A>
|
---|
1468 | </H4>
|
---|
1469 | <P>
|
---|
1470 | The SCRIPT_NAME
|
---|
1471 | metavariable
|
---|
1472 | is
|
---|
1473 | set to a URL path that could identify the CGI script (rather than the
|
---|
1474 | script's
|
---|
1475 | output). The syntax and semantics are identical to a
|
---|
1476 | decoded HTTP URL 'path' token
|
---|
1477 | (see RFC 2396
|
---|
1478 | [<A HREF="#[4]">4</A>]).
|
---|
1479 | </P><!--#if expr="! $GUI" -->
|
---|
1480 | <P></P><!--#endif -->
|
---|
1481 | <PRE>
|
---|
1482 | SCRIPT_NAME = "" | ( "/" [ path ] )
|
---|
1483 | </PRE>
|
---|
1484 | <P>
|
---|
1485 | The SCRIPT_NAME string is some leading part of the <path> component
|
---|
1486 | of the Script-URI derived in some
|
---|
1487 | implementation defined manner.
|
---|
1488 | No PATH_INFO or QUERY_STRING segments
|
---|
1489 | (see sections <A HREF="#6.1.6">6.1.6</A> and
|
---|
1490 | <A HREF="#6.1.8">6.1.8</A>) are included
|
---|
1491 | in the SCRIPT_NAME value.
|
---|
1492 | </P>
|
---|
1493 | <P>
|
---|
1494 | Servers MUST provide this metavariable
|
---|
1495 | to scripts.
|
---|
1496 | </P>
|
---|
1497 |
|
---|
1498 | <H4>
|
---|
1499 | <A NAME="6.1.15">
|
---|
1500 | 6.1.15. SERVER_NAME
|
---|
1501 | </A>
|
---|
1502 | </H4>
|
---|
1503 | <P>
|
---|
1504 | The SERVER_NAME
|
---|
1505 | metavariable
|
---|
1506 | is set to the
|
---|
1507 | name of the
|
---|
1508 | server, as
|
---|
1509 | derived from the <host> part of the
|
---|
1510 | Script-URI
|
---|
1511 | (see <A HREF="#3.2">section 3.2</A>).
|
---|
1512 | </P><!--#if expr="! $GUI" -->
|
---|
1513 | <P></P><!--#endif -->
|
---|
1514 | <PRE>
|
---|
1515 | SERVER_NAME = hostname | hostnumber
|
---|
1516 | </PRE>
|
---|
1517 | <P>
|
---|
1518 | Servers MUST provide this metavariable
|
---|
1519 | to scripts.
|
---|
1520 | </P>
|
---|
1521 |
|
---|
1522 | <H4>
|
---|
1523 | <A NAME="6.1.16">
|
---|
1524 | 6.1.16. SERVER_PORT
|
---|
1525 | </A>
|
---|
1526 | </H4>
|
---|
1527 | <P>
|
---|
1528 | The SERVER_PORT
|
---|
1529 | metavariable
|
---|
1530 | is set to the
|
---|
1531 | port on which the
|
---|
1532 | request was received, as used in the <port>
|
---|
1533 | part of the Script-URI.
|
---|
1534 | </P><!--#if expr="! $GUI" -->
|
---|
1535 | <P></P><!--#endif -->
|
---|
1536 | <PRE>
|
---|
1537 | SERVER_PORT = 1*digit
|
---|
1538 | </PRE>
|
---|
1539 | <P>
|
---|
1540 | If the <port> portion of the script-URI is blank, the actual
|
---|
1541 | port number upon which the request was received MUST be supplied.
|
---|
1542 | </P>
|
---|
1543 | <P>
|
---|
1544 | Servers MUST provide this metavariable
|
---|
1545 | to scripts.
|
---|
1546 | </P>
|
---|
1547 |
|
---|
1548 | <H4>
|
---|
1549 | <A NAME="6.1.17">
|
---|
1550 | 6.1.17. SERVER_PROTOCOL
|
---|
1551 | </A>
|
---|
1552 | </H4>
|
---|
1553 | <P>
|
---|
1554 | The SERVER_PROTOCOL
|
---|
1555 | metavariable
|
---|
1556 | is set to
|
---|
1557 | the
|
---|
1558 | name and revision of the information protocol with which
|
---|
1559 | the
|
---|
1560 | request
|
---|
1561 | arrived. This is not necessarily the same as the protocol version used by
|
---|
1562 | the server in its response to the client.
|
---|
1563 | </P><!--#if expr="! $GUI" -->
|
---|
1564 | <P></P><!--#endif -->
|
---|
1565 | <PRE>
|
---|
1566 | SERVER_PROTOCOL = HTTP-Version | extension-version
|
---|
1567 | | extension-token
|
---|
1568 | HTTP-Version = "HTTP" "/" 1*digit "." 1*digit
|
---|
1569 | extension-version = protocol "/" 1*digit "." 1*digit
|
---|
1570 | protocol = 1*( alpha | digit | "+" | "-" | "." )
|
---|
1571 | extension-token = token
|
---|
1572 | </PRE>
|
---|
1573 | <P>
|
---|
1574 | 'protocol' is a version of the <scheme> part of the
|
---|
1575 | Script-URI, but is
|
---|
1576 | not identical to it. For example, the scheme of a request may be
|
---|
1577 | "<SAMP>https</SAMP>" while the protocol remains "<SAMP>http</SAMP>".
|
---|
1578 | The protocol is not case sensitive, but
|
---|
1579 | by convention, 'protocol' is in
|
---|
1580 | upper case.
|
---|
1581 | </P>
|
---|
1582 | <P>
|
---|
1583 | A well-known extension token value is "INCLUDED",
|
---|
1584 | which signals that the current document is being included as part of
|
---|
1585 | a composite document, rather than being the direct target of the
|
---|
1586 | client request.
|
---|
1587 | </P>
|
---|
1588 | <P>
|
---|
1589 | Servers MUST provide this metavariable
|
---|
1590 | to scripts.
|
---|
1591 | </P>
|
---|
1592 |
|
---|
1593 | <H4>
|
---|
1594 | <A NAME="6.1.18">
|
---|
1595 | 6.1.18. SERVER_SOFTWARE
|
---|
1596 | </A>
|
---|
1597 | </H4>
|
---|
1598 | <P>
|
---|
1599 | The SERVER_SOFTWARE
|
---|
1600 | metavariable
|
---|
1601 | is set to the
|
---|
1602 | name and version of the information server software answering the
|
---|
1603 | request (and running the gateway).
|
---|
1604 | </P><!--#if expr="! $GUI" -->
|
---|
1605 | <P></P><!--#endif -->
|
---|
1606 | <PRE>
|
---|
1607 | SERVER_SOFTWARE = 1*product
|
---|
1608 | product = token [ "/" product-version ]
|
---|
1609 | product-version = token
|
---|
1610 | </PRE>
|
---|
1611 | <P>
|
---|
1612 | Servers MUST provide this metavariable
|
---|
1613 | to scripts.
|
---|
1614 | </P>
|
---|
1615 |
|
---|
1616 | <H3>
|
---|
1617 | <A NAME="6.2">
|
---|
1618 | 6.2. Request Message-Bodies
|
---|
1619 | </A>
|
---|
1620 | </H3>
|
---|
1621 | <P>
|
---|
1622 | As there may be a data entity attached to the request, there MUST be
|
---|
1623 | a system defined method for the script to read
|
---|
1624 | these data. Unless
|
---|
1625 | defined otherwise, this will be <EM>via</EM> the 'standard input' file
|
---|
1626 | descriptor.
|
---|
1627 | </P>
|
---|
1628 | <P>
|
---|
1629 | If the CONTENT_LENGTH value (see <A HREF="#6.1.2">section 6.1.2</A>)
|
---|
1630 | is non-NULL, the server MUST supply at least that many bytes to
|
---|
1631 | scripts on the standard input stream.
|
---|
1632 | Scripts are
|
---|
1633 | not obliged to read the data.
|
---|
1634 | Servers MAY signal an EOF condition after CONTENT_LENGTH bytes have been
|
---|
1635 | read, but are
|
---|
1636 | not obligated to do so. Therefore, scripts
|
---|
1637 | MUST NOT
|
---|
1638 | attempt to read more than CONTENT_LENGTH bytes, even if more data
|
---|
1639 | are available.
|
---|
1640 | </P>
|
---|
1641 | <P>
|
---|
1642 | For non-parsed header (NPH) scripts (see
|
---|
1643 | <A HREF="#7.1">section 7.1</A>
|
---|
1644 | below),
|
---|
1645 | servers SHOULD
|
---|
1646 | attempt to ensure that the data
|
---|
1647 | supplied to the script are precisely
|
---|
1648 | as supplied by the client and unaltered by
|
---|
1649 | the server.
|
---|
1650 | </P>
|
---|
1651 | <P>
|
---|
1652 | <A HREF="#8.1.2">Section 8.1.2</A> describes the requirements of
|
---|
1653 | servers with regard to requests that include
|
---|
1654 | message-bodies.
|
---|
1655 | </P>
|
---|
1656 |
|
---|
1657 | <H2>
|
---|
1658 | <A NAME="7.0">
|
---|
1659 | 7. Data Output from the CGI Script
|
---|
1660 | </A>
|
---|
1661 | </H2>
|
---|
1662 | <P>
|
---|
1663 | There MUST be a system defined method for the script to send data
|
---|
1664 | back to the server or client; a script MUST always return some data.
|
---|
1665 | Unless defined otherwise, this will be <EM>via</EM> the 'standard
|
---|
1666 | output' file descriptor.
|
---|
1667 | </P>
|
---|
1668 | <P>
|
---|
1669 | There are two forms of output that scripts can supply to servers: non-parsed
|
---|
1670 | header (NPH) output, and parsed header output.
|
---|
1671 | Servers MUST support parsed header
|
---|
1672 | output and MAY support NPH output. The method of
|
---|
1673 | distinguishing between the two
|
---|
1674 | types of output (or scripts) is implementation defined.
|
---|
1675 | </P>
|
---|
1676 | <P>
|
---|
1677 | Servers MAY implement a timeout period within which data must be
|
---|
1678 | received from scripts. If a server implementation defines such
|
---|
1679 | a timeout and receives no data from a script within the timeout
|
---|
1680 | period, the server MAY terminate the script process and SHOULD
|
---|
1681 | abort the client request with
|
---|
1682 | either a
|
---|
1683 | '504 Gateway Timed Out' or a
|
---|
1684 | '500 Internal Server Error' response.
|
---|
1685 | </P>
|
---|
1686 |
|
---|
1687 | <H3>
|
---|
1688 | <A NAME="7.1">
|
---|
1689 | 7.1. Non-Parsed Header Output
|
---|
1690 | </A>
|
---|
1691 | </H3>
|
---|
1692 | <P>
|
---|
1693 | Scripts using the NPH output form
|
---|
1694 | MUST return a complete HTTP response message, as described
|
---|
1695 | in Section 6 of the HTTP specifications
|
---|
1696 | [<A HREF="#[3]">3</A>,<A HREF="#[8]">8</A>].
|
---|
1697 | NPH scripts
|
---|
1698 | MUST use the SERVER_PROTOCOL variable to determine the appropriate format
|
---|
1699 | for a response.
|
---|
1700 | </P>
|
---|
1701 | <P>
|
---|
1702 | Servers
|
---|
1703 | SHOULD attempt to ensure that the script output is sent
|
---|
1704 | directly to the client, with minimal
|
---|
1705 | internal and no transport-visible
|
---|
1706 | buffering.
|
---|
1707 | </P>
|
---|
1708 |
|
---|
1709 | <H3>
|
---|
1710 | <A NAME="7.2">
|
---|
1711 | 7.2. Parsed Header Output
|
---|
1712 | </A>
|
---|
1713 | </H3>
|
---|
1714 | <P>
|
---|
1715 | Scripts using the parsed header output form MUST supply
|
---|
1716 | a CGI response message to the server
|
---|
1717 | as follows:
|
---|
1718 | </P><!--#if expr="! $GUI" -->
|
---|
1719 | <P></P><!--#endif -->
|
---|
1720 | <PRE>
|
---|
1721 | CGI-Response = *optional-field CGI-Field *optional-field NL [ Message-Body ]
|
---|
1722 | optional-field = ( CGI-Field | HTTP-Field )
|
---|
1723 | CGI-Field = Content-type
|
---|
1724 | | Location
|
---|
1725 | | Status
|
---|
1726 | | extension-header
|
---|
1727 | </PRE>
|
---|
1728 | <P><!-- ##### If HTTP defines x-headers, remove ours except x-cgi- -->
|
---|
1729 | The response comprises a header and a body, separated by a blank line.
|
---|
1730 | The body may be NULL.
|
---|
1731 | The header fields are either CGI header fields to be interpreted by
|
---|
1732 | the server, or HTTP header fields
|
---|
1733 | to be included in the response returned
|
---|
1734 | to the client
|
---|
1735 | if the request method is HTTP. At least one
|
---|
1736 | CGI-Field MUST be
|
---|
1737 | supplied, but no CGI field name may be used more than once
|
---|
1738 | in a response.
|
---|
1739 | If a body is supplied, then a "<SAMP>Content-type</SAMP>"
|
---|
1740 | header field MUST be
|
---|
1741 | supplied by the script,
|
---|
1742 | otherwise the script MUST send a "<SAMP>Location</SAMP>"
|
---|
1743 | or "<SAMP>Status</SAMP>" header field. If a
|
---|
1744 | <SAMP>Location</SAMP> CGI-Field
|
---|
1745 | is returned, then the script MUST NOT supply
|
---|
1746 | any HTTP-Fields.
|
---|
1747 | </P>
|
---|
1748 | <P>
|
---|
1749 | Each header field in a CGI-Response MUST be specified on a single line;
|
---|
1750 | CGI/1.1 does not support continuation lines.
|
---|
1751 | </P>
|
---|
1752 |
|
---|
1753 | <H4>
|
---|
1754 | <A NAME="7.2.1">
|
---|
1755 | 7.2.1. CGI header fields
|
---|
1756 | </A>
|
---|
1757 | </H4>
|
---|
1758 | <P>
|
---|
1759 | The CGI header fields have the generic syntax:
|
---|
1760 | </P><!--#if expr="! $GUI" -->
|
---|
1761 | <P></P><!--#endif -->
|
---|
1762 | <PRE>
|
---|
1763 | generic-field = field-name ":" [ field-value ] NL
|
---|
1764 | field-name = token
|
---|
1765 | field-value = *( field-content | LWSP )
|
---|
1766 | field-content = *( token | tspecial | quoted-string )
|
---|
1767 | </PRE>
|
---|
1768 | <P>
|
---|
1769 | The field-name is not case sensitive; a NULL field value is
|
---|
1770 | equivalent to the header field not being sent.
|
---|
1771 | </P>
|
---|
1772 |
|
---|
1773 | <H4>
|
---|
1774 | <A NAME="7.2.1.1">
|
---|
1775 | 7.2.1.1. Content-Type
|
---|
1776 | </A>
|
---|
1777 | </H4>
|
---|
1778 | <P>
|
---|
1779 | The Internet Media Type [<A HREF="#[9]">9</A>] of the entity
|
---|
1780 | body, which is to be sent unmodified to the client.
|
---|
1781 | </P><!--#if expr="! $GUI" -->
|
---|
1782 | <P></P><!--#endif -->
|
---|
1783 | <PRE>
|
---|
1784 | Content-Type = "Content-Type" ":" media-type NL
|
---|
1785 | </PRE>
|
---|
1786 | <P>
|
---|
1787 | This is actually an HTTP-Field
|
---|
1788 | rather than a CGI-Field, but
|
---|
1789 | it is listed here because of its importance in the CGI dialogue as
|
---|
1790 | a member of the "one of these is required" set of header
|
---|
1791 | fields.
|
---|
1792 | </P>
|
---|
1793 |
|
---|
1794 | <H4>
|
---|
1795 | <A NAME="7.2.1.2">
|
---|
1796 | 7.2.1.2. Location
|
---|
1797 | </A>
|
---|
1798 | </H4>
|
---|
1799 | <P>
|
---|
1800 | This is used to specify to the server that the script is returning a
|
---|
1801 | reference to a document rather than an actual document.
|
---|
1802 | </P><!--#if expr="! $GUI" -->
|
---|
1803 | <P></P><!--#endif -->
|
---|
1804 | <PRE>
|
---|
1805 | Location = "Location" ":"
|
---|
1806 | ( fragment-URI | rel-URL-abs-path ) NL
|
---|
1807 | fragment-URI = URI [ # fragmentid ]
|
---|
1808 | URI = scheme ":" *qchar
|
---|
1809 | fragmentid = *qchar
|
---|
1810 | rel-URL-abs-path = "/" [ hpath ] [ "?" query-string ]
|
---|
1811 | hpath = fpsegment *( "/" psegment )
|
---|
1812 | fpsegment = 1*hchar
|
---|
1813 | psegment = *hchar
|
---|
1814 | hchar = alpha | digit | safe | extra
|
---|
1815 | | ":" | "@" | "& | "="
|
---|
1816 | </PRE>
|
---|
1817 | <P>
|
---|
1818 | The Location
|
---|
1819 | value is either an absolute URI with optional fragment,
|
---|
1820 | as defined in RFC 1630 [<A HREF="#[1]">1</A>], or an absolute path
|
---|
1821 | within the server's URI space (<EM>i.e.</EM>,
|
---|
1822 | omitting the scheme and network-related fields) and optional
|
---|
1823 | query-string. If an absolute URI is returned by the script,
|
---|
1824 | then the
|
---|
1825 | server MUST generate a
|
---|
1826 | '302 redirect' HTTP response
|
---|
1827 | message unless the script has supplied an
|
---|
1828 | explicit Status response header field.
|
---|
1829 | Scripts returning an absolute URI MAY choose to
|
---|
1830 | provide a message-body. Servers MUST make any appropriate modifications
|
---|
1831 | to the script's output to ensure the response to the user-agent complies
|
---|
1832 | with the response protocol version.
|
---|
1833 | If the Location value is a path, then the server
|
---|
1834 | MUST generate
|
---|
1835 | the response that it would have produced in response to a request
|
---|
1836 | containing the URL
|
---|
1837 | </P><!--#if expr="! $GUI" -->
|
---|
1838 | <P></P><!--#endif -->
|
---|
1839 | <PRE>
|
---|
1840 | scheme "://" SERVER_NAME ":" SERVER_PORT rel-URL-abs-path
|
---|
1841 | </PRE>
|
---|
1842 | <P>
|
---|
1843 | Note: If the request was accompanied by a
|
---|
1844 | message-body
|
---|
1845 | (such as for a POST request), and the script
|
---|
1846 | redirects the request with a Location field, the
|
---|
1847 | message-body
|
---|
1848 | may not be
|
---|
1849 | available to the resource that is the target of the redirect.
|
---|
1850 | </P>
|
---|
1851 |
|
---|
1852 | <H4>
|
---|
1853 | <A NAME="7.2.1.3">
|
---|
1854 | 7.2.1.3. Status
|
---|
1855 | </A>
|
---|
1856 | </H4>
|
---|
1857 | <P>
|
---|
1858 | The "<SAMP>Status</SAMP>" header field is used to indicate to the server what
|
---|
1859 | status code the server MUST use in the response message.
|
---|
1860 | </P><!--#if expr="! $GUI" -->
|
---|
1861 | <P></P><!--#endif -->
|
---|
1862 | <PRE>
|
---|
1863 | Status = "Status" ":" digit digit digit SP reason-phrase NL
|
---|
1864 | reason-phrase = *<CHAR, excluding CTLs, NL>
|
---|
1865 | </PRE>
|
---|
1866 | <P>
|
---|
1867 | The valid status codes are listed in section 6.1.1 of the HTTP/1.0
|
---|
1868 | specifications [<A HREF="#[3]">3</A>]. If the SERVER_PROTOCOL is
|
---|
1869 | "HTTP/1.1", then the status codes defined in the HTTP/1.1
|
---|
1870 | specification [<A HREF="#[8]">8</A>] may
|
---|
1871 | be used. If the script does not return a "<SAMP>Status</SAMP>" header
|
---|
1872 | field, then "200 OK" SHOULD be assumed by the server.
|
---|
1873 | </P>
|
---|
1874 | <P>
|
---|
1875 | If a script is being used to handle a particular error or condition
|
---|
1876 | encountered by the server, such as a '404 Not Found' error, the script
|
---|
1877 | SHOULD use the "<SAMP>Status</SAMP>" CGI header field to propagate the error
|
---|
1878 | condition back to the client. <EM>E.g.</EM>, in the example mentioned it
|
---|
1879 | SHOULD include a "Status: 404 Not Found" in the
|
---|
1880 | header data returned to the server.
|
---|
1881 | </P>
|
---|
1882 |
|
---|
1883 | <H4>
|
---|
1884 | <A NAME="7.2.1.4">
|
---|
1885 | 7.2.1.4. Extension header fields
|
---|
1886 | </A>
|
---|
1887 | </H4>
|
---|
1888 | <P>
|
---|
1889 | Scripts MAY include in their CGI response header additional fields
|
---|
1890 | not defined in this or the HTTP specification.
|
---|
1891 | These are called "extension" fields,
|
---|
1892 | and have the syntax of a <SAMP>generic-field</SAMP> as defined in
|
---|
1893 | <A HREF="#7.2.1">section 7.2.1</A>. The name of an extension field
|
---|
1894 | MUST NOT conflict with a field name defined in this or any other
|
---|
1895 | specification; extension field names SHOULD begin with "X-CGI-"
|
---|
1896 | to ensure uniqueness.
|
---|
1897 | </P>
|
---|
1898 |
|
---|
1899 | <H4>
|
---|
1900 | <A NAME="7.2.2">
|
---|
1901 | 7.2.2. HTTP header fields
|
---|
1902 | </A>
|
---|
1903 | </H4>
|
---|
1904 | <P>
|
---|
1905 | The script MAY return any other header fields defined by the
|
---|
1906 | specification
|
---|
1907 | for the SERVER_PROTOCOL (HTTP/1.0 [<A HREF="#[3]">3</A>] or HTTP/1.1
|
---|
1908 | [<A HREF="#[8]">8</A>]).
|
---|
1909 | Servers MUST resolve conflicts beteen CGI header
|
---|
1910 | and HTTP header formats or names (see <A HREF="#8.0">section 8</A>).
|
---|
1911 | </P>
|
---|
1912 |
|
---|
1913 | <H2>
|
---|
1914 | <A NAME="8.0">
|
---|
1915 | 8. Server Implementation
|
---|
1916 | </A>
|
---|
1917 | </H2>
|
---|
1918 | <P>
|
---|
1919 | This section defines the requirements that must be met by HTTP
|
---|
1920 | servers in order to provide a coherent and correct CGI/1.1
|
---|
1921 | environment in which scripts may function. It is intended
|
---|
1922 | primarily for server implementors, but it is useful for
|
---|
1923 | script authors to be familiar with the information as well.
|
---|
1924 | </P>
|
---|
1925 |
|
---|
1926 | <H3>
|
---|
1927 | <A NAME="8.1">
|
---|
1928 | 8.1. Requirements for Servers
|
---|
1929 | </A>
|
---|
1930 | </H3>
|
---|
1931 | <P>
|
---|
1932 | In order to be considered CGI/1.1-compliant, a server must meet
|
---|
1933 | certain basic criteria and provide certain minimal functionality.
|
---|
1934 | The details of these requirements are described in the following sections.
|
---|
1935 | </P>
|
---|
1936 |
|
---|
1937 | <H3>
|
---|
1938 | <A NAME="8.1.1">
|
---|
1939 | 8.1.1. Script-URI
|
---|
1940 | </A>
|
---|
1941 | </H3>
|
---|
1942 | <P>
|
---|
1943 | Servers MUST support the standard mechanism (described below) which
|
---|
1944 | allows
|
---|
1945 | script authors to determine
|
---|
1946 | what URL to use in documents
|
---|
1947 | which reference the script;
|
---|
1948 | specifically, what URL to use in order to
|
---|
1949 | achieve particular settings of the
|
---|
1950 | metavariables. This
|
---|
1951 | mechanism is as follows:
|
---|
1952 | </P>
|
---|
1953 | <P>
|
---|
1954 | The server
|
---|
1955 | MUST translate the header data from the CGI header field syntax to
|
---|
1956 | the HTTP
|
---|
1957 | header field syntax if these differ. For example, the character
|
---|
1958 | sequence for
|
---|
1959 | newline (such as Unix's ASCII NL) used by CGI scripts may not be the
|
---|
1960 | same as that used by HTTP (ASCII CR followed by LF). The server MUST
|
---|
1961 | also resolve any conflicts between header fields returned by the script
|
---|
1962 | and header fields that it would otherwise send itself.
|
---|
1963 | </P>
|
---|
1964 |
|
---|
1965 | <H3>
|
---|
1966 | <A NAME="8.1.2">
|
---|
1967 | 8.1.2. Request Message-body Handling
|
---|
1968 | </A>
|
---|
1969 | </H3>
|
---|
1970 | <P>
|
---|
1971 | These are the requirements for server handling of message-bodies directed
|
---|
1972 | to CGI/1.1 resources:
|
---|
1973 | </P>
|
---|
1974 | <OL>
|
---|
1975 | <LI>The message-body the server provides to the CGI script MUST
|
---|
1976 | have any transfer encodings removed.
|
---|
1977 | </LI>
|
---|
1978 | <LI>The server MUST derive and provide a value for the CONTENT_LENGTH
|
---|
1979 | metavariable that reflects the length of the message-body after any
|
---|
1980 | transfer decoding.
|
---|
1981 | </LI>
|
---|
1982 | <LI>The server MUST leave intact any content-encodings of the message-body.
|
---|
1983 | </LI>
|
---|
1984 | </OL>
|
---|
1985 |
|
---|
1986 | <H3>
|
---|
1987 | <A NAME="8.1.3">
|
---|
1988 | 8.1.3. Required Metavariables
|
---|
1989 | </A>
|
---|
1990 | </H3>
|
---|
1991 | <P>
|
---|
1992 | Servers MUST provide scripts with certain information and
|
---|
1993 | metavariables
|
---|
1994 | as described in <A HREF="#8.3">section 8.3</A>.
|
---|
1995 | </P>
|
---|
1996 |
|
---|
1997 | <H3>
|
---|
1998 | <A NAME="8.1.4">
|
---|
1999 | 8.1.4. Response Compliance
|
---|
2000 | </A>
|
---|
2001 | </H3>
|
---|
2002 | <P>
|
---|
2003 | Servers MUST ensure that responses sent to the user-agent meet all
|
---|
2004 | requirements of the protocol level in effect. This may involve
|
---|
2005 | modifying, deleting, or augmenting any header
|
---|
2006 | fields and/or message-body supplied by the script.
|
---|
2007 | </P>
|
---|
2008 |
|
---|
2009 | <H3>
|
---|
2010 | <A NAME="8.2">
|
---|
2011 | 8.2. Recommendations for Servers
|
---|
2012 | </A>
|
---|
2013 | </H3>
|
---|
2014 | <P>
|
---|
2015 | Servers SHOULD provide the "<SAMP>query</SAMP>" component of the script-URI
|
---|
2016 | as command-line arguments to scripts if it does not
|
---|
2017 | contain any unencoded '=' characters and the command-line arguments can
|
---|
2018 | be generated in an unambiguous manner.
|
---|
2019 | (See <A HREF="#5.0">section 5</A>.)
|
---|
2020 | </P>
|
---|
2021 | <P>
|
---|
2022 | Servers SHOULD set the AUTH_TYPE
|
---|
2023 | metavariable to the value of the
|
---|
2024 | '<SAMP>auth-scheme</SAMP>' token of the "<SAMP>Authorization</SAMP>"
|
---|
2025 | field if it was supplied as part of the request header.
|
---|
2026 | (See <A HREF="#6.1.1">section 6.1.1</A>.)
|
---|
2027 | </P>
|
---|
2028 | <P>
|
---|
2029 | Where applicable, servers SHOULD set the current working directory
|
---|
2030 | to the directory in which the script is located before invoking
|
---|
2031 | it.
|
---|
2032 | </P>
|
---|
2033 | <P>
|
---|
2034 | Servers MAY reject with error '404 Not Found'
|
---|
2035 | any requests that would result in
|
---|
2036 | an encoded "/" being decoded into PATH_INFO or SCRIPT_NAME, as this
|
---|
2037 | might represent a loss of information to the script.
|
---|
2038 | </P>
|
---|
2039 | <P>
|
---|
2040 | Although the server and the CGI script need not be consistent in
|
---|
2041 | their handling of URL paths (client URLs and the PATH_INFO data,
|
---|
2042 | respectively), server authors may wish to impose consistency.
|
---|
2043 | So the server implementation SHOULD define its behaviour for the
|
---|
2044 | following cases:
|
---|
2045 | </P>
|
---|
2046 | <OL>
|
---|
2047 | <LI>define any restrictions on allowed characters, in particular
|
---|
2048 | whether ASCII NUL is permitted;
|
---|
2049 | </LI>
|
---|
2050 | <LI>define any restrictions on allowed path segments, in particular
|
---|
2051 | whether non-terminal NULL segments are permitted;
|
---|
2052 | </LI>
|
---|
2053 | <LI>define the behaviour for <SAMP>"."</SAMP> or <SAMP>".."</SAMP> path
|
---|
2054 | segments; <EM>i.e.</EM>, whether they are prohibited, treated as
|
---|
2055 | ordinary path
|
---|
2056 | segments or interpreted in accordance with the relative URL
|
---|
2057 | specification [<A HREF="#[7]">7</A>];
|
---|
2058 | </LI>
|
---|
2059 | <LI>define any limits of the implementation, including limits on path or
|
---|
2060 | search string lengths, and limits on the volume of header data the server
|
---|
2061 | will parse.
|
---|
2062 | </LI><!-- ##### Move the field resolution/translation para below here -->
|
---|
2063 | </OL>
|
---|
2064 | <P>
|
---|
2065 | Servers MAY generate the
|
---|
2066 | Script-URI in
|
---|
2067 | any way from the client URI,
|
---|
2068 | or from any other data (but the behaviour SHOULD be documented).
|
---|
2069 | </P>
|
---|
2070 | <P>
|
---|
2071 | For non-parsed header (NPH) scripts (see
|
---|
2072 | <A HREF="#7.1">section 7.1</A>), servers SHOULD
|
---|
2073 | attempt to ensure that the script input comes directly from the
|
---|
2074 | client, with minimal buffering. For all scripts the data will be
|
---|
2075 | as supplied by the client.
|
---|
2076 | </P>
|
---|
2077 |
|
---|
2078 | <H3>
|
---|
2079 | <A NAME="8.3">
|
---|
2080 | 8.3. Summary of
|
---|
2081 | MetaVariables
|
---|
2082 | </A>
|
---|
2083 | </H3>
|
---|
2084 | <P>
|
---|
2085 | Servers MUST provide the following
|
---|
2086 | metavariables to
|
---|
2087 | scripts. See the individual descriptions for exceptions and semantics.
|
---|
2088 | </P><!--#if expr="! $GUI" -->
|
---|
2089 | <P></P><!--#endif -->
|
---|
2090 | <PRE>
|
---|
2091 | CONTENT_LENGTH (section <A HREF="#6.1.2">6.1.2</A>)
|
---|
2092 | CONTENT_TYPE (section <A HREF="#6.1.3">6.1.3</A>)
|
---|
2093 | GATEWAY_INTERFACE (section <A HREF="#6.1.4">6.1.4</A>)
|
---|
2094 | PATH_INFO (section <A HREF="#6.1.6">6.1.6</A>)
|
---|
2095 | QUERY_STRING (section <A HREF="#6.1.8">6.1.8</A>)
|
---|
2096 | REMOTE_ADDR (section <A HREF="#6.1.9">6.1.9</A>)
|
---|
2097 | REQUEST_METHOD (section <A HREF="#6.1.13">6.1.13</A>)
|
---|
2098 | SCRIPT_NAME (section <A HREF="#6.1.14">6.1.14</A>)
|
---|
2099 | SERVER_NAME (section <A HREF="#6.1.15">6.1.15</A>)
|
---|
2100 | SERVER_PORT (section <A HREF="#6.1.16">6.1.16</A>)
|
---|
2101 | SERVER_PROTOCOL (section <A HREF="#6.1.17">6.1.17</A>)
|
---|
2102 | SERVER_SOFTWARE (section <A HREF="#6.1.18">6.1.18</A>)
|
---|
2103 | </PRE>
|
---|
2104 | <P>
|
---|
2105 | Servers SHOULD define the following
|
---|
2106 | metavariables for scripts.
|
---|
2107 | See the individual descriptions for exceptions and semantics.
|
---|
2108 | </P><!--#if expr="! $GUI" -->
|
---|
2109 | <P></P><!--#endif -->
|
---|
2110 | <PRE>
|
---|
2111 | AUTH_TYPE (section <A HREF="#6.1.1">6.1.1</A>)
|
---|
2112 | REMOTE_HOST (section <A HREF="#6.1.10">6.1.10</A>)
|
---|
2113 | </PRE>
|
---|
2114 | <P>
|
---|
2115 | In addition, servers SHOULD provide
|
---|
2116 | metavariables for all fields present
|
---|
2117 | in the HTTP request header, with the exception of those involved with
|
---|
2118 | access control. Servers MAY at their discretion provide
|
---|
2119 | metavariables
|
---|
2120 | for access control fields.
|
---|
2121 | </P>
|
---|
2122 | <P>
|
---|
2123 | Servers MAY define the following
|
---|
2124 | metavariables. See the individual
|
---|
2125 | descriptions for exceptions and semantics.
|
---|
2126 | </P><!--#if expr="! $GUI" -->
|
---|
2127 | <P></P><!--#endif -->
|
---|
2128 | <PRE>
|
---|
2129 | PATH_TRANSLATED (section <A HREF="#6.1.7">6.1.7</A>)
|
---|
2130 | REMOTE_IDENT (section <A HREF="#6.1.11">6.1.11</A>)
|
---|
2131 | REMOTE_USER (section <A HREF="#6.1.12">6.1.12</A>)
|
---|
2132 | </PRE>
|
---|
2133 | <P>
|
---|
2134 | Servers MAY
|
---|
2135 | at their discretion define additional implementation-specific
|
---|
2136 | extension metavariables
|
---|
2137 | provided their names do not
|
---|
2138 | conflict with defined header field names. Implementation-specific
|
---|
2139 | metavariable names SHOULD
|
---|
2140 | be prefixed with "X_" (<EM>e.g.</EM>,
|
---|
2141 | "X_DBA") to avoid the potential for such conflicts.
|
---|
2142 | </P>
|
---|
2143 |
|
---|
2144 | <H2>
|
---|
2145 | <A NAME="9.0">
|
---|
2146 | 9.
|
---|
2147 | Script Implementation
|
---|
2148 | </A>
|
---|
2149 | </H2>
|
---|
2150 | <P>
|
---|
2151 | This section defines the requirements and recommendations for scripts
|
---|
2152 | that are intended to function in a CGI/1.1 environment. It is intended
|
---|
2153 | primarily as a reference for script authors, but server implementors
|
---|
2154 | should be familiar with these issues as well.
|
---|
2155 | </P>
|
---|
2156 |
|
---|
2157 | <H3>
|
---|
2158 | <A NAME="9.1">
|
---|
2159 | 9.1. Requirements for Scripts
|
---|
2160 | </A>
|
---|
2161 | </H3>
|
---|
2162 | <P>
|
---|
2163 | Scripts using the parsed-header method to communicate with servers
|
---|
2164 | MUST supply a response header to the server.
|
---|
2165 | (See <A HREF="#7.0">section 7</A>.)
|
---|
2166 | </P>
|
---|
2167 | <P>
|
---|
2168 | Scripts using the NPH method to communicate with servers MUST
|
---|
2169 | provide complete HTTP responses, and MUST use the value of the
|
---|
2170 | SERVER_PROTOCOL metavariable
|
---|
2171 | to determine the appropriate format.
|
---|
2172 | (See <A HREF="#7.1">section 7.1</A>.)
|
---|
2173 | </P>
|
---|
2174 | <P>
|
---|
2175 | Scripts MUST check the value of the REQUEST_METHOD
|
---|
2176 | metavariable in order
|
---|
2177 | to provide an appropriate response.
|
---|
2178 | (See <A HREF="#6.1.13">section 6.1.13</A>.)
|
---|
2179 | </P>
|
---|
2180 | <P>
|
---|
2181 | Scripts MUST be prepared to handled URL-encoded values in
|
---|
2182 | metavariables.
|
---|
2183 | In addition, they MUST recognise both "+" and "%20" in URL-encoded
|
---|
2184 | quantities as representing the space character.
|
---|
2185 | (See <A HREF="#3.1">section 3.1</A>.)
|
---|
2186 | </P>
|
---|
2187 | <P>
|
---|
2188 | Scripts MUST ignore leading zeros in the major and minor version numbers
|
---|
2189 | in the GATEWAY_INTERFACE
|
---|
2190 | metavariable value. (See
|
---|
2191 | <A HREF="#6.1.4">section 6.1.4</A>.)
|
---|
2192 | </P>
|
---|
2193 | <P>
|
---|
2194 | When processing requests that include a
|
---|
2195 | message-body, scripts
|
---|
2196 | MUST NOT read more than CONTENT_LENGTH bytes from the input stream.
|
---|
2197 | (See sections <A HREF="#6.1.2">6.1.2</A> and <A HREF="#6.2">6.2</A>.)
|
---|
2198 | </P>
|
---|
2199 |
|
---|
2200 | <H3>
|
---|
2201 | <A NAME="9.2">
|
---|
2202 | 9.2. Recommendations for Scripts
|
---|
2203 | </A>
|
---|
2204 | </H3>
|
---|
2205 | <P>
|
---|
2206 | Servers may interrupt or terminate script execution at any time
|
---|
2207 | and without warning, so scripts SHOULD be prepared to deal with
|
---|
2208 | abnormal termination.
|
---|
2209 | </P>
|
---|
2210 | <P>
|
---|
2211 | Scripts MUST
|
---|
2212 | reject with
|
---|
2213 | error '405 Method Not
|
---|
2214 | Allowed' requests
|
---|
2215 | made using methods that they do not support. If the script does
|
---|
2216 | not intend
|
---|
2217 | processing the PATH_INFO data, then it SHOULD reject the request with
|
---|
2218 | '404 Not
|
---|
2219 | Found' if PATH_INFO is not NULL.
|
---|
2220 | </P>
|
---|
2221 | <P>
|
---|
2222 | If a script is processing the output of a form, it SHOULD
|
---|
2223 | verify that the CONTENT_TYPE
|
---|
2224 | is "<SAMP>application/x-www-form-urlencoded</SAMP>" [<A HREF="#[2]">2</A>]
|
---|
2225 | or whatever other media type is expected.
|
---|
2226 | </P>
|
---|
2227 | <P>
|
---|
2228 | Scripts parsing PATH_INFO,
|
---|
2229 | PATH_TRANSLATED, or SCRIPT_NAME
|
---|
2230 | SHOULD be careful
|
---|
2231 | of void path segments ("<SAMP>//</SAMP>") and special path segments
|
---|
2232 | (<SAMP>"."</SAMP> and
|
---|
2233 | <SAMP>".."</SAMP>). They SHOULD either be removed from the path before
|
---|
2234 | use in OS
|
---|
2235 | system calls, or the request SHOULD be rejected with
|
---|
2236 | '404 Not Found'.
|
---|
2237 | </P>
|
---|
2238 | <P>
|
---|
2239 | As it is impossible for
|
---|
2240 | scripts to determine the client URI that
|
---|
2241 | initiated a
|
---|
2242 | request without knowledge of the specific server in
|
---|
2243 | use, the script SHOULD NOT return "<SAMP>text/html</SAMP>"
|
---|
2244 | documents containing
|
---|
2245 | relative URL links without including a "<SAMP><BASE></SAMP>"
|
---|
2246 | tag in the document.
|
---|
2247 | </P>
|
---|
2248 | <P>
|
---|
2249 | When returning header fields,
|
---|
2250 | scripts SHOULD try to send the CGI
|
---|
2251 | header fields (see section
|
---|
2252 | <A HREF="#7.2">7.2</A>) as soon as possible, and
|
---|
2253 | SHOULD send them
|
---|
2254 | before any HTTP header fields. This may
|
---|
2255 | help reduce the server's memory requirements.
|
---|
2256 | </P>
|
---|
2257 |
|
---|
2258 | <H2>
|
---|
2259 | <A NAME="10.0">
|
---|
2260 | 10. System Specifications
|
---|
2261 | </A>
|
---|
2262 | </H2>
|
---|
2263 |
|
---|
2264 | <H3>
|
---|
2265 | <A NAME="10.1">
|
---|
2266 | 10.1. AmigaDOS
|
---|
2267 | </A>
|
---|
2268 | </H3>
|
---|
2269 | <P>
|
---|
2270 | The implementation of the CGI on an AmigaDOS operating system platform
|
---|
2271 | SHOULD use environment variables as the mechanism of providing
|
---|
2272 | request metadata to CGI scripts.
|
---|
2273 | </P>
|
---|
2274 | <DL>
|
---|
2275 | <DT><STRONG>Environment variables</STRONG>
|
---|
2276 | </DT>
|
---|
2277 | <DD>
|
---|
2278 | <P>
|
---|
2279 | These are accessed by the DOS library routine <SAMP>GetVar</SAMP>. The
|
---|
2280 | flags argument SHOULD be 0. Case is ignored, but upper case is
|
---|
2281 | recommended for compatibility with case-sensitive systems.
|
---|
2282 | </P>
|
---|
2283 | </DD>
|
---|
2284 | <DT><STRONG>The current working directory</STRONG>
|
---|
2285 | </DT>
|
---|
2286 | <DD>
|
---|
2287 | <P>
|
---|
2288 | The current working directory for the script is set to the directory
|
---|
2289 | containing the script.
|
---|
2290 | </P>
|
---|
2291 | </DD>
|
---|
2292 | <DT><STRONG>Character set</STRONG>
|
---|
2293 | </DT>
|
---|
2294 | <DD>
|
---|
2295 | <P>
|
---|
2296 | The US-ASCII character set is used for the definition of environment
|
---|
2297 | variable names and header
|
---|
2298 | field names; the newline (NL) sequence is LF;
|
---|
2299 | servers SHOULD also accept CR LF as a newline.
|
---|
2300 | </P>
|
---|
2301 | </DD>
|
---|
2302 | </DL>
|
---|
2303 |
|
---|
2304 | <H3>
|
---|
2305 | <A NAME="10.2">
|
---|
2306 | 10.2. Unix
|
---|
2307 | </A>
|
---|
2308 | </H3>
|
---|
2309 | <P>
|
---|
2310 | The implementation of the CGI on a UNIX operating system platform
|
---|
2311 | SHOULD use environment variables as the mechanism of providing
|
---|
2312 | request metadata to CGI scripts.
|
---|
2313 | </P>
|
---|
2314 | <P>
|
---|
2315 | For Unix compatible operating systems, the following are defined:
|
---|
2316 | </P>
|
---|
2317 | <DL>
|
---|
2318 | <DT><STRONG>Environment variables</STRONG>
|
---|
2319 | </DT>
|
---|
2320 | <DD>
|
---|
2321 | <P>
|
---|
2322 | These are accessed by the C library routine <SAMP>getenv</SAMP>.
|
---|
2323 | </P>
|
---|
2324 | </DD>
|
---|
2325 | <DT><STRONG>The command line</STRONG>
|
---|
2326 | </DT>
|
---|
2327 | <DD>
|
---|
2328 | <P>
|
---|
2329 | This is accessed using the
|
---|
2330 | <SAMP>argc</SAMP> and <SAMP>argv</SAMP>
|
---|
2331 | arguments to <SAMP>main()</SAMP>. The words have any characters
|
---|
2332 | that
|
---|
2333 | are 'active' in the Bourne shell escaped with a backslash.
|
---|
2334 | If the value of the QUERY_STRING
|
---|
2335 | metavariable
|
---|
2336 | contains an unencoded equals-sign '=', then the command line
|
---|
2337 | SHOULD NOT be used by the script.
|
---|
2338 | </P>
|
---|
2339 | </DD>
|
---|
2340 | <DT><STRONG>The current working directory</STRONG>
|
---|
2341 | </DT>
|
---|
2342 | <DD>
|
---|
2343 | <P>
|
---|
2344 | The current working directory for the script
|
---|
2345 | SHOULD be set to the directory
|
---|
2346 | containing the script.
|
---|
2347 | </P>
|
---|
2348 | </DD>
|
---|
2349 | <DT><STRONG>Character set</STRONG>
|
---|
2350 | </DT>
|
---|
2351 | <DD>
|
---|
2352 | <P>
|
---|
2353 | The US-ASCII character set is used for the definition of environment
|
---|
2354 | variable names and header field names; the newline (NL) sequence is LF;
|
---|
2355 | servers SHOULD also accept CR LF as a newline.
|
---|
2356 | </P>
|
---|
2357 | </DD>
|
---|
2358 | </DL>
|
---|
2359 |
|
---|
2360 | <H2>
|
---|
2361 | <A NAME="11.0">
|
---|
2362 | 11. Security Considerations
|
---|
2363 | </A>
|
---|
2364 | </H2>
|
---|
2365 |
|
---|
2366 | <H3>
|
---|
2367 | <A NAME="11.1">
|
---|
2368 | 11.1. Safe Methods
|
---|
2369 | </A>
|
---|
2370 | </H3>
|
---|
2371 | <P>
|
---|
2372 | As discussed in the security considerations of the HTTP
|
---|
2373 | specifications [<A HREF="#[3]">3</A>,<A HREF="#[8]">8</A>], the
|
---|
2374 | convention has been established that the
|
---|
2375 | GET and HEAD methods should be 'safe'; they should cause no
|
---|
2376 | side-effects and only have the significance of resource retrieval.
|
---|
2377 | </P>
|
---|
2378 | <P>
|
---|
2379 | CGI scripts are responsible for enforcing any HTTP security considerations
|
---|
2380 | [<A HREF="#[3]">3</A>,<A HREF="#[8]">8</A>]
|
---|
2381 | with respect to the protocol version level of the request and
|
---|
2382 | any side effects generated by the scripts on behalf of
|
---|
2383 | the server. Primary
|
---|
2384 | among these
|
---|
2385 | are the considerations of safe and idempotent methods. Idempotent
|
---|
2386 | requests are those that may be repeated an arbitrary number of times
|
---|
2387 | and produce side effects identical to a single request.
|
---|
2388 | </P>
|
---|
2389 |
|
---|
2390 | <H3>
|
---|
2391 | <A NAME="11.2">
|
---|
2392 | 11.2. HTTP Header
|
---|
2393 | Fields Containing Sensitive Information
|
---|
2394 | </A>
|
---|
2395 | </H3>
|
---|
2396 | <P>
|
---|
2397 | Some HTTP header fields may carry sensitive information which the server
|
---|
2398 | SHOULD NOT pass on to the script unless explicitly configured to do
|
---|
2399 | so. For example, if the server protects the script using the
|
---|
2400 | "<SAMP>Basic</SAMP>"
|
---|
2401 | authentication scheme, then the client will send an
|
---|
2402 | "<SAMP>Authorization</SAMP>"
|
---|
2403 | header field containing a username and password. If the server, rather
|
---|
2404 | than the script, validates this information then the password SHOULD
|
---|
2405 | NOT be passed on to the script <EM>via</EM> the HTTP_AUTHORIZATION
|
---|
2406 | metavariable
|
---|
2407 | without careful consideration.
|
---|
2408 | This also applies to the
|
---|
2409 | Proxy-Authorization header field and the corresponding
|
---|
2410 | HTTP_PROXY_AUTHORIZATION
|
---|
2411 | metavariable.
|
---|
2412 | </P>
|
---|
2413 |
|
---|
2414 | <H3>
|
---|
2415 | <A NAME="11.3">
|
---|
2416 | 11.3. Script
|
---|
2417 | Interference with the Server
|
---|
2418 | </A>
|
---|
2419 | </H3>
|
---|
2420 | <P>
|
---|
2421 | The most common implementation of CGI invokes the script as a child
|
---|
2422 | process using the same user and group as the server process. It
|
---|
2423 | SHOULD therefore be ensured that the script cannot interfere with the
|
---|
2424 | server process, its configuration, or documents.
|
---|
2425 | </P>
|
---|
2426 | <P>
|
---|
2427 | If the script is executed by calling a function linked in to the
|
---|
2428 | server software (either at compile-time or run-time) then precautions
|
---|
2429 | SHOULD be taken to protect the core memory of the server, or to
|
---|
2430 | ensure that untrusted code cannot be executed.
|
---|
2431 | </P>
|
---|
2432 |
|
---|
2433 | <H3>
|
---|
2434 | <A NAME="11.4">
|
---|
2435 | 11.4. Data Length and Buffering Considerations
|
---|
2436 | </A>
|
---|
2437 | </H3>
|
---|
2438 | <P>
|
---|
2439 | This specification places no limits on the length of message-bodies
|
---|
2440 | presented to the script. Scripts should not assume that statically
|
---|
2441 | allocated buffers of any size are sufficient to contain the entire
|
---|
2442 | submission at one time. Use of a fixed length buffer without careful
|
---|
2443 | overflow checking may result in an attacker exploiting 'stack-smashing'
|
---|
2444 | or 'stack-overflow' vulnerabilities of the operating system.
|
---|
2445 | Scripts may spool large submissions to disk or other buffering media,
|
---|
2446 | but a rapid succession of large submissions may result in denial of
|
---|
2447 | service conditions. If the CONTENT_LENGTH of a message-body is larger
|
---|
2448 | than resource considerations allow, scripts should respond with an
|
---|
2449 | error status appropriate for the protocol version; potentially applicable
|
---|
2450 | status codes include '503 Service Unavailable' (HTTP/1.0 and HTTP/1.1),
|
---|
2451 | '413 Request Entity Too Large' (HTTP/1.1), and
|
---|
2452 | '414 Request-URI Too Long' (HTTP/1.1).
|
---|
2453 | </P>
|
---|
2454 |
|
---|
2455 | <H3>
|
---|
2456 | <A NAME="11.5">
|
---|
2457 | 11.5. Stateless Processing
|
---|
2458 | </A>
|
---|
2459 | </H3>
|
---|
2460 | <P>
|
---|
2461 | The stateless nature of the Web makes each script execution and resource
|
---|
2462 | retrieval independent of all others even when multiple requests constitute a
|
---|
2463 | single conceptual Web transaction. Because of this, a script should not
|
---|
2464 | make any assumptions about the context of the user-agent submitting a
|
---|
2465 | request. In particular, scripts should examine data obtained from the client
|
---|
2466 | and verify that they are valid, both in form and content, before allowing
|
---|
2467 | them to be used for sensitive purposes such as input to other
|
---|
2468 | applications, commands, or operating system services. These uses
|
---|
2469 | include, but are not
|
---|
2470 | limited to: system call arguments, database writes, dynamically evaluated
|
---|
2471 | source code, and input to billing or other secure processes. It is important
|
---|
2472 | that applications be protected from invalid input regardless of whether
|
---|
2473 | the invalidity is the result of user error, logic error, or malicious action.
|
---|
2474 | </P>
|
---|
2475 | <P>
|
---|
2476 | Authors of scripts involved in multi-request transactions should be
|
---|
2477 | particularly cautios about validating the state information;
|
---|
2478 | undesirable effects may result from the substitution of dangerous
|
---|
2479 | values for portions of the submission which might otherwise be
|
---|
2480 | presumed safe. Subversion of this type occurs when alterations
|
---|
2481 | are made to data from a prior stage of the transaction that were
|
---|
2482 | not meant to be controlled by the client (<EM>e.g.</EM>, hidden
|
---|
2483 | HTML form elements, cookies, embedded URLs, <EM>etc.</EM>).
|
---|
2484 | </P>
|
---|
2485 |
|
---|
2486 | <H2>
|
---|
2487 | <A NAME="12.0">
|
---|
2488 | 12. Acknowledgements
|
---|
2489 | </A>
|
---|
2490 | </H2>
|
---|
2491 | <P>
|
---|
2492 | This work is based on a draft published in 1997 by David R. Robinson,
|
---|
2493 | which in turn was based on the original CGI interface that arose out of
|
---|
2494 | discussions on the <EM>www-talk</EM> mailing list. In particular,
|
---|
2495 | Rob McCool, John Franks, Ari Luotonen,
|
---|
2496 | George Phillips and
|
---|
2497 | Tony Sanders deserve special recognition for their efforts in
|
---|
2498 | defining and implementing the early versions of this interface.
|
---|
2499 | </P>
|
---|
2500 | <P>
|
---|
2501 | This document has also greatly benefited from the comments and
|
---|
2502 | suggestions made by Chris Adie, Dave Kristol,
|
---|
2503 | Mike Meyer, David Morris, Jeremy Madea,
|
---|
2504 | Patrick M<SUP>c</SUP>Manus, Adam Donahue,
|
---|
2505 | Ross Patterson, and Harald Alvestrand.
|
---|
2506 | </P>
|
---|
2507 |
|
---|
2508 | <H2>
|
---|
2509 | <A NAME="13.0">
|
---|
2510 | 13. References
|
---|
2511 | </A>
|
---|
2512 | </H2>
|
---|
2513 | <DL COMPACT>
|
---|
2514 | <DT><A NAME="[1]">[1]</A>
|
---|
2515 | </DT>
|
---|
2516 | <DD>Berners-Lee, T., 'Universal Resource Identifiers in WWW: A
|
---|
2517 | Unifying Syntax for the Expression of Names and Addresses of
|
---|
2518 | Objects on the Network as used in the World-Wide Web', RFC 1630,
|
---|
2519 | CERN, June 1994.
|
---|
2520 | <P>
|
---|
2521 | </P>
|
---|
2522 | </DD>
|
---|
2523 | <DT><A NAME="[2]">[2]</A>
|
---|
2524 | </DT>
|
---|
2525 | <DD>Berners-Lee, T. and Connolly, D., 'Hypertext Markup Language -
|
---|
2526 | 2.0', RFC 1866, MIT/W3C, November 1995.
|
---|
2527 | <P>
|
---|
2528 | </P>
|
---|
2529 | </DD>
|
---|
2530 | <DT><A NAME="[3]">[3]</A>
|
---|
2531 | </DT>
|
---|
2532 | <DD>Berners-Lee, T., Fielding, R. T. and Frystyk, H.,
|
---|
2533 | 'Hypertext Transfer Protocol -- HTTP/1.0', RFC 1945, MIT/LCS,
|
---|
2534 | UC Irvine, May 1996.
|
---|
2535 | <P>
|
---|
2536 | </P>
|
---|
2537 | </DD>
|
---|
2538 |
|
---|
2539 | <DT><A NAME="[4]">[4]</A>
|
---|
2540 | </DT>
|
---|
2541 | <DD>Berners-Lee, T., Fielding, R., and Masinter, L., Editors,
|
---|
2542 | 'Uniform Resource Identifiers (URI): Generic Syntax', RFC 2396,
|
---|
2543 | MIT, U.C. Irvine, Xerox Corporation, August 1996.
|
---|
2544 | <P>
|
---|
2545 | </P>
|
---|
2546 | </DD>
|
---|
2547 |
|
---|
2548 | <DT><A NAME="[5]">[5]</A>
|
---|
2549 | </DT>
|
---|
2550 | <DD>Braden, R., Editor, 'Requirements for Internet Hosts --
|
---|
2551 | Application and Support', STD 3, RFC 1123, IETF, October 1989.
|
---|
2552 | <P>
|
---|
2553 | </P>
|
---|
2554 | </DD>
|
---|
2555 | <DT><A NAME="[6]">[6]</A>
|
---|
2556 | </DT>
|
---|
2557 | <DD>Crocker, D.H., 'Standard for the Format of ARPA Internet Text
|
---|
2558 | Messages', STD 11, RFC 822, University of Delaware, August 1982.
|
---|
2559 | <P>
|
---|
2560 | </P>
|
---|
2561 | </DD>
|
---|
2562 | <DT><A NAME="[7]">[7]</A>
|
---|
2563 | </DT>
|
---|
2564 | <DD>Fielding, R., 'Relative Uniform Resource Locators', RFC 1808,
|
---|
2565 | UC Irvine, June 1995.
|
---|
2566 | <P>
|
---|
2567 | </P>
|
---|
2568 | </DD>
|
---|
2569 | <DT><A NAME="[8]">[8]</A>
|
---|
2570 | </DT>
|
---|
2571 | <DD>Fielding, R., Gettys, J., Mogul, J., Frystyk, H. and
|
---|
2572 | Berners-Lee, T., 'Hypertext Transfer Protocol -- HTTP/1.1',
|
---|
2573 | RFC 2068, UC Irvine, DEC,
|
---|
2574 | MIT/LCS, January 1997.
|
---|
2575 | <P>
|
---|
2576 | </P>
|
---|
2577 | </DD>
|
---|
2578 | <DT><A NAME="[9]">[9]</A>
|
---|
2579 | </DT>
|
---|
2580 | <DD>Freed, N. and Borenstein N., 'Multipurpose Internet Mail
|
---|
2581 | Extensions (MIME) Part Two: Media Types', RFC 2046, Innosoft,
|
---|
2582 | First Virtual, November 1996.
|
---|
2583 | <P>
|
---|
2584 | </P>
|
---|
2585 | </DD>
|
---|
2586 | <DT><A NAME="[10]">[10]</A>
|
---|
2587 | </DT>
|
---|
2588 | <DD>Mockapetris, P., 'Domain Names - Concepts and Facilities',
|
---|
2589 | STD 13, RFC 1034, ISI, November 1987.
|
---|
2590 | <P>
|
---|
2591 | </P>
|
---|
2592 | </DD>
|
---|
2593 | <DT><A NAME="[11]">[11]</A>
|
---|
2594 | </DT>
|
---|
2595 | <DD>St. Johns, M., 'Identification Protocol', RFC 1431, US
|
---|
2596 | Department of Defense, February 1993.
|
---|
2597 | <P>
|
---|
2598 | </P>
|
---|
2599 | </DD>
|
---|
2600 | <DT><A NAME="[12]">[12]</A>
|
---|
2601 | </DT>
|
---|
2602 | <DD>'Coded Character Set -- 7-bit American Standard Code for
|
---|
2603 | Information Interchange', ANSI X3.4-1986.
|
---|
2604 | <P>
|
---|
2605 | </P>
|
---|
2606 | </DD>
|
---|
2607 | <DT><A NAME="[13]">[13]</A>
|
---|
2608 | </DT>
|
---|
2609 | <DD>Hinden, R. and Deering, S.,
|
---|
2610 | 'IP Version 6 Addressing Architecture', RFC 2373,
|
---|
2611 | Nokia, Cisco Systems,
|
---|
2612 | July 1998.
|
---|
2613 | <P>
|
---|
2614 | </P>
|
---|
2615 | </DD>
|
---|
2616 | </DL>
|
---|
2617 |
|
---|
2618 | <H2>
|
---|
2619 | <A NAME="14.0">
|
---|
2620 | 14. Authors' Addresses
|
---|
2621 | </A>
|
---|
2622 | </H2>
|
---|
2623 | <ADDRESS>
|
---|
2624 | <P>
|
---|
2625 | Ken A L Coar
|
---|
2626 | <BR>
|
---|
2627 | MeepZor Consulting
|
---|
2628 | <BR>
|
---|
2629 | 7824 Mayfaire Crest Lane, Suite 202
|
---|
2630 | <BR>
|
---|
2631 | Raleigh, NC 27615-4875
|
---|
2632 | <BR>
|
---|
2633 | U.S.A.
|
---|
2634 | </P>
|
---|
2635 | <P>
|
---|
2636 | Tel: +1 (919) 254.4237
|
---|
2637 | <BR>
|
---|
2638 | Fax: +1 (919) 254.5250
|
---|
2639 | <BR>
|
---|
2640 | Email:
|
---|
2641 | <A
|
---|
2642 | HREF="mailto:Ken.Coar@Golux.Com"
|
---|
2643 | ><SAMP>Ken.Coar@Golux.Com</SAMP></A>
|
---|
2644 | </P>
|
---|
2645 | </ADDRESS>
|
---|
2646 | <ADDRESS>
|
---|
2647 | <P>
|
---|
2648 | David Robinson
|
---|
2649 | <BR>
|
---|
2650 | E*TRADE UK Ltd
|
---|
2651 | <BR>
|
---|
2652 | Mount Pleasant House
|
---|
2653 | <BR>
|
---|
2654 | 2 Mount Pleasant
|
---|
2655 | <BR>
|
---|
2656 | Huntingdon Road
|
---|
2657 | <BR>
|
---|
2658 | Cambridge CB3 0RN
|
---|
2659 | <BR>
|
---|
2660 | UK
|
---|
2661 | </P>
|
---|
2662 | <P>
|
---|
2663 | Tel: +44 (1223) 566926
|
---|
2664 | <BR>
|
---|
2665 | Fax: +44 (1223) 506288
|
---|
2666 | <BR>
|
---|
2667 | Email:
|
---|
2668 | <A
|
---|
2669 | HREF="mailto:drtr@etrade.co.uk"
|
---|
2670 | ><SAMP>drtr@etrade.co.uk</SAMP></A>
|
---|
2671 | </ADDRESS>
|
---|
2672 |
|
---|
2673 | </BODY>
|
---|
2674 | </HTML>
|
---|