-
Notifications
You must be signed in to change notification settings - Fork 0
Proposal: Add Ability to Capture Provisional HTTP Responses to HTTP Session Object
Status: Closed
Comment Period Closes: 12/19/2013
Affects Backwards Compatibility: No
Relevant Issue: https://github.com/CybOXProject/schemas/issues/167
HTTP has a notion of "provisional" responses that may be returned by a server before a regular response that are intended to tell the recipient that the associated request was received but the result of processing the request is not yet known. These responses all have a 1xx code and consist of a status line and optional headers (none are required). It may be useful to add the ability to capture these responses as discrete entities in the HTTP Session Object, for more accurately being able to capture the HTTP Request/Response conversation.
Currently the HTTPRequestResponseType contains the following fields:
| Field | Type | Multiplicity | Description |
|---|---|---|---|
| HTTP_Client_Request | HTTPSessionObj:HTTPClientRequestType |
0-1 | The HTTP_Client_Request field specifies the HTTP client request portion of a single HTTP request/response pair. |
| HTTP_Server_Response | HTTPSessionObj:HTTPServerResponseType |
0-1 | The HTTP_Server_Response field specifies the HTTP server response portion of a single HTTP request/response pair. |
We propose adding an additional field, also of HTTPServerResponseType, for capturing the provisional response. This field would have an unbounded multiplicity, since more than one provisional response may be returned. Thus, the HTTPRequestResponseType would now look like the following:
| Field | Type | Multiplicity | Description |
|---|---|---|---|
| HTTP_Client_Request | HTTPSessionObj:HTTPClientRequestType |
0-1 | The HTTP_Client_Request field specifies the HTTP client request portion of a single HTTP request/response pair. |
| HTTP_Provisional_Server_Response | HTTPSessionObj:HTTPServerResponseType |
0-1 | The HTTP_Provisional_Server_Response field specifies an HTTP provisional server response that was sent before the regular HTTP response (captured in the HTTP_Server_Response field). |
| HTTP_Server_Response | HTTPSessionObj:HTTPServerResponseType |
0-1 | The HTTP_Server_Response field specifies the HTTP server response portion of a single HTTP request/response pair. |
For the full proposed schema, please see: https://github.com/ikiril01/schemas/blob/issue_167/objects/HTTP_Session_Object.xsd
There is no expected compatibility impact.
- Does it make sense to add this capability to the HTTP Session Object?
- Does the suggested implementation seem reasonable for capturing HTTP provisional server responses?