Document the HTTP transport protocol

[git/fastimport.git] / Documentation / technical / http-protocol.txt

HTTP transfer protocols
=======================

Git supports two HTTP based transfer protocols.  A "dumb" protocol
which requires only a standard HTTP server on the server end of the
connection, and a "smart" protocol which requires a Git aware CGI
(or server module).  This document describes both protocols.

As a design feature, smart clients initially attempt a smart
protocol connection, but are able to detect and downgrade to the
dumb behavior when a non-Git aware server is contacted.  This feature
permits all users to have the same published URL, and the peers will
automatically select the most efficient transport available to them.


URL Format
----------

URLs for Git repositories accessed by HTTP use the standard HTTP
URL syntax documented by RFC 1738, so they are of the form:

  http://<host>:<port>/<path>

Within this documentation the placeholder $GIT_URL will stand for
the repository URL entered by the end-user.

The $GIT_URL specifies the path to the repository and is mapped to
a location on the server's filesystem by the HTTP server.

Both the "smart" and "dumb" HTTP protocols used by Git operate
by appending additional path components onto the end of the user
supplied $GIT_URL string.

Clients MUST strip a trailing '/', if present, from the user supplied
$GIT_URL string to prevent empty path components ('//') from appearing
in any URL sent to a server.  Compatible clients MUST expand
'$GIT_URL/info/refs' as 'foo/info/refs' and not 'foo//info/refs'.

Some example $GIT_URLs are shown below.  In each grouping the first
URL was entered by the user, while the remaining URLS below the
discussion are what will be requested by a conforming client:

http://git.example.com/repos/projects/it.git::
        The client connects to 'git.example.com' on port 80, and requests
        the repository available at '/repos/projects/it.git'.  The server
        is free to map this path to its local filesystem by any URL-to-file
        mapping rules it supports.
+
--------
http://git.example.com/repos/projects/it.git/info/refs?service=git-upload-pack
http://git.example.com/repos/projects/it.git/git-upload-pack
--------

http://git.example.com/repos/projects/it.git/::
        Exactly like the URL group above, except a conforming client
        would avoid double slashes when appending the "/info/refs"
        or "/git-upload-pack" suffix:
+
--------
http://git.example.com/repos/projects/it.git/info/refs?service=git-upload-pack
http://git.example.com/repos/projects/it.git/git-upload-pack
--------

http://example.com/repos/projects/frobinator::
        Repository URLs do not need to contain the string 'git'
        to be a valid $GIT_URL as described in this document.
+
--------
http://example.com/repos/projects/frobinator/info/refs?service=git-upload-pack
http://example.com/repos/projects/frobinator/git-upload-pack
--------

*  https://example.com/git/test.git
        The client connects to 'example.com' on port 443 using HTTP
        over SSL, and requests the repository at '/git/test.git'.
        This is identical to the cases above, except the client is
        using SSL to protect its communications with the server.
+
--------
https://example.com/git/test.git/info/refs?service=git-receive-pack
https://example.com/git/test.git/git-receive-pack
--------

*  http://desktop:8080/work/.git
        The client connects to 'desktop' on port 8080 using
        plain-text HTTP, and requests the repository at '/work/.git'.
        This might be a repository with a working directory, or it
        could be a non-standard naming of a bare repository.
+
--------
http://desktop:8080/work/.git/info/refs?service=git-upload-pack
http://desktop:8080/work/.git/git-upload-pack
--------

*  http://example.com/r/?p=project/forks/user.git
        When making requests on $GIT_URLs which already contain a
        query string conforming clients append the suffix to the
        end of the query string, but for '/info/refs' add service
        as another query parameter.
+
--------
http://example.com/r/?p=project/forks/user.git/info/refs&service=git-upload-pack
http://example.com/r/?p=project/forks/user.git/git-upload-pack
--------

*  http://example/repos/master.git/child.git::
        The client is requesting 'child.git', which lives within a
        location named '/repos/master.git'.
+
If '/repos/master.git' happens to be a valid Git repository, this
is a reference to a directory called 'child.git' stored within the
top level of that GIT_DIR.  It is not a reference to the contents
of a revision of '/repos/master.git'.
+
--------
http://example/repos/master.git/child.git/info/refs?service=git-upload-pack
http://example/repos/master.git/child.git/git-upload-pack
--------


Authentication
--------------

Standard HTTP authentication is used if authentication is required
to access a repository, and MAY be configured and enforced by the
HTTP server software.

Because Git repositories can be named by standard path components
server administrators MAY use directory based permissions within
their HTTP server to control repository access.

Clients SHOULD support Basic authentication as described by RFC 2616.
Servers SHOULD support Basic authentication.

Servers SHOULD NOT require HTTP cookies for the purposes of
authentication or access control.

Clients and servers MAY support other common forms of HTTP based
authentication, such as Digest authentication.


SSL
---

Clients and servers SHOULD support SSL, particularly to protect
passwords when relying on Basic HTTP authentication.


Session State
-------------

The Git over HTTP protocol (much like HTTP itself) is stateless
from the perspective of the HTTP server side.  All state must be
retained and managed by the client process.  This permits simple
round-robin load-balancing on the server side, without needing to
worry about state management.

Clients MUST NOT require state management on the server side in
order to function correctly.

Clients MAY store and forward HTTP cookies during request processing
as described by RFC 2616 (HTTP/1.1).


ABNF Notation
-------------

ABNF notation as described by RFC 5234 is used within this document,
except the following replacement core rules are used:
----
        HEXDIG    =  DIGIT / "a" / "b" / "c" / "d" / "e" / "f"
----

We also define the following common rules:
----
        NUL       =  %x00
        zero-id   =  40*"0"
        obj-id    =  40*(HEXDIGIT)

        refname  =  "HEAD"
        refname /=  "refs/" <see discussion below>
----

A refname is a hierarichal octet string beginning with "refs/" and
not violating the 'git-check-ref-format' command's validation rules.
More generally, they:

. They can include slash `/` for hierarchical (directory)
  grouping, but no slash-separated component can begin with a
  dot `.`.

. They must contain at least one `/`. This enforces the presence of a
  category like `heads/`, `tags/` etc. but the actual names are not
  restricted.

. They cannot have two consecutive dots `..` anywhere.

. They cannot have ASCII control characters (i.e. bytes whose
  values are lower than \040, or \177 `DEL`), space, tilde `~`,
  caret `{caret}`, colon `:`, question-mark `?`, asterisk `*`,
  or open bracket `[` anywhere.

. They cannot end with a slash `/` nor a dot `.`.

. They cannot end with the sequence `.lock`.

. They cannot contain a sequence `@{`.

. They cannot contain a `\\`.


pkt-line Format
---------------

Much (but not all) of the payload is described around pkt-lines.

A pkt-line is a variable length binary string.  The first four bytes
of the line, the pkt-len, indicates the total length of the line,
in hexadecimal.  The pkt-len includes the 4 bytes used to contain
the length's hexadecimal representation.

A pkt-line MAY contain binary data, so implementors MUST ensure
pkt-line parsing/formatting routines are 8-bit clean.

A non-binary line SHOULD BE terminated by an LF, which if present
MUST be included in the total length.

The maximum length of a pkt-line's data component is 65520 bytes.
Implementations MUST NOT send pkt-line whose length exceeds 65524
(65520 bytes of payload + 4 bytes of length data).

Implementations SHOULD NOT send an empty pkt-line ("0004").

A pkt-line with a length field of 0 ("0000"), called a flush-pkt,
is a special case and MUST be handled differently than an empty
pkt-line ("0004").

----
        pkt-line     =  data-pkt / flush-pkt

        data-pkt     =  pkt-len pkt-payload
    pkt-len      =  4*(HEXDIG)
        pkt-payload  =  (pkt-len - 4)*(OCTET)

        flush-pkt    = "0000"
----

Examples (as C-style strings):

----
  pkt-line          actual value
  ---------------------------------
  "0006a\n"         "a\n"
  "0005a"           "a"
  "000bfoobar\n"    "foobar\n"
  "0004"            ""
----


General Request Processing
--------------------------

Except where noted, all standard HTTP behavior SHOULD be assumed
by both client and server.  This includes (but is not necessarily
limited to):

If there is no repository at $GIT_URL, the server MUST respond with
the '404 Not Found' HTTP status code.

If there is a repository at $GIT_URL, but access is not currently
permitted, the server MUST respond with the '403 Forbidden' HTTP
status code.

If there is a repository at $GIT_URL, but the dumb version of the
protocol is being used, a server SHOULD respond with '404 Not Found'
if the requested loose object file or pack file is not found within
the repository.

Servers SHOULD support both HTTP 1.0 and HTTP 1.1.
Servers SHOULD support chunked encoding for both
request and response bodies.

Clients SHOULD support both HTTP 1.0 and HTTP 1.1.
Clients SHOULD support chunked encoding for both
request and response bodies.

Servers MAY return ETag and/or Last-Modified headers.

Clients MAY revalidate cached entities by including If-Modified-Since
and/or If-None-Match request headers.

Servers MAY return '304 Not Modified' if the relevant headers appear
in the request and the entity has not changed.  Clients MUST treat
'304 Not Modified' identical to '200 OK' by reusing the cached entity.

Clients MAY reuse a cached entity without revalidation if the
Cache-Control and/or Expires header permits caching.  Clients and
servers MUST follow RFC 2616 for cache controls.


Discovering References
----------------------

All HTTP clients MUST begin either a fetch or a push exchange by
discovering the references available on the remote repository.

Dumb Clients
~~~~~~~~~~~~

HTTP clients that only support the "dumb" protocol MUST discover
references by making a request for the special info/refs file of
the repository.

Dumb HTTP clients MUST NOT include the 'service=$name' query
parameter when fetching the info/refs file.

        C: GET $GIT_URL/info/refs HTTP/1.0

        S: 200 OK
        S:
        S: 95dcfa3633004da0049d3d0fa03f80589cbcaf31     refs/heads/maint
        S: d049f6c27a2244e12041955e262a404c7faba355     refs/heads/master
        S: 2cb58b79488a98d2721cea644875a8dd0026b115     refs/tags/v1.0
        S: a3c2e2402b99163d1d59756e5f207ae21cccba4c     refs/tags/v1.0^{}

The Content-Type of the returned info/refs entity SHOULD be
"text/plain; charset=utf-8", but MAY be any content type.
Clients MUST NOT attempt to validate the returned Content-Type.
Dumb servers MUST NOT return a return type starting with
"application/x-git-".

Cache-Control headers MAY be returned to control caching of the
returned entity.

The returned content is a UNIX formatted text file describing
each ref and its known value.  The file SHOULD be sorted by name
according to the C locale ordering.  The file SHOULD NOT include
the default ref named 'HEAD'.

----
        info-refs          =  *info-ref-record
        info-ref-record    =  info-any / info-peeled

        info-any           =  obj-id HTAB refname LF
        info-peeled        =  obj-id HTAB refname LF
                              obj-id HTAB refname "^{}" LF
----


Smart Clients
~~~~~~~~~~~~~

HTTP clients that support the "smart" protocol (or both the
"smart" and "dumb" protocols) MUST discover references by making
a parameterized request for the info/refs file of the repository.

The request MUST contain the query parameter, 'service=$servicename',
where $servicename MUST be the service name the client wishes
to contact to complete the operation.  The request MAY contain
additional query parameters only if they were present in $GIT_URL
(the URL entered by the user).

client request::
----
        GET $GIT_URL/info/refs?service=git-upload-pack HTTP/1.0
----

dumb server reply::
----
        200 OK
        
        95dcfa3633004da0049d3d0fa03f80589cbcaf31        refs/heads/maint
        d049f6c27a2244e12041955e262a404c7faba355        refs/heads/master
        2cb58b79488a98d2721cea644875a8dd0026b115        refs/tags/v1.0
        a3c2e2402b99163d1d59756e5f207ae21cccba4c        refs/tags/v1.0^{}
----

smart server reply::
----
        200 OK
        Content-Type: application/x-git-upload-pack-advertisement
        Cache-Control: no-cache
        
        ....# service=git-upload-pack
        0000
        ....d049f6c27a2244e12041955e262a404c7faba355 HEAD\0multi_ack_2
        ....95dcfa3633004da0049d3d0fa03f80589cbcaf31 refs/heads/maint
        ....d049f6c27a2244e12041955e262a404c7faba355 refs/heads/master
        ....2cb58b79488a98d2721cea644875a8dd0026b115 refs/tags/v1.0
        ....a3c2e2402b99163d1d59756e5f207ae21cccba4c refs/tags/v1.0^{}
        0000
----

Dumb Server Response
^^^^^^^^^^^^^^^^^^^^
Dumb servers MUST respond with the dumb server reply format.

See the prior section under dumb clients for a more detailed
description of the dumb server response.

Smart Server Response
^^^^^^^^^^^^^^^^^^^^^
Smart servers MUST respond with the smart server reply format if
they are willing to be treated like a smart server.

Smart servers which have disabled the smart version of the
requested service MAY respond with either the dumb server
reply format, or MAY respond with "403 Forbidden".

If the server does not recognize the requested service name the
server MUST respond with the '403 Forbidden' HTTP status code.

Cache-Control headers SHOULD be used to disable caching of the
returned entity.

The Content-Type MUST be 'application/x-$servicename-advertisement'.
Clients SHOULD fall back to the dumb protocol if another content
type is returned.  When falling back to the dumb protocol clients
SHOULD NOT make an additional request to $GIT_URL/info/refs, but
instead SHOULD use the response already in hand.  Clients MUST NOT
continue if they do not support the dumb protocol.

Clients MUST validate the first five bytes of the response entity
matches the regex "^[0-9a-f]{4}#".  If this test fails, clients
MUST NOT continue.

Clients MUST parse the entire response as a sequence of pkt-line
records.

Clients MUST verify the first pkt-line is "# service=$servicename".
Servers MUST set $servicename to be the request parameter value.
Servers SHOULD include an LF at the end of this line.
Clients MUST ignore an LF at the end of the line.

The returned response is a pkt-line stream describing each ref and
its known value.  The stream SHOULD be sorted by name according to
the C locale ordering.  The stream SHOULD include the default ref
named 'HEAD' as the first ref.  The stream MUST include capability
declarations behind a NUL on the first ref.

----
        advertisement    =  service-hdr advertised-refs

        service-hdr      =  PKT-LINE("# service=$servicename" LF)
                            flush-pkt

        advertised-refs  =  (no-refs / list-of-refs)
                            flush-pkt

        no-refs          =  PKT-LINE(zero-id SP "capabilities^{}"
                                     NUL capability-list LF)

        list-of-refs     =  first-ref *other-ref
        first-ref        =  PKT-LINE(obj-id SP refname
                                     NUL capability-list LF)

        other-ref        =  PKT-LINE(other-tip / other-peeled)
        other-tip        =  obj-id SP refname LF
        other-peeled     =  obj-id SP refname "^{}" LF

        capability-list  =  capability *(SP capability)
    capability       =  1*(ALPHA / DIGIT / "-" / "_")
----


Smart Service git-upload-pack
------------------------------
This service reads from the remote repository.

Clients MUST first perform ref discovery with
'$GIT_URL/info/refs?service=git-upload-pack'.

Clients MUST use POST method to send the request payload to the
git-upload-pack service URL.

client request::
----
        POST $GIT_URL/git-upload-pack HTTP/1.0
        Content-Type: application/x-git-upload-pack-request
        
        ....want 0a53e9ddeaddad63ad106860237bbf53411d11a7
        0000
        ....have 441b40d833fdfa93eb2908e52742248faf0ee993
        0000
----

server result::
----
        200 OK
        Content-Type: application/x-git-upload-pack-result
        Cache-Control: no-cache
        
        ....ACK %s, common
        ....ACK %s, continue
        ....NAK
----

Clients MUST NOT reuse or revalidate a cached reponse.
Servers MUST include sufficient Cache-Control headers
to prevent caching of the response.

Servers SHOULD support all capabilities defined in this document.

Clients MUST send at least one 'want' command in the request body.
Clients MUST NOT mention an obj-id in a 'want' command which did
not appear in the response obtained through ref discovery.

----
        upload-request    =  state-vector
                             have-list
                             compute-end

        state-vector      =  want-list
                             prior-common

        prior-common      =  *have-line

        want-list         =  PKT-LINE(first-want)
                             *additional-want
                                                 flush-pkt

        first-want        =  PKT-LINE("want" SP obj-id SP capability-list LF)
        additional-want   =  PKT-LINE("want" SP obj-id LF)

        have-list         =  *have-line
        have-line         =  PKT-LINE("have" SP obj-id LF)
        compute-end       =  flush-pkt / PKT-LINE("done")
----

TODO: Document this further.
TODO: Don't use uppercase for variable names below.

Capability include-tag
~~~~~~~~~~~~~~~~~~~~~~

When packing an object that an annotated tag points at, include the
tag object too.  Clients can request this if they want to fetch
tags, but don't know which tags they will need until after they
receive the branch data.  By enabling include-tag an entire call
to upload-pack can be avoided.

Capability thin-pack
~~~~~~~~~~~~~~~~~~~~

When packing a deltified object the base is not included if the base
is reachable from an object listed in the COMMON set by the client.
This reduces the bandwidth required to transfer, but it does slightly
increase processing time for the client to save the pack to disk.

The Negotiation Algorithm
~~~~~~~~~~~~~~~~~~~~~~~~~
The computation to select the minimal pack proceeds as follows
(c = client, s = server):

 init step:
 (c) Use ref discovery to obtain the advertised refs.
 (c) Place any object seen into set ADVERTISED.

 (c) Build an empty set, COMMON, to hold the objects that are later
     determined to be on both ends.
 (c) Build a set, WANT, of the objects from ADVERTISED the client
     wants to fetch, based on what it saw during ref discovery.

 (c) Start a queue, C_PENDING, ordered by commit time (popping newest
     first).  Add all client refs.  When a commit is popped from
     the queue its parents should be automatically inserted back.
     Commits MUST only enter the queue once.

 one compute step:
 (c) Send one $GIT_URL/git-upload-pack request:

        C: 0032want <WANT #1>...............................
        C: 0032want <WANT #2>...............................
        ....
        C: 0032have <COMMON #1>.............................
        C: 0032have <COMMON #2>.............................
        ....
        C: 0032have <HAVE #1>...............................
        C: 0032have <HAVE #2>...............................
        ....
        C: 0000

     The stream is organized into "commands", with each command
     appearing by itself in a pkt-line.  Within a command line
     the text leading up to the first space is the command name,
     and the remainder of the line to the first LF is the value.
     Command lines are terminated with an LF as the last byte of
     the pkt-line value.

     Commands MUST appear in the following order, if they appear
     at all in the request stream:

       * want
       * have

     The stream is terminated by a pkt-line flush ("0000").

     A single "want" or "have" command MUST have one hex formatted
     SHA-1 as its value.  Multiple SHA-1s MUST be sent by sending
     multiple commands.

     The HAVE list is created by popping the first 32 commits
     from C_PENDING.  Less can be supplied if C_PENDING empties.

     If the client has sent 256 HAVE commits and has not yet
     received one of those back from S_COMMON, or the client has
     emptied C_PENDING it should include a "done" command to let
     the server know it won't proceed:

        C: 0009done

  (s) Parse the git-upload-pack request:

      Verify all objects in WANT are directly reachable from refs.

          The server MAY walk backwards through history or through
      the reflog to permit slightly stale requests.

      If no WANT objects are received, send an error:

TODO: Define error if no want lines are requested.

      If any WANT object is not reachable, send an error:

TODO: Define error if an invalid want is requested.

     Create an empty list, S_COMMON.

     If 'have' was sent:

     Loop through the objects in the order supplied by the client.
     For each object, if the server has the object reachable from
     a ref, add it to S_COMMON.  If a commit is added to S_COMMON,
     do not add any ancestors, even if they also appear in HAVE.

  (s) Send the git-upload-pack response:

     If the server has found a closed set of objects to pack or the
     request ends with "done", it replies with the pack.

TODO: Document the pack based response
        S: PACK...

     The returned stream is the side-band-64k protocol supported
     by the git-upload-pack service, and the pack is embedded into
     stream 1.  Progress messages from the server side may appear
     in stream 2.

     Here a "closed set of objects" is defined to have at least
     one path from every WANT to at least one COMMON object.

     If the server needs more information, it replies with a
     status continue response:

TODO: Document the non-pack response

  (c) Parse the upload-pack response:

TODO: Document parsing response

      Do another compute step.


Smart Service git-receive-pack
------------------------------
This service modifies the remote repository.

Clients MUST first perform ref discovery with
'$GIT_URL/info/refs?service=git-receive-pack'.

        C: POST $GIT_URL/git-receive-pack HTTP/1.0
        C: Content-Type: application/x-git-receive-pack-request
        C:
        C: ....0a53e9ddeaddad63ad106860237bbf53411d11a7 441b40d833fdfa93eb2908e52742248faf0ee993 refs/heads/maint\0 report-status
        C: 0000
        C: PACK....

        S: 200 OK
        S: Content-Type: application/x-git-receive-pack-result
        S: Cache-Control: no-cache
        S:
        S: ....

Clients MUST NOT reuse or revalidate a cached reponse.
Servers MUST include sufficient Cache-Control headers
to prevent caching of the response.

Servers SHOULD support all capabilities defined here.

Clients MUST send at least one command in the request body.
Within the command portion of the request body clients SHOULD send
the id obtained through ref discovery as old_id.

----
        update-request    =  command-list pack-file

        command-list      =  PKT-LINE(command NUL capability-list LF)
                             *PKT-LINE(command LF)
                             flush-pkt

        command           =  create / delete / update
        create            =  zero-id SP new-id  SP name
        delete            =  old-id  SP zero-id SP name
        update            =  old-id  SP new-id  SP name

        old-id            =  obj-id
        new-id            =  obj-id

        pack-file         = "PACK" 24*(OCTET)

        update-response   = unpack-status
                            1*(command-status)
                            flush-pkt

        unpack-status     = PKT-LINE("unpack" SP unpack-result LF)
        unpack-result     = "ok" / error-msg

        command-status    = command-ok / command-fail
        command-ok        = PKT-LINE("ok" SP refname LF)
        command-fail      = PKT-LINE("ng" SP refname SP error-msg LF)

        error-msg         = 1*(OCTECT) ; where not "ok"
----

TODO: Document this further.


References
----------

link:http://www.ietf.org/rfc/rfc1738.txt[RFC 1738: Uniform Resource Locators (URL)]
link:http://www.ietf.org/rfc/rfc2119.txt[RFC 2119: Key words for use in RFCs to Indicate Requirement Levels]
link:http://www.ietf.org/rfc/rfc2616.txt[RFC 2616: Hypertext Transfer Protocol -- HTTP/1.1]
link:http://www.ietf.org/rfc/rfc5234.txt[RFC 5234: Augmented BNF for Syntax Specifications: ABNF]