http/https protocol, common status codes, get/post, http caching mechanism

http/https protocol

1. HTTP
HTTP protocol is the abbreviation of Hyper Text Transfer Protocol, English is Hyper Text Transfer Protocol. It is a transfer protocol for transferring Hypertext Markup Language (HTML) from the WEB server to the local browser.
The original purpose of HTTP was to provide a way to publish and receive HTML pages.
There are multiple versions of HTPP, and the HTTP/1.1 version is currently widely used.

• HTTP is a protocol for transmitting data based on the TCP/IP communication protocol. The types of data transmitted are HTML files, picture files, query results, etc.
• HTTP protocol is generally used in B/S architecture (). The browser, as an HTTP client, sends all requests to the HTTP server, namely the WEB server, through the URL.

2. HTTP features
http protocol supports client/server mode, which is also a request/response mode protocol.

• Simple and fast: When a client requests a service from the server, it only needs to transmit the request method and path. -Commonly used request methods are GET, HEAD, and POST.
• Flexible: HTTP allows the transmission of any type of data object. The type of transmission is marked by Content-Type.
• No connection: Restrict each connection to process only one request. After the server has processed the request and received the response from the client, the connection is disconnected, but it is not conducive for the client to maintain a session connection with the server. In order to make up for this shortcoming, two technologies for recording http status have been produced, one is called Cookie , One is called Session.
• Stateless: Stateless means that the protocol has no memory for transaction processing, and subsequent processing requires the previous information and must be retransmitted.

3. The url uri in
HTTP HTTP uses Uniform Resource Identifiers (URI) to transmit data and establish connections.
URI: Uniform Resource Identifier uniform resource identifier identifier
URL: Uniform Resource Location uniform resource locating breaks

• URI is used to identify a specific resource, we can know what a resource is through URI.
• URL is used to locate a specific resource, marking a specific resource location. Every file on the Internet has a unique URL.

4. HTTP request message composition

• Request line: including request method, URL, protocol/version
• Request Header
• Request body
  
  5. HTTP response message composition
• Status line
• Response header
• Response body

6. Common request methods

• GET: Request the specified page information and return the entity body.
• POST: Submit data to the specified resource for processing request (such as submitting a form or uploading a file). The data is contained in the request body. POST requests may result in the creation of new resources and/or the modification of existing resources.
• HEAD: Similar to a get request, except that there is no specific content in the returned response, which is used to get the header
• PUT: The data transmitted from the client to the server replaces the content of the specified document.
• DELETE: Request the server to delete the specified page.

The difference between post and get

Both contain the request header request line, and the post has more request body.

• Get is mostly used for query, and the request parameters are placed in the url, which will not affect the content on the server. Post is used to submit, such as putting the account password in the body.
• GET is added directly to the back of the URL, and you can see the content directly in the URL, while POST is placed inside the message, and users cannot see it directly.
• The length of the data submitted by GET is limited, because the URL length is limited, and the specific length limit depends on the browser. And POST does not.

Common status codes

When accessing a web page, the browser will send a request to the web server. The server where this webpage is located will return a header containing the HTTP status code to respond to the browser's request.

Status code classification:

• 1XX- information type, the server receives the request and needs the requester to continue the operation.
• 2XX- Success type, the request is successfully received, understood and processed.
• 3XX-Redirect, further action is required to complete the request.
• 4XX-Client error, the request contains a syntax error or the request cannot be completed.
• 5XX-Server error, the server encountered an error while processing the request.

Common status codes:

• 200 OK-client request is successful
• 301-Resources (webpages, etc.) are permanently transferred to other URLs
• 302-Temporary Jump
• 400 Bad Request-The client request has a syntax error and cannot be understood by the server
• 401 Unauthorized-The request is unauthorized. This status code must be used with the WWW-Authenticate header field
• 404-The requested resource does not exist, it may be that the wrong URL was entered
• 500-An unexpected error occurred inside the server
• 503 Server Unavailable-The server is currently unable to process the client's request and may return to normal after a period of time.

HTTPS

1. Why use https

The HTTP protocol is not suitable for transmitting some sensitive information, such as various accounts, passwords and other information. The use of http protocol to transmit private information is very insecure.

Generally, the following problems exist in http:

• Request information is transmitted in plain text, which is easy to be intercepted by eavesdropping.
• The integrity of the data is not verified and can be easily tampered with
• Did not verify the identity of the other party, there is a danger of impersonation

2. Why use https

In order to solve the above-mentioned problems of HTTP, HTTPS is used.

HTTPS protocol (HyperText Transfer Protocol over Secure Socket Layer): Generally understood as HTTP+SSL/TLS, the identity of the server is verified through an SSL certificate, and the communication between the browser and the server is encrypted.

Note:
SSL (Secure Socket Layer): Developed by Netscape in 1994, the SSL protocol is located between the TCP/IP protocol and various application layer protocols to provide security support for data communication.

3. The difference between HTTPS and HTTP

HTTPS is a secure version of the HTTP protocol. The data transmission of the HTTP protocol is in plain text and is insecure. HTTPS uses the SSL/TLS protocol for encryption.
http and https use different connection methods, the default port is different, http is 80, https is 443

In actual use, most of the websites that are mentioned now use the https protocol, which is also the trend of future Internet development

HTTP caching mechanism

Browser caching is divided into strong caching and negotiation caching. The simple process for the browser to load a page is as follows:

• The browser first judges whether it hits the strong cache based on the http header information of this resource. If it hits the resource directly added to the cache, the request will not be sent to the server.
• If the strong cache is missed, the browser will send a resource loading request to the server.
• The server determines whether the browser’s local cache is invalid. If it can be used, the server will not return resource information, and the browser will continue to load resources from the cache.
• If the negotiation cache is missed, the server will return the complete resource to the browser, the browser loads the new resource, and updates the cache.
  Strong Cache
  When a strong cache is hit, the browser will not send the request to the server.
  In Chrome's developer tools, the HTTP return code is 200, but it will be displayed as (from cache) in the Size column.

Strong caching is controlled by using the Expires or Cache-Control fields in the http return header to indicate the caching time of resources.

1. Expires

The cache expiration time, used to specify the time when the resource expires, is a specific point in time on the server side. In other words, Expires=max-age + request time, which needs to be used in conjunction with Last-modified. But as we mentioned above, cache-control has a higher priority. Expires is the header field of the web server response message. When responding to the http request, it tells the browser that the browser can directly fetch data from the browser cache before the expiration time, without having to request again

2. Cache-Control

Cache-Control is a relative time, such as Cache-Control: 3600, which means that the validity period of the resource is 3600 seconds. Since it is a relative time and is compared with the client time, the time deviation between the server and the client will not cause problems.
Cache-Control and Expires can be enabled at the same time or either in the server configuration. Cache-Control has a higher priority when enabled at the same time.

Negotiation cache

If the strong cache is missed, the browser will send the request to the server. The server judges whether to hit the negotiation cache according to Last-Modify/If-Modify-Since or Etag/If-None-Match in the http header information. If it hits, the http return code is 304, and the browser loads the resource from the cache.