HTTP, HTTPS detailed explanation and get post difference, status code

1. What is the HTTP protocol

　　HTTP is the abbreviation of hypertext transfer protocol, which is an application layer protocol of TCP/IP protocol, which is used to define the process of exchanging data between WEB browser and WEB server. After the client connects to the web server, if it wants to obtain a certain web resource in the web server, it needs to comply with a certain communication format. The HTTP protocol is used to define the communication format between the client and the web server.

Second, the version of the HTTP protocol

　　Version of HTTP protocol: HTTP/1.0, HTTP/1.1

3. The difference between HTTP1.0 and HTTP1.1

　　In the HTTP1.0 protocol, after the client establishes a connection with the web server, it can only obtain one web resource. 

　　In the HTTP1.1 protocol, a client is allowed to obtain multiple web resources on one connection after establishing a connection with a web server.

4. HTTP request

4.1, the content of the HTTP request

　　After the client connects to the server, it requests a web resource from the server, which is called the client sending an HTTP request to the server.

A complete HTTP request consists of the following: a request line, several message headers, and an example of entity content 
:

　　

4.2. Details of HTTP request - request line

　　The GET in the request line is called the request method. The request methods are: POST, GET, HEAD, OPTIONS, DELETE, TRACE, PUT. The commonly used ones are: GET, POST  If the
　　 
　　user does not set it, the browser sends the server to the server by default All of them are get requests, such as accessing the address directly in the browser, clicking on a hyperlink to access, etc. are all get requests. If users want to change the request mode to post, they can do so by changing the form submission method. 
　　 
　　Regardless of POST or GET, it is used to request a WEB resource from the server. The difference between the two methods is mainly in data transmission: if the request method is the GET method, it can be brought in the form of ? after the requested URL address. The data sent to the server is separated by &, for example: GET /mail/1.html?name=abc&password=xyz HTTP/1.1 
　　 
　　Characteristics of GET method: The parameters attached after the URL address are limited, and the data capacity usually cannot exceed 1K . 
　　 

　　If the request method is the POST method, data can be sent to the server in the requested entity content. The characteristics of the POST method are that the amount of transmitted data is unlimited.

Difference between GET and POST

1. Standard answer

• GET is harmless when the browser falls back, while POST submits the request again.
• The URL address generated by GET can be Bookmarked, but POST cannot.
• GET requests will be actively cached by the browser, while POST will not, unless manually set.
• GET requests can only be url encoded, while POST supports multiple encoding methods.
• GET request parameters will be fully preserved in the browser history, while POST parameters will not be preserved.
• The parameters passed in the URL for GET requests are limited in length, while POST does not.
• For parameter data types, GET only accepts ASCII characters, while POST has no restrictions.
• GET is less secure than POST because the parameters are exposed directly on the URL, so it cannot be used to pass sensitive information.
• GET parameters are passed through the URL, and POST is placed in the Request body.

2. In-depth answers

• GET and POST are two methods of sending requests in the HTTP protocol.
• HTTP is a protocol based on TCP/IP for how data is communicated on the World Wide Web. ( The bottom layer of HTTP is TCP/IP. So the bottom layer of GET and POST is also TCP/IP, that is to say, GET/POST are both TCP links. GET and POST can do the same thing. You have to add to GET request body, bring url parameters to POST, technically it is completely feasible. )
• GET produces one TCP packet; POST produces two TCP packets. ( For a GET request, the browser will send the http header and data together, and the server responds with 200 (returning data); for POST, the browser sends the header first, the server responds with 100 continue, the browser sends the data, and the server Response 200 ok (return data) )
  

4.3. Details of HTTP request - message header

　　Common headers in HTTP requests

• accept: - the browser tells the server through this header, the data types it supports
• Accept-Charset: - The browser tells the server which character set it supports through this header
• Accept-Encoding: - The browser tells the server through this header, the supported compression format
• Accept-Language: - The browser tells the server through this header, its locale
• Host: - The browser tells the server which host it wants to access through this header
• If-Modified-Since:—— The browser tells the server through this header, the time to cache the data
• Referer: - The browser tells the server through this header, which page the client is from the anti-leech link
• Connection: - The browser tells the server through this header whether to disconnect the link or hold the link after the request

E.g:

<code class="hljs lasso has-numbering" style="display: block; padding: 0px; color: inherit; box-sizing: border-box; font-family: 'Source Code Pro', monospace;font-size:undefined; white-space: pre; border-radius: 0px; word-wrap: normal; background: transparent;">Accept: application/x<span class="hljs-attribute" style="box-sizing: border-box;">-ms</span><span class="hljs-attribute" style="box-sizing: border-box;">-application</span>, image/jpeg, application/xaml<span class="hljs-subst" style="color: rgb(0, 0, 0); box-sizing: border-box;">+</span><span class="hljs-built_in" style="color: rgb(102, 0, 102); box-sizing: border-box;">xml</span>, image/gif, image/pjpeg, application/x<span class="hljs-attribute" style="box-sizing: border-box;">-ms</span><span class="hljs-attribute" style="box-sizing: border-box;">-xbap</span>, application/vnd<span class="hljs-built_in" style="color: rgb(102, 0, 102); box-sizing: border-box;">.</span>ms<span class="hljs-attribute" style="box-sizing: border-box;">-excel</span>, application/vnd<span class="hljs-built_in" style="color: rgb(102, 0, 102); box-sizing: border-box;">.</span>ms<span class="hljs-attribute" style="box-sizing: border-box;">-powerpoint</span>, application/msword, <span class="hljs-subst" style="color: rgb(0, 0, 0); box-sizing: border-box;">*</span><span class="hljs-comment" style="color: rgb(136, 0, 0); box-sizing: border-box;">/* Referer: http://localhost:8080/JavaWebDemoProject/Web/2.jsp Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3) Accept-Encoding: gzip, deflate Host: localhost:8080 Connection: Keep-Alive</span></code><ul class="pre-numbering" style="box-sizing: border-box; position: absolute; width: 50px; top: 0px; left: 0px; margin: 0px; padding: 6px 0px 40px; border-right-width: 1px; border-right-style: solid; border-right-color: rgb(221, 221, 221); list-style: none; text-align: right; background-color: rgb(238, 238, 238);"><li style="box-sizing: border-box; padding: 0px 5px;">1</li><li style="box-sizing: border-box; padding: 0px 5px;">2</li><li style="box-sizing: border-box; padding: 0px 5px;">3</li><li style="box-sizing: border-box; padding: 0px 5px;">4</li><li style="box-sizing: border-box; padding: 0px 5px;">5</li><li style="box-sizing: border-box; padding: 0px 5px;">6</li><li style="box-sizing: border-box; padding: 0px 5px;">7</li><li style="box-sizing: border-box; padding: 0px 5px;">8</li></ul>3</li><li style="box-sizing: border-box; padding: 0px 5px;">4</li><li style="box-sizing: border-box; padding: 0px 5px;">5</li><li style="box-sizing: border-box; padding: 0px 5px;">6</li><li style="box-sizing: border-box; padding: 0px 5px;">7</li><li style="box-sizing: border-box; padding: 0px 5px;">8</li></ul>3</li><li style="box-sizing: border-box; padding: 0px 5px;">4</li><li style="box-sizing: border-box; padding: 0px 5px;">5</li><li style="box-sizing: border-box; padding: 0px 5px;">6</li><li style="box-sizing: border-box; padding: 0px 5px;">7</li><li style="box-sizing: border-box; padding: 0px 5px;">8</li></ul>/ul>/ul>

Five, HTTP response

5.1, the content of the HTTP response

　　An HTTP response represents the data returned by the server to the client, which includes:  a status line, several message headers, and entity content.  
　　 
 
　　 
example:

<code class="hljs http has-numbering" style="display: block; padding: 0px; color: inherit; box-sizing: border-box; font-family: 'Source Code Pro', monospace;font-size:undefined; white-space: pre; border-radius: 0px; word-wrap: normal; background: transparent;"><span class="hljs-status" style="color: rgb(0, 0, 136); box-sizing: border-box;">HTTP/1.1 <span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">200</span> OK</span> <span class="hljs-attribute" style="box-sizing: border-box;">Server</span>: <span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">Apache-Coyote/1.1</span> <span class="hljs-attribute" style="box-sizing: border-box;">Content-Type</span>: <span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">text/html;charset=ISO-8859-1</span> <span class="hljs-attribute" style="box-sizing: border-box;">Content-Length</span>: <span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">105</span> <span class="hljs-attribute" style="box-sizing: border-box;">Date</span>: <span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">Tue, 27 May 2014 16:23:28 GMT</span> <span class="xml" style="box-sizing: border-box;"><span class="hljs-tag" style="color: rgb(0, 102, 102);box-sizing: border-box;"><<span class="hljs-title" style="box-sizing: border-box; color: rgb(0, 0, 136);">html</span>></span> <span class="hljs-tag" style="color: rgb(0, 102, 102); box-sizing: border-box;"><<span class="hljs-title" style="box-sizing: border-box; color: rgb(0, 0, 136);">head</span>></span> <span class="hljs-tag" style="color: rgb(0, 102, 102); box-sizing: border-box;"><<span class="hljs-title" style="box-sizing: border-box; color: rgb(0, 0, 136);">title</span>></span>Hello World JSP<span class="hljs-tag" style="color: rgb(0, 102, 102); box-sizing: border-box;"></<span class="hljs-title" style="box-sizing: border-box; color: rgb(0, 0, 136);">title</span>></span> <span class="hljs-tag" style="color: rgb(0, 102, 102); box-sizing: border-box;"></<span class="hljs-title" style="box-sizing: border-box; color: rgb(0, 0, 136);">head</span>></span> <span class="hljs-tag" style="color: rgb(0, 102, 102); box-sizing: border-box;"><<span class="hljs-title" style="box-sizing: border-box; color: rgb(0, 0, 136);">body</span>></span> Hello World! <span class="hljs-tag" style="color: rgb(0, 102, 102); box-sizing: border-box;"></<span class="hljs-title" style="box-sizing: border-box; color: rgb(0, 0, 136);">body</span>></span><span class="hljs-tag" style="color: rgb(0, 102, 102); box-sizing: border-box;"></<span class="hljs-title" style="box-sizing: border-box; color: rgb(0, 0, 136);">html</span>></span></span></code><ul class="pre-numbering" style="box-sizing: border-box; position: absolute; width: 50px; top: 0px; left: 0px; margin: 0px; padding: 6px 0px 40px; border-right-width: 1px; border-right-style: solid; border-right-color: rgb(221, 221, 221); list-style: none; text-align: right; background-color: rgb(238, 238, 238);"><li style="box-sizing: border-box; padding: 0px 5px;">1</li><li style="box-sizing: border-box; padding: 0px 5px;">2</li><li style="box-sizing: border-box; padding: 0px 5px;">3</li><li style="box-sizing: border-box; padding: 0px 5px;">4</li><li style="box-sizing: border-box; padding: 0px 5px;">5</li><li style="box-sizing: border-box; padding: 0px 5px;">6</li><li style="box-sizing: border-box; padding: 0px 5px;">7</li><li style="box-sizing: border-box; padding: 0px 5px;">8</li><li style="box-sizing: border-box; padding: 0px 5px;">9</li><li style="box-sizing: border-box; padding: 0px 5px;">10</li><li style="box-sizing: border-box; padding: 0px 5px;">11</li><li style="box-sizing: border-box; padding: 0px 5px;">12</li><li style="box-sizing: border-box; padding: 0px 5px;">13</li><li style="box-sizing: border-box; padding: 0px 5px;">14</li><li style="box-sizing: border-box; padding: 0px 5px;">15</li></ul>

5.2, HTTP Response Details - Status Line

　 Status line format:  HTTP version number status code reason description<CRLF>

  举例：HTTP/1.1 200 OK

A status code that begins with 2 (request successful) indicates that the request was successfully processed.

200 (Success) The server has successfully processed the request. Typically, this means that the server served the requested web page. 
201 (Created) The request was successful and the server created a new resource. 
202 (Accepted) The server has accepted the request but has not yet processed it. 
203 (Unauthorized Information) The server successfully processed the request, but the returned information may have come from another source. 
204 (No Content) The server successfully processed the request but returned no content. 
205 (Content reset) The server successfully processed the request but returned no content.
206 (Partial Content) The server successfully processed a partial GET request.

3 at the beginning (the request is redirected) indicates that further action is required to complete the request. Typically, these status codes are used for redirection.

300   （多种选择）  针对请求，服务器可执行多种操作。 服务器可根据请求者 (user agent) 选择一项操作，或提供操作列表供请求者选择。 
301   （永久移动）  请求的网页已永久移动到新位置。 服务器返回此响应（对 GET 或 HEAD 请求的响应）时，会自动将请求者转到新位置。
302   （临时移动）  服务器目前从不同位置的网页响应请求，但请求者应继续使用原有位置来进行以后的请求。
303   （查看其他位置） 请求者应当对不同的位置使用单独的 GET 请求来检索响应时，服务器返回此代码。
304   （未修改） 自从上次请求后，请求的网页未修改过。 服务器返回此响应时，不会返回网页内容。 
305   （使用代理） 请求者只能使用代理访问请求的网页。 如果服务器返回此响应，还表示请求者应使用代理。 
307   （临时重定向）  服务器目前从不同位置的网页响应请求，但请求者应继续使用原有位置来进行以后的请求。

4开头 （请求错误）这些状态代码表示请求可能出错，妨碍了服务器的处理。

400   （错误请求） 服务器不理解请求的语法。 
401   （未授权） 请求要求身份验证。 对于需要登录的网页，服务器可能返回此响应。 
403   （禁止） 服务器拒绝请求。
404   （未找到） 服务器找不到请求的网页。
405   （方法禁用） 禁用请求中指定的方法。 
406   （不接受） 无法使用请求的内容特性响应请求的网页。 
407   （需要代理授权） 此状态代码与 401（未授权）类似，但指定请求者应当授权使用代理。
408   （请求超时）  服务器等候请求时发生超时。 
409   （冲突）  服务器在完成请求时发生冲突。 服务器必须在响应中包含有关冲突的信息。 
410   （已删除）  如果请求的资源已永久删除，服务器就会返回此响应。 
411   （需要有效长度） 服务器不接受不含有效内容长度标头字段的请求。 
412   （未满足前提条件） 服务器未满足请求者在请求中设置的其中一个前提条件。 
413   （请求实体过大） 服务器无法处理请求，因为请求实体过大，超出服务器的处理能力。 
414   （请求的 URI 过长） 请求的 URI（通常为网址）过长，服务器无法处理。 
415   （不支持的媒体类型） 请求的格式不受请求页面的支持。 
416   （请求范围不符合要求） 如果页面无法提供请求的范围，则服务器会返回此状态代码。 
417   （未满足期望值） 服务器未满足"期望"请求标头字段的要求。

5开头（服务器错误）这些状态代码表示服务器在尝试处理请求时发生内部错误。 这些错误可能是服务器本身的错误，而不是请求出错。

500   （服务器内部错误）  服务器遇到错误，无法完成请求。 
501   （尚未实施） 服务器不具备完成请求的功能。 例如，服务器无法识别请求方法时可能会返回此代码。 
502   （错误网关） 服务器作为网关或代理，从上游服务器收到无效响应。 
503   （服务不可用） 服务器目前无法使用（由于超载或停机维护）。 通常，这只是暂时状态。 
504   （网关超时）  服务器作为网关或代理，但是没有及时从上游服务器收到请求。 
505   （HTTP 版本不受支持） 服务器不支持请求中所用的 HTTP 协议版本。

5.3、HTTP响应细节——常用响应头

HTTP响应中的常用响应头(消息头)

• Location: 服务器通过这个头，来告诉浏览器跳到哪里
• Server：服务器通过这个头，告诉浏览器服务器的型号
• Content-Encoding：服务器通过这个头，告诉浏览器，数据的压缩格式
• Content-Length: 服务器通过这个头，告诉浏览器回送数据的长度
• Content-Language:服务器通过这个头，告诉浏览器语言环境
• Content-Type：服务器通过这个头，告诉浏览器回送数据的类型
• Refresh：服务器通过这个头，告诉浏览器定时刷新 　　
• Content-Disposition:服务器通过这个头，告诉浏览器以下载方式打数据 　　
• Transfer-Encoding：服务器通过这个头，告诉浏览器数据是以分块方式回送的
• Expires: -1 控制浏览器不要缓存 　　
• Cache-Control: no-cache 　　
• Pragma:no-cache

HTTP与HTTPS的区别

　　超文本传输协议HTTP协议被用于在Web浏览器和网站服务器之间传递信息，HTTP协议以明文方式发送内容，不提供任何方式的数据加密，如果攻击者截取了Web浏览器和网站服务器之间的传输报文，就可以直接读懂其中的信息，因此，HTTP协议不适合传输一些敏感信息，比如：信用卡号、密码等支付信息。

　　为了解决HTTP协议的这一缺陷，需要使用另一种协议：安全套接字层超文本传输协议HTTPS，为了数据传输的安全，HTTPS在HTTP的基础上加入了SSL协议，SSL依靠证书来验证服务器的身份，并为浏览器和服务器之间的通信加密。

一、HTTP和HTTPS的基本概念

　　HTTP：是互联网上应用最为广泛的一种网络协议，是一个客户端和服务器端请求和应答的标准（TCP），用于从WWW服务器传输超文本到本地浏览器的传输协议，它可以使浏览器更加高效，使网络传输减少。

　　HTTPS：是以安全为目标的HTTP通道，简单讲是HTTP的安全版，即HTTP下加入SSL层，HTTPS的安全基础是SSL，因此加密的详细内容就需要SSL。

　　HTTPS协议的主要作用可以分为两种：一种是建立一个信息安全通道，来保证数据传输的安全；另一种就是确认网站的真实性。

二、HTTP与HTTPS有什么区别？

　　HTTP协议传输的数据都是未加密的，也就是明文的，因此使用HTTP协议传输隐私信息非常不安全，为了保证这些隐私数据能加密传输，于是网景公司设计了SSL（Secure Sockets Layer）协议用于对HTTP协议传输的数据进行加密，从而就诞生了HTTPS。简单来说，HTTPS协议是由SSL+HTTP协议构建的可进行加密传输、身份认证的网络协议，要比http协议安全。

　　HTTPS和HTTP的区别主要如下：

　　1、https协议需要到ca申请证书，一般免费证书较少，因而需要一定费用。

　　2、http是超文本传输协议，信息是明文传输，https则是具有安全性的ssl加密传输协议。

　　3、http和https使用的是完全不同的连接方式，用的端口也不一样，前者是80，后者是443。

　　4、http的连接很简单，是无状态的；HTTPS协议是由SSL+HTTP协议构建的可进行加密传输、身份认证的网络协议，比http协议安全。

三、HTTPS的工作原理

　　我们都知道HTTPS能够加密信息，以免敏感信息被第三方获取，所以很多银行网站或电子邮箱等等安全级别较高的服务都会采用HTTPS协议。

　客户端在使用HTTPS方式与Web服务器通信时有以下几个步骤，如图所示。

　　（1）客户使用https的URL访问Web服务器，要求与Web服务器建立SSL连接。

　　（2）Web服务器收到客户端请求后，会将网站的证书信息（证书中包含公钥）传送一份给客户端。

　　（3）客户端的浏览器与Web服务器开始协商SSL连接的安全等级，也就是信息加密的等级。

　　（4）客户端的浏览器根据双方同意的安全等级，建立会话密钥，然后利用网站的公钥将会话密钥加密，并传送给网站。

　　（5）Web服务器利用自己的私钥解密出会话密钥。

　　（6）Web服务器利用会话密钥加密与客户端之间的通信。

  

四、HTTPS的优点

　　尽管HTTPS并非绝对安全，掌握根证书的机构、掌握加密算法的组织同样可以进行中间人形式的攻击，但HTTPS仍是现行架构下最安全的解决方案，主要有以下几个好处：

　　（1）使用HTTPS协议可认证用户和服务器，确保数据发送到正确的客户机和服务器；

　　（2）HTTPS协议是由SSL+HTTP协议构建的可进行加密传输、身份认证的网络协议，要比http协议安全，可防止数据在传输过程中不被窃取、改变，确保数据的完整性。

　　（3）HTTPS是现行架构下最安全的解决方案，虽然不是绝对安全，但它大幅增加了中间人攻击的成本。

　　（4）谷歌曾在2014年8月份调整搜索引擎算法，并称“比起同等HTTP网站，采用HTTPS加密的网站在搜索结果中的排名将会更高”。

五、HTTPS的缺点

　　Although HTTPS has great advantages, it still has shortcomings:

　　(1) The handshake phase of the HTTPS protocol is time-consuming, which will prolong the loading time of the page by nearly 50% and increase the power consumption by 10% to 20%;

　　(2) HTTPS connection caching is not as efficient as HTTP, which will increase data overhead and power consumption, and even existing security measures will be affected as a result;

　　(3) SSL certificates require money. The more powerful the certificate, the higher the cost. It is not necessary for personal websites and small websites.

　   (4) SSL certificates usually need to be bound to IP, and multiple domain names cannot be bound to the same IP. IPv4 resources cannot support this consumption.

　　(5) The encryption scope of the HTTPS protocol is also relatively limited, and it hardly plays any role in hacker attacks, denial of service attacks, and server hijacking. Most importantly, the credit chain system of SSL certificates is not secure, especially when some countries can control the CA root certificate, man-in-the-middle attacks are feasible.

6. Switch from http to HTTPS

　　What if I need to switch my website from http to https?

     All links in the page, such as js, css, pictures, etc., need to be changed from http to https. For example: http://www.baidu.com to https://www.baidu.com

　　BTW, although http is switched to https here, it is recommended to keep http. Therefore, we can make http and https compatibility when switching. The specific implementation method is to remove the http header in the page link, so that the http header and the https header can be automatically matched. For example: Change http://www.baidu.com to //www.baidu.com. Then when the user enters the access page from the http entry, the page is http, and if the user enters the access page from the https entry, the page is https.