Summary of the forty-ninth week - the first encounter with http

HTTP

What is HTTP

1. Hyper Text Transfer Protocol Hypertext Transfer Protocol
2. Application layer protocol, based on TCP protocol
3. request response
4. Simple and scalable
5. no status

protocol analysis

• HTTP/0.9 one-way protocol
  • Request GET /mypage.html
  • Response only with HTML documents
• HTTP/1.0 builds on scalability
  • Added Header
  • With status code
  • Support for multiple document types
• HTTP/1.1 standardized protocol
  • link reuse
  • cache
  • content negotiation
• Better performance of HTTP/2
  • binary protocol
  • compressed header
  • server push
• HTTP/3 Draft

Method

• GET: Requesting a representation of a specified resource Requests using GET should only be used to retrieve data.
• POST: used to submit an entity to a specified resource, usually resulting in a state change or side effect on the server
• PUT: replaces all current representations of the target resource with the request payload
• DELETE: delete the specified resource
• HEAD: Requests a response identical to that of a GET request, but without a response body
• CONNECT: Establishes a tunnel to the server identified by the target resource.
• OPTIONS: Communication options used to describe the target resource.
• TRACE: Perform a message loopback test along the path to the target resource.
• PATCH: Used to apply partial modifications to a resource.

Method-safe&ldempotent

• Safe (safe): The method GET HEAD OPTIONS that will not modify the data of the server
• ldempotent (idempotent): the same request is executed once and executed multiple times in succession, and the status of the server is also the same. All safe methods are GET HEAD OPTIONS PUT DELETE of ldempotent

Method-status code

• 200 OK - client request was successful
• 301 - The resource (webpage, etc.) has been permanently moved to another URL
• 302 - Temporary Jump
• 401 Unauthorized - The request is unauthorized
• 404 - The requested resource does not exist, maybe a wrong URL was entered
• 500 - An unexpected error occurred inside the server
• 504 Gateway Timeout - The gateway or proxy server cannot get the desired response within the specified time.

Common request headers

• Accept Receive type, indicating the MIME type supported by the browser (compared to the Content-Type returned by the server)
• Content-Type The type of entity content sent by the client
• Cache-Control specifies the caching mechanism that requests and responses follow, such as no-cache
• lf-Modified-Since corresponds to the Last-Modified of the server, which is used to match to see if the file has changed, and it can only be accurate within 1s
• Expires cache control, no request will be made within this time, the cache will be used directly, server time
• Max-age represents how many seconds the resource is cached locally. It will not be requested during the effective time, but the cache will be used
• If-None-Match corresponds to the ETag on the server side, which is used to match whether the file content has changed (very precise)
• Cookies have cookies and will be automatically brought when visiting the same domain
• Referer the source URL of the page (applicable to all types of requests, it will be accurate to the detailed page address, csrf interception is often used in this field)
• Where did Origin originate the initial request (it will only be accurate to the port), Origin respects privacy more than Referer
• User-Agent Some necessary information of the user client, such as UA header, etc.

Common response headers

• Content-Type: the type of entity content returned by the server
• Cache-Control: Specifies the caching mechanism that requests and responses follow, such as no-cache
• Last-Modified: The last modification time of the requested resource
• Expires : When should the document be considered expired and not be cached anymore
• Max-age: How many seconds the client's local resources should be cached, effective after Cache-Control is enabled
• ETag: An identifier for a specific version of a resource, Etags are similar to fingerprints
• Set-Cookie: Set the cookie associated with the page, and the server passes the cookie to the client through this header
• Server: some information about the server
• Access-Control-Allow-Origin: Request Origin header allowed by the server (for example, *)

cache

strong cache

• Expires, timestamp
• Cache- Control
  • Cacheability
    • no-cache : negotiate cache validation
    • no-store : Do not use any cache
  • maturity
    • max-age: The unit is seconds, the maximum period of storage, relative to the request time
  • revalidate*reload
    • 
      must-revalidate : Once a resource expires, weak caching cannot be used until it successfully authenticates to the origin server
• Etag/If-None-Match : An identifier for a specific version of a resource, similar to a fingerprint
• Last-Modified/If- Modified-Since : Last modification time

cookie

• Name=value: the name and value of various cookies
• Expires=Date: The validity period of the cookie. By default, the cookie is only valid until the browser is closed
  .
• Path=Path: Limit the file directory of the specified cookie sending range, the default is
  the current
• 
  Domain=domain: Restrict the domain name for which the cookie takes effect, the default is the domain name of the service that created the cookie
• secure: Cookies can only be sent on HTTPS secure connections
• HttpOnly: JavaScript scripts cannot get cookies
• SameSite=[None|Strict|Lax]
  • None Same-site and cross-site requests can be sent
  • Strict send only on the same site
  • Allowed to be sent with top-level navigation and will be sent with GET requests initiated by third-party sites

HTTPS

• HTTPS : Hypertext Transfer Protocol Secure
• TSL/SSL encrypted
• Symmetric encryption: both encryption and decryption use the same key
• Asymmetric encryption, encryption and decryption need to use two different keys: public key (public key) and private key (private key)