HTTP protocol
Article Directory
1. Introduction to HTTP protocol
HTTP request method
HTTP1.0 defines three request methods: GET, POST and HEAD methods.
HTTP1.1 adds five new request methods: OPTIONS, PUT, PATCH, DELETE, TRACE and CONNECT methods.
method | describe |
---|---|
GET | Request the specified page information and return the entity body |
HEAD | Similar to a GET request, except that there is no specific content in the returned response, which is used to obtain the header |
POST | Submits data to a specified resource to process a request (such as submitting a form or uploading a file). Data is included in the request body. POST requests may result in the creation of new resources and/or the modification of existing resources |
PUT | The data sent from the client to the server replaces the content of the specified document |
DELETE | Request the server to delete the specified page |
CONNECT | Reserved in the HTTP/1.1 protocol for a proxy server that can change the connection to a pipeline |
OPTIONS | Allows clients to view server performance |
TRACE | The echo server received the request, mainly for testing or diagnosis |
PATCH | It is a supplement to the PUT method and is used to locally update known resources |
An HTTP request consists of three parts: request line, message header, and request body.
A request line begins with a method symbol, separated by spaces, followed by the requested URL and protocol version.
The format is as follows:Method Request-URI HTTP-Version CRLF
where Method indicates the request method;
Request-URI is a uniform resource identifier;
HTTP-Version indicates the HTTP protocol version of the request;
CRLF indicates carriage return and line feed (except for the CRLF at the end, no single CR or LF characters).Cookies identify users by recording information on the client side.
Keep-alive: Multiple copies of data can be continuously sent in one TCP connection without disconnection. In the early days, a HTTP request initiated a TCP connection.
A request line begins with a method symbol, separated by spaces, followed by the requested URL and protocol version.
>>HTTP request body
Only when sending a POST request will there be a request body, and the GET method does not have a request body.
ask
GET / HTTP/1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5)
Accept: */*
server response
HTTP/1.0 200 OK
Content-Type: text/plain
Content-Length: 137582
Expires: Thu, 05 Dec 1997 16:00:00 GMT
Last-Modified: Wed, 5 August 1996 15:55:28 GMT
Server: Apache 0.84
Content-Type field
Regarding character encoding, version 1.0 stipulates that the header information must be in ASCII code, and the subsequent data can be in any format. Therefore, when the server responds, it must tell the client what format the data is in, which isContent-TypeThe role of the field.
Here are some commonContent-TypeThe value of the field.
text/plain
text/html
text/css
image/jpeg
image/png
image/svg+xml
audio/mp4
video/mp4
application/javascript
application/pdf
application/zip
application/atom+xml
These data types are collectively referred to asMIME type, each value includes a primary type and a secondary type, separated by a slash.
MIME typeYou can also use a semicolon at the end to add parameters.
Content-Type: text/html; charset=utf-8
The above type indicates that what is sent is a web page, and the encoding is UTF-8.
When the client requests, you can useAcceptA field declares which data formats it can accept.
Accept: */*
In the above code, the client declares that it can accept data in any format.
Content-Encoding field
Since the sent data can be in any format, the data can be compressed before sending.Content-EncodingThe field describes the compression method of the data.
Content-Encoding: gzip
Content-Encoding: compress
Content-Encoding: deflate
When the client requests, useAccept-EncodingThe field specifies which compression methods it accepts.
Accept-Encoding: gzip, deflate
2. HTTP status code
The role of the HTTP status code is: the web server is used to tell the client what happened.
HTTP status codes are divided into five categories. Currently, the HTTP protocol version we use is 1.1, which supports the following status codes.
status code | defined range | Classification |
---|---|---|
1XX | 100-101 | message notification |
2XX | 200-206 | Request success 200, 201 |
3XX | 300-307 | request redirection 301 |
4XX | 400-417 | Client Error 403, 404, 405 |
5XX | 500-505 | server error 500 |
3. The meaning of the HTTP response header
Response response header field
Data: current GMT time
Access: which request methods the server supports (such as GET, POST, etc.)
Server: server name
Content-length: Indicates the content length
Content-Type: Indicates what MIME type the following document belongs to
Expires: When should it be considered The document has expired, so it will no longer be cached
Set-Cookie: Set the cookie associated with the page
Location: Indicate where the customer should go to fetch the document
4. URLs in HTTP
URL, the full name is Uniform Resoure Locatoor, translated as "Uniform Resource Locator"
>URL contains:
>协议
>用户名:密码
>主机 - 子域名.域名.顶级域名(或IP)
>端口号
>目录/文件名.文件后缀
>参数=值标志
>锚部分
>Format
protocol://username:[email protected] domain:port number/directory/filename.file suffix?parameter=value#anchor part
Only letters and numbers [0-9a-zA-Z], some special symbols "$-_.+!*'()," [excluding double quotes], and some reserved words can be omitted in the URL encoding format . The encoding is used directly in the URL.
Same origin policy
Same origin policy (Same origin policy) is a convention, which is the core and most basic security function of the browser. If the same origin policy is missing, the normal functions of the browser may be affected. It can be said that the Web is built on the basis of the same-origin policy, and the browser is only an implementation of the same-origin policy.
The so-called homology means that "protocol + domain name + port" are the same, even if two different domain names point to the same ip address, they are not the same origin. Without the same-origin policy, browsers are vulnerable to attacks such as XSS and CSFR.
In the URL format, the three parts of the protocol, host, and port are the same, so they can be regarded as the same origin. The following is the cross-origin access method.
Jsonp(GET请求)
Websocket
CROS(“跨域资源共享”(Cross-origin resource sharing)),允许发送任何请求