Study notes - HTTP protocol

Enterprise 2023-05-05 17:21:28 views: null

HTTP protocol

Article Directory

1. Introduction to HTTP protocol

HTTP request method

HTTP1.0 defines three request methods: GET, POST and HEAD methods.
HTTP1.1 adds five new request methods: OPTIONS, PUT, PATCH, DELETE, TRACE and CONNECT methods.

method describe
GET Request the specified page information and return the entity body
HEAD Similar to a GET request, except that there is no specific content in the returned response, which is used to obtain the header
POST Submits data to a specified resource to process a request (such as submitting a form or uploading a file). Data is included in the request body. POST requests may result in the creation of new resources and/or the modification of existing resources
PUT The data sent from the client to the server replaces the content of the specified document
DELETE Request the server to delete the specified page
CONNECT Reserved in the HTTP/1.1 protocol for a proxy server that can change the connection to a pipeline
OPTIONS Allows clients to view server performance
TRACE The echo server received the request, mainly for testing or diagnosis
PATCH It is a supplement to the PUT method and is used to locally update known resources

An HTTP request consists of three parts: request line, message header, and request body.

A request line begins with a method symbol, separated by spaces, followed by the requested URL and protocol version.
The format is as follows: Method Request-URI HTTP-Version CRLF
where Method indicates the request method;
Request-URI is a uniform resource identifier;
HTTP-Version indicates the HTTP protocol version of the request;
CRLF indicates carriage return and line feed (except for the CRLF at the end, no single CR or LF characters).

Cookies identify users by recording information on the client side.
Keep-alive: Multiple copies of data can be continuously sent in one TCP connection without disconnection. In the early days, a HTTP request initiated a TCP connection.
A request line begins with a method symbol, separated by spaces, followed by the requested URL and protocol version.
insert image description here>>HTTP request body
Only when sending a POST request will there be a request body, and the GET method does not have a request body.
insert image description here

ask

 GET / HTTP/1.0
 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5)
Accept: */*

server response

HTTP/1.0 200 OK 
Content-Type: text/plain
Content-Length: 137582
Expires: Thu, 05 Dec 1997 16:00:00 GMT
Last-Modified: Wed, 5 August 1996 15:55:28 GMT
Server: Apache 0.84

Content-Type field
Regarding character encoding, version 1.0 stipulates that the header information must be in ASCII code, and the subsequent data can be in any format. Therefore, when the server responds, it must tell the client what format the data is in, which isContent-TypeThe role of the field.
Here are some commonContent-TypeThe value of the field.

    text/plain
    text/html
    text/css
    image/jpeg
    image/png
    image/svg+xml
    audio/mp4
    video/mp4
    application/javascript
    application/pdf
    application/zip
    application/atom+xml

These data types are collectively referred to asMIME type, each value includes a primary type and a secondary type, separated by a slash.
MIME typeYou can also use a semicolon at the end to add parameters.

 Content-Type: text/html; charset=utf-8

The above type indicates that what is sent is a web page, and the encoding is UTF-8.
When the client requests, you can useAcceptA field declares which data formats it can accept.

 Accept: */*

In the above code, the client declares that it can accept data in any format.

Content-Encoding field
Since the sent data can be in any format, the data can be compressed before sending.Content-EncodingThe field describes the compression method of the data.

Content-Encoding: gzip
Content-Encoding: compress
Content-Encoding: deflate

When the client requests, useAccept-EncodingThe field specifies which compression methods it accepts.

Accept-Encoding: gzip, deflate

2. HTTP status code

The role of the HTTP status code is: the web server is used to tell the client what happened.
HTTP status codes are divided into five categories. Currently, the HTTP protocol version we use is 1.1, which supports the following status codes.

status code defined range Classification
1XX 100-101 message notification
2XX 200-206 Request success 200, 201
3XX 300-307 request redirection 301
4XX 400-417 Client Error 403, 404, 405
5XX 500-505 server error 500

3. The meaning of the HTTP response header

Response response header field
insert image description here

Data: current GMT time
Access: which request methods the server supports (such as GET, POST, etc.)
Server: server name
Content-length: Indicates the content length
Content-Type: Indicates what MIME type the following document belongs to
Expires: When should it be considered The document has expired, so it will no longer be cached
Set-Cookie: Set the cookie associated with the page
Location: Indicate where the customer should go to fetch the document

4. URLs in HTTP

URL, the full name is Uniform Resoure Locatoor, translated as "Uniform Resource Locator"

>URL contains:

  >协议
  >用户名:密码
  >主机 - 子域名.域名.顶级域名(或IP)
  >端口号
  >目录/文件名.文件后缀
  >参数=值标志
  >锚部分

>Format
protocol://username:[email protected] domain:port number/directory/filename.file suffix?parameter=value#anchor part


Only letters and numbers [0-9a-zA-Z], some special symbols "$-_.+!*'()," [excluding double quotes], and some reserved words can be omitted in the URL encoding format . The encoding is used directly in the URL.
Same origin policy
Same origin policy (Same origin policy) is a convention, which is the core and most basic security function of the browser. If the same origin policy is missing, the normal functions of the browser may be affected. It can be said that the Web is built on the basis of the same-origin policy, and the browser is only an implementation of the same-origin policy.
The so-called homology means that "protocol + domain name + port" are the same, even if two different domain names point to the same ip address, they are not the same origin. Without the same-origin policy, browsers are vulnerable to attacks such as XSS and CSFR.
In the URL format, the three parts of the protocol, host, and port are the same, so they can be regarded as the same origin. The following is the cross-origin access method.

  Jsonp(GET请求)
  Websocket
  CROS(“跨域资源共享”(Cross-origin resource sharing)),允许发送任何请求

Guess you like

Origin blog.csdn.net/h_adam/article/details/120067956
Recommended
Rushing to the GitHub hot list——How can open source programming languages and frameworks be so cute?
Beijing Humanoid Robot Innovation Center launches Tiangong, the world's first full-size humanoid robot with purely electric drive for anthropomorphic running
Ranking
8个无需编写代码即可使用 Python 内置库的方法
Java collections interview knowledge Lite
Machine learning algorithms foundation - Introduction a (watermelon materials for the book)
(Easy) Ransom Note - LeetCode
[Five days] Qt from entry to actual combat: the second day
Remember once extremely pit father can not download Maven Jar package of issues: IDEA question
The minimum cost Shortest
OSPF study map (the most complete version)
Network Takeaways
GnuPG
Daily
More
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)
2024-04-18(0)

Code World

© 2018 codetd.com