1. Universal authentication
# 服务端返回401,并告知验证类型为Basic
GET 401 Unauthorized
WWW-Authenticate: Basic realm="description"
# 浏览器输入验证信息后,请求头中携带验证信息
Authorization: Basic xxxxxxxxxx
2. Cookies
# 服务端返回set-cookie
set-cookie: name=xxxxx
set-cookie: age=xxxxx
# 用户代理记录Cookie,并在下次请求时携带Cookie
Cookie: name=xxxxx; age=xxxxx
3. Permanent Redirection
# 状态码配置为301
GET 301
Location: http://example.com
4. Temporary redirection
# 状态码配置为302
GET 302
Location: http://example.com
5. HTML Redirection
<!-- 通过HTML标签实现重定向 -->
<meta http-equiv="Refresh" content="0; URL=http://example.com/" />
// 通过JS实现重定向
window.location = "http://example.com/";
6. Access Control Policy
// headers配置
// 允许所有来源
Access-Control-Allow-Origin: *
// 允许所有方法
Access-Control-Allow-Methods: *
// 允许所有Headers
Access-Control-Allow-Headers: *
// 响应的有效时间为 86400 秒,也就是 24 小时。在有效时间内,浏览器无须为同一请求再次发起预检请求。
Access-Control-Max-Age: 86400
Seven, HTTP cache
Types of blending:
- private cache. eg: browser
- shared cache
- Proxy caching. eg: proxy device (Nginx proxy)
- Managed cache. eg: Combination of reverse proxy, CDN and service worker with caching API.
7.1 Cache-Control
Response:
| value | description |
|---|---|
| private | Data can be 私有缓存stored (eg: browser) |
| public | Data can be 共享缓存stored (eg: proxy cache, hosted cache) |
| no-cache | The corresponding data can be cached, but each subsequent request needs to check the validity of the file to the source server |
| no-store | Cache of any kind (private cache, shared cache) should not cache data |
| max-age=0 | Do not directly use the local cache, need to do freshness to the target server |
| must-revalidate | When the cache has not expired, it can be used directly; after it expires, it needs to check the validity of the file on the source server |
| proxy-revalidate | Equivalent to must-revalidate, but valid only for shared caches |
Request
| value | description |
|---|---|
| no-cache | Ask the cache to do a freshness check |
| no-store | Even if the response from the origin server can be cached, it should not be cached |
| max-age | The client tells the server the maximum cache duration allowed by the client (seconds) |
7.2 Validation Response
Based on file last update time
Last-Modified / If-Modified-Since
Hash based on text content
ETag / If-None-Match
force reauthentication
method one:
Cache-Control: no-cache
Method 2:
Cache-Control: max-age=0, must-revalidate
8. Range request
STEP 1: Detect whether range requests are supported
curl -I http://example.com
# 若支持范围请求,则Headers中存在Accept-Ranges、Content-Length
HTTP/1.1 200 OK
...
Accept-Ranges: bytes
Content-Length: 146515
If Accept-Rangesthe field exists and the value is not none, range requests are supported.
STEP 2: Send range request
curl http://exmaple.com/test.jpg -i -H "Range: bytes=0-1023"
# 响应头
HTTP/1.1 206 Partial Content
Content-Range: bytes 0-1023/146515
Content-Length: 1024
...
(binary content)