Same-origin policy, http, tcp, network protocol packets

Fill work carried out after the URL page request process

1. The browser parses the service IP (ping by DNS domain name


2. The client (browser) to establish a server via TCP protocol TCP connections (three-way handshake)

3. The client (browser) send HTTP protocol packet to the web server (HTTP server), the requesting server resources in the document (telnet simulation)

4. The server sends the HTTP response packet to the client protocol

The client and server disconnect (four wave), the client began to explain the process HTML documents


Data submitted in several ways

1, form data submission form but he is a global refresh of action submitted to the address specified method specified submission

2, ajax partial refresh


GET POST method requesting party differences in the http protocol there is virtually no difference! what the hell?

Conventional understanding: 1.GET using a URL or Cookie parameter passing, and POST data, in the BODY. ? NAME = 'CST' & AGE = 18

URL will limit the length of 2.GET, POST can transmit a lot of data.

3.POST than GET security. Relative safety can be seen in the request body

4, get used for transmitting data to obtain data post

But in fact there are no protocols HTTP POST data will be on the provision BODY years, it did not require GET data had to be in the URL can not be placed in the BODY. The reason for the HTTP protocol GET and POST are no restrictions on the length of the data, resulting in data limitations are two reasons

1. would get up early browser URL length limit (the browser URL input box)

2. Content-length browser will be limited, this is for server security and stability. Security problem then, to see how you think, for pure white what is safe, what is unsafe for hackers



Protocol: http protocol https protocol

The domain default port 44380 port port

Browser has a very important concept - origin policy (Same-Origin Policy).

The so-called homologous refers to the domain, protocol, the same port. The client script different sources (javascript, ActionScript) in the case did not expressly authorized, can not read each other's resources.

Simple, browser access is not allowed in Alibaba page of the script Tencent page of data resources, will be limited same-origin policy

demo: Local access Baidu resources



A domain name is resolved backwards

.com top-level domain (a) two domain (b) the level domain

secondary domain name prefix www World Wide Web Maintenance is a special three-level domain name belong to a network address Baidu own maintenance


Common domain names and their classification

com org net belongs to the top-level domain, is resolved in the worldwide,

cn hk is resolved in a region, such as cn China

.com (commercial organizations);

.net (in Internet Services agency);

.org (non-profit organization); (domestic commercial organizations); (domestic Internet agency); (domestic non-profit organization);

dns network to determine the scope of search by domain name server ip address in the top-level domain according

Prefix on the matter, in theory, beginning with www equivalent placeholder generally do not write www domestic culture abroad is to write www

Note ah write different sources do not write www


For example, http: //

Protocol is http: //

A domain name is

Port 80 (the default port may be omitted)


 When you type a url in the browser what happened

1. The browser parses the service IP (ping by DNS domain name

2. The client (browser) to establish a server via TCP protocol TCP connections (three-way handshake)

3. The client (browser) send HTTP protocol packet to the web server (HTTP server), the requesting server resources in the document (telnet simulation)

4. The server sends an HTTP protocol response packet to the client and the server 5. The client is disconnected (four wave), the client starts processing HTML document explains


tcp protocol is based on the link transmission control protocol

TCP (Transmission Control Protocol, Transmission Control Protocol) is a connection-based protocol, that is to say, before the official send and receive data, you must create a reliable connection and each other. A TCP connection must go through three "dialogue" can be established, which process is very complex, we here only simple image of the introduction, as long as you do can understand this process can be.

Three-way handshake

1. First Client sends the connection request packet.

2.Server end after receiving the connection reply ACK packet, and allocate resources for this connection.

3.Client after receiving ACK message is also sent to the Server end ACK packet, and allocate resources so that the TCP connection is established.

Four waving

1.Client initiates an interrupt connection request is sent FIN message. Server-side after receiving FIN messages, meaning "I do not Client-side data to be sent to you," but if you have no data transmission is complete, you do not have to hurry to turn off (Socket), you can continue to send data.

2.server send ACK, "tells the Client side, your request I received, but I'm not ready, please continue to wait for my news." wait: this time the Client entered FIN_WAIT end state, continues to wait for FIN message Server side.

3. When the Server end determines the data has been sent, then send a FIN packet to the Client-side "Tell Client-side, well, I ran out data here, ready to close the connection."



(fin表示断开连接  ack表示响应)


udp 面向非链接的协议

“面向非连接”就是在正式通信前不必与对方先建立连接,不管对方状态就直接发送。与手机短信非常相似:你在发短信的时候,只需要输入对方手机号就OK了。 UDP(User Data Protocol,用户数据报协议)是与TCP相对应的协议。它是面向非连接的协议,它不与对方建立连接,而是直接就把数据包发送过去!


应用层协议: http https等  (报文)

超文本传输协议(HTTP,HyperText Transfer Protocol)是互联网上应用最为广泛的一种网络协议。

HTTPS(全称:Hyper Text Transfer Protocol over Secure Socket Layer),是以安全为目标的HTTP通道,简单讲是HTTP的安全版。 上面的协议为了建立客户端与服务器端的连接,此协议为了让两者进行沟通。

为什么要有此协议呢,让计算机之间按照规矩说话,你问我答,你怎么问我怎么答,否则计算机各说各话,没办法沟通。 如何沟通呢?  让我们来了解一下http报文吧


http (请求报文,响应报文) 通过报文进行沟通




包括请求方法  请求资源url  请求协议

请求主体   会放置请求数据post方式



协议  + 版本号  状态码 及其描述




发布了56 篇原创文章 · 获赞 1 · 访问量 1224

Guess you like