HTTP request message Structure

HTTP message structure:

The message generally includes: 通用头部 , 请求/响应头部 , 请求/响应体 .

Universal Head

This is the most information the developer has ever seen, including the following:

• Request URL: Requested Web server address

• Request method: Requested method (Get, POST, OPTIONS, PUT, HEAD, DELETE, CONNECT, TRACE)

• Status code: The requested return status code, such as 200 for success

• Remote Address: The requested location of the server (which will be converted to IP)

For example, when a cross-domain rejection is possible, the method is options , the status code is 404/405 equal (of course, there are many possible combinations).

Among them, the method is generally divided into two batches:

• HTTP1.0 defines three methods of request: GET, POST, and head.

• HTTP1.1 has five new request methods: Options, PUT, DELETE, TRACE, and CONNECT methods.

The most commonly used here is the status code, many times by the status code to judge, such as (listing a few of the most common):

• 200--indicates that the request was successfully completed and the requested resource was sent back to the client

• 304--The requested Web page has not been modified since the last request, please use the local cache for the client

• 400--Client Request error (for example, Security module interception)

• 401--Request Unauthorized

• 403--Forbidden (for example, it can be forbidden when not logged in)

• 404--Resource not Found

• 500--Server Internal Error

• 503--Service Not available

• ...

The meaning of the state of the roughly different range is enumerated:

• 1xx--indicates that the request has been received and continues processing

• 2xx--successful, indicates that the request has been successfully received, understood, accepted

• 3xx--Redirect, to complete the request must be further action

• 4xx--Client error, request syntax error or request not implemented

• 5xx--server-side error, the server failed to implement a legitimate request

In short, when the request error, the status code can help to quickly locate the problem, the full version of the state can go to the Internet search by itself.

Request/Response Header

The request and response headers are also frequently used in analysis. Common request Headers (partial):

• Accept: The receive type, which represents the MIME type supported by the browser (Content-type returned on the label server)

• Accept-encoding: The type of compression supported by the browser, such as gzip, cannot be received

• Content-type: The type of entity content that the client sends out

• Cache-control: Specifies the caching mechanism that requests and responses follow, such as No-cache

• If-modified-since: corresponding to the service side of the last-modified, to match to see whether the file changes, only accurate to 1s within, http1.0

• Expires: Cache control, no request at this time, direct use of cache, http1.0, and service-side time

• Max-age: Represents the number of seconds the resource is cached locally, does not request it within the valid time, but uses the cache, http1.1

• If-none-match: The etag that corresponds to the server, used to match the contents of the file (very precise), http1.1

• Cookies: Cookies are automatically taken when they are accessed in the same domain

• Connection: How a long connection is handled when the browser communicates with the server, such as Keep-alive

• Host: The requested server URL

• Origin: Where the initial request was initiated (only accurate to the port), origin is more respectful of privacy than referer

• Referer: The source URL of the page (applies to all types of requests, will be accurate to the detailed page address, CSRF interception commonly used to this field)

• User-agent: Some necessary information of user client, such as UA head etc.

Common response Headers (partial):

• Access-control-allow-headers: Server-side allowed request Headers

• Access-control-allow-methods: Server-side allowed request method

• Access-control-allow-origin: Server-side allowed request Origin header (for example, *)

• Content-type: Type of entity content returned by the server

• Date: The time the data was sent from the server

• Cache-control: Tell the browser or other customer what environment can safely cache documents

• Last-modified: Requested last modified time for resource

• Expires: When should you think the document has expired so that it is no longer cached

• Max-age: How many seconds the client's local resource should be cached, and Cache-control after it is turned on

• ETag: The current value of the entity label of the request variable

• Set-cookie: Sets the cookie associated with the page and the server passes the cookie to the client via this header

• Keep-alive: If the client has keep-alive, the server will also have a response (such as timeout=38)

• Server: Some information about servers

In general, the request header and the response head are matched for analysis.

For example, the request of the head Accept and the response to the head of the Content-Type match, or will error.

For example, when cross-domain requests, the request header Origin matches the response header Access-Control-Allow-Origin , otherwise it will report a cross-domain error.

For example, when using the cache, the request header, If-Modified-Since If-None-Match respectively, and the response header Last-Modified , ETag corresponding.

There are a lot of analytical methods, which are not mentioned here.

Request/Response Entity

HTTP request, in addition to the head, there are message entities, in general, the request entity will have some required parameters are put into (for the POST request). For example, the entity can put parameters in the serialized form ( a=1&b=2 this), or directly put the form object ( FormData object, upload can be mixed with parameters and files), and so on.

In the general response entity, it is the content that the server needs to pass to the client. In general, the interface request, the entity is the JSON format for the information, and like the page request, which is directly put an HTML string, and then the browser to parse and render itself.

A diagram explaining HTTP messages:

HTTP request message Structure