What is the difference between http1.0 and 1.1?
http1.0: Each request/response will be set up and closed once, the corresponding speed is slow.
http1.1: In the same TCP connection, multiple responses or requests can be transmitted. http1.1 The long connection is also turned on by default.
Second, the client request.
get/http/1.1 #动作和http协议的版本号
host:www.test.com:8088 #客户端访问的主机地址
Connection:keep-alive #长连接
accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 #当前浏览器所能解析的数据类型
Upgrade-insecure-requests:1
user-agent:mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) applewebkit/537.36 (khtml, like Gecko) chrome/50.0.2661.102 safari/537.36 #客户端的操作系统以及浏览器等信息.
Accept-encoding:gzip, deflate, sdch #浏览器用来告诉服务器, the type of encoding that they support.
accept-language:zh-cn,zh;q=0.8 #浏览器当前的语言信息.
The client request header, which is roughly divided into four parts:
Request first line, #请求方式 request path Protocol and version, for example: get/index.html http/1.1
request header information; # Request header name: The request header content, which is the key:value format, for example: Host:localhost
Empty line; #用来与请求体分隔开
The request body. # get has no request body, only post has request body.
GET request
Characteristics
The HTTP default request method is get.
The GET request does not have any request body.
A GET request, the size must be within 1k.
The contents of the GET request are exposed in the address bar.
The operation that generated the GET request:
Enter a URL in the browser address bar, which must be a GET request.
Clicking on a connection on the page will also be a GET request.
Submit the form, which is get by default and can be set to post.
Here is a browser to visit Baidu Search, the resulting request header information:
accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
#浏览器用来告诉服务器, you can parse the document type here, in fact, this contains */*, it means that anything can be received.
Accept-encoding:gzip, deflate, SDCH
#支持的压缩格式. When data is passed over the network, the server may compress the data before sending it
accept-language:zh-cn,zh;q=0.8
#当前客户端支持的语言, you can find language-related information in the browser's tool options
Cache-control:max-age=0
Connection:keep-alive
#浏览器告诉服务端支持长链接的方式, keep a link for a period of time, default is 3000ms
cookie:baiduid=7ad83d51481d0be4db3250b5273a7a01:fg=1; BIDUPSID=7AD83D51481D0BE4DB3250B5273A7A01; pstm=1483207633; bclid=599596736169088288;
#因为不是第一次访问这个地址, the cookie sent over the last server response in the request is sent to the request in a concurrent way; the cookie is named Baiduuid,fg,bidupsid. Pstm,bclid.
#如果对cookie不理解的话, the cookie can be used as a dictionary, the dictionary can put more than a set of key-value pairs,
bdsfrcvid=b9_sjecgqg04csbzk5lxuyrgdekknw7th6ap2rqci3ao4ckvj2uieg0ptf8g0kubakiaogkk0goth65p; H_bdclckid_sf=tjad_ctatd-3ejrnhctvmt_ E2x7-2d62akdssr3n-hcqep3hqt0mlptvw44twtntmgrmkn5cwbrrmubsj4qmdrduluue3x4j0k3padoawl5nhmjmb67jdmp0-xqia4oy523ion3vqpp-mftu D6-ajjo0dg8skc62atolbrjomjnqd6rnhpf3qjt3kp6-3mbi3b4j5motyqkh8hrg2q5jq-luyututh37jd6totol0bi5eqamlpr4y6d0ytoxjpoj5jbmopvak Jjvjjjvburvd--g3-aqtl8etjad_ctatd-3ejrnhctvmt_ E2x7-2d62akds5dt7-hcqep3hqt0mlptvw44twpvtmgrmkn5cwbrrmubsj4qmdrduluue3x4j0k3padoawl5nhmjmb67jdmp0-xqia4oy523ion3vqpp-mftu -n5jhjj0dnt83e; Bd_ck_sam=1; Psino=1; bd_upn=123253; H_PS_645EC=C485LXCS%2F7FBTERRH33%2FHLDUI6NYBW8PIJQ%2F%2F54A4H75M4RUCMVSSJDXXBG; bdorz=b490b5ebf6f3cd402e515d22bcda1598; bdsvrtm=0; bd_home=0; h_ps_pssid=1454_21081_21673_20930; __bsi=12503378464846675469_00_815_r_n_6_0303_c02f_n_i_i_0
Host:www.baidu.com
Upgrade-insecure-requests:1
user-agent:mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) applewebkit/537.36 (khtml, like Gecko) chrome/50.0.2661.102 safari/537.36
Referer:http://www.baidu.com
#注意!! Referer this flag, only after connecting through other URLs, will be generated, the request from which page, such as you click on Baidu link here, then referer:http:// Www.baidu.com: If you are entering the address directly in the address bar of the browser, then there is no Referer the request header.
2.post request.
Characteristics:
The requested data does not appear in the Address bar. (The parameters submitted to the server will be placed in the request body.) )
There is no limit to the size of the data.
There is a request body.
URL encoding is used when encountering Chinese.
In this explanation what is URL encoding.
We all know that the transmission of the parameters in the HTTP protocol is a "Key=value" in the form of a, if you want to pass multiple parameters, you need to use the "&" symbol to split the key value pairs. such as "? Name1=value1&name2=value2", so that when the server receives the string, it will use "&" to separate each parameter, and then use "=" to split the parameter values.
For "Name1=value1&name2=value2", let's take a look at the conceptual parsing process for client-to-server:
The above string is expressed as ASCII in the computer:
6e616d6531 3D 76616c756531 6e616d6532 3D 76616c756532.
6e616d6531:name1
3d:=
76616c756531:value1
26:&
6e616d6532:name2
3d:=
76616c756532:value2
The server can traverse the stream after receiving the data, first a byte of a byte to eat, when eating to 3D this byte, the server will know the front to eat the bytes to indicate a key, and then want to eat, if encountered 26, the description from just eaten from 3D to 26 sub-section is the value of the previous key, And so on, you can parse out the parameters that the client passed over.
Now there is a question of what to do if my parameter value contains = or & this special character.
For example "Name1=value1", where the value of value1 is "Va&lu=e1" string, then actually in the transmission process will become such "name1=va&lu=e1". Our intention is that there is only one key-value pair, but the server will parse into two key-value pairs, which produces a singular.
How to solve the ambiguity caused by the above problems? The workaround is to URL-encode the parameters
URL encoding simply adds a% to the individual bytes of the special character, for example, we URL-encode the characters above that would produce a singular character: "name1=va%26lu%3d", so that the server will treat the bytes immediately after "%" as normal bytes, It is not to be considered as a delimiter for each parameter or key-value pair.
said the POST request, in addition to the tag of two request headers:
content-type:application/x-www-form-urlencoded: The data type of the form, indicating that the data is encoded using the URL format, and that the URL-encoded data is prefixed with "%" followed by a two-bit 16 binary.
Content-length:13: The length of the request body, which represents 13 bytes.
Third, the service side response head.
The response header that the server replies to the client is roughly divided into 3 parts.
Response header information, blank line, response body.
Request url:http://127.0.0.1:8090/login/
#客户端请求的url
Request Method:get
#客户端请求的动作
Status code:200 OK
#返回给客户端的状态码
Remote address:127.0.0.1:8090
Response Headers
View Source
content-type:text/html; Charset=utf-8
#服务端当前应答给客户端的数据类型是什么, and character encoding
date:wed, Oct 06:48:50 GMT
#响应时间
server:wsgiserver/0.2 cpython/3.5.2
#服务端类型
X-frame-options:sameorigin
#响应体
Request url:http://127.0.0.1:8090/login/
Request Method:get
Status code:200 OK
Remote address:127.0.0.1:8090
Response Headers
View Source
content-type:text/html; Charset=utf-8
date:wed, Oct 06:48:50 GMT
server:wsgiserver/0.2 cpython/3.5.2
X-frame-options:sameorigin
<! DOCTYPE html>
<meta charset= "UTF-8" >
<title>Title</title>
<body>
<form action= "/login/" method= "POST" >
User name: <input type= "text" name= "username"/>
<input type= "Submit" value= "Submission"/>
</form>
</body>
http/1.1 OK: The response protocol is HTTP1.1, the status code is 200, indicating the success of the request, OK is the interpretation of the status code;
server:wsgiserver/0.2 cpython/3.5.2: Version information of the server;
Content-type:text/html;charset=utf-8: The encoding used by the response body is UTF-8;
content-length:724: The response body is 724 bytes;
SET-COOKIE:JSESSIONID=C97E2B4C55553EAB46079A4F263435A4; Path=/hello: A cookie that responds to the client;
date:wed, Sep 04:15:03 GMT: Response time, which may have a 8-hour time zone difference
Make a small addition to the status code:
200,403,404,50x These status codes are too common, do not make too many explanations here, mainly under 302 and 304.
302: Address jump, redirect, when the response code is 302, indicating that the server requires the browser to resend a request, the server sends a response header location, which specifies the URL address of the new request.
304: If you say, the user for the first time through the browser to the server request a resource file such as an HTML file.
When the server responds, it will add a last-modified response header, which shows the last modification time of the HTML file, and the browser will record the contents of the HTML file and the last response time.
When the user requests the HTML file the second time, in the request header, contains a if-modified-since request header, the corresponding value of this request header is the first time a request to the server, the server through last-modified response to the value of hair to the client, That is, the last modification time of the resource file that the browser wants to request.
If-modified-since request header is to tell the server, I here browser cache this file last modification time and server side this file last modified time equal, if equal, then the service side directly return 304 no longer respond to the contents of this file, The browser will display the contents of the cache directly.
The server side will get the if-modified-since value, and the browser cache file is currently the last modified time, if the same, the server will send a response code 304, Indicates that index.html is the same as the last cache of the browser, no need to send again, the browser can display its own cache page, if the comparison is different, then the index.html has been modified, the server will respond 200.
Here is the diagram:
Iv. some misunderstandings about the HTTP protocol are corrected.
HTTP This protocol is a stateless protocol, without any memory ability, once the browser opens the server's Web page, then there is no connection between the browser and the server.
In fact, many of the online shopping cart function, all need to use the cookie or session or server-side API to record this information, requesting the server to settle the page while submitting this information to the server.
When you log in to a website, your login status is also "memorized" by a cookie or session, because the server does not know if you are logged in.
Here, one might ask, since HTTP is a stateless protocol, what is the long-running connection?
In a nutshell, stateless does not mean that HTTP cannot maintain TCP connections!
From http/1.1 onwards, the default is to open the keep-alive, to maintain the connection characteristics, in short, when a Web page opens, the client and server for the transmission of HTTP data between the TCP connection will not be closed, if the client again access to the Web page on this server, will continue to use this established connection.
Keep-alive does not permanently keep the connection, it has a hold time that can be set in different server software (such as Apache).
Five, some other common response header supplement.
These headers will cause the browser not to cache.
Expires:-1;
Cache-control:no-cache;
Pragma:no-cache;
Features refresh, automatically jumps to http://www.baidu.com after 3 seconds.
#Refresh #: Time; url=http://www.baidu.com
These response headers can be customized in HTML!!
You can use the HTML page to specify the response header, for example, in the Index.html page, indicating that the browser will only display the Index.html page for 3 seconds, and then automatically jump to http://www.baidu.com.
This article is from the "Rebirth" blog, make sure to keep this source http://suhaozhi.blog.51cto.com/7272298/1928820
Front End 01.http Protocol review