HTTP Basics (ii)

Then the previous chapter: HTTP Basics (Part One) Second, the simple HTTP protocol1, the client: request access to text or images and other resources of the end called the client; server side: Provide one end of the resource response 2, Baidu as an example this is the request header:

The http/1.1 at the beginning of the start line represents the HTTP version of the server, get represents the requested method, and the second line begins with the content entity.

Detailed Request message

Header	Explain	Example
Accept	Specify what types of content clients can receive	Accept:text/plain, text/html
Accept-charset	The set of character encodings that the browser can accept.	Accept-charset:iso-8859-5
Accept-encoding	Specifies that the Web server that the browser can support returns the content compression encoding type.	Accept-encoding:compress, gzip
Accept-language	Browser-acceptable language	Accept-language:en,zh
Accept-ranges	You can request one or more child range fields for a Web page entity	Accept-ranges:bytes
Authorization	Authorization Certificate for HTTP Authorization	Authorization:basic qwxhzgrpbjpvcgvuihnlc2ftzq==
Cache-control	Specify the caching mechanism that requests and responses follow	Cache-control:no-cache
Connection	Indicates whether a persistent connection is required. (HTTP 1.1 defaults to persistent connection)	Connection:close
Cookies	When an HTTP request is sent, all cookie values stored under that request domain are sent to the Web server.	Cookie: $Version = 1; Skin=new;
Content-length	The requested content length	content-length:348
Content-type	The requested MIME information corresponding to the entity	content-type:application/x-www-form-urlencoded
Date	Date and time the request was sent	Date:tue, 08:12:31 GMT
Expect	The specific server behavior of the request	Expect:100-continue
From	Email from the user who made the request	From: [Email protected]
Host	Specify the domain name and port number of the requested server	Host:www.zcmhi.com
If-match	Only valid if the request content matches the entity	If-match: "737060cd8c284d8af7ad3082f209582d"
If-modified-since	If the requested part is modified after the specified time, the request succeeds, and the 304 code is returned without modification	If-modified-since:sat, Oct 19:43:31 GMT
If-none-match	If the content does not change the return 304 code, the parameter is the server's previously sent ETag, and the server responded to the ETag comparison to determine whether the change	If-none-match: "737060cd8c284d8af7ad3082f209582d"
If-range	If the entity does not change, the server sends the missing portion of the client, otherwise the entire entity is sent. The parameters are also ETag	If-range: "737060cd8c284d8af7ad3082f209582d"
If-unmodified-since	Request succeeds only if the entity has not been modified since the specified time	If-unmodified-since:sat, Oct 19:43:31 GMT
Max-forwards	Limit the time that information is transmitted through agents and gateways	Max-forwards:10
Pragma	Used to include implementation-specific instructions	Pragma:no-cache
Proxy-authorization	Connect to an authorization certificate for the agent	Proxy-authorization:basic qwxhzgrpbjpvcgvuihnlc2ftzq==
Range	Request only part of an entity, specify a range	range:bytes=500-999
Referer	The address of the previous page, which is immediately followed by the current request page,	Referer:http://www.zcmhi.com/archives/71.html
TE	The client is willing to accept the transfer encoding and notifies the server to accept the trailing header information	te:trailers,deflate;q=0.5
Upgrade	Specify some kind of transport protocol to the server for the server to convert (if supported)	upgrade:http/2.0, shttp/1.3, irc/6.9, rta/x11
User-agent	The content of the user-agent contains the user information that made the request	user-agent:mozilla/5.0 (Linux; X11)
Via	Notifies the intermediary gateway or proxy server address, communication protocol	via:1.0 Fred, 1.1 nowhere.com (apache/1.1)
Warning	About warning messages for message entities	warn:199 Miscellaneous Warning

Detailed response message

Header	Explain	Example
Accept-ranges	Indicates whether the server supports the specified range request and what kind of staging request	Accept-ranges:bytes
Age	Estimated time (in seconds, non-negative) from the original server to the proxy cache	Age:12
Allow	A valid request behavior for a network resource is not allowed to return 405	Allow:get, HEAD
Cache-control	Tell if all caching mechanisms can be cached and which type	Cache-control:no-cache
Content-encoding	The type of return content compression encoding supported by the Web server.	Content-encoding:gzip
Content-language	The language of the response body	Content-language:en,zh
Content-length	The length of the response body	content-length:348
Content-location	Alternate alternative address to request resource substitution	Content-location:/index.htm
Content-md5	Returns the MD5 checksum value of a resource	content-md5:q2hly2sgsw50zwdyaxr5iq==
Content-range	The byte position of this section in the entire return body	Content-range:bytes 21010-47021/47022
Content-type	Returns the MIME type of the content	content-type:text/html; Charset=utf-8
Date	Time the original server message was issued	Date:tue, 08:12:31 GMT
ETag	The current value of the entity label of the request variable	ETag: "737060cd8c284d8af7ad3082f209582d"
Expires	Date and time when the response expires	Expires:thu, 16:00:00 GMT
Last-modified	Requested last modified time for resource	Last-modified:tue, 12:45:26 GMT
Location	Used to redirect the receiver to the location of the non-request URL to complete the request or identify the new resource	Location:http://www.zcmhi.com/archives/94.html
Pragma	Includes implementing a specific instruction that can be applied to any receiver on the response chain	Pragma:no-cache
Proxy-authenticate	It indicates the authentication scheme and the parameters on the URL that can be applied to the proxy	Proxy-authenticate:basic
Refresh	Applied to redirect or a new resource was created, redirected after 5 seconds (proposed by Netscape, supported by most browsers)	Refresh:5; url=http://www.atool.org/httptest.php
Retry-after	Notifies the client to try again after a specified time if the entity is temporarily undesirable	retry-after:120
Server	Web Server Software Name	server:apache/1.3.27 (Unix) (Red-hat/linux)
Set-cookie	Set HTTP Cookies	Set-cookie:userid=johndoe; max-age=3600; Version=1
Trailer	Indicates that the header domain is present at the end of the chunked transfer code	Trailer:max-forwards
Transfer-encoding	File transfer encoding	Transfer-encoding:chunked
Vary	Tells the downstream agent whether to use the cache response or request from the original server	Vary: *
Via	Tells the proxy client where the response was sent by	via:1.0 Fred, 1.1 nowhere.com (apache/1.1)
Warning	Warning about possible issues with the entity	warning:199 Miscellaneous Warning
Www-authenticate	Indicates the authorization scheme that the client request entity should use	Www-authenticate:basic

3, HTTP is a stateless (stateless) protocol. The HTTP protocol itself does not save the communication state between the request and the response. That is, at the HTTP level, the protocol does not persist for sent requests or responses. Role: This is to better handle a large number of transactions and ensure the scalability of the Protocol. Cons: Users log on to a shopping site, and other pages that jump to the station also need to be able to remain logged on, but HTTP cannot be implemented. Workaround: Cookie Technology 4, http/1.1 available methods (1) Get method: Gets the resource get method used to request access to a resource that has been identified by the URI. The specified resource returns the response content after the server-side resolution.

Take Baidu as an example, visit Baidu when using the Get method request, and return is a page resource

(2) Post method: Transfer entity Body Although the Get method can also transfer the body of the entity, it is generally not transmitted by the GET method.

Using the Post method hides the URL in the form, and the Get method exposes the URL to the user, potentially being hacked by SQL injection, so you need to handle SQL in the background when using GET requests.

　　After some search, I found that the Baidu request is a GET request, so in the online solution, originally, with the POST request message body (Web Form content) and the message header will be transmitted to the server, which will lead to the transfer of large amount of data, and get request only the message header, So a GET request will be faster than post. (Baidu so many gods, small SQL injection, they have a long time to have a response--)   (3) Put method: Transfer file put method used to transfer files.　　Just like the FTP protocol file upload, it requires that the contents of the file be included in the body of the request message, and then saved to the location specified by the request URI.　　However, the http/1.1 put method itself does not have a validation mechanism, anyone can upload files, there are security issues, so the general site does not use this method. In essence, put and post are very similar, are sending data to the server, but there is an important difference between them, put usually specifies the location of the resources, and post is not, post data storage location by the server itself.   (4) Head method: Get the header head method and get method, just do not return the main part of the text. Used to confirm the validity of the URI and the date and time of the resource update.   (5) Delete method: Delete File This method, in contrast to put, deletes the specified resource by the request URI. However, because a Web site without a validation mechanism would not use the Delete method.   (6) Options method: Ask a supported method This method is used to query the method that is supported for the resource specified by the request URI.　　  (7) Trace method: Trace Path The Trace method is a way for the Web server to loop back the previous request communication to the client, confirming a sequence of operations that occurred during the connection. However, this method is prone to cross-site tracking (XST) attacks and is not often used.   (8) Connect method: Require Tunneling Protocol connection Proxy This method requires that a tunnel be established when communicating with a proxy server, and TCP communication is implemented by tunneling protocol.　　The main use of SSL (secure Sockets layer, Secure Sockets layers) and TLS (Transport layer Security, Transport Layer Secure) protocol to encrypt the communication after the network tunnel transmission. With the tunneling protocol, the security and privacy of the VPN will be available.　　   (9) method tables supported by http/1.0 and http/1.1

5, in the initial version of the HTTP protocol, each HTTP communication will be disconnected once the TCP link. This is not a problem for small-volume text transmission at the time, but now each page contains a variety of pictures, videos, etc., while sending a request to access the HTML page resource, will also request the page contains additional resources, if each request has a TCP disconnect, will increase the cost of traffic

The http/1.1 uses the persistent connection method to maintain the TCP connection state. This reduces the additional overhead associated with duplicate build and disconnection of TCP connections and reduces server-side load. 6, Pipeline (pipelining) way: Can do colleagues in parallel to send multiple requests, and do not need one after another to wait for the response. 7, Cookie Application scenario: HTTP stateless protocol, if the server to remember the status of each client will aggravate the CPU and memory consumption. Cookie technology controls the state of the client by writing cookie information in the request and response messages. Cookie principle: (1) Notifies the client to save a cookie according to a header field information in a response message sent from the server, called Set-cookie. When the next client sends a request to the server, the client automatically adds the cookie value to the request message and sends it out. (2) After the server side discovers the cookie sent by the client, it checks the connection request from which client, then compares the records on the server and obtains the previous status information.

HTTP Basics (ii)