Large front end Learning notes sorting out the "seven" HTTP protocol and the difference between HTTP and HTTPS

Objective

Or the same old, new blog before the beginning always want to long-winded a few words ... The HTTP protocol actually learned Java when the teacher had mentioned ... But... Anyway, it's gone.

This period of time the company's project just required to do the conversion and migration of HTTPS, and then think about it, as if their own for the HTTP even smattering are not ... Not to mention the difference between HTTP and https ... Think of the future as a big front-end engineer, how not to study these things?

All right, here's the crap. Body Start

What is HTTP?

The following are the most professional explanations from the mother:

Hypertext Transfer Protocol (Http,hypertext Transfer Protocol) is one of the most widely used network protocols in the Internet . All www documents must comply with this standard. HTTP was originally designed to provide a way to publish and receive HTML pages. 1960 American Ted Nelson conceived a way to process text messages through a computer called hypertext (hypertext), which has become the foundation of the HTTP Hypertext Transfer Protocol Standard architecture. The Ted Nelson organization co-ordinated the World Wide Web Consortium and the Internet Engineering Working Group (Internet Engineering Task Force) to work together to Wide, eventually releasing a series of RFC, where the well-known RFC 2616 defines HTTP 1.1.

Features of HTTP

1. Support client/server mode. (c/S mode)

2. Simple and fast: When a customer requests a service from the server, it simply transmits the request method and path. The request method commonly has, POST. Each method specifies a different type of contact between the customer and the server. Because the HTTP protocol is simple, the HTTP server's program size is small, so the communication speed is fast.

3. Flexible: HTTP allows the transfer of any type of data object. The type being transmitted is marked by Content-type.

4. No connection: The meaning of no connection is to limit the processing of only one request per connection. When the server finishes processing the customer's request and receives the customer's answer, the connection is disconnected. In this way, the transmission time can be saved.

5. Stateless: The HTTP protocol is a stateless protocol . Stateless means that the protocol has no memory capacity for transactional processing. A lack of state means that if the previous information is required for subsequent processing, it must be re-routed, which may cause the amount of data to be transferred per connection to increase. On the other hand, it responds faster when the server does not need the previous information

Workflow for HTTP

The first step: Establish a TCP/IP connection, the client and the server through the socket three-time handshake connection

Step Two: The client initiates an HTTP request to the server (for example: post/login.html http/1.1)

The third step: the client sends the request header information, the request content, finally sends a blank line, indicates the client request completes

Fourth step: The server responds, indicating the response to the client request, for example: http/1.1 OK

Fifth step: The server sends the reply header information to the client

Sixth step: After the server sends the request header information to the client, it also sends a blank line, indicating that the reply header information is sent, and then sends the data to the client in the data format required by the Content-type.

The seventh step: the server closes the TCP connection, if the servers or the client connection:keep-alive means that the client and the server continue to save the connection, the next request can continue to use this connection

HTTP request Explanation

With Chrome's developer Tools, the following examples are the request analysis when interacting with the background in a small project that was completed in the previous period

After you press F12 in Google Chrome to activate the developer tool, click the location in the red box to start grabbing the request. Because it is the homepage, there may be a little additional resources, in order to facilitate the subsequent viewing, I filtered out the other content, only the HTTP request with the server.

Then look at this diagram, through the tool, we can clearly see the client request after the issuance of all the information contained in the request, and the service response after the return to the client information

Let's explain the various parameters and what it does.

First, the first piece of general:

Request URL: Is the URL path of the client requesting the server;

Request Method: The requested type. Here to say a few words, the request type divides into 8 kinds: get/post/delete/trace/put/connect/head/option, but actually, we in the development commonly used only get/post, other request type also can through these two kinds of indirect to realize. How to achieve the temporary not related to this article, temporarily do not repeat;

Status code: That is, the server responds to the customer service side of the request, give a Code, indicating the status of the request, according to the literal meaning of understanding is called the status code. Status code too many, feel with this article is not too big connection, here also no longer do too much explanation;

Remote address: What do you think of this? That is the address you requested to send ...

I think that in accordance with the HTTP workflow, we should first explain the next third and fourth, and finally to explain the second block. As for why? Let's keep looking down.

Third BLOCK: request Header

This block contains all the information in the request header when the client sends a request, to see what the specific:

Host: Server hosting address on the service side

Proxy-connection: Actually here should be connetion, because I use Fiddler to do the next agent, so here became proxy-connection. The connection parameter refers to the option to allow a specified connection to be sent. For example, specify that the connection is contiguous, or specify the "close" option to notify the server to close the connection after the response is complete.

Accept: Specify what types of information the client accepts

X-requested-with: Describes how the request is requested, whether it is synchronous or asynchronous, if the parameter is NULL, the description is a traditional synchronous request, and if it is XMLHttpRequest, it is an asynchronous request for Ajax

User-agent: When we go online to the forum, we often see some welcome information, which lists the name and version of your operating system, the name and version of the browser you are using, which often makes a lot of people feel amazing, in fact, The server application obtains this information from the User-agent request header domain. The User-agent request header domain allows the client to tell the server about its operating system, browser, and other properties. However, this header field is not required, and if we write a browser ourselves without using the User-agent request header domain, then the server side will not be able to know our information.

Referer: When the browser sends a request to the Web server, it usually takes Referer to tell the server which page link I took from, and the server base can get some information for processing.

Accept-encoding: used to specify acceptable content encoding

Accept-language: used to specify a natural language, if this is not set in the request message, the server assumes that the client is acceptable for each language.

Block four:Query String Parameters

This piece has nothing to say, because this piece is part of the non-essential, because some requests require the client to carry some parameters to the server to initiate the request, sometimes it is not necessary. The parameters are shown here when carrying the parameters.

We'll come back and look at the third block, the Response Headers response head.

After the HTTP request is sent to the server, the server responds to the request and sends a response message to the client. The response header is included in the response information. Now let's take a look at the parameters:

Date: You don't have to say that anymore, do you? Indicates the time of the response

Content-type: The media type of the entity body sent to the client

Transfer-encoding: Defining the transfer encoding of the request

Connection: Allows either client or server to shut down the underlying connection both sides will require the TCP connection to be closed or maintained after the request is processed.

Vary: tells the downstream agent whether to use the cache response or request from the original server

X-powered-by: Custom Response header

Cache-control: This field specifies the instructions that all caching mechanisms must obey in the entire request/response chain. These directives specify the behavior that is used to prevent the cache from interfering with the request or response negatively. These directives typically override the default cache algorithm. The cache instruction is one-way, that is, the presence of an instruction in the request does not imply that the same instruction will exist in the response.

the difference between HTTP and HTTPS1. What is HTTPS

HTTPS, called the Secure Hypertext Transfer Protocol (hypertext Transfer Protocol Secure), why is a secure Hypertext Transfer protocol? Look at a picture:

In fact, HTTPS is the general TCP protocol layer above the addition of a layer of TLS or SSL protocol. So its port is not a regular HTTP 80 port, it becomes a 443 port

the difference between 2.http and HTTPS

1, the HTTPS protocol requires a certificate to the CA, generally less free certificate, and therefore a certain cost.

2, HTTP is a Hypertext Transfer Protocol, the information is plaintext transmission, HTTPS is a secure SSL encryption Transfer protocol.

3, HTTP and HTTPS use a completely different way of connection, with the same port, the former is 80, the latter is 443.

4, the HTTP connection is very simple, is stateless; The HTTPS protocol is a network protocol built by the SSL+HTTP protocol for encrypted transmission and authentication, which is more secure than the HTTP protocol.

Work flow of 3.https

1. Client initiates HTTPS request

This is nothing to say, is the user in the browser input an HTTPS URL, and then connect to the server port 443.

2, the service side of the configuration

The server with the HTTPS protocol must have a digital certificate, you can make it yourself, or you can apply to the organization, the difference is that the certificate issued by the client needs to be verified by clients to continue to access, and the use of trusted companies to apply for the certificate will not pop up the prompt page (Startssl is a good choice, There are 1 years of free service). This set of certificates is actually a pair of public and private keys, if the public key and the private key is not understood, you can imagine a key and a lock, but the whole world only you have this key, you can give the lock to others, others can use this key to lock up the important things, and then send you, because only you have this key, So only you can see what is locked up by this lock.

3. Transfer Certificate

This certificate is actually the public key, but contains a lot of information, such as the certificate Authority, expiration time and so on.

4. Client Resolution Certificate

This part of the work is done with the client's TLS, first verify that the public key is valid, such as the authority, expiration time, and so on, if an exception is found, a warning box pops up, prompting for a problem with the certificate. If there is no problem with the certificate, then a random value is generated and the random value is encrypted with the certificate, as stated above, locking the random value with a lock so that the locked content is not visible unless the key is there.

5. Transmitting encrypted information

This part transmits the random value that is encrypted with the certificate, the purpose is to let the server to get this random value, the client and the service side of the communication can be encrypted by this random value to decrypt.

6. Service Segment Decryption Information

After the server is decrypted with the private key, the client passes the random value (the private key), and then the content through the value of symmetric encryption, the so-called symmetric encryption is, the information and the private key through some kind of algorithm mixed together, so that unless the private key, otherwise can not get the content, and just the client and the server know this private So as long as the encryption algorithm is sturdy enough, the private key is complex enough to secure the data.

7, the transmission of information after encryption

This part of the information is the service segment with the private key encrypted after the information, can be restored on the client.

8. Client Decryption Information

The client uses the previously generated private key to decrypt the information sent by the service segment, and then obtains the decrypted content, the whole process even if the third party hears the data, also helpless.

Summarize

Think about it as if nothing summed up ... This blog is just to help me to better understand the HTTP and https ... Well... That's it.

End of the flower ~

Large front end Learning notes sorting out the "seven" HTTP protocol and the difference between HTTP and HTTPS