Hypertext Transfer Protocol (HTTP)

Tutorialspoint HTTP Tutorial

The foundation for data communication on the web. The current protocol (HTTP/1.1) differs from HTTP/1.0 in that it allows for one or more request/response exchanges per connection.

Basic Features

  • HTTP is connectionless: HTTP client initiates a request and then disconnects from the server and awaits a response. The server processes the request and re-establishes the connection to the client to send a response.
  • HTTP is media independent: Any data type can be sent through HTTP as long as both the client and the server know how to handle it and both specify the content type using the appropriate MIME-type.
  • HTTP is stateless: HTTP is connectionless because it is stateless. Client and server are only aware of each other during a current request. As a result, neither can retain information between different requests across web pages.

Client

To send a request to a server it needs:

  • Request method
  • URI
  • Protocol version
  • A MIME-like message containing:
    • Request modifiers
    • Client information
    • Body content (optionally)

Server

The server responds with:

  • A status line including:
    • Protocol version
    • Status code
  • MIME-like message with:
    • Server information
    • Entity meta information
    • Entity-body content (optionally)

Parameters

Uniform Resource Identifiers (URI)

A simply formatted, case-insensitive string for identifying a resource. The general syntax is:

"http:" "//" host [ ":" port ] [ abs_path [ "?" query ]]

Port 80 is the default. Characters that are not reserved or unsafe are equivalent to their ""%" HEX HEX" encoding.

Messages

Once a connection is established, messages formatted similarly to that used by email and MIME (Multipurpose Internet Mail Extensions). It has the following:

Start-line

Client request-line Ex: GET /users/1 HTTP/1.1

Server status-line Ex: HTTP/1.1 200 OK

Headers

Provide required information about the request or response, or the object sent in the body. The four types of headers:

  • General-header: general applicability for requests and responses
  • Request-header
  • Response-header
  • Entity-header: meta information about the entity-body or the resource identified by the request

Ex headers:

User-Agent: curl/7.16.3 libcurl/7.16.3 OpenSSL/0.9.7l zlib/1.2.3
Host: www.example.com
Accept-Language: en, mi
Date: Mon, 27 Jul 2009 12:28:53 GMT
Server: Apache
Last-Modified: Wed, 22 Jul 2009 19:15:56 GMT
ETag: "34aa387-d-1568eb00"
Accept-Ranges: bytes
Content-Length: 51
Vary: Accept-Encoding
Content-Type: text/plain

Useful headers:

  • General Headers:
    • Cache-Control: specify parameters for the cache or request certain kinds of documents for the cache.
    • Connection: specify whether connection is persistent--keep-alive--which is the default in HTTP/1.1, or close.
    • Date: timestamps must be represented in GMT.
  • Request Headers:
    • Accept: indicates media type
    • Accept-Charset: indicates character set
    • Accept-Encoding: indicates content that has been encoded before being sent (most likely compressed with something like gzip)
    • Accept-Language: specifies natural languages
    • Authorization: Contains credentials for authentication
    • Cookie: Contains key/value pair of information store for that particular URL. Use semicolons to separate multiple cookies.
    • Host: Specifies the internet host and port number from where the resource is being requested.
    • If-Match, If-Modified-Since, If-None-Match, If-Range, If-Unmodified-Since: Specifies cases when server should or should not complete request (for caching purposes).
    • Referrer: Specifies the URI of the resource from which the URL has been requested.
    • User-Agent: Contains information about the user agent (eg. Chrome, Safari, curl, etc.) making the request.
  • Response Headers:
    • Age: time estimate since response was generated by server. Required if including a cache.
    • ETag: Current value of entity tag for requested variant.
    • Location: used to redirect recipient to a location other than the Request-URI for completion.
    • Retry-After: if status code 503 (Service Unavailable), indicates how long/until when service is expected to be unavailable.
    • Server: Contains information about server software
    • Set-Cookie: key/value pair to be set in browser's cookies.
    • Vary: specifies that entity has multiple sources and may vary according to the specified list of headers.
    • WWW-Authenticate: if status code 401 (Unauthorized), indicates authentication scheme and parameters.
  • Entity Headers:
    • Allow: lists set of http methods that are supported.
    • Content-Encoding
    • Content-Language
    • Content-Type
    • Expires: specifies the date/time after which the response is considered stale.
    • Last-Modified: indicates the data/time when the variant was last modified.

Message Body

If present, message body carries entity-body. Content-Type andContent-Length headers specify nature of body.

Requests

Requests have a request-line, zero or more headers followed by CRLF, an empty line indicating the end of the headers, and a optional message-body.

Methods:

  • GET: Used to retrieve information from server. Should not affect data.
  • HEAD: Only transfers status line and header section.
  • POST: Sends data to server using HTML forms.
  • PUT: Replaces all current representations of the target resource with the uploaded content.
  • DELETE: Removes target resource.
  • CONNECT: Established a tunnel to the server.
  • OPTIONS: Describe the communication options.
  • TRACE: Performs a message loop back test.

Responses

Responses have status-line, zero or more headers followed by CRLF, an empty line indicating end of headers, and an optional message-body.

Status Codes:

Status codes are 3 digit integers where the first digit defines the class of response and the last two digits not not have a categorization role.

  • 1xx: Informational - request was received and the process is continuing
  • 2xx: Success - action was successfully received, understood, and accepted
  • 3xx: Redirection - further action must be taken in order to complete the request
  • 4xx: Client Error - request contains incorrect syntax or cannot be fulfilled
  • 5xx: Server Error - server failed to fulfill an apparently valid request

Caching

For eliminating the need to send requests and full responses (ie optimizing performance). The server uses ETag headers to communicate a validation token, which enables efficient resource update checks to prevent data from being transferred if it hasn't changed. Use Cache-Control header to set directives to override default caching algorithms.

Cache Steps:

  1. A request is performed
  2. Browser checks local cache for previous responses and see's if it's expired. Will reuse response if it's fresh and won't contact the server.
  3. If no fresh copy is present on the browser, will send ETag validation token to server. Use If-Modified-Since and/or If-None-Match headers to run check. If validation token is same for resource (meaning it's hasn't been updated), 304 Not Modified response code will be sent and no data will be transferred.
  4. If validation token is different, server will send updated data.

Directives:

  • Client directives:
    • no-cache: server must always be contacted to satisfy request.
    • no-store: cache stores nothing about request or response.
    • max-age: (in seconds) indicates amount of time a response stays fresh for.
    • max-stale: (seconds optional) indicates client is willing to accept response that has exceeded its expiration time. If seconds given, it must not exceed that amount of time.
    • min-fresh: (in seconds) indicates client is willing to accept response whose freshness lifetime is not less than current age plus specified time.
    • no-transform: does not convert entity-body.
    • only-if-cached: does not retrieve new data. Will not contact server if newer copy exists.
  • Server directives:
    • public: response may be cached by any cache.
    • private: all or part of the response is intended for a single user and must not be cached by a shared cache.
    • no-cache
    • no-store
    • no-transform
    • must-revalidate: cache must verify the status of stale documents and expired ones should not be used.
    • proxy-revalidate: same as must-revalidate, but does not apply to non-shared user agent caches.
    • max-age
    • s-maxage: (in seconds) overrides max-age and Expires header. Directive ignored by a private cache.

HTTP/2

HTTP/2 maintains a high level of compatibility with HTTP/1.1 syntax. It mostly changes how the data is transported and adds some new features in order to increase speed. Header compression, prioritization of requests, and multiplexing of requests and responses are some of the performance improvements that were added. HTTP/2 also allows servers to send data for more queries than the client requested. This can be used in cases when a browser would normally have to process an initial response to determine what else it needs to render a page.

results matching ""

    No results matching ""