HTTP (HyperText Transfer Protocol)
· See http://www.w3.org/Protocols/rfc2616/rfc2616.html
· Simplest of the request methods
·
Should be
used when simply requesting resources from the server and not making changes
· Does not have a body
· Pre HTTP version 1.1 did not require headers
· HTTP version 1.1 requires the host header
http://einstein.etsu.edu/~roachj/examples/004_formdataget/ |
<!DOCTYPE html> <html> <head> <meta
charset="utf-8" /> title>PHP
04</title> </head> <body> <form action="action.php" method="get"> <p>Your name: <input
type="text" name="name" /></p> <p>Your age: <input
type="text" name="age" /></p> <p> <input
type="submit" /></p> </form> </body> </html> |
http://einstein.etsu.edu/~roachj/examples/004_formdataget/action.php?name=Jeff&age=21 |
GET /~roachj/examples/004_formdataget/action.php?name=Jeff&age=21 HTTP/1.1 Host:
einstein.etsu.edu User-Agent:
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:28.0) Gecko/20100101 Firefox/28.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer:
http://einstein.etsu.edu/~roachj/examples/004_formdataget/ Cookie: __utma=80014147.2017374380.1331909245.1407243143.1407261695.86;
_ga=GA1.2.2017374380.1331909245; __utmc=80014147;
__utmz=80014147.1407243143.85.1.utmcsr=csciwww.etsu.edu|utmccn=(referral)|utmcmd=referral|utmcct=/roachj/;
badprotocol=4; Glink_session=!FM6tyHTiwm3cHBB4lyU++bZwQpIr+JZ/UNRQZ+o7NAI9+KEzrOQE9MQTsco10IfZfsc=;
BANSSO=1WQI5c3m996h4Y320hDqWODj0o72DNUTHQBzTQC38NIjSa4S3QG=;
fos.web.server=goldlink3.etsu.edu Connection:
keep-alive |
·
Should be
used when the intent is to change a resource on the server
· Have a body, a blank line separates the headers from the body
http://einstein.etsu.edu/~roachj/examples/005_formdatapost/ |
<!DOCTYPE html> <html> <head> <meta
charset="utf-8" /> <title>PHP
05</title> </head> <body> <form action="action.php" method="post"> <p>Your name: <input
type="text" name="name" /></p> <p>Your age: <input
type="text" name="age" /></p> <p> <input
type="submit" /></p> </form> </body> </html></html> |
http://einstein.etsu.edu/~roachj/examples/005_formdatapost/action.php |
POST /~roachj/examples/005_formdatapost/action.php HTTP/1.1 Host: einstein.etsu.edu User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:28.0)
Gecko/20100101 Firefox/28.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer:
http://einstein.etsu.edu/~roachj/examples/005_formdatapost/ Cookie: __utma=80014147.2017374380.1331909245.1407243143.1407261695.86;
_ga=GA1.2.2017374380.1331909245; __utmc=80014147;
__utmz=80014147.1407243143.85.1.utmcsr=csciwww.etsu.edu|utmccn=(referral)|utmcmd=referral|utmcct=/roachj/;
badprotocol=4;
Glink_session=!FM6tyHTiwm3cHBB4lyU++bZwQpIr+JZ/UNRQZ+o7NAI9+KEzrOQE9MQTsco10IfZfsc=;
BANSSO=1WQI5c3m996h4Y320hDqWODj0o72DNUTHQBzTQC38NIjSa4S3QG=;
fos.web.server=goldlink3.etsu.edu Connection: keep-alive name=Jeff&age=22 |
HTTP Response Message
HTTP/version-number status-code message Header-Name-1: value Header-Name-2: value [ response body ] |
The first line is the status line
· HTTP version
· 3-digit status code
· Human-readable message of the status code
HTTP/1.1 200 OK Date: Wed, 06 Aug
2014 13:46:59 GMT Server:
Apache/2.2.15 (Red Hat) X-Powered-By:
PHP/5.3.3 Content-Length:
194 Connection: close Content-Type:
text/html; charset=UTF-8 <!DOCTYPE
html> <html> <head> <meta charset="utf-8" /> <title>PHP 05 Form Data
(Post)</title> </head> <body> <p> Hi Jeff. You are 22 years old </p> </body> </html> |
· 1xx – Informational
· 2xx – Successful
· 3xx – Redirection
· 4xx – Client Request Errors
· 5xx – Server Errors
· Impart information about how a request can be processed further
· E.g. ‘100’ is used to tell the client that it may continue with a partially submitted requested.
· Self-explanatory
· E.g. ‘200’ indicates that the request was successfully completed and that the request is being sent back to the client
· Indicates that additional actions are required to satisfy the original request
· Typically this involves a redirection: the client is instructed to redirect the request to another URL
· E.g. ‘301’ tells the client that the resource is moved permanently, 302 tells the client that the resource is moved temporarily
· E.g. if http://einstein.etsu.edu/~roachj/examples/001_helloworld is entered in the browser without the terminating /; the server will then redirect the client to http://einstein.etsu.edu/~roachj/examples/001_helloworld/
· Indicates a problem with the client request, an authorization challenge, or the server’s inability to find the requested resource.
· E.g. 400 Bad Request, 401 Not Authorized, 404 Not Found
· Indicates a server problem
· E.g. 500 Internal Server Error, 501 Not Implemented
· Apply to both request and response messages, but do not describe the body of the message
· Date: - specifies the time and date this message was created
· Connection: - indicates whether or not the client or server that generated the message intends to keep the connection open
· Warning: - stores text for human consumption, something that is useful when tracing a problem
· Allow clients to pass additional information about themselves and about the request
· User-Agent: - identifies the software (e.g. a web browser) responsible for making a request
· Host: - allows a web server to service more than one domain
· Referer: - provides the server with context information about the request. If the request came about because a user clicked on a link found on a web page, this header contains the URL of that referring page. See http://en.wikipedia.org/wiki/HTTP_referer#Origin_of_the_term_referer
· Authorization: - transmitted with requests for resources that are restricted only to authorized users. Browsers will include this header after being notified of an authorization challenge via a response with a 401 status code.
· help the server to pass additional information about the response that cannot be inferred from the status code alone
· Location: - specifies a URL towards which the client should redirect its original request. It always accompanies the 301 and 302 status codes that direct clients to try a new location.
· WWW-Authenticate: - accompanies the 401 status code that indicates an authorization challenge.
· Server: - optional header that identifies the server software
· describe either message bodies or target resources
· Content-Type: - specifies the MIME type of the message body’s content. Content-Length: - provides the length of the message body. Although optional, it is useful for clients such as web browsers that wish to impart information about the progress of a request.
· Last-Modified: - provides the last modification date of the content that is transmitted in the body of the message. It is critical for the proper functioning of caching systems.
· HTTP borrows its content typing system from Multipurpose Internet Mail Extensions (MIME)
· The data type associated with the body of an HTTP message is defined via a two-layer encoding model using the Content-Type and Content-Encoding headers
· In HTTP/1.1, the defined content encoding methods are: gzip, compress, and deflate
o gzip (also x-gzip) – GNU zip
o compress (also x-compress) – UNIX compress program
o deflate – zlib format associated with RFC 1950 and 1951
· Format: <type>/<subtype>
· E.g. Content Type: text/html
· A set of mechanisms allowing responses to be held in some form of temporary storage medium
· It is meant to improve server performance
· HTTP/1.1 provides the Cache-Control header for enforcing caching rules
· HTTP/1.0 is not guaranteed to obey instructions in the Cache-Control header, so the deprecated Pragma header may help this.
· HTTP provides built-in support for basic authorization
· Authorization credentials are transmitted via the Authorization header as a single encoded string. Note: encoded not encrypted
· Therefore, only safe over a secure connection
· Steps in basic authentication:
1. Client requests a restricted resource
2. Server responds with the 401 status code
response
3. Client prompts the user for userid and password
4. The user enters userid
and password
5. Client resubmits the request for the
restricted resource
6. Server verifies the authorization
credentials
7. If authorized, the server serves the content
8. If not authorized, the server either
responds with the 401 response or refuses by sending a ‘403 Forbidden’ response
· The Set-Cookie and Cookie headers are used to enable the maintenance of state between HTTP requests
· Set-Cookie is a response header
· Cookie is a request header
· We’ll go into more detail later in the course