Basics
- Provides method for disparate systems to communicate with one another.
- HTTP is connectionless – e.g., it does not hold open a connection between client and server.
- You must specify the type of data being transmitted using a MIME type.
- HTTP is stateless – e.g., it does not remember anything about a request after the request has been concluded.
- Client – The system that initiates the request.
- A request consists of:
- Request Method
- Uniform Resource Identifier (URI) – The location of the desired resource.
- Protocol Version – e.g., HTTP 1.0, 1.1, or 2.0.
- Message
- Server – the system that responds to a request.
- Time must always be presented in Greenwich Mean Time (GMT).
- Content Encoding
HTTP Messages
- Format: HTTP-message: <Request> | <Response> ; HTTP/1.1 messages
- Parts of an HTTP Message:
- Message Start-Line: Request-Line | Status-Line
- Example Request Line: GET /name.htm HTTP/1.1
- Example Status Line: HTTP 1.1 200 OK
- Header Fields:
- General-header – Applicable to both request and response messages.
- Cache-Control: cache-request-directive|cache-response-directive
- From Client to Server:
- no-cache – Cannot reuse this response for subsequent request response w/out validation w/origin server.
- no-store – Don’t keep anything about this request/response.
- max-age = seconds – How old the response can be.
- max-stale [= seconds] – Will receive expired response, if seconds are specified cannot be expired by greater than that time.
- min-fresh = seconds
- no-transform – Don’t convert entity body.
- only-if-cached – Only retrieve from cache.
- From Server to Client:
- public – May be cached by any cache
- private – Not to be cached by shared cache
- no-cache – See above
- no-store – See above
- no-transform – See above
- must-revalidate – Verify status of documents, do not use if expired
- proxy-revalidate
- max-age = seconds – See above
- s-maxage = seconds – Can override some other max ages
- Connection
- Date
- Pragma – Rarely used
- Trailer
- Transfer-Encoding
- Upgrade – If the server supports another protocol, this lists the protocols the client can support
- Via – How the message came to the destination server
- Warning
- Cache-Control: cache-request-directive|cache-response-directive
- Client Request-header
- Accept: type/subtype [q=qvalue] – The type of the response that can be set, the qvalue determines what the preferred response types are.
- Accept-Charset
- Accept-Encoding: encoding-types
- Accept-Language
- Authorization : credentials
- BASIC: Authorization: BASIC username:password (the username:password has been encoded in base-64)
- Cookie: name=value
- Expect
- From – An email address of the requestor
- Host: nameofhost
- If-Match
- If-Modified-Since
- If-None-Match
- If-Range
- If-Unmodified-Since
- Max-Forwards
- Server Response-header
- Entity-header – Meta info. about entity-body or about resource requested.
- Format: field-name : [ field-value ]
- General-header – Applicable to both request and response messages.
- Message Body:
- Message Start-Line: Request-Line | Status-Line
HTTP Requests
Component parts are:
- Request-line: Method SP Request-URI SP HTTP-Version CRLF
- Method – What method is to be executed against the URI.
- Options: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE
- Request-URI – The resource the method is operating on.
- Common Options:
- * – When the request applies to the server and not a specific URI.
- absoluteURI – An absolute location.
- Example: GET http://www.myloc.com/loc/loc1.htm HTTP/1.1
- relativeURI – A location relative to a specific server.
- Example: GET/loc/loc1.htm HTTP/1.1Host: www.myloc.com
- Common Options:
- Method – What method is to be executed against the URI.
- Zero or more header lines – Used to pass additional info. about client or request to server.
- Common Options: Accept-Charset, Accept-Encoding, Accept-Language, Authorization, Expect, From, Host, If-Match, If-Modified, If-Modified-Since, If-None-Match, If-Range, If-Unmodified-Since, Max-Forwards, Proxy-Authorization, Range, Referrer, TE, User-Agent
- Empty line with CRLF
- Message Body
HTTP Responses
- Same basic format as HTTP Requests.
- Status-Line: HTTP-Version SP Status-Code SP Reason-Phrase CRLF
- Status-Code: 1xx (Informational), 2xx (Success), 3xx (Redirection), 4xx (Client Error), 5xx Server Error.
- Response-Header fields provide additional info. about server or accessed resource:
- Accept-Ranges, Age, ETag, Location, Proxy-Authenticate, Retry-After, Server, Vary, WWW_Authenticate.
HTTP Methods
- GET – Retrieve data from server at requested URI.
- HEAD – Like get but only returns status line and header.
- POST – Send info. to server.
- PUT – Replace target resource with current content.
- DELETE – Remove target resource.
- CONNECT – Create a tunnel.
- OPTIONS – What options are available (methods, etc.) are available from this server.
- TRACE – Echoes back to the client the message sent by the client to the server.
HTTP Status Codes
- 1xx Information
- 100 Continue – Part of request has been received, continue request.
- 101 Switching Protocols – The server switches the protocol in use.
- 2xx Successful
- 200 OK
- 201 Created
- 202 Accepted – Request has been accepted but has not finished processing.
- 203 Non-Authoritative Info. – Info. in entity header is from third party, not server.
- 204 No Content
- 205 Reset Content – Clear the form used to submit content to allow additional content to be submitted.
- 206 Partial Content – Returns a partial data set corresponding to a specified range size requested.
- 3xx Redirection
- 300 Multiple Choices
- 301 Moved Permanently
- 302 Found – Moved temporarily
- 303 See Other – Page can be found under another URL
- 304 Not Modifier
- 305 Use Proxy – Must be accessed via proxy in location header
- 306 Unused – Not utilized by HTTP
- 307 Temporary Redirect
- 4xx Client Error
- 400 Bad Request
- 401 Unauthorized
- 402 Payment Required
- 403 Forbidden
- 404 Not Found
- 405 Method Not Allowed
- 406 Not Acceptable – Response generated by server is not/would not be acceptable to client
- 407 Proxy Authentication Required
- 408 Request Timeout
- 409 Conflict
- 410 Gone
- 411 Length Required
- 412 Precondition Failed
- 413 Request Entity Too Large
- 414 Request URL Too Long
- 415 Unsupported Media Type
- 416 Requested Range Not Satisfiable
- 417 Expectation Failed
- 5xx Server Error
- 500 Internal Server Error
- 501 Not Implemented
- 502 Bad Gateway – Upstream server sent an invalid response
- 503 Service Unavailable
- 504 Gateway Timeout
- 505 HTTP Version Not Supported
Bibliography / Additional Resources
- TutorialsPoint.