HTTP

Basics

  • Provides method for disparate systems to communicate with one another.
  • HTTP is connectionless – e.g., it does not hold open a connection between client and server.
  • You must specify the type of data being transmitted using a MIME type.
  • HTTP is stateless – e.g., it does not remember anything about a request after the request has been concluded.
  • Client – The system that initiates the request.
  • A request consists of:
    • Request Method
    • Uniform Resource Identifier (URI) – The location of the desired resource.
    • Protocol Version – e.g., HTTP 1.0, 1.1, or 2.0.
    • Message
  • Server – the system that responds to a request.
  • Time must always be presented in Greenwich Mean Time (GMT).
  • Content Encoding

HTTP Messages

  • Format: HTTP-message: <Request> | <Response> ; HTTP/1.1 messages
  • Parts of an HTTP Message:
    • Message Start-Line: Request-Line | Status-Line
      • Example Request Line: GET /name.htm HTTP/1.1
      • Example Status Line: HTTP 1.1 200 OK
    • Header Fields:
      • General-header – Applicable to both request and response messages.
        • Cache-Control: cache-request-directive|cache-response-directive
          • From Client to Server:
          • no-cache – Cannot reuse this response for subsequent request response w/out validation w/origin server.
          • no-store – Don’t keep anything about this request/response.
          • max-age = seconds – How old the response can be.
          • max-stale [= seconds] – Will receive expired response, if seconds are specified cannot be expired by greater than that time.
          • min-fresh = seconds
          • no-transform – Don’t convert entity body.
          • only-if-cached – Only retrieve from cache.
          • From Server to Client:
          • public – May be cached by any cache
          • private – Not to be cached by shared cache
          • no-cache – See above
          • no-store – See above
          • no-transform – See above
          • must-revalidate – Verify status of documents, do not use if expired
          • proxy-revalidate
          • max-age = seconds – See above
          • s-maxage = seconds – Can override some other max ages
        • Connection
        • Date
        • Pragma – Rarely used
        • Trailer
        • Transfer-Encoding
        • Upgrade – If the server supports another protocol, this lists the protocols the client can support
        • Via – How the message came to the destination server
        • Warning
      • Client Request-header
        • Accept: type/subtype [q=qvalue] – The type of the response that can be set, the qvalue determines what the preferred response types are.
        • Accept-Charset
        • Accept-Encoding: encoding-types
        • Accept-Language
        • Authorization : credentials
          • BASIC: Authorization: BASIC username:password (the username:password has been encoded in base-64)
        • Cookie: name=value
        • Expect
        • From – An email address of the requestor
        • Host: nameofhost
        • If-Match
        • If-Modified-Since
        • If-None-Match
        • If-Range
        • If-Unmodified-Since
        • Max-Forwards
      • Server Response-header
      • Entity-header – Meta info. about entity-body or about resource requested.
      • Format: field-name : [ field-value ]
    • Message Body:

HTTP Requests

Component parts are:

  • Request-line: Method SP Request-URI SP HTTP-Version CRLF
    • Method – What method is to be executed against the URI.
      • Options: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE
    • Request-URI – The resource the method is operating on.
      • Common Options:
        • * – When the request applies to the server and not a specific URI.
        • absoluteURI – An absolute location.
          • Example: GET http://www.myloc.com/loc/loc1.htm HTTP/1.1
        • relativeURI – A location relative to a specific server.
          • Example: GET/loc/loc1.htm HTTP/1.1Host: www.myloc.com
  • Zero or more header lines – Used to pass additional info. about client or request to server.
    • Common Options: Accept-Charset, Accept-Encoding, Accept-Language, Authorization, Expect, From, Host, If-Match, If-Modified, If-Modified-Since, If-None-Match, If-Range, If-Unmodified-Since, Max-Forwards, Proxy-Authorization, Range, Referrer, TE, User-Agent
  • Empty line with CRLF
  • Message Body

HTTP Responses

  • Same basic format as HTTP Requests.
  • Status-Line: HTTP-Version SP Status-Code SP Reason-Phrase CRLF
    • Status-Code: 1xx (Informational), 2xx (Success), 3xx (Redirection), 4xx (Client Error), 5xx Server Error.
  • Response-Header fields provide additional info. about server or accessed resource:
    • Accept-Ranges, Age, ETag, Location, Proxy-Authenticate, Retry-After, Server, Vary, WWW_Authenticate.

HTTP Methods

  • GET – Retrieve data from server at requested URI.
  • HEAD – Like get but only returns status line and header.
  • POST – Send info. to server.
  • PUT – Replace target resource with current content.
  • DELETE – Remove target resource.
  • CONNECT – Create a tunnel.
  • OPTIONS – What options are available (methods, etc.) are available from this server.
  • TRACE – Echoes back to the client the message sent by the client to the server.

HTTP Status Codes

  • 1xx Information
    • 100 Continue – Part of request has been received, continue request.
    • 101 Switching Protocols – The server switches the protocol in use.
  • 2xx Successful
    • 200 OK
    • 201 Created
    • 202 Accepted – Request has been accepted but has not finished processing.
    • 203 Non-Authoritative Info. – Info. in entity header is from third party, not server.
    • 204 No Content
    • 205 Reset Content – Clear the form used to submit content to allow additional content to be submitted.
    • 206 Partial Content – Returns a partial data set corresponding to a specified range size requested.
  • 3xx Redirection
    • 300 Multiple Choices
    • 301 Moved Permanently
    • 302 Found – Moved temporarily
    • 303 See Other – Page can be found under another URL
    • 304 Not Modifier
    • 305 Use Proxy – Must be accessed via proxy in location header
    • 306 Unused – Not utilized by HTTP
    • 307 Temporary Redirect
  • 4xx Client Error
    • 400 Bad Request
    • 401 Unauthorized
    • 402 Payment Required
    • 403 Forbidden
    • 404 Not Found
    • 405 Method Not Allowed
    • 406 Not Acceptable – Response generated by server is not/would not be acceptable to client
    • 407 Proxy Authentication Required
    • 408 Request Timeout
    • 409 Conflict
    • 410 Gone
    • 411 Length Required
    • 412 Precondition Failed
    • 413 Request Entity Too Large
    • 414 Request URL Too Long
    • 415 Unsupported Media Type
    • 416 Requested Range Not Satisfiable
    • 417 Expectation Failed
  • 5xx Server Error
    • 500 Internal Server Error
    • 501 Not Implemented
    • 502 Bad Gateway – Upstream server sent an invalid response
    • 503 Service Unavailable
    • 504 Gateway Timeout
    • 505 HTTP Version Not Supported

Bibliography / Additional Resources