SlideShare una empresa de Scribd logo

HTTP request and response

Descargar como PPTX, PDF
S
Sahil Agarwal

HTTP Request and Response Reference : RFC 2616 - "Hypertext Transfer Protocol -- HTTP/1.1"

Tecnología
1 de 19
HTTP Request and Response -Sahil Agarwal
HTTP Generic Message ● All of the communication between devices using the Hypertext Transfer Protocol takes place via HTTP messages. ● There are only two types of HTTP messages : requests and responses. ● HTTP messages are text-based and loosely based on RFC 822 and 2822 message standards, and MIME standards.
HTTP Generic Message Format The HTTP generic message format is as follows: <start-line> <message-headers> <empty-line> [<message-body>] [<message-trailers>]
HTTP Generic Message Format <start-line> The start line is a special text line that conveys the nature of the message. In a request, this line indicates the nature of the request, in the form of a method, as well as specifying a URI to indicate the resource that is the object of the request. Responses use the start line to indicate status information in reply to a request. <message-headers> There are many dozens of message headers defined in HTTP, which are organized into groups by function as we will soon see. Almost all of these are optional; the one exception is the Host header, which must be present in each request in HTTP/1.1. Headers may be sent in any order, and all follow the same header format used in e-mail messages: <header-name>: <header-value>
HTTP Generic Message Format [<message-body>] The message body is optional, because it is only needed for certain types of messages. It may carry a set of information to be communicated between the client and server, such as a detailed error message in a response. More commonly, when present, it carries a file or other resource, which is formally called an entity in the HTTP standard. Entities are most often found in the body of a response message, since most client requests ask for a server to send a file or other resource. However, they can also be found in certain requests.
HTTP Generic Message Format [<message-trailers>] HTTP/1.1 uses persistent connections by default, so messages are sent in a steady stream from client to server and server to client. This requires that some means be used to mark where one message ends and the next begins, which is usually accomplished in one of two ways. ● The first is using a special header that indicates the length of the message so the receiving device knows when the entire message has been received. ● The second is a method called “chunking”, where a message is broken into pieces for transmission and the length of each piece indicated in the message body. When chunking is done, a set of message trailers may follow the body of the message. Trailers are in fact the same as headers except for their position in the file, but may only be used for entity headers.
Request Format HTTP requests use a message format that is based on the generic message format, but specific to the needs of requests. <request-line> <general-headers> <request-headers> <entity-headers> <empty-line> [<message-body>] [<message-trailers>]
Request Format Request Line Format : <METHOD> <request-uri> <HTTP-VERSION> Example - GET /login HTTP/1.1 ● Method - The type of action that the client wants the server to take. ● Request URI - Uniform Resource Identifier ● HTTP Version - Tells the server what version of HTTP is the client using. Headers : ● General Headers ○ These refer mainly to the message itself, instead of it’s contents. ○ They are used to control its processing or provide the recipient with extra information. ● Request Headers ○ Contain information about the nature of the client’s request. They give client more control over how the request is to be handled. ○ Format, encodings etc. ● Entity Headers ○ They describe the entity contained in the body of the request, if any.
Response Format HTTP responses use a message format that is based on the generic message format, but specific to the needs of responses. <status-line> <general-headers> <response-headers> <entity-headers> <empty-line> [<message-body>] [<message-trailers>]
Response Format Status Line Format : <HTTP-VERSION> <status-code> <reason-phrase> Example - HTTP/1.0 200 OK ● HTTP Version - Tells the client what version of HTTP is the server using. ● Status Code - ○ A three-digit number that indicates the formal result that the server is communicating to the client. ○ Intended for the client HTTP implementation to process so the Headers : ● General Headers ○ These refer mainly to the message itself, instead of it’s contents. ● Response Headers ○ They provide additional data that expands upon the summary result information in the status line. ○ The server may also return extra result information in the body of the message, especially when an error occurs, ● Entity Headers ○ They describe the entity contained in the body of the response, if any.
What’s in an HTTP Request? Raw Information GET /login HTTP/1.1 Host: 127.0.0.1:5000 Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Encoding: gzip, deflate, sdch Accept-Language: en-US,en;q=0.8
What’s in an HTTP Request? Source IP address, port and proxy ● Source IP address and Source port : In order to send the appropriate response back to your computer, the web server necessarily knows your computer's IP address and source port. ● Via and X-Forwarded-For: If the HTTP request includes the header "Via", or "X-Forwarded-For", then that's a strong indication that there is at least one proxy server somewhere along the line.
What’s in an HTTP Request? Destination IP address, port, host and protocol ● Destination IP address tells us where the server is located. ● Port tells us which port is being used to contact the server. ● Host - Since many websites can be hosted on a single server, we need this to identify our website. ● Protocol - The HTTP protocol being used. Eg - HTTP/1.1
What’s in an HTTP Request? ● Requested URI - This specifies which document is to be retrieved from the website. ● Request method and content - The type of action that the client wants the server to take. Eg - POST, GET. If POST was submitted as request method, then a form is submitted. The contents of this form would appear here.
What’s in an HTTP Request? User Agent - The User-Agent header describes your web browser. Typically it contains the browser name and version, your Operating System and version , and possibly additional information. Eg - User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36 Accept Headers - These describe what sort of things the web browser can handle, and what it would prefer to be given if there's a choice. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Encoding: gzip, deflate, sdch Accept-Language: en-US,en;q=0.8
What’s in an HTTP Request? Referer: The "referer" header tells the page which document referred the user to it - in essence, if you followed a link to get to this page, it is the URL of the page you came from to get here. Cookie: ● Every time a web server provides you with a response (a page, a graphic, etc), it can send your browser a "cookie". These cookies are small pieces of information which your browser stores, and then sends back to that same web server whenever you subsequently request a document. ● The "contents" of the cookie (the data it contains) can only be made up of whatever information the web server already knew anyway.
What’s in an HTTP Request? Connection control Connection: keep-alive Keep-Alive: not present These headers are used to fine- tune the network traffic between you and the web server. They don't tell us much, except a little about the capabilities of your web browser. Cache control Pragma: not present Cache-Control: not present If-Modified-Since: not present These headers control cacheing of the document. By examining them the we can detect if you used your browser's "refresh" button to force the page to reload. For example, Mozilla (Netscape 6) sets "Cache-Control" to "max-age=0" when you use the "reload" button. MSIE 5.5 sets it to "no-cache" if you do a "hard" reload (while holding down the "control" key).
What’s in an HTTP Request? Authorisation Username: If you have "logged in" to a web site, your username appears here. This only applies to web sites which use proper HTTP authentication - a "login" window pops up and you get three chances to enter your username and password, otherwise you see a page which says "Authentication Required" or similar. It doesn't apply to web sites where the "login" is a separate page. It's also possible to supply the username and password in the URL you tell your browser to visit - for example, http://user:password@www.example.com/. In that case, the username would appear here too.
References ● RFC 2616 - "Hypertext Transfer Protocol -- HTTP/1.1"

Recomendados

HTTP Request and Response Structure
HTTP Request and Response StructureHTTP Request and Response Structure
HTTP Request and Response Structure
BhagyashreeGajera1
 
Http request and http response
Http request and http responseHttp request and http response
Http request and http response
Nuha Noor
 
HyperText Transfer Protocol (HTTP)
HyperText Transfer Protocol (HTTP)HyperText Transfer Protocol (HTTP)
HyperText Transfer Protocol (HTTP)
Gurjot Singh
 
Http Introduction
Http IntroductionHttp Introduction
Http Introduction
Akshay Dhole
 
HTTP Request Header and HTTP Status Code
HTTP Request Header and HTTP Status CodeHTTP Request Header and HTTP Status Code
HTTP Request Header and HTTP Status Code
Abhishek L.R
 
HTTP Basics
HTTP BasicsHTTP Basics
HTTP Basics
sanjoysanyal
 
HTTP & WWW
HTTP & WWWHTTP & WWW
HTTP & WWW
RazanAlsaif
 
Client server model
Client server modelClient server model
Client server model
Gd Goenka University
 

Recomendados

HTTP Request and Response Structure
HTTP Request and Response StructureHTTP Request and Response Structure
HTTP Request and Response Structure
BhagyashreeGajera1
 
Http request and http response
Http request and http responseHttp request and http response
Http request and http response
Nuha Noor
 
HyperText Transfer Protocol (HTTP)
HyperText Transfer Protocol (HTTP)HyperText Transfer Protocol (HTTP)
HyperText Transfer Protocol (HTTP)
Gurjot Singh
 
Http Introduction
Http IntroductionHttp Introduction
Http Introduction
Akshay Dhole
 
HTTP Request Header and HTTP Status Code
HTTP Request Header and HTTP Status CodeHTTP Request Header and HTTP Status Code
HTTP Request Header and HTTP Status Code
Abhishek L.R
 
HTTP Basics
HTTP BasicsHTTP Basics
HTTP Basics
sanjoysanyal
 
HTTP & WWW
HTTP & WWWHTTP & WWW
HTTP & WWW
RazanAlsaif
 
Client server model
Client server modelClient server model
Client server model
Gd Goenka University
 
Servlet life cycle
Servlet life cycleServlet life cycle
Servlet life cycle
Venkateswara Rao N
 
Java Server Pages(jsp)
Java Server Pages(jsp)Java Server Pages(jsp)
Java Server Pages(jsp)
Manisha Keim
 
Http protocol
Http protocolHttp protocol
Http protocol
Arpita Naik
 
Web server
Web serverWeb server
Web server
Nirav Daraniya
 
Bootstrap
BootstrapBootstrap
Bootstrap
Jadson Santos
 
Web Servers (ppt)
Web Servers (ppt)Web Servers (ppt)
Web Servers (ppt)
webhostingguy
 
Hypertext Transfer Protocol
Hypertext Transfer ProtocolHypertext Transfer Protocol
Hypertext Transfer Protocol
Shubham Srivastava
 
What is Server? (Web Server vs Application Server)
What is Server? (Web Server vs Application Server)What is Server? (Web Server vs Application Server)
What is Server? (Web Server vs Application Server)
Amit Nirala
 
REST & RESTful Web Services
REST & RESTful Web ServicesREST & RESTful Web Services
REST & RESTful Web Services
Halil Burak Cetinkaya
 
Introduction to Web Programming - first course
Introduction to Web Programming - first courseIntroduction to Web Programming - first course
Introduction to Web Programming - first course
Vlad Posea
 
Servlet and servlet life cycle
Servlet and servlet life cycleServlet and servlet life cycle
Servlet and servlet life cycle
Dhruvin Nakrani
 
Hypertext Transfer Protocol
Hypertext Transfer ProtocolHypertext Transfer Protocol
Hypertext Transfer Protocol
selvakumar_b1985
 
Php forms
Php formsPhp forms
Php forms
Anne Lee
 
Client Server Architecture ppt
Client Server Architecture pptClient Server Architecture ppt
Client Server Architecture ppt
OECLIB Odisha Electronics Control Library
 
Http
HttpHttp
Http
Luavis Kang
 
Server Side Programming
Server Side ProgrammingServer Side Programming
Server Side Programming
Milan Thapa
 
Web application architecture
Web application architectureWeb application architecture
Web application architecture
Tejaswini Deshpande
 
Electronic mail
Electronic mailElectronic mail
Electronic mail
Diwaker Pant
 
Application layer protocols
Application layer protocolsApplication layer protocols
Application layer protocols
JUW Jinnah University for Women
 
Introduction to php
Introduction to phpIntroduction to php
Introduction to php
Taha Malampatti
 
HTTP
HTTPHTTP
HTTP
Tricode (part of Dept)
 
Hypertex transfer protocol
Hypertex transfer protocolHypertex transfer protocol
Hypertex transfer protocol
wanangwa234
 

Más contenido relacionado

La actualidad más candente

Introduction to Web Programming - first course
Introduction to Web Programming - first courseIntroduction to Web Programming - first course
Introduction to Web Programming - first course
Vlad Posea
 

La actualidad más candente (20)

Servlet life cycle
Servlet life cycleServlet life cycle
Servlet life cycle
 
Java Server Pages(jsp)
Java Server Pages(jsp)Java Server Pages(jsp)
Java Server Pages(jsp)
 
Http protocol
Http protocolHttp protocol
Http protocol
 
Web server
Web serverWeb server
Web server
 
Bootstrap
BootstrapBootstrap
Bootstrap
 
Web Servers (ppt)
Web Servers (ppt)Web Servers (ppt)
Web Servers (ppt)
 
Hypertext Transfer Protocol
Hypertext Transfer ProtocolHypertext Transfer Protocol
Hypertext Transfer Protocol
 
What is Server? (Web Server vs Application Server)
What is Server? (Web Server vs Application Server)What is Server? (Web Server vs Application Server)
What is Server? (Web Server vs Application Server)
 
REST & RESTful Web Services
REST & RESTful Web ServicesREST & RESTful Web Services
REST & RESTful Web Services
 
Introduction to Web Programming - first course
Introduction to Web Programming - first courseIntroduction to Web Programming - first course
Introduction to Web Programming - first course
 
Servlet and servlet life cycle
Servlet and servlet life cycleServlet and servlet life cycle
Servlet and servlet life cycle
 
Hypertext Transfer Protocol
Hypertext Transfer ProtocolHypertext Transfer Protocol
Hypertext Transfer Protocol
 
Php forms
Php formsPhp forms
Php forms
 
Client Server Architecture ppt
Client Server Architecture pptClient Server Architecture ppt
Client Server Architecture ppt
 
Http
HttpHttp
Http
 
Server Side Programming
Server Side ProgrammingServer Side Programming
Server Side Programming
 
Web application architecture
Web application architectureWeb application architecture
Web application architecture
 
Electronic mail
Electronic mailElectronic mail
Electronic mail
 
Application layer protocols
Application layer protocolsApplication layer protocols
Application layer protocols
 
Introduction to php
Introduction to phpIntroduction to php
Introduction to php
 

Similar a HTTP request and response

Hypertex transfer protocol
Hypertex transfer protocolHypertex transfer protocol
Hypertex transfer protocol
wanangwa234
 
Web Technologies Notes - TutorialsDuniya.pdf
Web Technologies Notes - TutorialsDuniya.pdfWeb Technologies Notes - TutorialsDuniya.pdf
Web Technologies Notes - TutorialsDuniya.pdf
Raghunathan52
 
Web Technologies Notes - TutorialsDuniya.pdf
Web Technologies Notes - TutorialsDuniya.pdfWeb Technologies Notes - TutorialsDuniya.pdf
Web Technologies Notes - TutorialsDuniya.pdf
Raghunathan52
 
internet programming and java notes 5th sem mca
internet programming and java notes 5th sem mcainternet programming and java notes 5th sem mca
internet programming and java notes 5th sem mca
Renu Thakur
 
computer network introduction. psc notes . Assisant professor in cse.
computer network introduction. psc notes . Assisant professor in cse.computer network introduction. psc notes . Assisant professor in cse.
computer network introduction. psc notes . Assisant professor in cse.
bushraphd2022
 

Similar a HTTP request and response (20)

HTTP
HTTPHTTP
HTTP
 
Hypertex transfer protocol
Hypertex transfer protocolHypertex transfer protocol
Hypertex transfer protocol
 
HTTPProtocol HTTPProtocol.pptHTTPProtocol.ppt
HTTPProtocol HTTPProtocol.pptHTTPProtocol.pptHTTPProtocol HTTPProtocol.pptHTTPProtocol.ppt
HTTPProtocol HTTPProtocol.pptHTTPProtocol.ppt
 
KMUTNB - Internet Programming 2/7
KMUTNB - Internet Programming 2/7KMUTNB - Internet Programming 2/7
KMUTNB - Internet Programming 2/7
 
Ch2 the application layer protocols_http_3
Ch2 the application layer protocols_http_3Ch2 the application layer protocols_http_3
Ch2 the application layer protocols_http_3
 
Http_Protocol.pptx
Http_Protocol.pptxHttp_Protocol.pptx
Http_Protocol.pptx
 
Http
HttpHttp
Http
 
Web Technologies Notes - TutorialsDuniya.pdf
Web Technologies Notes - TutorialsDuniya.pdfWeb Technologies Notes - TutorialsDuniya.pdf
Web Technologies Notes - TutorialsDuniya.pdf
 
Web Technologies Notes - TutorialsDuniya.pdf
Web Technologies Notes - TutorialsDuniya.pdfWeb Technologies Notes - TutorialsDuniya.pdf
Web Technologies Notes - TutorialsDuniya.pdf
 
PHP Training: Module 1
PHP Training: Module 1PHP Training: Module 1
PHP Training: Module 1
 
Webbasics
WebbasicsWebbasics
Webbasics
 
Www and http
Www and httpWww and http
Www and http
 
internet programming and java notes 5th sem mca
internet programming and java notes 5th sem mcainternet programming and java notes 5th sem mca
internet programming and java notes 5th sem mca
 
www and http services
www and http serviceswww and http services
www and http services
 
Application layer
Application layerApplication layer
Application layer
 
HTTP
HTTPHTTP
HTTP
 
Starting With Php
Starting With PhpStarting With Php
Starting With Php
 
Www and http
Www and httpWww and http
Www and http
 
computer network introduction. psc notes . Assisant professor in cse.
computer network introduction. psc notes . Assisant professor in cse.computer network introduction. psc notes . Assisant professor in cse.
computer network introduction. psc notes . Assisant professor in cse.
 
Restful web services
Restful web servicesRestful web services
Restful web services
 

Último

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 

Último (20)

Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 

HTTP request and response

  • 2. HTTP Generic Message ● All of the communication between devices using the Hypertext Transfer Protocol takes place via HTTP messages. ● There are only two types of HTTP messages : requests and responses. ● HTTP messages are text-based and loosely based on RFC 822 and 2822 message standards, and MIME standards.
  • 3. HTTP Generic Message Format The HTTP generic message format is as follows: <start-line> <message-headers> <empty-line> [<message-body>] [<message-trailers>]
  • 4. HTTP Generic Message Format <start-line> The start line is a special text line that conveys the nature of the message. In a request, this line indicates the nature of the request, in the form of a method, as well as specifying a URI to indicate the resource that is the object of the request. Responses use the start line to indicate status information in reply to a request. <message-headers> There are many dozens of message headers defined in HTTP, which are organized into groups by function as we will soon see. Almost all of these are optional; the one exception is the Host header, which must be present in each request in HTTP/1.1. Headers may be sent in any order, and all follow the same header format used in e-mail messages: <header-name>: <header-value>
  • 5. HTTP Generic Message Format [<message-body>] The message body is optional, because it is only needed for certain types of messages. It may carry a set of information to be communicated between the client and server, such as a detailed error message in a response. More commonly, when present, it carries a file or other resource, which is formally called an entity in the HTTP standard. Entities are most often found in the body of a response message, since most client requests ask for a server to send a file or other resource. However, they can also be found in certain requests.
  • 6. HTTP Generic Message Format [<message-trailers>] HTTP/1.1 uses persistent connections by default, so messages are sent in a steady stream from client to server and server to client. This requires that some means be used to mark where one message ends and the next begins, which is usually accomplished in one of two ways. ● The first is using a special header that indicates the length of the message so the receiving device knows when the entire message has been received. ● The second is a method called “chunking”, where a message is broken into pieces for transmission and the length of each piece indicated in the message body. When chunking is done, a set of message trailers may follow the body of the message. Trailers are in fact the same as headers except for their position in the file, but may only be used for entity headers.
  • 7. Request Format HTTP requests use a message format that is based on the generic message format, but specific to the needs of requests. <request-line> <general-headers> <request-headers> <entity-headers> <empty-line> [<message-body>] [<message-trailers>]
  • 8. Request Format Request Line Format : <METHOD> <request-uri> <HTTP-VERSION> Example - GET /login HTTP/1.1 ● Method - The type of action that the client wants the server to take. ● Request URI - Uniform Resource Identifier ● HTTP Version - Tells the server what version of HTTP is the client using. Headers : ● General Headers ○ These refer mainly to the message itself, instead of it’s contents. ○ They are used to control its processing or provide the recipient with extra information. ● Request Headers ○ Contain information about the nature of the client’s request. They give client more control over how the request is to be handled. ○ Format, encodings etc. ● Entity Headers ○ They describe the entity contained in the body of the request, if any.
  • 9. Response Format HTTP responses use a message format that is based on the generic message format, but specific to the needs of responses. <status-line> <general-headers> <response-headers> <entity-headers> <empty-line> [<message-body>] [<message-trailers>]
  • 10. Response Format Status Line Format : <HTTP-VERSION> <status-code> <reason-phrase> Example - HTTP/1.0 200 OK ● HTTP Version - Tells the client what version of HTTP is the server using. ● Status Code - ○ A three-digit number that indicates the formal result that the server is communicating to the client. ○ Intended for the client HTTP implementation to process so the Headers : ● General Headers ○ These refer mainly to the message itself, instead of it’s contents. ● Response Headers ○ They provide additional data that expands upon the summary result information in the status line. ○ The server may also return extra result information in the body of the message, especially when an error occurs, ● Entity Headers ○ They describe the entity contained in the body of the response, if any.
  • 11. What’s in an HTTP Request? Raw Information GET /login HTTP/1.1 Host: 127.0.0.1:5000 Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Encoding: gzip, deflate, sdch Accept-Language: en-US,en;q=0.8
  • 12. What’s in an HTTP Request? Source IP address, port and proxy ● Source IP address and Source port : In order to send the appropriate response back to your computer, the web server necessarily knows your computer's IP address and source port. ● Via and X-Forwarded-For: If the HTTP request includes the header "Via", or "X-Forwarded-For", then that's a strong indication that there is at least one proxy server somewhere along the line.
  • 13. What’s in an HTTP Request? Destination IP address, port, host and protocol ● Destination IP address tells us where the server is located. ● Port tells us which port is being used to contact the server. ● Host - Since many websites can be hosted on a single server, we need this to identify our website. ● Protocol - The HTTP protocol being used. Eg - HTTP/1.1
  • 14. What’s in an HTTP Request? ● Requested URI - This specifies which document is to be retrieved from the website. ● Request method and content - The type of action that the client wants the server to take. Eg - POST, GET. If POST was submitted as request method, then a form is submitted. The contents of this form would appear here.
  • 15. What’s in an HTTP Request? User Agent - The User-Agent header describes your web browser. Typically it contains the browser name and version, your Operating System and version , and possibly additional information. Eg - User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36 Accept Headers - These describe what sort of things the web browser can handle, and what it would prefer to be given if there's a choice. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Encoding: gzip, deflate, sdch Accept-Language: en-US,en;q=0.8
  • 16. What’s in an HTTP Request? Referer: The "referer" header tells the page which document referred the user to it - in essence, if you followed a link to get to this page, it is the URL of the page you came from to get here. Cookie: ● Every time a web server provides you with a response (a page, a graphic, etc), it can send your browser a "cookie". These cookies are small pieces of information which your browser stores, and then sends back to that same web server whenever you subsequently request a document. ● The "contents" of the cookie (the data it contains) can only be made up of whatever information the web server already knew anyway.
  • 17. What’s in an HTTP Request? Connection control Connection: keep-alive Keep-Alive: not present These headers are used to fine- tune the network traffic between you and the web server. They don't tell us much, except a little about the capabilities of your web browser. Cache control Pragma: not present Cache-Control: not present If-Modified-Since: not present These headers control cacheing of the document. By examining them the we can detect if you used your browser's "refresh" button to force the page to reload. For example, Mozilla (Netscape 6) sets "Cache-Control" to "max-age=0" when you use the "reload" button. MSIE 5.5 sets it to "no-cache" if you do a "hard" reload (while holding down the "control" key).
  • 18. What’s in an HTTP Request? Authorisation Username: If you have "logged in" to a web site, your username appears here. This only applies to web sites which use proper HTTP authentication - a "login" window pops up and you get three chances to enter your username and password, otherwise you see a page which says "Authentication Required" or similar. It doesn't apply to web sites where the "login" is a separate page. It's also possible to supply the username and password in the URL you tell your browser to visit - for example, http://user:password@www.example.com/. In that case, the username would appear here too.
  • 19. References ● RFC 2616 - "Hypertext Transfer Protocol -- HTTP/1.1"