| The title | |
|---|---|
| The same-origin policy | If a protocol, domain name, or port is different, they are different sources. |
| Cross-domain communication | JSONP: Some browsers do not support CORS, so we can only use JSONP for cross-domain, so we request the JS file of the other party, the JS file will execute a callback, which contains our data, the name of the callback is a random number that can be generated randomly, and pass it to the background in the form of callback, and the background will return the function to us and execute it.CORS: The server needs to add oneAccess-Control-Allow-Origin The response header and indicates the domain to which the data can be sharedAccess-Control-Allow-Origin The value of the response header can be set to"*"(asterisk), indicating that data can be shared with any domain |
| The HTTP status code | 200 OK: The client request succeeds.400 Bad Request: The client request has a syntax error and cannot be understood by the server.401 Unauthorized: Unauthorized request, this status code must be used with wwW-Authenticate header field.403 Forbidden: The server received the request but refused to provide service.404 Not Found: The requested resource does not exist. For example, an incorrect URL was entered.500 Internal Server Error: An unexpected error occurred on the server.503 Server Unavailable: The server is unable to process client requests. It may recover after a period of time, for example, HTTP/1.1 200 OK (CRLF). |
| Thoroughly understand HTTP caching mechanisms and principles | Mandatory cache(Cache-control: response headerThe following attributes are available: 1. Private: The client can cache. 2. Max-age = XXX: The cache contents will be invalid in XXX seconds. 3. No-cache: need to use comparison cache to validate cached data)),Compared to the cache(Last-modified: response header/if-modified-since: request header) (Etag: response header/if-none-match: request header(Priority over last-modified/if-modified-since) |
| Two GIFs – Thoroughly understand TCP’s three-way handshake and four-way wave | The purpose of the three-way handshake is to establish a reliable communication channel. The main purpose of the three-way handshake is for both parties to confirm that their sending and receiving functions are normal.First handshake: The customer can’t confirm anything; The server confirms that the sent message is normal.Second handshake: The customer has confirmed that they can send and receive normally, and the other party can send and receive normally. The server confirms that the receiver can receive the message correctly and the receiver can send the message correctly.Third handshake: The customer has confirmed that they can send and receive normally, and the other party can send and receive normally. The server confirms that the sending and receiving function is normal, and the receiving function is normal.Therefore, three handshakes can confirm that the dual sending and receiving functions are normal |
| What is TCP four waves | In network data transmission, the transport layer protocol disconnection process is called the quadruple wave. 1. After the client finishes the conversation with the server, the client will say to the server: I want to close the connection.First wave). 2. The server receives the client’s message and says: Ok, you have to close the connection. (Second wave). 3. The server then determines that it has nothing more to say to the client, and says to the client, I want to close the connection. (Wave for the third time). 4, after receiving the message from the server to close the connection, the client says: we have received the message from you to close the connection. (Fourth wave) before closing |
| What is the Http protocol? | Http protocol is a standard for the reliable transmission of hypertext data, such as text, image, audio, and video, between the client and server. The format is called hypertext Transfer Protocol for short. |
| Difference between HTTP and HTTPS | 1HTTPS has a CA certificate, but HTTP does not.2HTTP is a hypertext transfer protocol, and information is transmitted in plain text. HTTPS is a secure SSL encrypted transport protocol.3, HTTP port 80 by default, HTTPS port 443 by default. |
| What are TCP/IP and UDP | 1. TCP communication is similar to making a phone call. After the call is answered and the identity is confirmed, the traffic starts. 2. UDP communication is similar to school broadcasting, relying on broadcasting to communicate directly (UDP is used in some cases with high real-time requirements, such as games, media communication and live broadcasting, even if transmission errors can be tolerated; In most other cases, HTTP uses TCP because it requires that the content transmitted be reliable and not lost) |
| What are the HTTP request methods? | GET: Requests a representation of a specified resource. Requests using GET should only be used to GET data.HEAD: Requests a response identical to the response of the GET request, but without the response body.POST: commits the entity to the specified resource.PUT: Requests the payload to replace all current representations of the target resourceDELETE: Deletes the specified resource.OPTIONS: Communication options used to describe the target resource.PATCH: Applies partial modifications to resources.CONNECT: Establishes a tunnel to the server identified by the target resource.TRACE: Performs a message loopback test along the path to the target resource. |
| Why three handshakes? | 1Verify that the server and client comply with the TCP/IP protocol.2. An error occurs in case an invalid connection request segment is suddenly sent to the server. |
| Why is HTTP implemented based on TCP? | TCP is a reliable end-to-end connection protocol. HTTP is based on transport layer TCP and does not have to worry about various problems of data transmission (when errors occur, it will be retransmitted). |
| How much do you know about Http 2.0 | 1.Binary framing(It is encapsulated in binary format encoding).2.The first compression(Set up a special head compression design HPACK algorithm.) .3.Flow controlSome flow control that sets how many bytes of a data stream are received.4.multiplexing(Requests and responses can be sent simultaneously over a shared TCP connection).5.Request priority(Performance can be further optimized by optimizing the interlacing and transmission order of these frames).6.Server pushThe server can send multiple responses to a client request. The server pushes resources to the client without explicit request from the client. (Major update)) |
| What are the HTTP response packets? | 1. The HTTP response is the data returned to us by the server, which must have the request body first and then the response message. 2. The response packet consists of three partsStatus line, response head field, response content entity implementation |
| The difference between GET and POST methods | A difference:Get obtains resources from the server, and POST sends data to the server.Difference between 2:The amount of data transmitted by Get is small, because it is limited by URL length, but the efficiency is high. Post transfers a large amount of data. Therefore, you can upload files only in Post mode.The difference between three:Get is not secure, because get requests to send data on the URL, is visible, may reveal private information, such as passwords, etc. Post is placed at the head of the request and is safe |
| What do cookies and sessions do for HTTP? | HTTP protocol itself is unable to determine user identity. So you need a cookie or a session |
| Cookies are different from sessions | 1Cookie data is stored on the client, which has poor security. Session data is stored on the server, which has higher security.2. The data saved by a single cookie cannot exceed 4K. If a session does not have this limited information, it uses its own private key for decryption. Asymmetric encryption can ensure security because it does not need to send the private key for decryption. But it’s very slow compared to symmetric encryption |
| The viewer enters an address. What happens in the middle of the presentation? | 1, visitor input URL. Verify that the URL address is valid2Check whether there is a cache (tourist cache – system cache – router cache). If yes, display it directly. If not, skip to step 3.3Before sending an HTTP request, domain name resolution (DNS resolution) is required to obtain the corresponding IP address.4, the browser to the server to initiate A TCP link, and the browser RESUME TCP three handshake5After the handshake is successful, the browser sends HTTP requests to the server, requesting data packets6The server receives the processing request and returns the data to the viewer7The browser received an HTTP response.8And the viewer parses the response. If the response can be cached, it is cached9The browser sends requests for resources embedded in HTML (HTML, CSS, JavaScript, images, music, etc.). For unknown types, a dialog box will pop up10, the viewer sends asynchronous requests11Page rendering is complete |
| List the three header fields that disable browser caching and write down the corresponding values | 1.Cache-Control : no-cache 2. Pragma : no-cache 3.Expires: Thu, 01 Dec 1994 16:00:00 GMT (Very special, conversion to a specific date format is acceptable) |
| HTTPS access process | 1. Customer usehttpstheURLTo access the Web server, ask withWebServer establishmentSSLThe connection.2.WebUpon receiving the request, the server sends a copy of the certificate information (including the public key) of the web site to the client.3. The browser of the client starts to negotiate with the Web serverThe SSL connectionSecurity level, that is, the level of information encryption.4. The browser on the client establishes the session key according to the security level agreed by both parties, and then encrypts the session key using the public key of the website and transmits it to the website.5.The Web serverDecrypt the session key using its own private key.6.The Web serverUse the session key to encrypt the communication with the client. |
| Pros and cons of HTTPS? | 1. The advantages:< 1 >. Correctly send data to the client,< 2 >.Safer,< 3 >. Increase the cost of man-in-the-middle attacks,< 4 >. Higher search rankings2. The shortcomings:< 1 >Page rendering takes more time;< 2 >. Cost increase;< 3 >HTTPS connection caching is not as efficient as HTTP;< 4 >SSL certificates usually need to be bound to IP addresses.< 5 >.Have limitations |
| What is a DDOS attack | A large number of simultaneous service requests are made to the target system. |
| DDOS Attack Mode | 1Jamming or even blocking normal network communication by overloading the network;2Overload the server by flooding it with requests;3. Block a user from accessing the server.4. Blocks communication between a service and a specific system or individual. |
| How do I deal with DDOS attacks | 1.Blacklist.2.DDOS cleaning: Monitors user request data in real time, detects abnormal traffic such as DOS attacks, and cleans the abnormal traffic without affecting normal services.3The CDN to accelerate.4High defense server: the high defense server mainly refers to the server that can independently defend against more than 50Gbps, can help websites with denial of service attacks, and regularly scan the main nodes of the network |
Reference article:
13 HTTP interview questions. Can you handle them
TCP, UDP, Socket, HTTP network programming interview questions (summary most comprehensive interview questions!!)
Save your Interview: HTTP Interview Questions