The HTTP protocol

What is an agreement?

The agreement is actually a set of norms formulated by some people or a county organization in advance, and we all follow this norm, so that we can achieve barrier-free communication.

An agreement is a set of norms, a set of standards. Assigned by another person or organization.

You can understand what I say, and I can understand what you say, which shows that there is a set of norms and a set of agreements between us, which is the Chinese Mandarin agreement. We all abide by this agreement, so that we can communicate barrier-free.

What is the HTTP protocol?

HTTP protocol: A hypertext transfer protocol developed by the W3C. Communication protocol: template extraction for sending messages is defined.

The W3C:

  • World Wide Web Consortium
  • Responsible for setting standards:HTTP HTML4.0 HTML5 XML DOMAnd other specifications are developed by W3C.
  • Father of the World Wide Web: Tim Berners-Lee

What is hypertext?

  • Hypertext is not normal text, like streaming media: sound, video, pictures, etc.
  • HTPP supports not only ordinary character strings but also streaming media such as sounds, videos, and pictures.

This protocol moves between B and S. B sends data to S using HTTP, and S sends data to B using HTTP, so that B and S can be decouple.

What is uncoupling?

  • B doesn’t depend on S.
  • S does not depend on B.
  • Coupling means that there are dependencies between objects, reducing coupling and extending software functions
  • B/S: A B/S structured system (a system where a browser accesses a WEB server)
  • The browser sends data to the WEB server, called a request.
  • The WEB server sends data to the browser, called a response.

HTTP protocols include:

  • Request protocol: When a browser sends data to a WEB server, the data sent must comply with a set of standards that specify the format of the data sent.
  • Protocol: When a WEB server sends data to a browser, the data must comply with a set of standards that specify the format of the data to be sent.

The HTTP protocol is an extract of a defined message template.

  • It doesn’t matter what brand of browser you are.
  • It doesn’t matter what brand of WEB server you are.
  • FF browser can send requests to Tomcat or to Jetty server, and the browser is independent of the specific server brand.
  • WEB servers are also independent of specific browser brands. It could be FF, it could be Chrome, it could be Internet Explorer, whatever.

The HTTP request protocol consists of the following four parts

  • The request line
  • Request header
  • Blank lines
  • Request body

HTTP request packet: GET request

GET /servlet05/getServlet? Username = lucy&userPwd =1111 HTTP/1.1 Request line Host: localhost:8080 Request header Connection: keep-alive sec-CH-ua: Google Chrome; V = "95", "Chromium"; V = "95", "; Not A Brand "; V = "99" the SEC - ch - ua - mobile:? 0 sec-CH-UA-platform: "Windows" upgrade-insecure -Requests: 1 User-agent: Mozilla/5.0 (Windows NT 10.0; Win64; X64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml; Q = 0.9, image/avif, image/webp image/apng, /; Q = 0.8, application/signed - exchange; v=b3; Q =0.9 sec-fetch -Site: same-origin SEC-fetch -Mode: navigate sec-fetch -User:? 1 Sec-Fetch-Dest: document Referer: http://localhost:8080/servlet05/index.html Accept-Encoding: gzip, deflate, br Accept-Language: zh-CN,zh; Q =0.9 Blank line request bodyCopy the code

HTTP request packet: POST request

POST/Servlet05 /postServlet HTTP/1.1 Request line Host: localhost:8080 Request header Connection: keep-alive Content-Length: 25 Cache-Control: max-age=0 sec-CH-UA: Google Chrome; V = "95", "Chromium"; V = "95", "; Not A Brand "; V = "99" the SEC - ch - ua - mobile:? 0 sec-CH-UA-platform: "Windows" upgrade-insecure -Requests: 1 Origin: http://localhost:8080 content-type: Application/X-www-form-urlencoded User-agent: Mozilla/5.0 (Windows NT 10.0; Win64; X64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml; Q = 0.9, image/avif, image/webp image/apng, /; Q = 0.8, application/signed - exchange; v=b3; Q =0.9 sec-fetch -Site: same-origin SEC-fetch -Mode: navigate sec-fetch -User:? 1 Sec-Fetch-Dest: document Referer: http://localhost:8080/servlet05/index.html Accept-Encoding: gzip, deflate, br Accept-Language: zh-CN,zh; Q =0.9 Blank line username= Lisi&userPwd =123 Request bodyCopy the code

The request line

It consists of three parts:

  • Part I: Request Methods (7)
    • Get (used)
    • Post (commonly used)
    • Delete (common)
    • Put (commonly used)
    • Head (often used)
    • Options (common)
    • Trace (commonly used)
  • Part 2: URI
    • URI: Uniform resource Identifier (URI). Represents the name of a resource on the network. However, resources cannot be located through URIs.
    • What’s the difference between a URI and a URL?
      • URL including the URI
      • http://localhost:8080/servlet05/index.html this is the URL.
      • This is the URI/servlet05 / index. The HTML
  • Part three: HTTP version protocol number

Request header

  • Requested host
  • Host port
  • Browser information
  • Information platform
  • Cookie information
  • .

Blank lines

  • The blank line is used to distinguish the “request header” from the “request body”

Request body

  • Specific data sent to the server

HTTP response protocol (S — > B)

  • The corresponding HTTP protocol includes the following four parts
    • The status line
    • Response headers
    • Blank lines
    • Response body
  • Specific HTTP response packets:
HTTP/1.1 200Ok status line Content-type: text/ HTML; charset=UTF-8Response headers Content - Length:160
Date: Mon, 08 Nov 2021 13:19:32 GMT
Keep-Alive: timeout=20
Connection: keep-alive blank line <! Doctype HTML > Response body < HTML ><head>
        <title>from get servlet</title>
    </head>
    <body>
        <h1>from get servlet</h1>
    </body>
</html>
Copy the code
  • Status line (three parts)
    • Part I: Protocol Version Number (HTTP/1.1)
    • Part two: Status code (the response status number specified in the HTTP protocol. Different response results correspond to different numbers.
      • 200 indicates that the request response is successful.
      • A 404 error is a front end error that indicates that the resource to be accessed does not exist, usually because you have either written the wrong path or the correct path, but the corresponding resource in the server did not start successfully.
      • 450 indicates that the request mode sent by the front-end is inconsistent with the processing method of the back-end request.
        • For example, if the front end is a POST request and the back end is processed according to the GET method, 405 is sent
        • For example, if the front end is a GET request and the back end is a POST request, 405 is sent
      • 500 indicates that the program on the server side is abnormal. It is generally assumed that this is caused by a server-side error.
      • Starts with a 4, usually due to a browser error.
      • Those starting with 5 are usually caused by server-side errors.
    • Part three: Description of the status
      • Ok indicates that the operation succeeds
      • Not found Indicates that the resource cannot be found

HTTP status code HTTP status codewww.runoob.com/http/http-s…

  • Response headers
    • The content type of the response
    • The content length of the response
    • Response time
    • .
  • Blank lines
    • Used to separate response header from response body.
  • Response body
    • The body of the response is the body of the response, which is a long string that is rendered, interpreted, and executed by the browser to display the effect.
  • How do I view the content of the protocol?
    • Use Chrome: F12. Then find the network, through which you can view the specific content of the protocol.

Features of HTTP protocol

  • 1, simple and fast: when customers request service to the server, only need to transmit the request method and path, request method is generally GET and POST, because HTTP protocol is simple, so HTTP server program size is small, communication speed is fast.
  • 2. Flexibility: HTTP protocol runs to transfer any Type of data object, the transmission Type is marked by the Content-Type
  • 3. No connection: The client sends a request to the server. After the server accepts the request, the connection is disconnected. If no, only one request is processed for each connection, which saves transmission time.
    • For example, if you call your friend and ask him to buy you a bottle of water, then hang up the phone.
    • HTTP1.1 version later, support can be continuously connected, in this connection it is possible to establish a TCP connection, after sending a request and get a response, then send the request and get a response, through the establishment of cost allocation and release a TCP connection to multiple requests, for every request, because the TCO caused the relative cost is greatly reduced, It is also possible to pipeline requests, meaning that after request 1 is sent, request 2 can be sent before the response arrives
  • 4, stateless: HTTP protocol is stateless protocol, stateless refers to the transaction processing no memory ability, if you want to deal with the previous information, it must be retransmitted, which will lead to the increase in the amount of data transmitted per connection

What is the difference between a GET request and a POST request?

  • Get request: When sending data, the data is attached to the URI and a “? “is appended to the URI. , “?” And then the data. This will cause the sent data to appear in the browser’s address bar. (GET requests send data on the “request line”)
    • http://localhost:8080/servlet05/getServlet?username=zhangsan&userpwd=1234
  • Post request: When sending data, send it in the request body. The data sent by post is not displayed in the browser address bar. (Post sends data in the “request body”)
  • Get request: only ordinary strings can be sent. And there is a limit to the length of the string to be sent, which varies from browser to browser. There is no clear specification for this.
  • Get request: Cannot send large amount of data.
  • Post request: can send any type of data, including common string, streaming media information, such as video, sound, and picture.
  • Post request: Large amounts of data can be sent, and theoretically there is no length limit.
  • Get requests: The W3C says that GET requests are better suited for retrieving data from the server.
  • Post request: It is stated in the W3C that POST request is suitable for transferring data from the server.

For many people, it is not safe to say that a GET request will display the content in the address bar

GET requests are secure.

Get requests are perfectly safe. Why? Because the GET request is just to get data from the server. There is no threat to the server. Get is security. Don’t use it wrong. It’s not safe for you to get. That’s your problem, not the get request.

Post requests are dangerous.

Why is that? Because a POST request is a submission of data to the server, the server can be dangerous if the data gets into the server through the back door. In addition, post is to submit data, so in general, when intercepting requests, most will choose to intercept (listen for) POST requests.

Pay attention to

I’m talking about security here in relative terms, in fact they’re all insecure, like get requests, which display data on urls, but we don’t have that problem if we use them correctly. Post requests are more dangerous.

Get requests support caching

  • The final “response result” of any GET request is cached by the browser. In the browser cache:
    • Path A of a GET request corresponds to a resource.
    • A GET request path B corresponds to a resource.
    • A get request path C corresponds to a resource.
    • .
  • In fact, whenever you send a GET request, the first thing the browser does is look for it in the local browser cache, and when it can’t find it, it goes to the server to get it. The purpose of this caching mechanism is to improve the user experience.
  • Is there a requirement that we don’t want get requests to go out of the cache? How to avoid caching? I want every get request to go to the server to find the resource, I don’t want to fetch it from the local browser cache
  • As long as the request path is different for each GET request.

  • How to solve it? You can add a “time stamp” to the end of the path that changes from moment to moment, so that each request path is different and the browser does not use the cache.

Post requests do not support caching (POST is used to modify resources on the server side)

  • Post is to send data to the server for storage. Similar to the feel of DB update DELETE and INSERT statements. Update db. The data has to be in the database, so you usually have to go to the server side.
  • After a POST request, the server’s “response result” is not cached by the browser because the cache is meaningless.

How do I choose between GET and POST requests, and when do I use GET and when do I use POST?

  • How do I choose between GET and POST requests? What is the measure? Do you want to GET data from the server or send data to the server? If you want to GET resources from the server, you are advised to use GET request. If you want to submit data to the server, you are advised to use POST request.
  • Most forms are submitted by POST, because a large amount of data needs to be filled in the form, which is to collect user information and generally needs to be sent to the server, and the server will maintain or modify the data.
  • If the form contains sensitive information, you are advised to use the POST request because the GET request will display the sensitive information in the browser address bar. (For example, password information)
  • Do file upload, must be a POST request. The data to be passed is not just plain text.
  • Get requests can be used in all other cases
  • Whether you make a GET request or a POST request, the format of the sent request data is exactly the same, but in different locations:
    • name=value&name=value&name=value&name=value
    • What is name?
      • Take the form form as an example: The name of the input tag in the form form.
    • What is value?
      • Take the form form for example: The value of the input tag in the form form.

conclusion

You might make the subjective mistake of thinking that a GET request is going to display information in the address bar, so it’s not secure, and a POST is secure. I think this is a common mistake, actually this kind of safety is relative.