This is the second day of my participation in Gwen Challenge
preface
Recently, I learned about HTTP and HTTPS. Because of the content, here is a summary of my frequent mistakes
A, the HTTP
1.1 define
This is how it’s explained in MDN
Hypertext Transfer Protocol (HTTP) is an application-layer protocol for transporting hypermedia documents such as HTML. It is designed for communication between Web browsers and Web servers, but can also be used for other purposes. HTTP follows the classic client-server model, where a client opens a connection to make a request and then waits until it receives a server-side response. HTTP stateless protocol, which means that the server does not retain any data (state) between two requests
1.2 the characteristics of
-
Hypertext Transfer Protocol
-
TCP/ IP-based application layer protocol
-
The default HTTP port number is 80
-
Is a stateless protocol
Note: a stateless means no memory ability to transaction processing, such as add and delete operations, each time the browser requests, return the same response content, each response content are independent, the previous request for less than the last time the content of the request information, this in the data interaction is not allowed in the scene.
Here’s an example:
The login status of the website, adding goods to the shopping cart, modifying user information and other transaction scenarios need to be recorded after one operation, so as to ensure that when the browser refreshes or clicks on other pages, the previous request status will be recorded to ensure the associated interaction between the two pages.
1.3 Request Mode
| way | describe |
|---|---|
| GET | Requests the specified page information and returns the entity body. |
| POST | Submit data to a specified resource for processing requests (such as submitting a form or uploading a file). The data is contained in the request body. POST requests may result in the creation of new resources or the modification of existing resources. |
The difference between:
- Cache —- GET requests can be cached, but POSTS are not
- Visibility —- GET request data is visible to everyone in the URL, while POST request data is not displayed in the URL.
- History —- GET requests remain in browser history, while posts are not
- Browser bookmarks —- GET requests are bookmarks, whereas POST is not
- Data length —- A GET request has a length limit, while a POST request has no length limit
- Security —- GET is less secure than POST
1.4 Differences between HTTP1.0 and HTTP1.1
-
HTTP1.1 saves bandwidth compared to HTTP1.0
-
Cache-handling differences HTTP1.0 uses header if-Modified-since,Expires as a caching criterion. HTTP1.1 introduces more cache control policies such as Entity Tag, if-unmodified-since, if-match, if-none-match, and more alternative cache headers to control cache policies.
-
HTTP1.0 supports transient connections. Each time a browser sends a request, a TCP connection needs to be established and then disconnected until the server completes the request, and the server does not track and record past requests. HTTP1.1 supports long connections, requires new headers to help, and can send multiple HTTP requests and responses within the same TCP connection.
-
HTTP1.0 assumes that each server is bound to a unique IP address, so the URL in the request message does not pass hostname. The HTTP1.1 Request and response messages support the Host header field, and the Request message without the Host header field will report an error :400 Bad Request.
-
Added error notification management
New 24 error status response codes in HTTP1.1.
1.5 Differences between HTTP1.1 and HTTP2.0
-
HTTP1.1 parsing is based on all kinds of text protocol parsing, and HTTP2.0 protocol parsing is binary format, more powerful.
-
HTTP2.0 supports multiplexing: a single connection can process multiple requests concurrently.
Multiple requests can be randomly mixed together on a connection. Each request has a corresponding ID. The server can identify the request based on the request_ID, greatly speeding up the transmission rate.
-
HTTP2.0 supports header compression: HTTP2.0 compresses header data to speed up network transmission.
Headers in HTTP1.1 need to carry a lot of information and are sent repeatedly each time. Http2.0 uses Encode to reduce the size of headers transmitted. The client and server can cache a header filed table respectively, avoiding repeated transmission of the header and reducing the size of the transmission.
-
HTTP2.0 supports server-side push: when parsing a resource in HTML, it returns the required file (CSS, JS, etc.) when it is parsed to the imported file, without making another request.
Second, the HTTPS
2.1 define
HTTPS (secure HTTP) is the encrypted version of HTTP. It typically uses SSL (EN-US) or TLS to encrypt all communication between the client and the server. This secure link allows clients and servers to securely exchange sensitive data, such as online banking or online shopping operations involving money.
2.2 the characteristics of
- Content encryption: the use of mixed encryption technology, the middle can not directly view the plaintext content
- Authentication: Authenticates the client to access its own server through a certificate
- Protect data integrity: Prevent transmitted content from being impersonated or tampered with by middlemen
The difference between HTTP and HTTPS
- HTTP urls start with http://, while HTTPS urls start with https://
- HTTP is not secure and HTTPS is secure
- The standard HTTP port is 80, and the standard HTTPS port is 443
- In the OSI network model, HTTP works at the application layer, while HTTPS’s secure transport mechanism works at the transport layer
- HTTP cannot be encrypted, whereas HTTPS encrypts transmitted data
- HTTP requires no certificate, whereas HTTPS requires an SSL certificate issued by the CA organization Wosign
4. Status code
| classification | Classification description |
|---|---|
| 1 * * | Message, the server receives the request and requires the requester to proceed with the operation |
| 2 * * | Success, the operation is received and processed successfully |
| 3 * * | Redirect, requiring further action to complete the request |
| 4 * * | Client error, request contains syntax error or request cannot be completed |
| 5 * * | Server error. The server encountered an error while processing the request |
1** : indicates the information status code
| Status code | The name of the | describe |
|---|---|---|
| 100 | Continue to | The initial request has been accepted. Please continue sending the rest |
| 101 | Switch protocols | Request this requires the server to switch protocol, the server has determined to switch |
2** : indicates the success status code
| Status code | The name of the | describe |
|---|---|---|
| 200 | successful | The server has successfully processed the request |
| 201 | Has been created | The request succeeds and the server creates a new resource |
| 202 | Have accepted | The server has accepted the request but has not yet processed it |
| 203 | Unauthorized information | The server successfully processed the request, but the information returned may have come from another source |
| 204 | There is no content | The server successfully processed the request, but did not return anything |
| 205 | Reset the content | The user end should reset the document view if the server process is successful |
| 206 | Part of the content | The server successfully processed some of the GET requests |
3** : indicates the redirection status code
| Status code | The name of the | describe |
|---|---|---|
| 300 | A variety of options | The server can perform a variety of actions on a request |
| 301 | A permanent move | The requested page has been permanently redirected to the new URL |
| 302 | Temporary mobile | The server currently responds to requests from web pages in different locations, but requests continue to use the original location for future requests |
| 303 | Look at other locations | The server returns this code when the requester should use a separate GET request for a different location to retrieve the response |
| 304 | unmodified | The requested page has not been modified since the last request |
| 305 | Using the agent | The requester can only access the requested web page using a proxy |
| 307 | Temporary redirection | The server currently responds to requests from web pages in different locations, but the requester should continue to use the original location for future requests |
4** : indicates the client error status code
| Status code | The name of the | describe |
|---|---|---|
| 400 | Bad request | The server does not understand the syntax of the request |
| 401 | unauthorized | The request requires authentication of the user |
| 403 | ban | Server rejects request |
| 404 | Not found | The server could not find the requested page |
| 405 | Method to disable | Disables the method specified in the request |
| 406 | Don’t accept | The requested page cannot be responded to using the requested content feature |
| 407 | Agency authorization is required | The request requires the broker’s authentication |
| 408 | The request timeout | The server timed out while waiting for a request |
| 409 | conflict | A server conflict occurred while completing a request |
| 410 | deleted | The resource requested by the client does not exist |
| 411 | Required effective length | The server will not accept requests that do not contain valid length header fields |
| 412 | Prerequisites are not met | The server did not meet one of the prerequisites that the requester set in the request |
| 413 | Request entity too large | The request was rejected because the request entity was too large for the server to process |
| 414 | The requested URL is too long. Procedure | The requested URL was too long for the server to process |
| 415 | Unsupported format | The server cannot process the media format attached to the request |
| 416 | Range is invalid | The scope requested by the client is invalid |
| 417 | Fall short of expectations | The server could not satisfy the request header field requirement |
5** : indicates the server error status code
| Status code | The name of the | describe |
|---|---|---|
| 500 | Server error | The server had an internal error and could not complete the request |
| 501 | Not yet implemented | The server does not have the capability to complete the request |
| 502 | Bad gateway | An error occurred with the server acting as a gateway or proxy |
| 503 | Service unavailable | The server is currently unavailable |
| 504 | Gateway timeout | The gateway or proxy server did not obtain the request in time |
| 505 | Unsupported version | The server does not support the HTTP protocol version used in the request |