HTTPHypertext Transfer Protocol

Tricode Professional Services

www.tricode.nl

25-06-2010

Marcel Blok

Index

Introduction

Message format

Methods

Status codes

Headers

General headers

Request headers

Response headers

Entity headers

Entities

Chunked transfer

Introduction

The Hypertext Transfer Protocol (HTTP) began as an extremely basic protocol.

It was designed to do just one thing: allow a client to send a simple request for a hypertext file and receive it back from the server.

Modern HTTP remains at its heart a straight-forward request/reply protocol, but now includes many new features and capabilities to support the growing size of the World Wide Web.

Basic communication consists of a request message sent by a client to a server, which returns a response back to the client.

Since HTTP/1.1 we have persistent connections.Multiple requests to the same server use the same TCP connection.

Message format

All HTTP messages are created to fit a message structure that is called the generic message format.

Generic message layout:

<start-line><message-headers><empty-line>[ <message-body> ][ <message-trailers> ]

HTTP Request message layout:

<start-line><general-headers><request-headers>[ <entity-headers> ]<empty-line>[ <message-body> ][ <message-trailers> ]

GET /index.html HTTP/1.1Date: Wed, 23 Jun 2010 13:27:42 CETConnection: closeHost: www.somesite.comFrom: me@anothersite.comAccept: text/html, text/plainUser-Agent: Mozilla/4.0 (Windows 98; U)

(empty body)

general headers

request headers

start line

General headers refer to the message itself and are used to control the processing or provide extra info.

Request headers convey more details about the request and provide info about how the request is handled.

Entity headers describe the entity contained in the message body.

HTTP Response message layout:

<start-line><general-headers><response-headers>[ <entity-headers> ]<empty-line>[ <message-body> ][ <message-trailers> ]

HTTP/1.1 200 OKDate: Wed, 23 Jun 2010 13:27:43 CETConnection: closeServer: Apache/1.3.27Accept-Ranges: bytesContent-Type: text/htmlContent-Length: 170Last-Modified: Mon, 17 May 2004 12:11:11

<html><head><title>Test</title></head><body><p>test</p></body></html>

general headers

response headers

start line

body

entityheaders

Methods

All client/server protocols provide a way for the client to prompt the server to take action,generally by having the client give the server a series of commands.

HTTP does not have commands but rather a fixed set of methods that can be applied to any thinkable resource.

GET, POST, PUT, DELETE

TRACE, HEAD, OPTIONS

PUT is placing or replacing a resource at a given location.

PUT is idempotent: it has no side effects. You may repeat it and the result is the same.

POST is merely sending data to a resource location. It can be handled by the server in anyway it wants. It may store the data privately. It may store it at the current location. It may update many resources. It may self destruct.

Status codes

Each HTTP response includes both a numeric status code and a text reason phrase, both of which indicate the disposition of the corresponding client request.

1xx Informational message2xx Success3xx Redirection4xx Client error5xx Server error

Headers

The limited amount of methods may give the impression that HTTP is quite limited. But much of the functionality is implemented by the message headers.

General headers

Cache-Control, Connection, Date, Pragma, Transfer-Encoding, Upgrade, Via and Warning aresome of the HTTP general headers.

Example

Cache-Control: no-storeTransfer-Encoding: chunkedUpgrade: IRC/6.9Via: 1.0 myproxy, 1.1 where.com

Request headers

Accept, Accept-Charset, Accept-Encoding, Accept-Language, Authorization, Expect, From,Host, If-Match, If-Modified-Since, If-None-Match, If-Range, If-Unmodified-Since, Max-Forwards,Referer, User-Agent

are some of the HTTP request headers.

Example

Accept: audio/*; q=0.2, audio/basic Accept-Encoding: compress, gzipFrom: me@some.orgHost: www.some.orgReferer: http://www.tst.org/at/1.html User-Agent: Mozilla/4.0

Conditional GET example

GET /someurl HTTP/1.1If-Modified-Since: Wed, 23 Jun 2010 13:27:43 CET

HTTP/1.1 304 NOT MODIFIED

Secure GET example

GET /someurl HTTP/1.1Authorization: GOOG1 GOC7F:Y9ts=

HTTP/1.1 401 UNAUTHORIZEDWWW-Authenticate: GOOG1

Response headers

Accept-Ranges, Age, ETag, Location, Proxy-Authenticate, Retry-After, Server, Vary, WWW-Authenticate are some of the HTTP response headers.

Example

Age: 3356ETag: “1fd32ada-asd-qra8as”Server: CERN/3.0 libwww/2.17WWW-Authenticate: GOOG1

Conditional GET example (2)

GET /someurl HTTP/1.1If-None-Match: “1fd32ada-asd-qra8as”

HTTP/1.1 304 NOT MODIFIED

Conditional PUT example

PUT /someurl HTTP/1.1If-Match: “1fd32ada-asd-qra8as”

HTTP/1.1 412 PRECONDITION FAILED

Entity headers

Entity headers describe the nature of the entity in the message body, including its type, language and encoding, to facilitate the proper processing and/or presentation of the entity by the device receiving it.

Allow, Content-Encoding, Content-Language, Content-Length, Content-Location, Content-MD5, Content-Range, Content-Type, Expires, Last-Modified are some of the HTTP entity headers.

Example

HEAD /someurl HTTP/1.1

HTTP/1.1 200 OKLast-Modified: Wed, 23 Jun 2010 13:27:43 CET

Entities

While HTTP is naturally associated with hypertext, its messages can transport a large variety of different types of files, including images, audio, video and much more.

To indicate the type of entity contained in an HTTP message, its sender must identify its media type and subtype. This is done using the HTTP Content-Type header, which was borrowed from the Multipurpose Internet Mail Extensions (MIME) specification.

Even though HTTP borrows several concepts and header types from MIME, the protocol is not MIME-compliant.

Content encoding tells something about the encoding of the entity.

Transfer-encoding tells something about the entire HTTP message, and may change from hop to hop.

Chunked transfer

Since HTTP/1.1 uses persistent connections that allow multiple requests and responses to be sent over a TCP connection, clients and servers need some way to identify where one message ends and the next begins.

The easiest way is to send the Content-Length header with the message size. But for dynamic content you may not know this in advance. In this case you can use chunked transfer encoding.

chunked message body:

<chunk-1-length><chunk-1-data><chunk-2-length><chunk-2-data>...0<message-trailers>

HTTP/1.1 200 OKDate: Mon, 22 Mar 2004 11:15:03 GMTContent-Type: text/htmlContent-Length: 129Expires: Sat, 27 Mar 2004 21:12:00 GMT

<html><body><p>The file you requested is 3,400 bytes long and was last modified: Sat, 20 Mar 2004 21:12:00 GMT.</p></body></html>

HTTP/1.1 200 OKDate: Mon, 22 Mar 2004 11:15:03 GMTContent-Type: text/htmlTransfer-Encoding: chunkedTrailer: Expires

29<html><body><p>The file you requested is 53,40023bytes long and was last modified: 1dSat, 20 Mar 2004 21:12:00 GMT13.</p></body></html>0Expires: Sat, 27 Mar 2004 21:12:00 GMT

More…?

• Content negotiation

• Cache, cache, cache!• HTTPS

• Cookies

• Same Origin Policy

• Cross-Origin Resource Sharing