The HTTP protocol

Application layer protocol, networking details are handed over to TCP/UDP

Basic knowledge of

Request/response messages

//request <method><request-URL><version> <headers> <entity-body> //response <version><status><response-phrase> <headers>  <entity-body>Copy the code

Request type

  • Get access to
  • Post new
  • Put Updates resource content
  • Delete delete
  • Options Determines the request permission
  • Head returns headers for testing
  • Patch updates some content

Status code

  • The 1XX request needs to continue processing
    • 101 Switch protocols such as WebSocket
  • 2xx Correct processing
    • 200 success
    • 206 Returns some content such as large file downloads
  • 3 xx redirection
    • 301 Permanent redirection such as resource path change or name change
    • 302 Temporary Redirection such as login required
    • 304 The cache can be used if the resource is not modified
  • 4XX Client error
    • 400 Error request
    • 403 Deny execution such as no access permission
    • 404 Resource not found
    • 413 The request entity is too large for example, the server limits the upload size
  • 5XX Server error
    • 500 Server internal errors, such as background data processing exceptions
    • 502 Serves as the gateway or proxy server, and the upstream server is abnormal
    • 504 As a gateway or proxy server, the upstream server times out

URL

<schema>://<user>:<password>@<host> <port>/<path>; <params>? <query>#<frag>
Copy the code

There are some restricted characters that are not recommended in the URL %/.#? ; :$+@&= non-ASCII character set, etc

headers

  • General:
    • Date
    • Connection
  • Request:
    • User-Agent
    • Accept
  • Response:
    • Server
    • Last-Modified
  • Entity:
    • Content-Type
    • Content-Length
  • Custom (X- head)
Cookie
  • In the request headerCookie
  • In the response headerSet-Cookie
  • Properties:expires,domain,path,httponly,secure,samesite
  • For the first time, set times=1 in response. For the second time, set times=1. For the next time, change times=2.
  • Security policy: Usedomain,path,httponly,secure,samesiteDetermines whether the URL matches based on these attributes
    • XSS vulnerability theftcookieTo set uphttponly
    • CSRF vulnerability, settoken/samesite
Session
  • On the server side, it corresponds to Session, which stores user information based on cookies. The cookie validity period is Session (expires with the exit of the browser process).
Content-type
  • The type of resource returned for browser parsing, in a variety of formats
    • text/html
    • text/css
    • application/javascript
    • image/svg+xml
    • image/jpeg
  • The Content-Type in a request, which identifies the type of data submitted, such as a POST request, is only a few
    • Application/x – WWW – urlencoded key = value want to add
    • Multipart /form-data files are uploaded
    • Application/json json data
    • text/xml
    • The custom

Performance optimization in HTTP

keep-alive

  • HTTP1.0 does not support SettingsConnection: Keep alive
  • HTTP1.1 is supported by default, unlessConnection: close

Reduce network transmission size

  • By encoding, such as sending supported encoding when requestedaccept-encoding:gzip,deflate,br, the server selects an encoding method, which is included in the response headercontent-encoding:gzip
  • It is mainly used to compress text resources. Audio and video files are not suitable for compression, and files are too small (less than 1K)

Use the cache

  • First request 200
  • Second Request 304
  • Cache header:
    • Browser sendif-modified-since, the server returnslast-modified, this value is a date, refers to the corresponding file in the server time, this date may be inaccurate, multiple servers may not be the date
    • Browser sendif-none-match, the server returnsEtag, is a coded value, solvelast-modifiedThe problem of
    • expiresStrong cache, value is a date, does not interact with the server
    • catch-control:max-ageHow many seconds of caching,no-cache.no-store(no caching)…
  • Localstorage, maintain somejs,cssResources to reduce requests
  • ServiceWorker intercepts requests and makes some rules for handling the cache

http2/http3

  • http2
    • Binary transmission
    • multiplexing
    • The head of compression
    • server push
  • http3
    • Based on QUIC protocol (UDP)

tool

HTTP packet capture tool

  • Wireshark
  • Fiddler
  • Firebug for Firefox
  • Chrome Developer Tools
  • IE8+ developer tools

HTTP packet sending tool

  • telnet/curl
  • Fiddler
  • Tamper for FireFox
  • Postman for Chrome
  • Paw for OSX