Hypertext transfer protocol, based on THE TCP/IP communication protocol to transfer data (the client and server can specify a suitable miME-Type to specify data, set contentType to tell the browser the format of the data to send to the server, set dataType to indicate the format of the data expected to receive from the server).
The working principle of
The HTTP protocol works on a client-server architecture. The browser as the client sends all requests to the HTTP server, or WEB server, through the URL. After receiving the request, the WEB server sends the response information to the client.
HTTP features
Client/Server mode is supported
Simple, fast and flexible
There is no connection
Connectionless means to limit processing to one request per connection. The server disconnects from the client after processing the request and receiving the reply from the client.
stateless
Stateless means that the protocol has no memory for the transaction, which means that if the previous information is required for subsequent processing, it must be retransmitted in full, which can result in an increase in the amount of data transferred per connection
Request data information
Request information usually consists of the following formats: request line, request header, blank line, request data
Response data format
Response data includes status lines, message packets, blank lines, and response body
HTTP request mode
There are nine request modes: GET, POST, HEAD, PUT, DELETE, CONNECT, OPTIONS, TRACE, and PATCH
| The serial number | methods | The main purpose |
|---|---|---|
| 1 | GET | To request a resource. Often usedRead the data |
| 2 | POST | Commonly used inSubmit data |
| 3 | PUT | Commonly used inModify the data |
| 4 | DELETE | Commonly used inDeleting a Specified resource |
| 5 | HEAD | Can get the server response header information, often usedViewing Server Performance |
| 6 | OPTIONS | A request to query the performance of a server, or to query resource-related options and requirements, is often usedView the server performance |
| 7 | TRACE | A request message received by an echo serverTesting or diagnostics for HTTP requests |
| 8 | CONNECT | A proxy server that changes the connection to pipe mode, often usedSSL encrypted server links and unencrypted HTTP proxy server communication |
| 9 | PATCH | A complement to the PUT method, commonly usedLocal updates to known resources |
Relevant supplementary
GET and POST:
Same: Use the same transport layer protocol (HTTP)
The difference between:
| The difference between | GET | POST |
|---|---|---|
| Back button/refresh | harmless | The data will be resubmitted |
| The cache | Can be cached | Can’t cache |
| The encoding type | application/x-www-form-urlencoded | Application/x – WWW – form – urlencoded or multipart/form – the data |
| Data type restriction | Only ASCII characters are allowed | There is no limit to |
| history | Parameters are saved in the browser history | Parameters are not saved in browser history |
| The length of the data | 2-4KB, depending on browser and server | unlimited |
| security | GET is less secure than POST because the data sent is part of the URL | POST is more secure than GET because the parameters of the request are not saved in browser history or the WEB server |
| visibility | The data is visible to everyone in the URL | The data is not displayed in the URL |
POST is slower than GET because the browser sends data only when the server receives and returns 100 responses after the third handshake.
HTTP and HTTPS
Problems with HTTP
- Request information is transmitted in plain text, easy to be intercepted by eavesdropping
- Data integrity is not verified and is easy to be tampered with
- The identity of the peer is not verified and there is a risk of impersonation
To solve this problem, HTTPS comes into play
https
HTTPS: HTTP+SSL/TLS: The SSL certificate is used to verify the identity of the server. Communication between the server and the browser is not encrypted.
HTTPS data transfer process
- The client accesses the server through the URL to establish an SSL connection
- After receiving the request from the client, the server sends the certificate information (certificate and public key) supported by the website to the client
- The client server negotiates the security level of the SSL connection, that is, the level of information encryption
- The browser on the client establishes a session key based on the security level agreed by both parties, encrypts it using the public key provided by the server, and sends the session key to the server
- The server decrypts the session secret key using its own private key
- The server uses the session secret key to encrypt communication with the client
The disadvantage of the HTTPS
- Multiple HTTPS handshakes prolong the page loading time by nearly 50%
- HTTPS connection caching is not as efficient as HTTP, which increases data overhead and power consumption
- Applying for an SSL certificate costs money, and more powerful certificates cost more
- The security algorithms involved in SSL consume CPU resources and have a large impact on server resources
The main differences between HTTP and HTTPS
- HTTPS is a secure version of HTTP. HTTP data is transmitted in plain text, which is insecure. HTTPS uses SSL or TLS for encryption.
- HTTP and HTTPS use different connection modes, and the default port is different. HTTP is 80, and HTTPS is 443.