Shutdown Describes the HTTP series

Some time ago, a big guy said to me, “Internet knowledge determines your limit to some extent.”

I know a little about HTTP, the upper limit is really so low… Can’t you take a moment to tidy up 🤔️?

This time please give Lin a chance to stay, follow my footsteps 👣 start to learn it from 1. In addition, the HTTP series I collate will basically be accompanied by a simple answer and a deep answer in the interview, the shallow answer is to let you better remember, the deep answer to ensure that you really understand the knowledge points in the shallow answer.

Let’s Shutdown HTTP completely!! 💪

Series of Mind Maps:

Series catalogue:

  • 🐲 [1] Shutdown HTTP
  • 🐲 [2] Shutdown HTTP series -HTTP Packet
  • “🐲 [3] Shutdown HTTP series -Cookie”
  • “🐲 [4] Shutdown HTTP series -HTTPS”
  • “🐲 [5] Shutdown HTTP series -CCPG 版”
  • 🐲 [6] Shutdown HTTP Interview Series

All articles have been included on GitHub’s personal blog: Niubility -coding-js Please give me Star 😊~

This directory

By reading this article you can learn:

  • HTTP overview
  • Features and disadvantages of HTTP
  • HTTP request method
  • The HTTP status code

(Please note that anything marked 🌟 is a must)

1. The HTTP overview

HyperText Transfer Protocol (HTTP) is the most widely used network Transfer Protocol on the Internet.

Originally designed to provide a way to publish and receive HTML pages, HTTP is an application-layer protocol that transmits data based on the TCP/IP communication protocol.

The points to note are:

  • A One-sentence overview of HTTP
  • Several versions of the HTTP classic
  • The location where HTTP exists

1.1 A one-sentence overview of HTTP

[Asked during the interview: an overview of HTTP protocol in one sentence] 🌟🌟🌟🌟

HTTP is a convention and specification for transporting hypertext data, such as text, pictures, audio, and video, between two points in the computer world.

HTTP usually runs on the TCP/IP protocol stack, relying on IP protocol to achieve addressing and routing, TCP protocol to achieve reliable data transmission, DNS protocol to achieve domain name lookup, SSL/TLS protocol to achieve secure communication. Of course, WebSocket and HTTPDNS rely on HTTP. – “Attacking Front-end Engineer” HTTP Worldview (with Chinese translation of HTTP/3)- Oba Tong)

1.2 Classic versions of HTTP

  • The first version of HTTP/0.9 came out in 1990 and was not established as an official standard.
  • The formal standard was established as “HTTP/1.0,” which was released “In May 1996.” (He is four months older than Lin.)
  • The current mainstream version is “HTTP/1.1”, released “January 1997”.
  • In May 2015, HTTP/2 was officially released. (Not CALLED HTTP/2.0 because the standards committee is not planning to release a sub-version, the next version will be HTTP/3)

1.3 Location where HTTP exists

In the TCP/IP network hierarchical model in the first layer “application layer”.

Other protocols at the application layer include:

  • FTP: Used to transfer files between the client and the FTP server.
  • Domain name System (DNS) : resolves domain names and IP addresses.
  • SMTP: Mail sending protocol. Users send mails through the SMTP server.
  • DHCP: Dynamic host configuration protocol. The DHCP server dynamically assigns IP addresses to clients.
  • POP3: Mail receiving protocol, which is used to receive mail from the POP3 server.

[When asked about the interview, usually answer the first three are enough] 🌟🌟

2. Features and disadvantages of HTTP

2.1 HTTP features

Frequently asked knowledge points, important index: 🌟🌟🌟🌟🌟

  1. HTTP is a request/response protocol that supports client/server mode.
  2. Flexible and extensible: one is semantic freedom, only the basic format is specified, other parts are not strictly limited; Second, it allows the transfer of data objects of any Type, such as text, pictures, audio, etc., with the Type marked by content-type.
  3. Reliable transport. HTTP is based on TCP/IP and therefore inherits this feature.
  4. Stateless, meaning that HTTP requests do not have the ability to save previously sent requests or responses, and each request is independent.

If you want more, you can answer persistent connection:

  • Concept: Setting up a TCP connection enables multiple request or response interactions
  • Possible cause: The initial VERSION of HTTP disconnects the TCP connection every time the HTTP communication is performed, and the TCP connection is disconnected again the next time. Now that more and more resources are being requested, it is costly to have unnecessary TCP connections and disconnections for each request.
  • Features: As long as either party does not explicitly request to disconnect the connection, the TCP connection status is maintained.
  • Advantages: Reduced overhead caused by TCP connections and disconnections, reduced server load, faster Web page loading
  • Note: In HTTP/1.1 all connections are persistent by default (that is, the header field Connection: keep-alive, set to close if you want to close), but HTTP/1.0 is not standardized

There is also a pipelined feature that allows multiple requests to be sent in parallel, rather than waiting for the previous request to complete before sending the next one. But for various reasons was abandoned by major manufacturers)

2.2 Disadvantages of HTTP

Frequently asked knowledge points, important index: 🌟🌟🌟🌟🌟

In short:

  1. Plaintext transmission (not encrypted), the content may be eavesdropped.
  2. The integrity of the packet cannot be verified. The contents may be tampered with.
  3. If you do not verify the identity of the communicating party, you may encounter disguise.
  4. Statelessness, is it a disadvantage and a benefit, in different scenarios.
  5. The head of the line is blocked.

In detail:

  1. Plaintext transmission (not encrypted), the content may be eavesdropped. Packets in the protocol use text rather than binary data
  2. The integrity of the packet cannot be verified. The contents may be tampered with. And by completeness, I mean the accuracy of the information because there’s no way for the receiver or the sender to know if the data that they’re sending has been tampered with in the process
  3. If you do not verify the identity of the communicating party, you may encounter disguise. Since HTTP does not acknowledge the sender, anyone can send a request, and the server does not acknowledge the receipt of the request, it will return a response as soon as the request is received (provided that the IP address or port number of the sender is not restricted by the Web server).
  4. Stateless, with no ability to save previously sent requests or responses. It is both a weakness and a strength:
    • For some long-connected scenarios, you need to save context information to avoid transmitting duplicate data.
    • Statelessness reduces network overhead for applications that do not need to store context information just to get data.
  5. The head of the team is blocked:
    • The fundamental reason for this is that HTTP is based on a request-response model. In the same TCP persistent connection, if the previous request does not receive a response, subsequent requests are blocked.
    • This problem is solved with concurrent connections and domain name sharding. But not from the HTTP itself to solve the level, just increase the TCP connection, risk sharing.
    • Multiplexing in HTTP/2 solves this problem at the HTTP level itself
    • The difference between TCP queue header blocking and TCP queue header blocking is that TCP transmits packets. Queue header blocking means that the next packet is not forwarded to HTTP unless the previous packet is received. HTTP queue blocking is at the request-response level, where subsequent requests are blocked before the previous request has been processed.

3. HTTP request method

3.1 Method Types

Frequently asked knowledge points, important index: 🌟🌟🌟🌟🌟

  1. GET: Obtains resources. It is an idempotent operation

  2. HEAD: Gets the header of the packet. It is similar to GET but does not return the body. It is an idempotent operation

  3. POST: Creates or updates a resource. It is a non-idempotent operation

  4. PUT: Creates or updates the resource itself. It is an idempotent operation

  5. PATCH: A non-idempotent operation is performed to update resources locally

  6. DELETE: Deletes resources. As opposed to PUT, it is an idempotent operation

  7. OPTIONS: Queries the types of HTTP methods supported by the server (idempotent operations) :

    request The OPTIONS * HTTP / 1.1

    Host: lindaidai.wang
    The response HTTP / 1.1 200 OK

    Allow: GET, POST, HEAD, OPTIONS

    (Returns methods supported by the server)
  8. CONNECT: Establishes connection tunnel for proxy server, idempotent operation

  9. TRACE: to find out how the request was processed/modified. Easily trigger XST cross-site tracking attacks.

3.2 What is idempotent in HTTP

Important index: 🌟🌟🌟🌟

(Let’s understand the concept first.)

This is pretty easy to understand, just remember: if a method is repeated many times and its effect is the same, then the method is idempotent. “It essentially means that the result of a successfully executed request is independent of the number of times it was executed.”

Let’s look at each analysis in detail:

  1. The GET method is used to GET resources and should not have side effects, so it isPower etc.. For example: the GEThttp://lindaidai.wang/account/123Does not change the state of the resource, and there are no side effects whether it is called once or N times. But notice, this is aNo side effects as many times as you call itInstead of getting the same result every time. Because you think it is possible to directly change this database data, then the next time may be different, but it itself does not produce side effects, so it satisfies the idempotent.
  2. The HEAD method GET is the same, except that it only retrieves the header of the packet, not the body, so it is also idempotent.
  3. “POST” and “PUT” are very confusing. Before, I always thought simply:POST indicates that the resource is created, and PUT indicates that the resource is updated; In fact, they can both be used to create and update resources, but the essential difference is idempotence. The URI corresponding to the POST is not the resource itself that was created, butRecipient of the resource. Such as:POST http://lindaidai.wang/articlesThe semantics are inhttp://lindaidai.wang/articlesCreate a post, and the HTTP response should contain the post’s creation status and the post’S URI. Two identical POST requests create two resources on the server side with different URIs, so POST isThe power etc..
  4. The URI corresponding to the PUT method is to be created or updatedResource itself. It’s easy to think it’s not idempotent, but it isPower etc.. Such as:PUT http://lindaidai.wang/accout/321Create or update a post with ID 321. The resource generated on the server after the first PUT method is executed cannot be changed by subsequent PUT methods, so the side effects of putting the same URI multiple times are the same as one PUT, so it isPower etc..
  5. The DELETE method is used to DELETE resources and has a side effect (meaning it changes the content of the resource on the server), but it isPower etc.. Because for example:DELETE http://lindaidai.wang/accout/321Call once and call N times have the same side effect on the system, both are to delete the post with ID 321. As a result, the caller can call or refresh the page multiple times without worrying about causing an error.
  6. OPTIONS is easy to understand, but it’s just a way to get support from the server. I know it’s usually used when you use a proxy and make a pre-request. It is idempotent.

【面试时答法】

Whether or not a method is idempotent means that if a method is executed multiple times, its effect is the same, and if it is idempotent, it essentially means that the result of a successful request is independent of the number of times it is executed. As far as I know, only “POST” and “PATCH” are non-idempotent, and the rest are idempotent operations.

3.3 Differences between GET and POST

Needless to say, often asked knowledge points, important index: 🌟🌟🌟🌟🌟

(Here I use a ternary summary of an answer + some of their own understanding)

  • From a caching perspective, GET is actively cached by the browser, leaving a history, but POST is not.
  • From an encoding point of view, GET can only encode URLS, it can only accept ASCII characters, but POST has no restrictions.
  • From the perspective of parameters, GET is generally placed in the URL to pass parameters, and POST is placed in the body of the request, which is more suitable for passing sensitive information.
  • In idempotent terms, GET is idempotent and POST is not.
  • But as far as I know, GET and POST are essentially TCP connections, no difference. However, due to HTTP regulations and browser/server restrictions, they are different in the application process.
  • In terms of TCP, a GET request sends the request packet at one time, but a POST request is divided into two TCP packets. The header is sent first, and if the server responds with 100(continue), the body is sent, except for “Firefox”, which sends only a TCP packet for its POST request.

(At this point, the interviewer may also ask you: since POST is sent in two TCP packets, is GET more effective than POST?)

You can reply by saying:

  • First, both GET and POST have their own semantics, and it’s best not to mix them
  • In addition, although POST is divided into two packets to be sent, in fact, under good network conditions, the time difference between sending one packet and sending two packets can be ignored. And in the case of poor network conditions, two-packet TCP has greater advantages in verifying the integrity of packets.
  • Also, not all browsers send TCP packets twice for a POST request, such as Firefox.

3.4 support

  • OPTIONS, CONNECT, and TRACE are supported only in HTTP/1.1 or higher
  • LINK and UNLINK are deprecated in HTTP/1.1

3.5 What Can I Do If the Server Receives An Unsupported Method

When receiving an unsupported Method, the server returns 405 Method Not Allowed and writes all supported methods in Allow, the header field of the response packet.

4. HTTP status code

Important index: 🌟🌟🌟🌟🌟

(Another hardcore knowledge… Here Lin stupid just enumerate some commonly used)

1 xx informational

The request has been received and requires further processing to complete, but is not supported in HTTP/1.0.

  • 101 Switching Protocols: When HTTP is upgraded to WebSocket, if the server agrees to the change, 101 is returned.

2xx Success status

The request was successfully processed.

  • 200 OK: The request was successful, usually with the response body in the returned data.
  • 204 No Content: the meaning and200Same, but without the response body in the returned data.
  • 206 Partial Content: The client made a range request and the server handled it properly. The header of the response packet should still existContent-RangeField specifies the scope of the entity. The application scenario is HTTP download in blocks or resumable transmission.

3 xx redirection

Redirect status. The resource location has changed and needs to be rerequested.

  • 301 Moved Permanently: permanent redirection. The latest URI is that of the response headerLocationField. The scenario is: for example, your website has changed the address, the previous address is not used, if the user is still from the previous address in the words will return301And in theLocationWith the latest URI. By default, the browser will optimize the cache to reduce server pressure and automatically access the redirected address on the second visit.
  • 302 Found: temporary redirection, and301It means that the requested resource has been temporarily moved to another URI and, because it is temporary, will not be cached.
  • 303 See Other: temporary redirection, where the requested resource is temporarily moved to another URI, but explicitly states that the client should use the GET method to obtain the resource.
  • 304 Not Modefied: A client with a conditional request is allowed to return the resource even though the condition is not met3xxBut it has nothing to do with redirects. Scenario For example: Return if cache negotiation succeeds304 Not Modefied, indicating that the requested resource has not been changed on the server, telling the requester that the cache can be used. (Check out my article here”Lin Stupid you talk about browser cache”)
  • 307 Temprary Redirect: temporary redirection, but more than302More specifically, neither the redirect request method nor the redirect entity is allowed to change. For example:HSTSProtocol, which is mandatory for clients to usehttpsBuild connections, such as your website fromHTTPUpgraded toHTTPS“And you still passhttp://xxxIf you access it, it returns307 Internal Redirect. You can try itjuejin.im)

The three temporary redirects are simple to compare:

  • 302 Found, basic temporary redirection
  • 303 See Other, which explicitly states that the client should useGETmethods
  • 307 Temprary RedirectNeither the request method nor the entity is allowed to change

4XX Client error

An error occurred on the client.

  • 400 Bad Request: There is a syntax error in the request packet, but the cause is not specified.
  • 401 Unauthorized: Indicates that HTTP authentication information is required or user authentication fails.
  • 403 ForbiddenThe request for resources was rejected because: for example, it is prohibited by law or the information is sensitive.
  • 404 Not Found: The requested resource is not found, indicating that the corresponding resource is not found on the server.

5XX Server errors occur

An error occurs on the server.

  • 500 Internal Server Error: Server internal error, but not specified, and400A bit like.
  • 501 Not Implemented: indicates that the function requested by the client is not supported
  • 502 Bad GateWay: The server itself is normal, but the proxy server could not get a valid response.
  • 503 Service Unavailable: The server is overloaded or down for maintenance (as if the store is not open today)

Parameters of the article

  • Understanding THE Idempotence of HTTP
  • The Interviewer (9) : Probably the Most Complete HTTP Interview Answer on the Internet – Looking for The Sea Blue 96
  • “The Attacking Front-end Engineer” HTTP World View (with Chinese translation of HTTP/3)
  • “(Recommended intensive reading) THE QUESTION of THE HTTP soul, strengthen your HTTP knowledge system – God ternary”
  • 99 percent of People GET the difference between GET and POST in HTTP Wrong -WebTechGarden
  • Illustrated HTTP

After the language

You hope the world, I hope you have no bugs. That’s all for this article.

It can be found that in the basic part, the main questions are some concepts, which can be finished in about 10 minutes. We do not need to learn like RSA handshake, ECDHE handshake, digital signature, those knowledge points, desperately understand. It’s more hardcore knowledge that we need to keep in mind.

At the end of this series of articles, I would like to give you a little love note to express my thanks to you:

"There are two most romantic sentences in the world."

"The first sentence is" I love you."

The second sentence is, "Your writing is so beautiful."

"What do you think?"

"Say the second word later."

"And then I say the first thing."

Ahhhh… Tetemo’s flirtations with me have made me sick of myself…

The guy who likes “Lin Dandy” also hopes to follow Lin Dandy’s public account LinDaiDai or scan the qr code below 👇👇👇.

I will not regularly update some front-end knowledge content and their own original article 🎉

Your encouragement is the main motivation for my continuous creation 😊.

Related recommendations:

The most detailed BPMN.JS Textbook in the whole network

If you don’t understand after reading this, Babel, I’ll send you a mask.

Do 45 Promise interview questions at a time.

“[recommend 👍] 40 more this interview questions sour cool continue (1.2w word with hand finishing)”

“Why not three even more simple than inheritance of JS inheritance – encapsulation (Niu Xiaxiao Test)”

“[why not three consecutive] finish the 48 questions thoroughly understand JS inheritance (1.7W word containing xin collation – return to simplicity)”

【 真 题 】 How to fully understand data type conversions from 206 console.log()

This article was typeset using MDNICE