1

HTTP – HyperText Transfer Protocol

Part 2

2

HTTP Responses

3

The Format of a ResponseThe Format of a Response

version spstatus codesp phraseheader

cr lf: value cr lf

header : value cr lfcr lf

Entity Body

headerslines

statusline

4

The Initial Line of a Response

• The initial line of a response is also called the status line

• The initial line consists of– HTTP version– response status code– reason phrase that describes the

status code

5

HTTP/1.0 200 OK Date: Fri, 31 Dec 1999 23:59:59 GMT Content-Type: text/html Content-Length: 1354

<html> <body> <h1>Hello World</h1> (more file contents) . . . </body> </html>

Response Example

6

HTTP/1.0 200 OK Date: Fri, 31 Dec 1999 23:59:59 GMT Content-Type: text/html Content-Length: 1354

<html> <body> <h1>Hello World</h1> (more file contents) . . . </body> </html>

Response Exampleversion

message body

headers

reason phrasestatus code

7

Status Codes in Responses

8

Status Codes in Responses

• The status code is a three-digit integer, and the first digit identifies the general category of response: – 1xx indicates an informational message – 2xx indicates success of some kind – 3xx redirects the client to another URL– 4xx indicates an error on the client's part

• Yes, the system blames it on the client if a resource is not found (i.e., 404)

– 5xx indicates an error on the server's part

9

Status Codes 1xx

• The 100 (Continue) Status– Allows a client to determine if the

Server is willing to accept the request (based on the request headers) before the client sends the request body

– The client’s request must have the header

Expect: 100 (Continue)What is it good for?

10

Status Codes 2xx

Status codes 2xx – Success

• The action was successfully received, understood, and accepted

• Usually upon success a status code 200 and a message OK are sent

• This is the default

11

More 2xx Codes

• 201 (Created)– Location header gives the URL

• 202 (Accepted)– Processing is not yet complete

• 204 (No Content)– Browser should keep displaying

previous document

12

More 2xx Codes

• 205 (Reset Content)– No new document, but the browser

should reset the document view– It is used to force browsers to clear

fields of forms– New in HTTP 1.1

13

Status Codes 3xx

Status codes 3xx – Redirection

• Further action must be taken in order to complete the request

• The client is redirected to get the resource from another URL

14

More 3xx Codes

• 301 – Moved Permanently– The new URL is given in the Location header– Browsers should automatically follow the link to

the new URL

• 302 – Moved Temporarily – In HTTP 1.1 “Found” instead of “Moved

Temporarily”• But “Moved Temporarily” is still used

– Similar to 301, except that the URL given in the Location header is temporary

– Most browsers treat 301 and 302 in the same way

15

More 3xx Codes

• 303 – See Other– Similar to 301 and 302, except that if

the original request was POST, the new document (given in the Location header) should be retrieved with GET

– New in HTTP 1.1

16

More 3xx Codes

304 – Not Modified– This is a response to the If-Modified-

Since request header– If the page has been modified, then it

should be returned with a 200 (OK) status code

17

More 3xx Codes

307 – Temporary Redirect– New URL is given in the Location

header– Only GET but not POST requests

should follow the new URL– In 303 (See Other), both GET and

POST requests follow the new URL– New in HTTP 1.1

18

Status Codes 4xx

Status codes 4xx – Client error• The request contains bad syntax or

cannot be fulfilled

404 File not found

19

4xx Codes

• 400 – Bad Request– Syntax error in the request

• 401 – Unauthorized• 403 – Forbidden

– “permission denied” to the server to access the page

• 404 – Not Found• Turn off “Show friendly HTTP error

messages” in Internet Explorer (Internet Options Advanced)

20

More 4xx Codes(All New in HTTP 1.1)

• 405 – Method Not Allowed• 410 – Gone• 411 – Length Required• 413 – Request Entity Too Large

– Server may include a Retry-After response header

21

More 4xx Codes(All New in HTTP 1.1)

• 414 – Request URI Too Long• 415 – Unsupported Media Type• 417 – Expectation Failed

– It the server receives an Expect request header with a value of 100 (Continue), it means that the client is asking if it can send an attached document in a follow-up request

– The server should respond with either 417 or 100 (Continue)

22

Status Codes 5xx

Status codes 5xx – Server error

• The server failed to fulfill an apparently valid request

For example,502 Bad gateway

23

5xx Codes

• 500 – Internal Server Error• 501 – Not Implemented• 502 – Bad Gateway• 503 – Service Unavailable

– The response may include a Retry-After header to indicate when the client might try again

• 505 – HTTP Version Not Supported– New in HTTP 1.1

24

Response Headers

25

The Purposes of Response Headers

• Give forwarding location• Specify cookies• Supply the page modification date• Instruct the browser to reload the page

after a designated interval• Give the document size so that persistent

(keep-alive) connection can be used• Designate the type of document being

generated• Etc.

26

Allow Response Header

• It specifies the request methods (GET, POST, etc.) that are allowed for the requested URL

• It is required for 405 (Method Not Allowed) responses

• The default service method of servlets automatically generates this header for OPTIONS requests

27

Cache-Control (1.1) and Pragma (1.0) Response

Header• A no-cache value prevents proxies and

browsers from caching the page• More on this header later, when we will

talk about caching• Don’t use the Pragma header in responses

– The meaning of “Pragma: no-cache” is only specified for requests

• A safer approach is to use both the Pragma header and the Cache-Control header with the no-cache value

28

Connection Response Header

• A value of close instructs the client not to use persistent HTTP connections

• In HTTP 1.1, persistent connections are the default

29

Content Response Headers

• Content-Encoding– It indicates how the page was

encoded• Content-Language

– It gives the language in which the page is written•The value should be one of the

standard language codes, e.g., en, en-us, da

30

Content-Length Response Header

• It specifies the number of bytes in the response

• It is needed only if a persistent (keep-alive) connection is used

31

Content-Type Response Header

• It gives the MIME (Multipurpose Internet Mail Extension) type of the response document

• MIME types are of the form:– maintype/subtype for officially registered

types– maintype/x-subtype for unregistered

types• Examples: text/html, image/jpeg,

application/x-gzip

32

Expires Response Header

• It gives the time at which the document should be considered out-of-date and thus should no longer be cached

• It can be used, for example, if the document is valid only for a short time

• To achieve the desired effect, some other Cache-Control headers must also be used

33

Last-ModifiedResponse Header

• This header gives the time when the document was last changed

• The date that is given in the Last-Modified response header can be used in later requests in the If-Modified-Since request header

• When using servlets, don’t set this header explicitly; implement a getLastModified method instead

34

Location Response Header

• This header should be included in all responses that have a 3xx status code

• The browser automatically retrieves the document from the new location that is given as the value of this header

35

Refresh Response Header

• The number of seconds until the browser should reload the page

• Can also include the URL of a document that should be loaded (instead of the original document)

• This header is not part of HTTP 1.1 but is an extension supported by Netscape and Internet Explorer

36

Retry-After Response Header

• This header can be used in conjunction with a 503 (Service Unavailable) response to tell the client how soon it can repeat its request

37

Set-Cookie Response Header

• This header specifies a cookie associated with the page; it has several fields:

• Each cookie requires a separate header• Servlets should use the special-purpose

addCookie method of HttpServletRepsonse instead of setting the value of this header directly

• This header is not part of HTTP 1.1 but is widely supported

Set-Cookie: name=value; expires= value; path= value; domain= value; secure

38

WWW-Authenticate Response Header

• This header is always included with a 401 (Unauthorized) status code

• It gives the authentication scheme(s) and parameters applicable to the URL that was requested

39

Server Response Header

• Indicates the name of the vendor of the HTTP server

40

Meta HTTP-EQUIV Tags

41

Meta HTTP-EQUIV Tags

• The browser interprets these tags as if they were headers in the HTTP response

• For example<META HTTP-EQUIV=“Refresh” CONTENT=“5; URL=http://host/path/”>• If the value is 0 (instead of 5) and there

is no URL parameter, the same page is continuously refreshed, causing the Back button to stop working

42

Meta HTTP-EQUIV TagsAre Only Read by

Browsers• Meta HTTP-EQUIV tags are

interpreted by browsers• Proxies usually don’t read the

HTML documents – they only read the headers of the HTTP requests and responses

• Therefore, Cache-Control headers in META HTTP-EQUIV tags actually apply only to the browser’s cache

43

Manually Experimentingwith HTTP

44

Manually Experimentingwith HTTP

>host wwwwww.cs.huji.ac.il is a nickname for vafla.cs.huji.ac.ilvafla.cs.huji.ac.il has address 132.65.80.39vafla.cs.huji.as.il mail is handled (pri=10) by

cs.huji.ac.il

>telnet www.cs.huji.ac.il 80Trying 132.65.80.39…Connected to vafla.cs.huji.ac.il.Escape character is ‘^]’.

45

Sending a Request

>GET /~dbi/index.html HTTP/1.0[blank line]

46

The Response

HTTP/1.1 200 OKDate: Sun, 11 Mar 2001 21:42:15 GMTServer: Apache/1.3.9 (Unix)Last-Modified: Sun, 25 Feb 2001 21:42:15 GMTContent-Length: 479Content-Type: text/html

<html> (html code …)</html>

47

GET /~dbi/index.html HTTP/1.0

HTTP/1.1 200 OK

HTML code

48

GET /~dbi/no-such-page.html HTTP/1.0

HTTP/1.1 404 Not FoundHTML code

49

GET /index.html HTTP/1.1

HTTP/1.1 400 Bad Request

HTML code

Why is it a Bad Request?

HTTP/1.1 without Host Header