Embed Size (px)
Citation preview
1
HTTP Messages
Herng-Yow Chen
2
Outline The Flow of Messages The Parts of a Message The various methods that request message
support The various status codes that are returned
with response message What the various headers do
3
Messages Commute Inbound to the Origin Server
proxy1 proxy2 proxy3
GET /index.html http/1.0
HTTP/1.0 200 ok
Content-type: text/html
…
Inbound(to server)
Outbound(to user agent)
clientserver
4
All messages flow downstream
proxy1
proxy2
proxy3
proxy1
proxy2
proxy3
No messages ever go upstream
Request(flowing downstream)
Response(flowing downstream)
client
client
server
5
The Parts of a Message
HTTP/1.0 200 ok
Content-type: text/plain
Content-length: 19
Hi I’m a message
Start line
Headers
Bodyclient server
6
Request Message Syntax
<method> <request-URL> <version>
<headers>
<entity-body>
7
Response Message Syntax
<version> <status> <reason-phrase><headers>
<entity-body>
• Note that version numbers are not treated as fractional numbers. That is, HTTP/1.22 is higher version than HTTP/1.3.
8
Message Syntax
client
GET /pics/hychen.jpg HTTP/1.0Host: www.csie.ncnu.edu.tw
HTTP/1.0 200 OKContent-type: image/jpegContent-length: 12345
www.csie.ncnu.edu.tw
HTTP request message containsThe command and the URI
HTTP response message containsThe result of the transaction
Internet
9
Message Syntax
(a)Request message
(b)Response message
GET /test/hi-here.txt HTTP/1.1Accept: text/*
Host: www.csie.ncnu.edu.tw
HTTP/1.0 200 ok
Content-type: text/plain
Content-length: 19
Hi! I’m a message!
Start line
Headers
Body
10
Common HTTP method Method Message
body? GET No HEAD No POST Yes PUT Yes TRACE No OPTIONS No DELETE NO
11
Status code Overall range Define range Category
100-199 100-101 informational
200-299 200-206 successful
300-399 300-305 redirection
400-499 400-415 client error
500-599 500-505 server error
Common status codes 200 OK 401 Unauthorized 404 Not found
12
Headers HTTP head field add additional information
to request and response messages. They are basically just lists of name/value pairs.
HTTP specification defines several header fields. Applications also are free to invent their own home-brewed headers.
Each HTTP has a simple syntax:a name, followed by a colon (:), followed by optional whitespace, followed by field value, followed by CRLF.
13
Header classification General headers
Can appear in both request and response message Request headers
Provide more information about the request Response headers
Provide more information about the response Entity headers
Describe body size and contents, or the resource itself Extension headers
New headers that are not defined in the specification
14
Common header examples Header example
Date: Tue, 3 Oct 1997 02:16:03 GMT Content-length: 15040 Content-type: image/gif Accept: image/gif, image/jpeg, text/html
Header continuation lines Long header lines can be made more readable by
breaking them into multiple lines, preceding each extra line with at least one space or tab character. For example,
Server: Test ServerVersion 1.0
15
Entity bodies The third part of an HTTP message is the
optional entity body. Entity bodies are the payload of the HTTP messages.
HTTP message can carry many kinds of digital data: images, video, HTML documents, software applications, credit card transactions, electronic mail, and so on.
16
Version 0.9 Messages
client
client
GET /pics/hychen.jpg
No version number www.csie.ncnu.edu.tw
www.csie.ncnu.edu.tw
* The request contained merely the method and the request URL, and * the response contained only the entity.* No version number, no status code, no headers were included.
17
Methods Note that not all methods are implemented by
every server. To be compliant with HTTP/1.1, a server need
implement only the GET and HEAD methods for its resources.
Even when servers do implement all of these common methods (listed in the slide 10), some methods such as DELETE and PUT most likely have restricted use. The restrictions generally are set up in the server’s configuration, so they are vary from site to site and from server to server.
18
GET
www.csie.ncnu.edu.tw
GET /~hychen/index.html HTTP/1.1
Host: www.csie.ncnu.edu.tw
Accept: *
client
Request message
HTTP/1.1 200 ok
Content-Type: text/html
Content-Length: 617
<html>
<HEAD><TITLE>Home Page</TITLE>
…
Response message
* The most common method. It usually is used to ask a server to send a resource.
19
HEAD
www.csie.ncnu.edu.tw
HEAD /~hychen/index.html HTTP/1.1
Host: www.csie.ncnu.edu.tw
Accept: *
client
Request message
HTTP/1.1 200 ok
Content-Type: text/html
Content-Length: 617
Response message
No entity body
* It behaves exactly like the GET method, but the server returns only the headers in the response.
20
HEAD No entity body is ever returned. This allows
a client to inspect the headers for a resource without having to actually get the resource. Using the header, you can Find out about a resource (e.g., determine its
type) without getting it. See if an object exists, by looking at the status
code of the response. Test if the resource has been modified, by
looking at the headers.
21
PUT
www.csie.ncnu.edu.tw
PUT /product-list.txt HTTP/1.1
Host: www.csie.ncnu.edu.tw
Content-type: text/plain
Updated product list coming soon!
client
Request message
HTTP/1.1 201 Created
Location: Http://www.csie.ncnu.edu.tw/product-list.txt
Content-Type: text/plain
Content-Length: 47
Http://www.csie.ncnu.edu.tw/product-list.txt
Response message
Server updates/creates resource ”/product-list.txt” and writes it to its disk.
The PUT method writes documents to a server, in the inverse of the way that GET reads documents from the server.
22
PUT Some publishing systems (e.g. frontpage, dream
waver) let you create web pages in a local computer and install them directly on a web server via PUT method.
The semantics of the PUT method are for the server to take the body of the request and either use it to create a new document named by the requested URL, or, if that URL already exists, use the body to replace it.
Because PUT allows you to change content, many web servers require you to log in with a password fore you can perform a PUT.
23
POST PUT is used to deposit data into a resource
on the server (e.g., a file). In comparison, the POST method was designed to send input data to the server.
In practice, it is used to support HTML forms. The data from a filled-in from typically is sent to a server gateway program to process it.
24
POST
POST /check.cgi HTTP/1.1
Host: www.csie.ncnu.edu.tw
Content-Type: text/plain
Content-Length: 18
item=bandsaw 2647
HTTP/1.1 200 OK
Content-type: text/plain
Context-lenght: 37
The bandsaw model 2647 is in stock!
client
www.csie.ncnu.edu.tw
Request message
Response message
YES!
item=bandsaw 2647
Inventory list
Inventory check
Browser sticks data in entity body of message
CGI program
25
TRACE When a client makes a request, that request may
have to travel through firewalls, proxies, gateways, or other applications. Each of these has the opportunity to modify the original HTTP request.
The TRACE method allows clients to see how its request looks when it finally makes it to the server.
The TRACE method is used primarily for diagnostics; i.e., verifying that requests are going through the request/response chain as intended.
26
TRACE
client
Proxy
www.csie.ncnu.edu.tw
TRACE /product-list.txt HTTP/1.1Accept:*Host : www.csie.ncnu.edu.tw
Request messageTRACE /product-list.txt HTTP/1.1Host : www.csie.ncnu.edu.twAccept:*Via:1.1 proxy.ncnu.edu.tw
HTTP/1.1 200 OKContent-type: text/plainContent-length: 96
TRACE /product-list.txt HTTP/1.1Host: www.csie.ncnu.edu.twAccept: *Via: 1.1 proxy.ncnu.edu.tw
Response messageHTTP/1.1 200 OKContent-type: text/plainContent-length: 96Via:1.1 proxy.ncnu.edu.tw
TRACE /product-list.txt HTTP/1.1Host: www.csie.ncnu.edu.twAccept: *Via: 1.1 proxy.ncnu.edu.tw
27
OPTIONS The OPTIONS method asks the server tell
us about the various supported capabilities of the web server.
Some servers may support particular operations on on particular kinds of objects.
28
OPTIONS
client www.csie.ncnu.edu.tw
Request messageOPTIONS * HTTP/1.1Host : www.csie.ncnu.edu.twAccept : *
Response messageHTTP/1.1 200 OK
Allow: GET, POST, PUT, OPTIONS
Context-length: 0
Since the request is for options on all resources, the server just returns the methods it supports for its resources.
29
DELETE The DELETE method asks the server to
delete the resource specified by the requested URL.
However, the client application is not guaranteed that the delete is carried out. This is because the HTTP specification allows the server to override the request without telling the client.
30
DELETE
client www.csie.ncnu.edu.tw
Request messageDELETE /product-list.txt HTTP/1.1Host : www.csie.ncnu.edu.tw
Response messageHTTP/1.1 200 OK
Content-Type: text/plain
Content-Length: 54
I have your delete request,
will take time to process.
File ”product-list.txt”
removed from server’s disk
31
Extension Methods HTTP was designed to be field-extensible,
so new features wouldn’t cause older software to fail.
Extension Method are method that are not defined in HTTP/1.1 specification. They provide developers with a means of extending the capabilities of the HTTP services their servers implement on the resources that the servers manage.
32
WebDAV HTTP extension Method DescriptionLOCK Allows a user to “lock” a resource–
for example, you could lock a resourcewhile you are editing it
MKCOL Allows a user to create a resource
COPY Facilitates copying resources on a server
MOVE Moves a resource on a server
33
Status Codes 100-199: Informational Status Code
Status Code Reason Phrase
100 Continue
101 Switching Protocols
34
200-299: success status code
Status Code Reason Phrase200 OK
201 Created
202 Accepted
203 Not-Authoritative Information
204 Not Content
205 Reset Content
206 Partial Content
35
300-399: Redirection Status Code
Status code Reason Phrase300 Multiple Choices
301 Moved Permanently
302 Found
303 See other
304 Not Modified
305 Use Proxy
306 (Unused)
307 Temporary Redirect
36
300-399:Redirection Status Codes
clientwww.csie.ncnu.edu.t
w
Request messageGet /pet-products.txt HTTP/1.1Host: www.csie.ncnu.edu.twAccept: *
Response messageHTTP/1.1 301 OKLocation: http://english.csie.ncnu.edu.twContent-length: 56Content-type: text/plainPlease go to our partner site,English.csie.ncnu.edu.tw
clientenglish.csie.ncnu.edu.t
w
Request messageGet / HTTP/1.1Host: english.csie.ncnu.edu.twAccept: *
Response messageHTTP/1.1 200 OK
Content-type: text/html
Content-length: 3307 …
37
300-399:Redirection Status Codes (cont.)
client
Request messageGet /m_faculty.html HTTP/1.1Host: www.csie.ncnu.edu.twAccept: *If-Modified-Since: Wed, Sept. 3 2003 02:16:00 GMT
www.csie.ncnu.edu.tw
Has not changed
Client has previously requested copy of:
http://www.csie.ncnu.edu.tw/m_faculty.html
client
Response messageHTTP/1.1 304 Not Modified
…
Browswe displays local copy, since the original has not changed since we last requested it
38
400-499: Client Errors Status Codes
Status Code Reason Phrase400 Bad Request401 Unauthorized402 Payment Requested403 Forbidden404 Not Found405 Method Not Allowed406 Not Acceptable407 Proxy Authentication Required 408 Request Timeout409 Conflict
39
400-499: Client Errors Status Codes
Status Code Reason Phrase410 Gone
411 Length Required
412 Precondition Failed
413 Request Entity Too Large
414 Request URI Too Long
415 Unsupported Media Type
416 Requested Range Not Satisfiable
417 Expectation Failed
40
500-599: Server Error Status Code Reason Phrase
500 Internal Server Error
501 Not Implemented
502 Bad Gateway
503 Service Unavailable
504 Gateway Timeout
505 HTTP Version Not Supported
41
Headers General headers
E.g., Date: Tue, 3 Oct 2003 02:16:00 GMT Request headers
E.g., Accept: */* Response headers
E.g., Server: Apache/1.3 Entity headers
E.g., Content-Type: text/html; charset=iso-latin-1 Extension headers
42
General HeadersHeader Description Connection Allow clients and servers to specify
options about the request/response connection
Date MIME-Version Trailer List the set of headers that are in the
trailer of a message encoded with thechunked transfer encoding
Transfer-Encoding Upgrade Via
43
General caching headers
Header Description Cache-Control Used to pass caching directions alon
gwith the message
Progma Another way to pass direction along the
message, though not specific caching
44
General caching headers
Header Description Cache-Control Used to pass caching directions alon
gwith the message
Progma Another way to pass direction along the
message, though not specific caching
45
Request HeadersHeader Description Client-IP From Host Referer UA-Color UA-CPU UA-Disp UA-OS UA-Pixels User-Agent
46
Accept Headers
Header Description Accept what media types Accept-Charset Accept-Encoding Accept-Language TE what extension transfer
codings are okay to use
47
Request HeadersHeader Description Client-IP From Host Referer UA-Color UA-CPU UA-Disp UA-OS UA-Pixels User-Agent
48
Accept Headers
Header Description Accept what media types Accept-Charset Accept-Encoding Accept-Language TE what extension transfer
codings are okay to use
49
Conditional requester headers
Header Description Expect If-Match If-Modified-Since If-None-Match If-Range If-Unmodified-Since Range
50
Request security headers
Header Description Authorization Cookie Cookie2
51
Proxy request headers
Header Description Max-Forwards Proxy-Authorization Proxy-Connection
52
Response headers
Header Description Age Public Retry-After Server Title Warning
53
Negotiation headers
Header Description Accept-Ranges Vary
54
Response security headers
Header Description Proxy-Authenticate Set-Cookie Set-Cookie2 WWW-Authenticate
55
Entity Headers
Header Description Content-Base Content-Encoding Content-Language Content-Length Content-Location Content-MD5 Content-Range Content-Type
56
Entity caching headers
Header Description ETag Expires Last-Modified
57
HTTP protocol information http://www.w3.org/Protocols/
The W3C architecture page for HTTP. http://www.ietf.org/rfc/rfc2621.txt
RFC 2616, “Hypertext Transfer Protocol- HTTP/1.1”, is the official specification for HTTP/1.1, the current version of the HTTP protocol.
