Embed Size (px)
Citation preview
Client-Side Web TechnologiesIntroduction to HTTP
MIME• Multipurpose Internet Mail
Extensions• Introduced in 1996• Created to extend email to
support:• Text in character sets other than ASCII• Non-text content• Multi-part message bodies• Header info in non-ASCII character sets
http://www.maran.com/dictionary/m/mime/image.gif
MIME Header Fields• MIME-Version
• Declares version of message body format standard in use• Content-Type
• Describes the data contained in the body• Content-Disposition
• Describes how a body part should be presented (e.g. inline or attachment)
• There are others but we won’t discuss them…
MIME Content-Type• Describes the data in the body of a MIME entity• Consists of:
• Top level media type• Declares the general type of data
• Subtype• Specifies a specific format for that type of data
• Parameters that modify the subtype (optional)• Due to expanded use, now known as Internet Media
Types• IANA maintains the list of registered Media Types:
• http://www.iana.org/assignments/media-types
Top-Level Media Types• Text
• Textual information• Image
• Image data• Audio
• Audio data• Video
• Video data• Application
• Some other kind of data (typically binary, to be processed by some application)
• Multipart• Data consisting of multiple entities of independent data types
• Subtypes such as mixed, alternative, byteranges, and form-data (for HTML forms)
MIME Message ExamplesFrom: John Doe <[email protected]>Subject: Hello
MIME-Version: 1.0
Content-Type: text/plain;
This is a message in MIME format.
From: John Doe <[email protected]>
Subject: Hello
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary=“XXXXboundary”
--XXXXboundary
Content-Type: text/plain;
this is the body text
--XXXXboundary
Content-Type: text/plain;
Content-Disposition: attachment;
filename="test.txt"
this is the attachment text
--XXXXboundary--
Client-Server Model
• Method of computer network programming
• Running software applications are assigned one of two possible roles –client or server
Server Applications
• Receive and handle service requests from clients (often multiple clients)
• Typically run on separate, more powerful machines than clients
• Examples: web server applications like Apache, Tomcat, Node.js, and IIS
Client Applications
• Initiate service requests to servers• Typically run on separate, less powerful
machines than servers• Examples: web browsers like Firefox
and Chrome
HTTP• Hypertext Transfer Protocol• Operates at the Application layer in TCP/IP
and OSI models• Consists of client requests and server
responses
HTTP (continued)• HTTP/1.1
• Standardized in 1999• Most commonly used standard • Defined in IETF RFC[7230 – 7235]• https://tools.ietf.org/html/rfc7230
• HTTP/2.0 • Standardized in 2015• Attempts to solve performance issues with 1.1• Defined in IETF RFC 7540• https://tools.ietf.org/html/rfc7540• Will discuss later in the course
HTTP Request Message• Request-Line
• Method• URI• Protocol version
• Header fields (optional)• Message-Body (optional)
HTTP Response Message• Status-Line
• Protocol version• Status code
• Header fields (optional)• Message-Body (optional)
HTTP Common MethodsMethod Use Action Type*OPTIONS Request information about HTTP methods supported by the
serversafeidempotent
GET Retrieve the resource identified by the request URI safeidempotent
HEAD Identical to GET but with no message-body in response safeidempotent
POST Request that the target resource process the representation enclosed in the request according to the resource's own specific semantics
NOT safeNOT idempotent
PUT Request that the server store the enclosed entity under the request URI (replacing an existing version if it exists)
NOT safeidempotent
DELETE Request that the server delete the resource identified by the request URI
NOT safeidempotent
* Safe actions should retrieve information/resources only; idempotent actions should produce the same results if executed once or multiple times
URI• Uniform Resource Identifier• String of characters used to identify a
resource• Examples:
• ftp://ftp.is.co.za/rfc/rfc1808.txt
• http://www.ietf.org/rfc/rfc2396.txt
• urn:isbn:0451450523
URL• Uniform Resource Locator• URLs are a subset of URIs that also provide
means of locating the resource by describing its primary access mechanism (e.g. http, ftp, etc.)
• The terms URL and URI are often used interchangeably
• Examples:• ftp://ftp.is.co.za/rfc/rfc1808.txt
• http://www.ietf.org/rfc/rfc2396.txt
• urn:isbn:0451450523
HTTP URLs
"http:" "//" host [":" port] [ abs_path ["?" query]]
*If no port given, then 80 is assumed (443 for HTTPS)
Examples:http://www.google.com/calendar?tab=wchttp://localhost:8080/MyWebApp/index.jsp
HTTP Status Code ClassesClass Use Example(s)1xx Information 100 Continue
2xx Success 200 OK
3xx Redirection 301 Moved Permanently304 Not Modified
4xx Client Error 400 Bad Request403 Forbidden404 Not Found405 Method Not Allowed
5xx Server Error 500 Internal Server Error503 Service Unavailable
HTTP General Headers(a subset, there are others)
Header Field Use Example Value(s)Cache-Control Rules that must be used by all
caching mechanismsno-cachemax-age
Connection Specifies options that are desired for a particular connection
closekeep-aliveupgrade
Date Specifies date and time at which message was generated
Tue, 15 Nov 1994 08:12:31 GMT
Transfer-Encoding
Specifies what type of transformation has been applied to the message body
chunked
Upgrade Specifies what additional application layer protocols client can support and would like to use
HTTP/2.0websocket
HTTP Request-Specific Headers(a subset, there are others)
Header Field Use Example Value(s)
Accept Specifies media types that are acceptable for the response
text/htmlimage/png, image/*;q=0.8, */*;q=0.5
Accept-Language
Specifies set of natural languages that are acceptable in the response
en-US, en;q=0.5
Accept-Encoding
Specifies content-codings that are acceptable in the response
gzip, deflate
Range Specifies that a sub-range of the entity be returned
bytes=0-10
Host Specifies the Internet host and port number of requested resource
www.google.com127.0.0.1:8080
Cookie Sends stored cookies to server name=value; name2=value2
User-Agent Specifies information about user agent (e.g. browser) making the request
Mozilla/5.0 (compatible; MSIE 9.0;Windows NT 6.1; Win64; x64; Trident5.0)
HTTP Response-Specific Headers(a subset, there are others)
Header Field Use Example Value(s)
Age Specifies the sender's estimate of the amount of time (in seconds) since the response was generated by the origin server
464500
Accept-Ranges
Indicates the server's acceptance of range requests for a resource
bytesnone
Location Used to redirect recipient to a location other than the request URI
http://www.w3.org/pub/WWW/People.html
Server Specifies information about the software used by the server to handle the request
ApacheMicrosoft-IIS/7.5
Set-Cookie Sends a cookie from the server to the client
name=value; Expires=Wed, 13-Jan-202122:23:01 GMT
name2=value2
HTTP Entity Headers(a subset, there are others)
Header Field Use Example Value(s)
Content-Type
Specifies the media type of the entity-body sent in the response
text/htmlimage/png
Content-Language
Specifies the natural language of the intended audience of the enclosed entity-body
en-USda
Content-Encoding
Specifies what content-codings have been applied to the entity-body
gzipdeflate
Content-Range
Specifies where in the full entity-body the partial body sent should be applied
bytes 0-10/500bytes 0-499/1234
Content-Length
Specifies the size of the entity-body sent in the response in decimal number of OCTETs (i.e. bytes)
11500
Allow Lists the set of methods supported by the resource identified by the request URI (used when a Method Not Allowed response is sent)
GET,HEAD,POST,OPTIONSGET,POST
HTTP Request Message ExampleGET /calendar?tab=wc HTTP/1.1 Host: www.google.comUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS
X 10.7; rv:18.0) Gecko/20100101 Firefox18.0 Accept: text/html,application/xhtl+xml,application/
xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive
HTTP Response Message Example
HTTP/1.1 200 OK Cache-Control: private, max-age=0 Content-Encoding: gzipContent-Type: text/html; charset=UTF-8 Date: Mon, 11 Feb 2013 20:15:16 GMT Expires: -1 Server: gws
<DOCTYPE html><HTML lang=“en”>...</HTML>
Netcat• Network utility for TCP and UDP connections• Originally a UNIX program, now available for
many operating systems• If you are using Mac OS X you should already
have it• If using Windows, you can obtain it here:
http://www.securityfocus.com/tools/139• Netcat is great for creating our own HTTP 1.1
requests
Ncat
• Ncat is a reimplementation of Netcatwith added features
• Supports SSL so we can generate HTTPS requests with it
• Available for Mac OS X and Windows: http://nmap.org/ncat/
Postman
• Tool for working with APIs• Use to make HTTP 1.1 requests• Supports SSL so we can generate
HTTPS requests with it• Available for Mac OS X and Windows• https://www.getpostman.com/• Standalone app or Chrome extension
Wireshark
• Network protocol analyzer• Allows us to capture network traffic• Available for Mac OS X and Windows:
http://www.wireshark.org/
