Post on 15-Mar-2016
description
240-527 JTA. http/7 1
Java Technology and ApplicationsJava Technology and Applications
ObjectivesObjectives– to explain the Hypertext Transfer Protocol to explain the Hypertext Transfer Protocol
(HTTP)(HTTP)
240-527 CoE Masters Programme, PSUSemester 2, 2003-2004
7. HTTP
240-527 JTA. http/7 2
OverviewOverview
1. 1. How a Browser WorksHow a Browser Works2.2. HTTP TransactionsHTTP Transactions3.3. Client Request MethodsClient Request Methods4.4. HTTP Protocol VersionsHTTP Protocol Versions5.5. Server Response CodesServer Response Codes6.6. Some Advanced FeaturesSome Advanced Features7.7. More InformationMore Information
240-527 JTA. http/7 3
1. How a Browser Works1. How a Browser Works
Browsers use the HTTP protocol to Browsers use the HTTP protocol to communicate with Web serverscommunicate with Web servers– HTTP is a request/response protocolHTTP is a request/response protocol
network
request
responseWeb serverClient browser
240-527 JTA. http/7 4
1.1. Details of a Client Request1.1. Details of a Client Request
From a browser, I request:From a browser, I request:http://fivedots.coe.psu.ac.th/~ad/http://fivedots.coe.psu.ac.th/~ad/
The browser connects to the site The browser connects to the site fivedots.coe.psu.ac.thfivedots.coe.psu.ac.th at port 80, and at port 80, and sends the request:sends the request:
continued
240-527 JTA. http/7 5
GET /~ad/GET /~ad/ HTTP/1.1 HTTP/1.1Host: fivedots.coe.psu.ac.thHost: fivedots.coe.psu.ac.thUser-Agent: Mozilla/5.0 (Windows; U; Win98; User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; m18) Gecko/20010131 Netscape6/6.01 en-US; m18) Gecko/20010131 Netscape6/6.01Accept: */*Accept: */*Accept-Language: enAccept-Language: enAccept-Encoding: gzip,deflate,compress,identityAccept-Encoding: gzip,deflate,compress,identityKeep-Alive: 300Keep-Alive: 300Connection: keep-aliveConnection: keep-alive
HTTP method/command URL
HTTP versionused by client
various header information;one per line
240-527 JTA. http/7 6
Details of a Server ResponseDetails of a Server Response
HTTP/1.1 200 OKHTTP/1.1 200 OKDate: Sun, 12 Oct 2003 04:20:51 GMTDate: Sun, 12 Oct 2003 04:20:51 GMTServer: Apache/1.3.9 (Unix) Debian/GNU PHP/4.0.3pl1Server: Apache/1.3.9 (Unix) Debian/GNU PHP/4.0.3pl1X-Powered-By: PHP/4.0.3pl1X-Powered-By: PHP/4.0.3pl1Keep-Alive: timeout=15, max=100Keep-Alive: timeout=15, max=100Connection: Keep-AliveConnection: Keep-AliveTransfer-Encoding: chunkedTransfer-Encoding: chunkedContent-Type: text/html; charset=iso-8859-1Content-Type: text/html; charset=iso-8859-1
<html><html><head><head><title>Andrew Davison's Home Page at PSU</title><title>Andrew Davison's Home Page at PSU</title></head></head><body bgcolor=#ffffff test=#000000><body bgcolor=#ffffff test=#000000>: // rest of HTML text for page: // rest of HTML text for page
status code and text
HTTP version used by serverH
TML
for P
age
240-527 JTA. http/7 7
Part of my Home PagePart of my Home Page
240-527 JTA. http/7 8
My home page contains several images.My home page contains several images.
The browser sees them in the text of the Web page:The browser sees them in the text of the Web page:– e.g. e.g. <img src="me.jpg" align="right" <img src="me.jpg" align="right" alt="[PIC of Andrew]"> alt="[PIC of Andrew]">
The browser automatically requests each one.The browser automatically requests each one.
1.2. Web Page Images1.2. Web Page Images
240-527 JTA. http/7 9
An Image RequestAn Image Request
GET /~ad/me.jpgGET /~ad/me.jpg HTTP/1.1 HTTP/1.1Referer: http://fivedots.coe.psu.ac.th/~ad/Referer: http://fivedots.coe.psu.ac.th/~ad/Host: fivedots.coe.psu.ac.thHost: fivedots.coe.psu.ac.thUser-Agent: Mozilla/5.0 (Windows; U; Win98; User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; m18) Gecko/20010131 Netscape6/6.01 en-US; m18) Gecko/20010131 Netscape6/6.01Accept: */*Accept: */*Accept-Language: enAccept-Language: enAccept-Encoding: gzip,deflate,compress,identityAccept-Encoding: gzip,deflate,compress,identityKeep-Alive: 300Keep-Alive: 300Connection: keep-aliveConnection: keep-alive
the page where the link to the image is located
240-527 JTA. http/7 10
The Image ResponseThe Image Response
HTTP/1.1 200 OKHTTP/1.1 200 OKDate: Sun, 12 Oct 2003 04:20:55 GMTDate: Sun, 12 Oct 2003 04:20:55 GMTServer: Apache/1.3.9 (Unix) Debian/GNU PHP/4.0.3pl1Server: Apache/1.3.9 (Unix) Debian/GNU PHP/4.0.3pl1Last-Modified: Tue, 17 Oct 2000 09:40:05 GMTLast-Modified: Tue, 17 Oct 2000 09:40:05 GMTETag: "1bf29-1194-39ec1e75"ETag: "1bf29-1194-39ec1e75"Accept-Ranges: bytesAccept-Ranges: bytesContent-Length: 4500Content-Length: 4500Keep-Alive: timeout=15, max=99Keep-Alive: timeout=15, max=99Connection: Keep-AliveConnection: Keep-AliveContent-Type: image/jpeg; charset=iso-8859-1Content-Type: image/jpeg; charset=iso-8859-1
// ... data of the JPEG file// ... data of the JPEG file
240-527 JTA. http/7 11
1.3. Clicking on a Link1.3. Clicking on a Link
In the browser, if I click on the link labelled In the browser, if I click on the link labelled 'AIT', then the browser examines the 'AIT', then the browser examines the associated HTML:associated HTML:– <a href="http://www.cs.ait.ac.th/">AIT</a><a href="http://www.cs.ait.ac.th/">AIT</a>
The browser then connects to The browser then connects to www.cs.ait.ac.thwww.cs.ait.ac.th at port 80, and requests at port 80, and requests the top page:the top page:
continued
240-527 JTA. http/7 12
GET /GET / HTTP/1.1 HTTP/1.1Referer: http://fivedots.coe.psu.ac.th/~ad/Referer: http://fivedots.coe.psu.ac.th/~ad/Host: www.cs.ait.ac.thHost: www.cs.ait.ac.thUser-Agent: Mozilla/5.0 (Windows; U; Win98; User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; m18) Gecko/20010131 Netscape6/6.01 en-US; m18) Gecko/20010131 Netscape6/6.01Accept: */*Accept: */*Accept-Language: enAccept-Language: enAccept-Encoding: gzip,deflate,compress,identityAccept-Encoding: gzip,deflate,compress,identityKeep-Alive: 300Keep-Alive: 300Connection: keep-aliveConnection: keep-alive
sent to www.cs.ait.ac.th
240-527 JTA. http/7 13
Server ResponseServer ResponseHTTP/1.0 200 OKHTTP/1.0 200 OKDate: Sun, 12 Oct 2003 06:08:24 GMTDate: Sun, 12 Oct 2003 06:08:24 GMTServer: Apache/1.3.12 Ben-SSL/1.41 PHP/4.0.1pl2Server: Apache/1.3.12 Ben-SSL/1.41 PHP/4.0.1pl2Last-Modified: Fri, 11 Apr 2003 02:48:54 GMTLast-Modified: Fri, 11 Apr 2003 02:48:54 GMTETag: "214d69-543b-3ad3c616"ETag: "214d69-543b-3ad3c616"Accept-Ranges: bytesAccept-Ranges: bytesContent-Length: 21563Content-Length: 21563Content-Type: text/htmlContent-Type: text/htmlAge: 120Age: 120X-Cache: MISS from cache3.psu.ac.thX-Cache: MISS from cache3.psu.ac.thConnection: keep-aliveConnection: keep-alive
<HTML><HTML><HEAD><HEAD> // ... rest of Web page text // ... rest of Web page text
This server usesHTTP 1.0
240-527 JTA. http/7 14
The New PageThe New Page
240-527 JTA. http/7 15
1.4. Getting a Page with Telnet1.4. Getting a Page with Telnet
ad@calvin$ ad@calvin$ telnet fivedots.coe.psu.ac.th 80telnet fivedots.coe.psu.ac.th 80Trying 172.30.0.5...Trying 172.30.0.5...Connected to fivedots.coe.psu.ac.th.Connected to fivedots.coe.psu.ac.th.Escape character is '^]'.Escape character is '^]'.GET ~ad/index.html HTTP/1.0GET ~ad/index.html HTTP/1.0
HTTP/1.0 200 OKHTTP/1.0 200 OKDate: Wed, 22 Oct 2003 05:07:26 GMTDate: Wed, 22 Oct 2003 05:07:26 GMTServer: Apache/1.3.12 Ben-SSL/1.41 PHP/4.0.1pl2Server: Apache/1.3.12 Ben-SSL/1.41 PHP/4.0.1pl2Last-Modified: Wed, 11 Jun 2003 02:48:54 GMTLast-Modified: Wed, 11 Jun 2003 02:48:54 GMTETag: "214d69-543b-3ad3c616"ETag: "214d69-543b-3ad3c616"Accept-Ranges: bytesAccept-Ranges: bytes // ... rest of headers and HTML text of page // ... rest of headers and HTML text of page
two newlinesrequired
resp
onse
In CoE/PSU, the request needs to be 'local'.
240-527 JTA. http/7 16
1.5. HTTP and Web Forms1.5. HTTP and Web Forms
240-527 JTA. http/7 17
The Form HTML CodeThe Form HTML Code <<form method="post"form method="post" action= action=
"http://fivedots.coe.psu.ac.th/cgi-bin/ad/echoer"> "http://fivedots.coe.psu.ac.th/cgi-bin/ad/echoer"> <input TYPE="text" NAME="pat1" SIZE="15" <input TYPE="text" NAME="pat1" SIZE="15" MAXLENGTH="15" VALUE=""> MAXLENGTH="15" VALUE=""> <input TYPE="text" NAME="pat2" SIZE="15" <input TYPE="text" NAME="pat2" SIZE="15" MAXLENGTH="15" VALUE=""> MAXLENGTH="15" VALUE=""> <input TYPE="text" NAME="pat3" SIZE="15" <input TYPE="text" NAME="pat3" SIZE="15" MAXLENGTH="15" VALUE=""> MAXLENGTH="15" VALUE=""> <input TYPE="text" NAME="pat4" SIZE="15" <input TYPE="text" NAME="pat4" SIZE="15" MAXLENGTH="15" VALUE=""> MAXLENGTH="15" VALUE=""> <input TYPE="text" NAME="pat5" SIZE="15" <input TYPE="text" NAME="pat5" SIZE="15" MAXLENGTH="15" VALUE=""></p> <br> MAXLENGTH="15" VALUE=""></p> <br> <p><input TYPE="submit" VALUE="Submit"> <p><input TYPE="submit" VALUE="Submit"> <input TYPE="reset" VALUE="Clear"> <input TYPE="reset" VALUE="Clear"> </form></form>
240-527 JTA. http/7 18
Form Input and OutputForm Input and Output
240-527 JTA. http/7 19
Form Input RequestForm Input RequestPOST /cgi-bin/ad/echoerPOST /cgi-bin/ad/echoer HTTP/1.1 HTTP/1.1Referer: http://fivedots.coe.psu.ac.th/~ad/echoer/ Referer: http://fivedots.coe.psu.ac.th/~ad/echoer/ eform.htmleform.htmlHost: fivedots.coe.psu.ac.thHost: fivedots.coe.psu.ac.thUser-Agent: Mozilla/5.0 (Windows; U; Win98; User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; m18) Gecko/20010131 Netscape6/6.01 en-US; m18) Gecko/20010131 Netscape6/6.01Accept: */*Accept: */*Accept-Language: enAccept-Language: enAccept-Encoding: gzip,deflate,compress,identityAccept-Encoding: gzip,deflate,compress,identityKeep-Alive: 300Keep-Alive: 300Connection: keep-aliveConnection: keep-aliveContent-type: application/x-www-form-urlencodedContent-type: application/x-www-form-urlencodedContent-Length: 39Content-Length: 39
pat1=hello&pat2=&pat3=world&pat4=&pat5=pat1=hello&pat2=&pat3=world&pat4=&pat5=
The HTTPPost method
240-527 JTA. http/7 20
Server ResponseServer Response
HTTP/1.1 200 OKHTTP/1.1 200 OKDate: Sun, 12 Oct 2003 08:30:07 GMTDate: Sun, 12 Oct 2003 08:30:07 GMTServer: Apache/1.3.9 Debian/GNU PHP/4.0.3pl1Server: Apache/1.3.9 Debian/GNU PHP/4.0.3pl1Keep-Alive: timeout=15, max=100Keep-Alive: timeout=15, max=100Connection: Keep-AliveConnection: Keep-AliveTransfer-Encoding: chunkedTransfer-Encoding: chunkedContent-Type: text/html; charset=iso-8859-1Content-Type: text/html; charset=iso-8859-1
<html><head><title>Query Result</title></head><html><head><title>Query Result</title></head><body <body background="http://fivedots.coe.psu.ac.th/~ad/cbackground="http://fivedots.coe.psu.ac.th/~ad/chalk.jpg"><H1 align=center>Query Result</H1>halk.jpg"><H1 align=center>Query Result</H1> // ... rest of page // ... rest of page
240-527 JTA. http/7 21
1.6 Proxies1.6 Proxies
Most clients and servers do not Most clients and servers do not communicate directlycommunicate directly– the client must send its request via a proxythe client must send its request via a proxy– the proxy acts as a firewall and/or cachethe proxy acts as a firewall and/or cache
At PSU, most Web requests must go At PSU, most Web requests must go through the through the cache.psu.ac.thcache.psu.ac.th proxy proxy– this is set up in the browser's preferencesthis is set up in the browser's preferences
continued
240-527 JTA. http/7 22
In other applications, it may be necessary to In other applications, it may be necessary to explicitly communicate with the proxyexplicitly communicate with the proxy– this is done by connecting to the proxy, and this is done by connecting to the proxy, and
sending it the full URL of the page requiredsending it the full URL of the page required
240-527 JTA. http/7 23
Using a Proxy with TelnetUsing a Proxy with Telnet
ad@fivedots$ ad@fivedots$ telnet cache.psu.ac.th 8080telnet cache.psu.ac.th 8080Trying 192.168.98.6... Trying 192.168.98.6... Connected to proxy6.psu.ac.th.Connected to proxy6.psu.ac.th.Escape character is '^]'.Escape character is '^]'.GET http://www.student.math.uwaterloo.ca/~cs488/ GET http://www.student.math.uwaterloo.ca/~cs488/ HTTP/1.0HTTP/1.0
HTTP/1.0 200 OKHTTP/1.0 200 OKDate: Thu, 21 Nov 2002 06:01:31 GMTDate: Thu, 21 Nov 2002 06:01:31 GMTServer: Apache/1.3.27 (Unix) mod_perl/1.21Server: Apache/1.3.27 (Unix) mod_perl/1.21Last-Modified: Wed, 20 Nov 2002 12:00:21 GMTLast-Modified: Wed, 20 Nov 2002 12:00:21 GMTETag: "1b66a-2234-3ddb7955"ETag: "1b66a-2234-3ddb7955" ::
resp on seStudents should be able to do this.
240-527 JTA. http/7 24
::Accept-Ranges: bytesAccept-Ranges: bytesContent-Length: 8756Content-Length: 8756Content-Type: text/htmlContent-Type: text/htmlAge: 3263Age: 3263X-Cache: X-Cache: HITHIT from cache.psu.ac.th from cache.psu.ac.thProxy-Connection: closeProxy-Connection: close
<html><html> // ... rest of Web page text // ... rest of Web page text</html></html>
Connection closed by foreign host.Connection closed by foreign host.ad@fivedots$ad@fivedots$
240-527 JTA. http/7 25
2. HTTP Transactions2. HTTP Transactions
network
request
responseWeb serverClient browser
Method URL VersionGeneral headerRequest headerEntity header
Entity body
Version Status ReasonGeneral headerResponse headerEntity header
Entity body
240-527 JTA. http/7 26
Client Request ExampleClient Request ExamplePOST /cgi-bin/ad/echoer HTTP/1.1POST /cgi-bin/ad/echoer HTTP/1.1Referer: http://fivedots...Referer: http://fivedots...User-Agent: Mozilla/5.0 ...User-Agent: Mozilla/5.0 ...Accept: */*Accept: */*Accept-Language: enAccept-Language: enAccept-Encoding: gzip,...Accept-Encoding: gzip,...Keep-Alive: 300Keep-Alive: 300Connection: keep-aliveConnection: keep-aliveContent-type: application/x-www-form-urlencodedContent-type: application/x-www-form-urlencodedContent-Length: 39Content-Length: 39
pat1=hello&pat2=&pat3=world&pat4=&pat5=pat1=hello&pat2=&pat3=world&pat4=&pat5=
Method URL Version
Request headers
General headers
Entity headers
Entity body
240-527 JTA. http/7 27
Request ComponentsRequest Components
HTTP methods:HTTP methods:– GET, POST, HEAD, PUT, DELETEGET, POST, HEAD, PUT, DELETE– OPTIONS and TRACE (HTTP 1.1.)OPTIONS and TRACE (HTTP 1.1.)– other non-standardized methodsother non-standardized methods
General headersGeneral headers– optional general information such as the current optional general information such as the current
date/time, or network characteristicsdate/time, or network characteristics
continued
240-527 JTA. http/7 28
Request headersRequest headers– information about the client, used by the serverinformation about the client, used by the server– e.g. browser info., document formats that the client e.g. browser info., document formats that the client
can understandcan understand
Entity headersEntity headers– used when an entity (a Web document) is about to be used when an entity (a Web document) is about to be
sentsent– e.g. encoding scheme, length, type, origine.g. encoding scheme, length, type, origin
continued
240-527 JTA. http/7 29
Headers may be sent in any order.Headers may be sent in any order.
Header names are case-insensitiveHeader names are case-insensitive– e.g. Content-Type == Content-typee.g. Content-Type == Content-type
240-527 JTA. http/7 30
Server Response ExampleServer Response Example
HTTP/1.1 200 OKHTTP/1.1 200 OKDate: Tue,...Date: Tue,...Keep-Alive: timeout=15, max=100Keep-Alive: timeout=15, max=100Connection: Keep-AliveConnection: Keep-AliveTransfer-Encoding: chunkedTransfer-Encoding: chunkedServer: Apache...Server: Apache...Content-Type: text/html;...Content-Type: text/html;...
<html><html> // ... rest of page // ... rest of page
Version Status Reason
General headers
Response headers
Entity headers
Entity body
240-527 JTA. http/7 31
Server ComponentsServer Components
The general and entity headers are the same The general and entity headers are the same as those used in a client request.as those used in a client request.
Response headerResponse header– gives the client information about the server gives the client information about the server
configurationconfiguration– e.g. what HTTP methods are supported, request e.g. what HTTP methods are supported, request
authorization details, or server time-out reportauthorization details, or server time-out report
240-527 JTA. http/7 32
Some Other headersSome Other headers General HeadersGeneral Headers
– Cache-ControlCache-Control caching behaviourcaching behaviour– ConnectionConnectionshould connection closeshould connection close
after this transactionafter this transaction– MIME-VersionMIME-Version message encodingmessage encoding– PragmaPragma directives for proxiesdirectives for proxies– ViaVia info about processing by info about processing by
gateways and proxies between gateways and proxies between the client and serverthe client and server
continued
240-527 JTA. http/7 33
Request HeadersRequest Headers– AuthorizationAuthorization to request restricted docs.to request restricted docs.– CookieCookie send name=value infosend name=value info– HostHost required address & port inforequired address & port info– If-Modified-SinceIf-Modified-Since get doc. if newerget doc. if newer– If-MatchIf-Match get doc. if matches get doc. if matches etagsetags– If-RangeIf-Range get part of a doc. if changedget part of a doc. if changed– Max-ForwardsMax-Forwards limits no. of proxies/gatewayslimits no. of proxies/gateways– Proxy-AuthorizationProxy-Authorization for proxy for proxy– RangeRange only get part of a doconly get part of a doc
continued
240-527 JTA. http/7 34
Response HeadersResponse Headers– Accept-RangesAccept-Ranges will accept range requestswill accept range requests– AgeAge age of doc in secondsage of doc in seconds– Proxy-AuthenticateProxy-Authenticate gives auth. schemegives auth. scheme– PublicPublic supported methodssupported methods– Retry-AfterRetry-After try again after given timetry again after given time– Set-CookieSet-Cookiesends a name=value pairsends a name=value pair– WarningWarning info used for cachinginfo used for caching– WWW-AuthenticationWWW-Authentication gives auth scheme for gives auth scheme for
access to Web pagesaccess to Web pages
continued
240-527 JTA. http/7 35
Entity HeadersEntity Headers– AllowAllow methods allowed on URLmethods allowed on URL– Content-LocationContent-Location useful if a doc is storeduseful if a doc is stored
in several locationsin several locations– Content-RangeContent-Range range of partial doc sentrange of partial doc sent– ETagETag entity tag for the docentity tag for the doc– ExpiresExpires when content may changewhen content may change– Last-ModifiedLast-Modified when doc last changedwhen doc last changed
240-527 JTA. http/7 36
3. Client Request Methods3. Client Request Methods GETGET
– retrieve the specified documentretrieve the specified document POSTPOST
– for sending (form) informationfor sending (form) information HEADHEAD
– get information get information aboutabout the document, but not the actual the document, but not the actual documentdocument
PUTPUT– store the specified document on the serverstore the specified document on the server
continued
240-527 JTA. http/7 37
DELETEDELETE– delete the specified document on the serverdelete the specified document on the server
TRACETRACE– asks that proxies/gateways add information to the asks that proxies/gateways add information to the
headers of the request, which is sent back in the headers of the request, which is sent back in the responseresponse
OPTIONSOPTIONS– ask the server to send info about the HTTP methods it ask the server to send info about the HTTP methods it
supportssupports
240-527 JTA. http/7 38
3.1. The GET Method3.1. The GET Method The main purpose of The main purpose of GETGET is to request a document is to request a document
from a serverfrom a server– see earlier examples in section 1see earlier examples in section 1
But the response can be generated in various ways:But the response can be generated in various ways:– a file on the Web servera file on the Web server– the output of a CGI scriptthe output of a CGI script
the script may examine server-side hardware, files, or do the script may examine server-side hardware, files, or do some special calculationssome special calculations
240-527 JTA. http/7 39
CGI DiagramCGI Diagram
request
responseWeb server
Client browser
the Web/Internet
CGI script
request becomes
input
outputbecomes response
240-527 JTA. http/7 40
A CGI RequestA CGI Request
Data for a CGI script is passed as extra Data for a CGI script is passed as extra name=valuename=value arguments added to the URL: arguments added to the URL:
GET /cgi-bin/create.plGET /cgi-bin/create.pl?user=util-tester&?user=util-tester& pass=1234 pass=1234 HTTP/1.0 HTTP/1.0Referer: ...Referer: ...User-Agent: ...User-Agent: ... : :
The arguments are URL-encoded.The arguments are URL-encoded.
two arguments
240-527 JTA. http/7 41
URL EncodingURL Encoding
name=valuename=value pairs are combined into a single pairs are combined into a single string separated by string separated by &&'s.'s.
This is added to the end of the URL after a This is added to the end of the URL after a ??
Certain special characters are converted to Certain special characters are converted to hexadecimal preceded by a %.hexadecimal preceded by a %.– e.g. '#' becomes e.g. '#' becomes %23%23, '/' becomes , '/' becomes %2F%2F
240-527 JTA. http/7 42
3.2. The POST Method3.2. The POST Method The main purpose of the The main purpose of the POSTPOST method is to send method is to send
form information to a serverform information to a server– see the example in section 1.5see the example in section 1.5
Most servers use CGI programs to process form Most servers use CGI programs to process form requests.requests.
The text in the form The text in the form name=valuename=value data is URL data is URL encoded.encoded.
240-527 JTA. http/7 43
Forms can use GETForms can use GET
The The <form><form> tag in HTML can also be used tag in HTML can also be used to send data in the GET format:to send data in the GET format:
<form <form method="get"method="get" action="http://fivedots.coe.psu.ac.th/ action="http://fivedots.coe.psu.ac.th/ cgi-bin/create.pl"> cgi-bin/create.pl"> <input name="user"> <input name="user"> <input name="pass" type="password"> <input name="pass" type="password"> <input type="submit" value="Submit"> <input type="submit" value="Submit"></form></form>
240-527 JTA. http/7 44
Which Method to Use?Which Method to Use?
The The GETGET method adds form input to the end method adds form input to the end of the URL, and there is often a maximum of the URL, and there is often a maximum length limitlength limit– e.g. the URL string must be 255 chars or lesse.g. the URL string must be 255 chars or less
For large input, the For large input, the POSTPOST method is better method is better since there is no limit on the size of the since there is no limit on the size of the entity body in the request.entity body in the request.
240-527 JTA. http/7 45
3.3. The HEAD Method3.3. The HEAD Method
The The HEADHEAD method returns information about method returns information about a document:a document:– this includes its modification time, its size, its this includes its modification time, its size, its
type, and details about its servertype, and details about its server
– this information is useful in guiding/speeding this information is useful in guiding/speeding up search engines and browsersup search engines and browsers
240-527 JTA. http/7 46
HEAD using TelnetHEAD using Telnetad@calvin$ telnet fivedots.coe.psu.ac.th 80ad@calvin$ telnet fivedots.coe.psu.ac.th 80Connected to fivedots.coe.psu.ac.th.Connected to fivedots.coe.psu.ac.th.HEAD /~ad/index.html HTTP/1.0HEAD /~ad/index.html HTTP/1.0
HTTP/1.0 200 OKHTTP/1.0 200 OKDate: Sun, 12 Oct 2003 06:42:48 GMTDate: Sun, 12 Oct 2003 06:42:48 GMTServer: Apache/1.3.12 Ben-SSL/1.41 PHP/4.0.1pl2Server: Apache/1.3.12 Ben-SSL/1.41 PHP/4.0.1pl2Last-Modified: Tue, 29 Jul 2003 11:11:51 GMTLast-Modified: Tue, 29 Jul 2003 11:11:51 GMTETag: "1f1f6e-522-3982bbf7"ETag: "1f1f6e-522-3982bbf7"Accept-Ranges: bytesAccept-Ranges: bytesContent-Length: 1314Content-Length: 1314Content-Type: text/htmlContent-Type: text/htmlAge: 157Age: 157Connection: closeConnection: close
Connection closed by foreign host.Connection closed by foreign host.ad@calvin$ ad@calvin$
response
240-527 JTA. http/7 47
3.4. The PUT Method3.4. The PUT Method The The PUTPUT method is used for uploading files to a server method is used for uploading files to a server
– PUT URL HTTP-versionPUT URL HTTP-version– used in HTML editors such as FrontPageused in HTML editors such as FrontPage
Usually involves an authorization phase when the Usually involves an authorization phase when the server asks for a user name and password before server asks for a user name and password before accepting the accepting the PUTPUT
– this is processed by FrontPage using details entered by the this is processed by FrontPage using details entered by the useruser
240-527 JTA. http/7 48
3.5. The DELETE Method 3.5. The DELETE Method
The The DELETEDELETE method deletes the specified method deletes the specified file:file:– DELETE URL HTTP-versionDELETE URL HTTP-version
The server will usually ask for authorization The server will usually ask for authorization information before carrying out the request.information before carrying out the request.
240-527 JTA. http/7 49
3.6. The TRACE Method3.6. The TRACE Method
The The TRACETRACE method allows a programmer to method allows a programmer to see how the client's request is passed see how the client's request is passed through proxies/gateways to the serverthrough proxies/gateways to the server– TRACE URL HTTP-versionTRACE URL HTTP-version
The server echoes the request back together The server echoes the request back together with a with a ViaVia header (and other optional header (and other optional headers).headers).
240-527 JTA. http/7 50
TRACE using TelnetTRACE using Telnet ad@calvin$ telnet cache.psu.ac.th 8080ad@calvin$ telnet cache.psu.ac.th 8080
Trying 192.16898.6...Trying 192.16898.6...Connected to proxy6.psu.ac.th.Connected to proxy6.psu.ac.th.Escape character is '^]'.Escape character is '^]'.TRACE http://www.cs.ait.ac.th HTTP/1.0TRACE http://www.cs.ait.ac.th HTTP/1.0
HTTP/1.0 200 OKHTTP/1.0 200 OKDate: Wec, 22 Oct 2003 07:11:20 GMTDate: Wec, 22 Oct 2003 07:11:20 GMTServer: Stronghold/2.4.2 Apache/1.3.6 Server: Stronghold/2.4.2 Apache/1.3.6 C2NetEU/2412 (Unix) C2NetEU/2412 (Unix)Content-Type: message/httpContent-Type: message/httpAge: 118Age: 118X-Cache: MISS from cache.psu.ac.thX-Cache: MISS from cache.psu.ac.thProxy-Connection: closeProxy-Connection: close
TRACE / HTTP/1.0TRACE / HTTP/1.0::
response
240-527 JTA. http/7 51
::Cache-Control: max-age=259200Cache-Control: max-age=259200Connection: keep-aliveConnection: keep-aliveHost: www.cs.ait.ac.thHost: www.cs.ait.ac.thVia: 1.0 cache.psu.ac.th:8080 (Squid/2.5.STABLE1)Via: 1.0 cache.psu.ac.th:8080 (Squid/2.5.STABLE1)X-Forwarded-For: unknownX-Forwarded-For: unknown
Connection closed by foreign host.Connection closed by foreign host.ad@calvin$ ad@calvin$
240-527 JTA. http/7 52
3.7. The OPTIONS Method3.7. The OPTIONS Method The The OPTIONSOPTIONS method allows a client to method allows a client to
obtain information about what methods a obtain information about what methods a server supportsserver supports
OPTIONS * HTTP-versionOPTIONS * HTTP-version
Often Often OPTIONSOPTIONS is disabled. is disabled.
Many servers require the Many servers require the HostHost header as header as well.well.
240-527 JTA. http/7 53
OPTIONS using TelnetOPTIONS using Telnet ad@calvin$ telnet fivedots.coe.psu.ac.th 80ad@calvin$ telnet fivedots.coe.psu.ac.th 80
Trying 172.30.0.5...Trying 172.30.0.5...Connected to fivedots.coe.psu.ac.th.Connected to fivedots.coe.psu.ac.th.Escape character is '^]'.Escape character is '^]'.OPTIONS * HTTP/1.1OPTIONS * HTTP/1.1Host: fivedots.coe.psu.ac.thHost: fivedots.coe.psu.ac.thConnection: closeConnection: close
HTTP/1.1 200 OKHTTP/1.1 200 OKDate: Sun, 12 Oct 2003 07:37:44 GMTDate: Sun, 12 Oct 2003 07:37:44 GMTServer: Apache/1.3.9 Debian/GNU PHP/4.0.3pl1Server: Apache/1.3.9 Debian/GNU PHP/4.0.3pl1Content-Length: 0Content-Length: 0Allow: GET, HEAD, OPTIONS, TRACEAllow: GET, HEAD, OPTIONS, TRACEConnection: closeConnection: close
Connection closed by foreign host.Connection closed by foreign host.ad@calvin$ ad@calvin$
response
Or use HTTP /1.0with no extras
240-527 JTA. http/7 54
4. HTTP Protocol Versions4. HTTP Protocol Versions
HTTP 0.9HTTP 0.9– only supported the GET methodonly supported the GET method– requests and responses had no extra header requests and responses had no extra header
informationinformation– a GET of a non-existent page caused the server a GET of a non-existent page caused the server
to return nothingto return nothing– no media types: only text/HTML was supportedno media types: only text/HTML was supported
240-527 JTA. http/7 55
HTTP 1.0HTTP 1.0– introduced headers, media types, more methods, introduced headers, media types, more methods,
caching, authentication, persistent connectionscaching, authentication, persistent connections
– headers mean that "meta" information can be headers mean that "meta" information can be transferred between clients and serverstransferred between clients and servers
– media types supported with media types supported with AcceptAccept (Request)and (Request)and Content-TypeContent-Type (Entity) headers (Entity) headers
continued
240-527 JTA. http/7 56
– caching supported with the caching supported with the Last-ModifiedLast-Modified (Entity) (Entity) and and If-Modified-SinceIf-Modified-Since (Request) headers (Request) headers
– authentication supported with the authentication supported with the AuthorizationAuthorization (Request) and (Request) and WWW-AuthenticateWWW-Authenticate (Response) headers (Response) headers
– persistent connections supported with the (non-persistent connections supported with the (non-standard) standard) ConnectionConnection header, with a header, with a keep-alivekeep-alive valuevalue
240-527 JTA. http/7 57
HTTP 1.1HTTP 1.1– introduced a better implementation of persistent connections, introduced a better implementation of persistent connections,
multihoming, entity tags, byte ranges, digest authenticationmultihoming, entity tags, byte ranges, digest authentication
– persistent connection is the default in HTTP 1.1persistent connection is the default in HTTP 1.1 only need only need Connection: closeConnection: close at the end at the end
– multihoming means that a server can respond to different multihoming means that a server can respond to different hostnames. HTTP 1.1. requires the hostnames. HTTP 1.1. requires the HostHost header in all header in all requestsrequests
continued
240-527 JTA. http/7 58
– entity tags (etags) aid caching by representing each entity tags (etags) aid caching by representing each document (entity) with a unique identifierdocument (entity) with a unique identifier
gets round the problem of the same document at different sitesgets round the problem of the same document at different sites etags are used in the etags are used in the If-matchIf-match and and If-none-matchIf-none-match request request
headersheaders
– byte ranges make it possible to retrieve only part of a byte ranges make it possible to retrieve only part of a documentdocument
useful for downloading after an interrupt, and for streaming useful for downloading after an interrupt, and for streaming mediamedia
supported with the supported with the RangeRange request header request header
continued
240-527 JTA. http/7 59
– digest authorization allows username and digest authorization allows username and password information to be transferred as a password information to be transferred as a unique number (a checksum)unique number (a checksum)
makes it much harder for hackers to steal password makes it much harder for hackers to steal password detailsdetails
240-527 JTA. http/7 60
5. Server Response Codes5. Server Response Codes
The server response code is the number The server response code is the number after the HTTP version string in the server after the HTTP version string in the server response:response:– HTTP/1.1 HTTP/1.1 200200 OK OKDate: ....Date: .... : :
The text after the number ("ok") is a The text after the number ("ok") is a description of the code.description of the code.
240-527 JTA. http/7 61
Response Code rangesResponse Code ranges
Code RangeCode Range MeaningMeaning100-199100-199 InformationInformation200-299200-299 Client request successfulClient request successful300-399300-399 Client request redirected;Client request redirected;
more action neededmore action needed400-499400-499 Client request incompleteClient request incomplete500-599500-599 Server errorServer error
240-527 JTA. http/7 62
Some Common CodesSome Common Codes
CodeCode MeaningMeaning– 200 OK200 OK response contains dataresponse contains data– 301 Moved301 Moved new location given in new location given in LocationLocation
response headerresponse header– 305 Use Proxy305 Use Proxy proxy location in proxy location in LocationLocation– 401 Unauthorized401 Unauthorized
client lacked proper authorizationclient lacked proper authorizationto get the page; details sent in the to get the page; details sent in the WWW-AuthenticateWWW-Authenticate response header response header
continued
240-527 JTA. http/7 63
– 404 Not Found404 Not Found no page at the URLno page at the URL
– 407 Proxy Authentication Required407 Proxy Authentication Requiredthe client must obtainthe client must obtainproxy authorization; details sentproxy authorization; details sentin the in the Proxy-AuthenticateProxy-Authenticate response headerresponse header
– 503 Service Unavailable503 Service Unavailablefurther details may be given in further details may be given in the the Retry-AfterRetry-After response header response header
240-527 JTA. http/7 64
6. Some Advanced Features6. Some Advanced Features
Details on:Details on:– media typesmedia types– client-side cachingclient-side caching– retrieving parts of a documentretrieving parts of a document– authorizationauthorization– cookiescookies
240-527 JTA. http/7 65
6.1. Media Types6.1. Media Types
The client tells the server which media The client tells the server which media types it can handle using the types it can handle using the AcceptAccept request request header.header.
The server tries to return information in a The server tries to return information in a preferred media type, and gives the type in preferred media type, and gives the type in the the Content-TypeContent-Type entity header. entity header.
240-527 JTA. http/7 66
Typical Client Accept HeadersTypical Client Accept Headers
Newer browsers:Newer browsers:Accept: image/gif, image/jpeg, */*Accept: image/gif, image/jpeg, */*
Older browsers:Older browsers:Accept: image/gifAccept: image/gifAccept: image/jpegAccept: image/jpegAccept */*Accept */*
240-527 JTA. http/7 67
6.2. Client-side Caching6.2. Client-side Caching Two approaches:Two approaches:
– caching based on the document agecaching based on the document age– caching based on the document's entity tag (etag)caching based on the document's entity tag (etag)
Caching can be configured using the general Caching can be configured using the general header header Cache-ControlCache-Control
– it can be switched off or set to a certain amount of timeit can be switched off or set to a certain amount of time– e.g. e.g. Cache-Control: no-cacheCache-Control: no-cache
continued
240-527 JTA. http/7 68
Cache-ControlCache-Control replaces the replaces the PragmaPragma heading heading of HTTP 1.0 which could only switch off of HTTP 1.0 which could only switch off caching:caching:– Pragma: no-cachePragma: no-cache
240-527 JTA. http/7 69
Caching using AgeCaching using Age The request header The request header If-Modified-SinceIf-Modified-Since::
If-Modified-Since: If-Modified-Since: Fri, 15-Jun-01 01:00:00 GMT Fri, 15-Jun-01 01:00:00 GMT
The server returns response code The server returns response code 304304 if it has not if it has not been modified, and the client can use the cached been modified, and the client can use the cached version.version.
Otherwise it returns Otherwise it returns 200200 and the page. and the page.
continued
240-527 JTA. http/7 70
There is a There is a If-Unmodified-SinceIf-Unmodified-Since header. header.
The server can return an The server can return an ExpiresExpires header header which states when the document which states when the document maymay change.change.
240-527 JTA. http/7 71
Caching using EtagsCaching using Etags
If the server is using etags, it will return an If the server is using etags, it will return an ETagETag header with the document. header with the document.
The client can check documents in its cache The client can check documents in its cache by using the by using the If-MatchIf-Match or or If-None-MatchIf-None-Match headers with etags.headers with etags.
240-527 JTA. http/7 72
6.3. Retrieving Parts of a Doc.6.3. Retrieving Parts of a Doc.
In HTTP 1.1, a client does not need to get all In HTTP 1.1, a client does not need to get all of a document at onceof a document at once– it can retrieve it in pieces, specified using byte it can retrieve it in pieces, specified using byte
rangesranges
For this to be possible, the server must send a For this to be possible, the server must send a response containing the response containing the Accept-RangesAccept-Ranges header: header:
Accept-Ranges: bytesAccept-Ranges: bytes
continued
240-527 JTA. http/7 73
Then the client can request the data in pieces:Then the client can request the data in pieces:GET /largefile.html HTTP/1.1GET /largefile.html HTTP/1.1// other headers// other headersRange: 0-65535Range: 0-65535
Response includes a Response includes a Content-rangeContent-range header: header:HTTP/1.1 200 OKHTTP/1.1 200 OK// other headers// other headersContent-range: 0-65535/83028576Content-range: 0-65535/83028576// data// data
continued
240-527 JTA. http/7 74
The client can include an The client can include an If-RangeIf-Range header header to use a cached part unless it has been to use a cached part unless it has been updated:updated:
GET /largefile.html HTTP/1.1GET /largefile.html HTTP/1.1// other headers// other headersIf-Range: Fri, 15-Jun-01 01:00:00 GMTIf-Range: Fri, 15-Jun-01 01:00:00 GMTRange: 0-65535Range: 0-65535
240-527 JTA. http/7 75
6.4. Authorization6.4. Authorization
1) Ordinary request
2) Denies accessand sends WWW-Authenticateheader3. Username and
password obtained4) Send request again
but with Authorization header
5) Responsecontinued
240-527 JTA. http/7 76
The The WWW-AuthenticateWWW-Authenticate header specifies the header specifies the authorization method required by the server:authorization method required by the server:– usually usually BASICBASIC which requires a which requires a "username:password""username:password" string encode in base64 string encode in base64
– BASICBASIC also includes a also includes a realmrealm, which is a class of , which is a class of usersusers
240-527 JTA. http/7 77
1) Initial Request1) Initial Request
GET /sample.htmlGET /sample.html HTTP/1.1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Win98; User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; m18) Gecko/20010131 Netscape6/6.01 en-US; m18) Gecko/20010131 Netscape6/6.01Accept: */*Accept: */*Accept-Language: enAccept-Language: enAccept-Encoding: gzip,deflate,compress,identityAccept-Encoding: gzip,deflate,compress,identityKeep-Alive: 300Keep-Alive: 300Connection: keep-aliveConnection: keep-alive
240-527 JTA. http/7 78
2) Access Denied2) Access Denied HTTP/1.0 HTTP/1.0 401 Unauthorized401 Unauthorized
Server: Squid/2.2.STABLE5Server: Squid/2.2.STABLE5Mime-Version: 1.0Mime-Version: 1.0Date: Sun, 12 Oct 2003 08:59:09 GMTDate: Sun, 12 Oct 2003 08:59:09 GMTContent-Type: text/htmlContent-Type: text/htmlWWW-Authenticate: Basic realm=WWW-Authenticate: Basic realm= "Systems Administrator""Systems Administrator"
240-527 JTA. http/7 79
3) The Browser Dialog3) The Browser Dialog
240-527 JTA. http/7 80
4) Send Request Again 4) Send Request Again
GET /sample.htmlGET /sample.html HTTP/1.1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Win98; User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; m18) Gecko/20010131 Netscape6/6.01 en-US; m18) Gecko/20010131 Netscape6/6.01Accept: */*Accept: */*Accept-Language: enAccept-Language: enAccept-Encoding: gzip,deflate,compress,identityAccept-Encoding: gzip,deflate,compress,identityAuthorization: BASIC jhg235gjmg5jkjkgj24g42gAuthorization: BASIC jhg235gjmg5jkjkgj24g42g
240-527 JTA. http/7 81
5) Response5) Response
HTTP/1.0 HTTP/1.0 200 OK200 OKServer: Squid/2.2.STABLE5Server: Squid/2.2.STABLE5Mime-Version: 1.0Mime-Version: 1.0Date: Sun, 12 Oct 2003 09:01:13 GMTDate: Sun, 12 Oct 2003 09:01:13 GMTContent-Type: text/htmlContent-Type: text/htmlConetnt-length 1029Conetnt-length 1029
// HTML of sample.html page// HTML of sample.html page
240-527 JTA. http/7 82
6.5 Cookies6.5 Cookies
Client-side cookiesClient-side cookies are used to store client- are used to store client-specific information on the client's machinespecific information on the client's machine– used by the browser when it accesses the same used by the browser when it accesses the same
page againpage again
Not part of the HTTP specification, but Not part of the HTTP specification, but used in every browser.used in every browser.
240-527 JTA. http/7 83
Cookie UsageCookie Usage1) Ordinary request
2) Responseand a Set-Cookie header
3) The browserstores the cookie 4) Later send another request
with Cookie header included
6) Customised response
5) The serveruses the cookieinformation.
and an updated Set-Cookie header
240-527 JTA. http/7 84
1) & 2) Request and Response1) & 2) Request and Response
POST /www.whosis.com/order.pl HTTP/1.0POST /www.whosis.com/order.pl HTTP/1.0// client headers// client headers
type=newCust&firstname=Andrewtype=newCust&firstname=Andrew
HTTP/1.0 200 OKHTTP/1.0 200 OK// server headers// server headersSet-Cookie: acct=02746284Set-Cookie: acct=02746284
240-527 JTA. http/7 85
3) & 4) Storage and Later Use3) & 4) Storage and Later Use
The browser stores the cookie information:The browser stores the cookie information:www.whosis.com/order.pl acct=02746284www.whosis.com/order.pl acct=02746284
Days/months later, another request:Days/months later, another request:POST /www.whosis.com/order.pl HTTP/1.0POST /www.whosis.com/order.pl HTTP/1.0// client headers here// client headers hereCookie: acct=02746284Cookie: acct=02746284
type=oldCusttype=oldCust
240-527 JTA. http/7 86
7. More Information7. More Information
The World Wide Web Consortium:The World Wide Web Consortium:– http://www.w3.orghttp://www.w3.org
HTTP/1.1 Specification:HTTP/1.1 Specification:– http://www.w3.org/Protocols/HTTP/http://www.w3.org/Protocols/HTTP/
rfc2616/rfc2616.htmlrfc2616/rfc2616.html