Computer Science and Engineering The Ohio State University
Before the Internet http://xkcd.com/1348/
Hypertext Protocol
Copyright By PowCoder代写 加微信 powcoder
Computer Science and Engineering College of Engineering The Ohio State University
Hypertext Transfer Protocol
Early 90’s: developed at CERN, -Lee
https://w3techs.com/technologies/details/ce-http2/all/all
1996: version 1.0
1999: version 1.1 (ubiquitous today!)
May 2015: version 2
Performance improvements: binary, server push…
Backwards compatible
Computer Science and Engineering The Ohio State University
Simple request/response (client/server) Client sends request to (web) server
(Web) server responds “stateless” protocol
Request/Response Anatomy
Computer Science and Engineering The Ohio State University
An HTTP request/response consists of 1. Header: meta information
2. Body (sometimes): payload
The header consists of
1. Method/Status (for request/response) 2. Header fields, separated by newlines 3. Blank line
Protocol: Request, Response
Computer Science and Engineering The Ohio State University
Method Header field 1 Header field 2
Status Header field 1 Header field 2 Header field 3
Request Header: First Line
Computer Science and Engineering The Ohio State University
Syntax of first line:
verb path version
Verb: GET, HEAD, POST, PUT, DELETE,… Path: part of URL (path and query)
scheme://FQDN:port/path?query#fragment Version: HTTP/1.1, HTTP/2
Example: For URL
http://news.osu.edu/news/ First line of request is
GET /news/ HTTP/1.1
Request Header: Header Fields
Computer Science and Engineering The Ohio State University
Each field on its own line, syntax:
name: value
Examples (only “Host” is required)
Host: cse.ohio-state.edu
Accept: text/*
Accept: image/gif
If-Modified-Since: Sat, 12 May 2016 19:43:31
Content-Length: 349
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux
x86_64; rv:51.0) Gecko/20100101 Firefox/51.0
Blank line indicates end of headers
Header Fields cont’d
Only required field
Computer Science and Engineering The Ohio State University
Q: Why is host field even needed? Accept
Browser preference for MIME type(s) to receive
If-Modified-Since
Send payload only if changed since date
Date must be GMT
Content-Length
Required if request has a body
Number of bytes in body
User-Agent
Identifies application making request
Steiner, The New Yorker (1993)
Computer Science and Engineering The Ohio State University
“Nobody knows you’re a dog”
Computer Science and Engineering The Ohio State University
GET / HTTP/1.1
Host: news.osu.edu
User-Agent: Mozilla/5.0 (X11; Ubuntu;…etc
“Nobody knows you’re a dog”
Computer Science and Engineering The Ohio State University
GET / HTTP/1.1
Host: news.osu.edu
User-Agent: Mozilla/5.0 (X11; Ubuntu;…etc
$ curl -A “Mozilla/5.0” news.osu.edu
HTTP Traffic Transparency
Computer Science and Engineering The Ohio State University
Everything is visible to an eavesdropper
To protect communication, use encryption
HTTP over secure channel = HTTPS
HTTP headers are plain text HTTP payload may be binary
SSL, TLS: protocols to create secure channel Initial handshake between client and server Subsequent communication is encrypted
Default port: 443
MFKM5DO388HSshF1GfEr
x5PXsJk0hGVtiK8xoNf4
HTTPS with openssl
Use openssl instead of telnet
Example URL
Computer Science and Engineering The Ohio State University
Negotiates initial handshake with server Handles encryption/decryption of traffic
At console
https://www.osu.edu/
$ openssl s_client -connect www.osu.edu:443
Syntax of subsequent request is the same
Send the following HTTP request:
GET / HTTP/1.1 Host: www.osu.edu
Note connection to port 443 (ie https)
HTTP Response Anatomy
Computer Science and Engineering The Ohio State University
Recall, four parts
1. Status (one line)
2. Header fields (separated by newlines) 3. Blank line
4. Body (ie payload)
Parts 1-3 collectively called “the
Part 1 (status line) syntax:
http-version status-code text
HTTP/1.1 200 OK
HTTP/1.1 301 Moved Permanently
HTTP/1.1 404 Not Found
Taxonomy of Status Codes
Computer Science and Engineering The Ohio State University
Informational
Redirection
Client Error
Server Error
Some Common Status Codes
Computer Science and Engineering The Ohio State University
All is good!
Response body is the requested document
301 Moved Permanently
Requested resource is found somewhere else (please go there in
the future)
304 Not Modified
Document hasn’t field of request
No response body
404 Not Found
Server could not
It is the client’s fault (design-by-contract?)
500 Internal Server Error
Server could not satisfy the request
It is the server’s fault (design-by-contract?)
changed since date/time in If-Modified-Since
satisfy the request
Response Header: Header Fields
Computer Science and Engineering The Ohio State University
Each field on its own line, syntax:
name: value
Date: Mon, 22 Sep 2014 14:51:38 GMT
Server: Apache/2.2.3 (Red Hat)
Content-Type: text/html; charset=iso-8
Content-Length: 333
Blank line indicates end of headers
Using Ruby
Mechanize: A Ruby gem for HTTP
require ‘mechanize’
Create an agent to send requests
agent = Mechanize.new do |a| a.user_agent_alias = “Mac Safari”
Use agent to issue a request
page = agent.get “http://www.osu.edu”
Follow links, submit forms, etc
page.link_with(text: “Carmen”).click s = page.form_with action: /search/
Computer Science and Engineering The Ohio State University
Request Methods
Request: should be safe (no side effects)
Update (or create): should be idempotent
Delete: should be idempotent
HTTP does not enforce these semantics
Create (or update): changes server state Beware re-sending!
Computer Science and Engineering The Ohio State University
HTTP is Stateless
Every request looks the same
But maintaining state between requests is
really useful:
One solution: Keep a shared secret Server’s response contains a unique session identifier (a long random value)
Subsequent requests from this client include this secret value
Server recognizes the secret value, request must have come from original client
User logs in, then can GET account info Shopping cart “remembers” contents
Computer Science and Engineering The Ohio State University
HTTP Session
Computer Science and Engineering The Ohio State University
HTTP Session
Computer Science and Engineering The Ohio State University
Store secret
HTTP Session
Secret: 38afes7a8
Computer Science and Engineering The Ohio State University
Store secret
HTTP Session
Request Response
Secret: 38afes7a8 Request
id: 38afes7a8 Response
id: 38afes7a8
Computer Science and Engineering The Ohio State University
Store secret
HTTP Cookies
Popular mechanism for session mgmt
Set in response header field
Set-Cookie: session=38afes7a8
Client includes cookie(s) in subsequent
requests to that domain
Sent in request header field:
Cookie: session=38afes7a8
Any name/value is ok
Options: expiry, require https
Cookies also used for
Tracking/analytics: What path did they take?
Personalization
Computer Science and Engineering The Ohio State University
Passing arguments: GET
Computer Science and Engineering The Ohio State University
Arguments are key-value pairs
Mascot: Dept: CS&E
Can be encoded as part of URL
scheme://FQDN:port/path?query#fragment
application/x-www-form-urlencoded
Each key-value pair separated by & (or 😉 Each key separated from value by = Replace spaces with + (arcane!)
Then normal URL encoding
Mascot=Brutus+Buckeye&Dept=CS%26E
Wikipedia search http://en.wikipedia.org/ w/index.php? search=ada+lovelace
Computer Science and Engineering The Ohio State University
OSU news articles https://news.osu.edu/ search.html? search=Rhodes+Scholarship&id=27
Random numbers (link) https://random.org/ passwords/? num=5&len=8&format=plain
Demo: use FF Dev to edit/resubmit request See guidelines and API for http clients
Passing Arguments: POST
Encoded as part of the body
Advantages:
Content-Type indicates encoding used
Arbitrary length (URLs are limited) Arguments not saved in browser history Result not cached by browser
Slightly more secure (not really)
Args not in location bar, so less likely to be accidentally
Parameters are encoded: same encoding as used in GET
application/x-www-form-urlencoded multipart/form-data
Better for binary data (else 1 byte -> 3 bytes)
application/xml, application/json, …
More options too for other data types:
Computer Science and Engineering The Ohio State University
Passing Args: GET vs POST
Computer Science and Engineering The Ohio State University
GET /passwords/?num=5&len=8&format=plain HTTP/1.1
Host: www.random.org
POST /passwords/ HTTP/1.1
Host: www.random.org
Content-Type: application/x-www-form-url encoded
Content-Length: 24 num=5&len=8&format=plain
HTTP: request/response
Anatomy of request
Anatomy of response
Computer Science and Engineering The Ohio State University
Methods: GET, PUT, DELETE, POST
Body: arguments of POST
Status Codes: 200, 301, 404, etc
Body: payload
Curl, FF Developer, Mechanize
程序代写 CS代考 加微信: powcoder QQ: 1823890830 Email: powcoder@163.com