Fun with HTTP
Nemo (@captn3m0)
Nemo
GET / Host: api.captnemo.in 200 OK Link: <https://twitter.com/captn3m0>; rel=twitter, <https://about.me/n3m0>; rel=about,<https://razorpay.com>; rel=work, <https://captnemo.in>; rel=website
Teapots?
Hyper Text Transfer Protocol
Stateless?
RFC1945: May 1996
RFC2068: Jan 1997
RFC2109: Feb 1997
Version 0.9beta of Mosaic Netscape, released on October 13, 1994 supported Cookies
Cache in HTTP
Cache Headers
-
Content-Location
-
Content-MD5
-
ETag
-
Last-Modified
-
Cache-Control
-
Expires
Browser As A Caching Proxy?
A transparent proxy MUST NOT modify any of the following fields in a response:
- Expires
but it MAY add any of these fields if not already present.
If an Expires header is added, it MUST be given a field-value identical to that of the Date header in that response.
Cache-Control: max-age=31536000
Cache-Control wins!
If a response includes both an Expires header and a max-age directive, the max-age directive overrides the Expires header, even if the Expires header is more restrictive.
This rule allows an origin server to provide, for a given response, a longer expiration time to an HTTP/1.1 (or later) cache than to an HTTP/1.0 cache. This might be useful if certain HTTP/1.0 caches improperly calculate ages or expiration times, perhaps due to desynchronized clocks.
Its easier!
A non-transparent proxy MAY modify or add these fields to a message that does not include no-transform, but if it does so, it MUST add a Warning 214 (Transformation applied) if one does not already appear in the message
Warning: 214
451: Unavailable for Legal Reasons
451
HTTP/1.1 451 Unavailable For Legal Reasons
Content-Type: text/html
<html>
<head><title>Unavailable For Legal Reasons</title></head>
<body>
<h1>Unavailable For Legal Reasons</h1>
<p>This request may not be serviced in the Roman Province
of Judea due to the Lex Julia Majestatis, which disallows
access to resources hosted on servers deemed to be
operated by the People's Front of Judea.</p>
</body>
</html>
451
https://www.youtube.com/red/
https://www.spotify.com/int/why-not-available/
https://www.netflix.com/in/
Content Negotiation
Content Negotiation
- Accept
- Accept-Language
- Accept-Encoding
Chrome
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Dear Server,
I want the resource in an HTML or XHTML or XML format. If you cannot serve me this way, I'll take in WebP instead. If you can't even give it to me in WebP, well, I'll take anything you've got!
Love,
Chrome
http://www.newmediacampaigns.com/blog/browser-rest-http-accept-headers
Cross Origin Resource Sharing
Preflight Rules
A simple cross-site request is one that:
- Only uses GET, HEAD or POST. If POST is used to send data to the server, the Content-Type of the data sent to the server with the HTTP POST request is one of application/x-www-form-urlencoded, multipart/form-data, or text/plain.
- Does not set custom headers with the HTTP Request (such as X-Modified, etc.)
Non Simple Request = Preflight
POSTing is fun!
Preflight Crashes
Route::any('foo', function()
{
return 'Hello World';
});
This responds to OPTIONS as well
418 I'm a Teapot
Helpful Teapot Photo
418 I'm a Teapot
TEA-capable pots that are not provisioned to brew coffee may return either a status code of 503, indicating temporary unavailability of coffee, or a code of 418 as defined in the base HTCPCP specification to denote a more permanent indication that the pot is a teapot.
501 Not Implemented
The server does not support the functionality required to fulfil the request. This is the appropriate response when the server does not recognise the request method and is not capable of supporting it for any resource.
Host: microwave.me
BREW /peppermint
501 Not Implemented
402
402 Payment Required
402
Reserved for future use. The original intention was that this code might be used as part of some form of digital cash or micropayment scheme, but that has not happened, and this code is not usually used.
Google Developers API uses this status if a particular developer has exceeded the daily limit on requests.
https://github.com/mleonhard/hipp
The Hamming Internet Payment System
Thanks!
Fun with HTTP
By Nemo
