HTTP://
by Dzmitry Herasimau
What HTTP is?
- Hypertext Transfer Protocol
- Application layer protocol
- Request–response
- Client-server
- Stateless
Hypertext Transfer Protocol
Application layer protocol
Application
Presentation
Session
Transport
Network
Data link
Physical
The Open Systems Interconnection model
←bits to signals
←IEEE 802, PPP etc.
←packets transfer
←TCP, UDP
←local to remote
←formats data
←HTTP is here
A tiny bit of history
- Proposed in 1989 by Tim Berners-Lee
- First version HTTP V0.9 in 1991
- Extended HTTP V1.0 in 1996
- Improved HTTP V1.1 in 1997 - 2014
- HTTP/2 as RFC 7540 in May 2015
HTTP request
GET /nl.html HTTP/1.1
Host: deadpool.epam.com
Connection: keep-alive
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebK...
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/w...
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,ru;q=0.8,nl;q=0.7,pl;q=0.6
Cookie: <...>; language=nl_nl; NL|nld|cookiePolicyBannerAccepted=true;
HTTP response
HTTP/1.1 200 OK
Date: Mon, 03 Dec 2018 12:13:58 GMT
Server: Apache
Strict-Transport-Security: max-age=0;includeSubDomains
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Cache-Control: max-age=1800
Expires: Mon, 03 Dec 2018 12:43:58 GMT
X-UA-Compatible: IE=edge
Access-Control-Allow-Origin: *
Content-Length: 20718
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Methods
- GET
- POST
- HEAD
- PUT
- DELETE
- TRACE
- PATCH
- CONNECT
GET
Request has body
Successful response has body
Safe
Idempotent
Cacheble
Allowed in HTML forms
NO
YES
YES
YES
YES
YES
POST
Request has body
Successful response has body
Safe
Idempotent
Cacheble
Allowed in HTML forms
YES
YES
NO
NO
+/-
YES
HEAD
Request has body
Successful response has body
Safe
Idempotent
Cacheble
Allowed in HTML forms
NO
NO
YES
YES
YES
NO
DELETE
Request has body
Successful response has body
Safe
Idempotent
Cacheble
Allowed in HTML forms
MAY
MAY
NO
YES
NO
NO
TRACE
Request has body
Successful response has body
Safe
Idempotent
Cacheble
Allowed in HTML forms
NO
NO
NO
YES
NO
NO
PUT
Request has body
Successful response has body
Safe
Idempotent
Cacheble
Allowed in HTML forms
YES
NO
NO
YES
NO
NO
PATCH
Request has body
Successful response has body
Safe
Idempotent
Cacheble
Allowed in HTML forms
YES
YES
NO
NO
NO
NO
CONNECT
Request has body
Successful response has body
Safe
Idempotent
Cacheble
Allowed in HTML forms
NO
YES
NO
NO
NO
NO
Status codes
- 1xx Informational response
- 2xx Success
- 3xx Redirection
- 4xx Client errors
- 5xx Server errors
4xx/5xx Practice
BAD
GOOD
Server?!
Domain Name System
https://school.rollingscopes.com/
Address: 52.209.63.28
Cookies
Cookies
- Session cookie
- Persistent cookie
- Secure cookie
- Http-only cookie
- Supercookie
- Zombie-cookie
Set cookie
1. Javascript
2. Response
3. HTML
4. Manually
document.cookieHTTP/1.1 200 OK
Content-type: text/html
Set-Cookie: name=value<head>
<meta http-equiv="set-cookie" content="name=;expires=; domain=;path=;secure">
</head>HTTPS
HTTP
HTTPS
- Secured HTTP with TSL/SSL
- Prevents Man-in-the-middel attack
- https:// prefix and :443 default port
- Uses handshake to establish connection
HTTPS Handshake
HTTP/2.0
THE END