HTTP (HyperText Transfer Protocol, 超文本傳輸協定: wiki)

1. HTTP是一個用戶端終端（用戶）和伺服器端（網站）請求和應答的標準（TCP）
2. 通過使用網頁瀏覽器，用戶端發起一個HTTP請求到伺服器上指定埠（預設埠為80）。我們稱這個用戶端為用戶代理程式（user agent）

學習資源

• MDN - HTTP
• KhanAcademy - Internet 101
• 初學者都該了解的 HTTP 通訊協定基礎

• Tutorials
  • Overview of HTTP
  • HTTP Cache
  • HTTP Cookies
  • HTTP Access Control (CORS)
  • HTTP Messages
• Reference
  • HTTP Headers
    • Caching
      • Cache-Control
      • Expires
      • Pragma
    • Strict-Transport-Security
  • HTTP Request Methods
  • HTTP Status Response Codes

Overview of HTTP

Components of HTTP-based systems

HTTP is a client-server protocol: requests are sent by one entity, the user-agent

• Client: the user-agent
  1. is any tool that acts on the behalf of the user
  2. performed by the Web browser
• The Web server
  1. A server is not necessarily a single machine, but several servers can be hosted on the same machine
  2. With HTTP/1.1 and the Host header, they may even share the same IP address
• Proxies

1. caching
   • like the browser cache
2. filtering
   • like an antivirus scan, parental controls, …
3. load balancing
   • to allow multiple servers to serve the different requests
4. authentication
   • to control access to different resources
5. logging
   • allowing the storage of historical information

Basic aspects of HTTP

1. is simple
   • HTTP messages can be read and understood by humans
2. is extensible
   • HTTP headers made this protocol easy to extend and experiment with
3. is stateless, but not sessionless
   • there is no link between two requests being successively carried out on the same connection
   • Using header extensibility, HTTP Cookies are added to the workflow, allowing session creation on each HTTP request to share the same context
4. HTTP and connections
   • connection is controlled at the transport layer, out of scope for HTTP
   • two most common transport protocols
     1. TCP is reliable
     2. UDP isn't reliable
5. opened a TCP connection introducing two major flaws: request/response exchange
   • regularly sent: warm connections are more efficient than cold ones
6. Experiments are in progress to design a better transport protocol more suited to HTTP, like Google: QUIC

What can be controlled by HTTP

1. Cache
2. Relaxing the origin constraint
   1. To prevent snooping and other privacy invasions, Web browsers enforce strict separation between Web sites
   2. HTTP headers can relax this strict separation server-side
3. Authentication
   1. Some pages may be protected so only specific users can access it
   2. Basic authentication may be provided by HTTP
4. Proxy and tunneling
   1. Servers and/or clients are often located on intranets and hide their true IP address to others
   2. HTTP requests then go through proxies to cross this network barrier
5. Sessions
   1. Using HTTP cookies allows you to link requests with the state of the server

HTTP flow

1. Open a TCP connection
2. Send an HTTP message
3. Read the response sent by the server
4. Close or reuse the connection for further requests

HTTP Messages

Requests

1. An HTTP method, usually a verb like GET, POST, defines the operationthe client wants to perform
2. The path of the resource to fetch
3. version of the HTTP
4. Optional headers that convey additional information for the servers

• Or a body, for some methods like POST

Responses

1. version of the HTTP
2. A status code
   • indicating if the request has been successful, or not, and why
3. A status message
   • a non-authoritative short description of the status code
4. HTTP headers
   • Optionally, a body containing the fetched resource