Upgrade to Pro — share decks privately, control downloads, hide ads and more …

HTTP for Web Developers

Lorna Mitchell
September 27, 2016

HTTP for Web Developers

Tips and tricks for working with HTTP

Lorna Mitchell

September 27, 2016
Tweet

More Decks by Lorna Mitchell

Other Decks in Technology

Transcript

  1. HTTP is an Envelope Format An envelope has delivery information

    on the outside, content on the inside. HTTP has metadata on the outside, content on the inside. @lornajane
  2. HTTP Request > GET / HTTP/1.1 > Host: lornajane.net >

    User-Agent: curl/7.43.0 > Accept: */* @lornajane
  3. HTTP Response < HTTP/1.1 200 OK < Date: Thu, 04

    Aug 2016 13:21:01 GMT < Content-Type: text/html; charset=UTF-8 < Set-Cookie: __cfduid=d53f8c9b92c45bd1f06485e016008185c1470316861; expir < Cache-Control: public, max-age=14400 < Link: <http://lornajane.net/wp-json/>; rel="https://api.w.org/" < Link: <http://lornajane.net/>; rel=shortlink < Vary: Accept-Encoding < Expires: Thu, 04 Aug 2016 17:21:01 GMT @lornajane
  4. HTTP Verbs A verb is a "doing word" ... in

    HTTP as well as in English. • GET • POST • DELETE • PUT • PATCH @lornajane
  5. HTTP Headers Request headers: • Host, Accept Response headers: •

    ETag, Location Entity headers: • Content-Type @lornajane
  6. HTTP Status Codes Code Meaning 200 OK 201 Created 204

    No Content 302 Found 307 Moved Temporarily @lornajane
  7. HTTP Status Codes Code Meaning 400 Bad Request 401 Unauthorized

    403 Forbidden 404 Not Found 500 Server Error @lornajane
  8. Content Negotiation Common use of headers, and a great example!

    Example Accept header: Accept: text/html,application/xhtml+xml, / application/xml;q=0.9,image/webp,*/*;q=0.8 Server will endeavour to return one of these content types • The "q" value is preference (default is 1) @lornajane
  9. Chrome Tools and Extensions A tool for changing headers •

    ModHeader A tool for editing/deleting cookies • Edit This Cookie (the open source project example is http://joind.in) @lornajane
  10. Other Tools These are my favourites • curl https://curl.haxx.se/ •

    http-console https://github.com/cloudhead/http-console • jq https://stedolan.github.io/jq/ • postman https://www.getpostman.com/ @lornajane
  11. HTTP Authorization • Ideal to keep this information in the

    header • Tokens are ace! • Basic/Digest auth is Authorization: [Type] then • base64_encode($username . ":" . $password) • OAuth is also a common standard @lornajane
  12. OAuth Overview There are three players: • the user (an

    actual person) • the provider (user already has an account) • the consumer (wants to access user's account with provider) OAuth allows us to differentiate between a user and something operating on their behalf @lornajane
  13. OAuth Example: Log in with Twitter 1. Consumer sends user

    to provider website 2. User logs in, grants access 3. Provider sends user back to Consumer with token 4. Client exchanges token for access token 5. Access token sent in header of all subsequent requests @lornajane
  14. Ngrok: Secure Tunnel to Localhost This is the dev platform

    tool I can't live without • Opens a tunnel to your local machine on a port you specify, gives you a URL • Also offers an excellent dashboard allowing inspect and replay of requests @lornajane
  15. JOIN US FOR CONTRIBUTION SPRINTS First Time Sprinter Workshop -

    9:00-12:00 - Room Wicklow2A Mentored Core Sprint - 9:00-18:00 - Wicklow Hall 2B General Sprints - 9:00 - 18:00 - Wicklow Hall 2A