HTTP for Web Developers

Transcript

1. None

2. HTTP for Web Developers Lorna Mitchell, IBM Cloud Data Services

3. Why Does HTTP Matter? @lornajane

4. HTTP is an Envelope Format An envelope has delivery information

   on the outside, content on the inside. HTTP has metadata on the outside, content on the inside. @lornajane

5. HTTP Request > GET / HTTP/1.1 > Host: lornajane.net >

   User-Agent: curl/7.43.0 > Accept: */* @lornajane

6. HTTP Response < HTTP/1.1 200 OK < Date: Thu, 04

   Aug 2016 13:21:01 GMT < Content-Type: text/html; charset=UTF-8 < Set-Cookie: __cfduid=d53f8c9b92c45bd1f06485e016008185c1470316861; expir < Cache-Control: public, max-age=14400 < Link: <http://lornajane.net/wp-json/>; rel="https://api.w.org/" < Link: <http://lornajane.net/>; rel=shortlink < Vary: Accept-Encoding < Expires: Thu, 04 Aug 2016 17:21:01 GMT @lornajane

7. HTTP Verbs A verb is a "doing word" ... in

   HTTP as well as in English. • GET • POST • DELETE • PUT • PATCH @lornajane

8. HTTP Headers Request headers: • Host, Accept Response headers: •

   ETag, Location Entity headers: • Content-Type @lornajane

9. HTTP Status Codes Code Meaning 200 OK 201 Created 204

   No Content 302 Found 307 Moved Temporarily @lornajane

10. HTTP Status Codes Code Meaning 400 Bad Request 401 Unauthorized

    403 Forbidden 404 Not Found 500 Server Error @lornajane

11. Content Negotiation Common use of headers, and a great example!

    Example Accept header: Accept: text/html,application/xhtml+xml, / application/xml;q=0.9,image/webp,*/*;q=0.8 Server will endeavour to return one of these content types • The "q" value is preference (default is 1) @lornajane

12. Chrome Tools and Extensions A tool for changing headers •

    ModHeader A tool for editing/deleting cookies • Edit This Cookie (the open source project example is http://joind.in) @lornajane

13. Other Tools These are my favourites • curl https://curl.haxx.se/ •

    http-console https://github.com/cloudhead/http-console • jq https://stedolan.github.io/jq/ • postman https://www.getpostman.com/ @lornajane

14. HTTP Authorization @lornajane

15. HTTP Authorization • Ideal to keep this information in the

    header • Tokens are ace! • Basic/Digest auth is Authorization: [Type] then • base64_encode($username . ":" . $password) • OAuth is also a common standard @lornajane

16. OAuth Overview There are three players: • the user (an

    actual person) • the provider (user already has an account) • the consumer (wants to access user's account with provider) OAuth allows us to differentiate between a user and something operating on their behalf @lornajane

17. OAuth Example: Log in with Twitter 1. Consumer sends user

    to provider website 2. User logs in, grants access 3. Provider sends user back to Consumer with token 4. Client exchanges token for access token 5. Access token sent in header of all subsequent requests @lornajane

18. Thanks! Slides: http://lornajane.net/resources Contact: • [email protected] • @lornajane @lornajane

19. And One More Thing... @lornajane

20. Ngrok: Secure Tunnel to Localhost This is the dev platform

    tool I can't live without • Opens a tunnel to your local machine on a port you specify, gives you a URL • Also offers an excellent dashboard allowing inspect and replay of requests @lornajane

21. JOIN US FOR CONTRIBUTION SPRINTS First Time Sprinter Workshop -

    9:00-12:00 - Room Wicklow2A Mentored Core Sprint - 9:00-18:00 - Wicklow Hall 2B General Sprints - 9:00 - 18:00 - Wicklow Hall 2A

22. Evaluate This Session THANK YOU! events.drupal.org/dublin2016/schedule WHAT DID YOU THINK?