Slide 1

Slide 1 text

What the Heck Is HTTP? Scott McAllister Principal Developer Advocate Nebraska.Code() 2023

Slide 2

Slide 2 text

Protocols @stmcallister

Slide 3

Slide 3 text

Protocols @stmcallister A set of rules or standards to communicate effectively

Slide 4

Slide 4 text

HyperText Transfer Protocol @stmcallister

Slide 5

Slide 5 text

HTTP @stmcallister A set of rules or standards for clients and web servers to communicate effectively

Slide 6

Slide 6 text

HTTP @stmcallister Image source: https://developer.mozilla.org/en-US/docs/Web/HTTP/Overview

Slide 7

Slide 7 text

HTTP @stmcallister Client Server Request

Slide 8

Slide 8 text

HTTP @stmcallister Response Client Server Request

Slide 9

Slide 9 text

HTTP @stmcallister Response Client Server Request

Slide 10

Slide 10 text

© ngrok. All rights reserved. Confidential Information of ngrok Header Body HTTP Message Information about the message Data being sent Method The action being taken. POST, GET, PUT, DELETE @stmcallister HTTP Message

Slide 11

Slide 11 text

HTTP Request @stmcallister GET / HTTP/1.1 Host: demo.ngrokpaperscissors.com User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml

Slide 12

Slide 12 text

Slide 13

Slide 13 text

Slide 14

Slide 14 text

HTTP Response @stmcallister HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Content-Length: 32

App Running on Server 1

Headers

Slide 15

Slide 15 text

HTTP Response @stmcallister HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Content-Length: 32

App Running on Server 1

Body (or payload)

Slide 16

Slide 16 text

Evolution of HTTP @stmcallister

Slide 17

Slide 17 text

HTTP/0.9 @stmcallister Only GET Requests Response only returned HTML file No Headers No Status Codes

Slide 18

Slide 18 text

HTTP/1 @stmcallister Versioning Headers! Status Codes Content-Type SSL

Slide 19

Slide 19 text

HTTP/1.1 @stmcallister First Standardized Version Reusable Connections Standard REST Relies On Extensions (WebSockets, etc)

Slide 20

Slide 20 text

HTTP/2 @stmcallister Binary rather than Text Multiplexing Messages (Parallel Requests) Encapsulates Messages into Frames

Slide 21

Slide 21 text

HTTP/3 @stmcallister Uses QUIC instead of TCP Lower Latency Packet Loss Detection

Slide 22

Slide 22 text

HTTP Version Adoption @stmcallister Image source: https://radar.cloudflare.com/adoption-and-usage?range=28d

Slide 23

Slide 23 text

Common Headers @stmcallister Content-Type Accept Authorization User-Agent

Slide 24

Slide 24 text

HTTP Messages @stmcallister A lot like Washington, D.C.

Slide 25

Slide 25 text

HTTP Messages @stmcallister Stateless

Slide 26

Slide 26 text

Cookies @stmcallister

Slide 27

Slide 27 text

HTTP Response Codes @stmcallister

Slide 28

Slide 28 text

Slide 29

Slide 29 text

Slide 30

Slide 30 text

Slide 31

Slide 31 text

Slide 32

Slide 32 text

Slide 33

Slide 33 text

Slide 34

Slide 34 text

Slide 35

Slide 35 text

Slide 36

Slide 36 text

Slide 37

Slide 37 text

HTTP @stmcallister Response Client Server Request

Slide 38

Slide 38 text

HTTP @stmcallister Response Client Server Request PLAIN TEXT

Slide 39

Slide 39 text

HTTPS TLS @stmcallister Response Client Server Request Encrypted

Slide 40

Slide 40 text

HTTPS @stmcallister Image source: https://developer.mozilla.org/en-US/docs/Web/HTTP/Overview

Slide 41

Slide 41 text

TLS @stmcallister Requires Digital Certificate from Server Generated from Trusted Certificate Authority Public/Private Keys

Slide 42

Slide 42 text

HTTPS TLS Handshake @stmcallister Presents certificate & public key Client Server

Slide 43

Slide 43 text

HTTPS TLS Handshake @stmcallister Presents certificate & public key Client Server Verifies cert. Generates random string. Encrypts with public key.

Slide 44

Slide 44 text

HTTPS TLS Handshake @stmcallister Presents certificate & public key Client Server Verifies cert. Generates random string. Encrypts with public key. Decrypts message with private key. Client and server now have same secret string. Secret string used to generate Session Key

Slide 45

Slide 45 text

Authentication @stmcallister

Slide 46

Slide 46 text

Basic Authentication @stmcallister Client Server GET / HTTP/1.1

Slide 47

Slide 47 text

Basic Authentication @stmcallister Client Server Responds with 401 (Unauthorized) status. WWW-Authenticate header w/ challenge GET / HTTP/1.1

Slide 48

Slide 48 text

Basic Authentication @stmcallister Client Server Responds with 401 (Unauthorized) status. WWW-Authenticate header w/ challenge GET / HTTP/1.1 GET / HTTP/1.1 Authorization: Basic bAs364enc0d3Cr3ds

Slide 49

Slide 49 text

Basic Authentication @stmcallister Client Server Responds with 401 (Unauthorized) status. WWW-Authenticate header w/ challenge GET / HTTP/1.1 GET / HTTP/1.1 Authorization: Basic bAs364enc0d3Cr3ds HTTP/1.1 200 OK

Slide 50

Slide 50 text

OAuth @stmcallister

Slide 51

Slide 51 text

OAuth ❏ Open standard for authorizing secure access on HTTP service ❏ Uses tokens rather than password data to prove identity ❏ Provides “secure delegated access” to client applications ❏ Limits user’s scope of access @stmcallister

Slide 52

Slide 52 text

Resources @stmcallister HTTP Docs on MDN https://developer.mozilla.org/en-US/docs/Web/HTTP What is HTTP and How Does It Work? https://youtu.be/2yfDgnm6eAs Learning ngrok: Inspect and Replay https://dev.to/stmcallister/learning-ngrok-inspect-and-replay-14ge HTTP Status Dogs https://httpstatusdogs.com/ HTTP Status Cats https://httpcats.com/ SSL, TLS, HTTPS Explained https://youtu.be/j9QmMEWmcfo

Slide 53

Slide 53 text

Slide 54

Slide 54 text

Scott McAllister Speaker, Writer, Coder @stmcallister stmcallister.github.io @stmcallister.bsky.social techhub.social/@stmcallister