$30 off During Our Annual Pro Sale. View Details »

The Hidden Gems in HTTP (CodeWorks 2009)

Ben Ramsey
PRO
October 05, 2009
Technology
1
550

The Hidden Gems in HTTP (CodeWorks 2009)

200, 404, 302. Is it a lock combination? A phone number? No, they're HTTP status codes! As we develop Web applications, we encounter these status codes and others, and often we make decisions about which ones to return without giving much thought to their meaning or context. It's time to take a deeper look at HTTP. Knowing the methods, headers, and status codes, what they mean, and how to use them can help you develop richer Internet applications. Join Ben Ramsey as he takes you on a journey through RFC 2616 to discover some of the gems of HTTP.

Ben Ramsey
PRO

October 05, 2009
Tweet

More Decks by Ben Ramsey

See All by Ben Ramsey
Internationalization & Localization With PHP (Longhorn PHP 2023)
ramsey
PRO
0
74
Let's Build a Composer Package (Longhorn PHP 2023)
ramsey
PRO
0
85
Put a UUID On It! (php[tek] 2023)
ramsey
PRO
0
110
Cool Tools for PHP Development (php[tek] 2023)
ramsey
PRO
0
140
Cool Tools for PHP Development (Nashville PHP April 2023)
ramsey
PRO
0
11
Cool Tools for PHP Development (MergePHP January 2022)
ramsey
PRO
1
410
Cool Tools for PHP Development (php[MiNDS] August 2021)
ramsey
PRO
0
60
Cool Tools for PHP Development (Essex Web July 2021)
ramsey
PRO
0
36
Cool Tools for PHP Development (PHPUGMRN June 2021)
ramsey
PRO
0
730

Other Decks in Technology

See All in Technology
VS CodeとPostmanを活用した効率的なAPI開発 / Efficient API development using VS Code and Postman
yokawasa
3
240
Java Language Future
chiroito
4
1.2k
LINEでのコミュニケーションにマスコットキーホルダーを使ってみる / LINEを使ったLT大会 #5
you
PRO
0
100
Kotlin製のGraphQLサーバーをNode.jsでモジュラモノリス化している話
hokaccha
1
2.1k
イベント企画設計における「フロントエンド」な考え方とその魅力
kgsi
1
1.9k
Self-RAG: Learning to Retrieve, Generate and Critique through Self-Reflections
peisuke
8
850
Snowflake x Terraformに自動テストを導入した話
kddisnowvillage
0
160
噂の Amazon Bedrock を Java から使ってみる #javado
tacck
1
130
SmartHRのマルチプロダクト戦略実行の苦悩と挑戦
h1kita
3
2.2k
CI/CDプロセスの拡充からはじめる技術的負債の解消/Eliminate technical debt, starting with expanding CI/CD processes
onecareer_tech
0
130
從心開始的純軟之路
line_developers_tw
PRO
0
920
「極意本」サンプルコードをクラウド上で動かそう
upura
0
150

Featured

See All Featured
Fantastic passwords and where to find them - at NoRuKo
philnash
34
2.2k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
15
1.7k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
219
21k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
225
51k
How to train your dragon (web standard)
notwaldorf
71
4.8k
Making the Leap to Tech Lead
cromwellryan
120
8.2k
RailsConf 2023
tenderlove
0
340
Large-scale JavaScript Application Architecture
addyosmani
501
110k
Documentation Writing (for coders)
carmenintech
55
3.4k
JazzCon 2018 Closing Keynote - Leadership for the Reluctant Leader
reverentgeek
177
10k
The MySQL Ecosystem @ GitHub 2015
samlambert
241
11k
How GitHub Uses GitHub to Build GitHub
holman
467
280k

Transcript

  1. Hidden Gems in HTTP
    Ben Ramsey ■ Code Works

    View Slide

  2. Why HTTP?

    View Slide

  3. Because you are a
    Web developer.

    View Slide

  4. HTTP is the Web.

    View Slide

  5. That’s all I have to
    say about that.

    View Slide

  6. Some properties of
    HTTP…

    View Slide

  7. ■ A client-server architecture
    ■ Atomic
    ■ Cacheable
    ■ A uniform interface
    ■ Layered
    ■ Code on demand

    View Slide

  8. Now, what does
    that sound like?

    View Slide

  9. REST!

    View Slide

  10. And, that’s all I have
    to say about that,
    too.

    View Slide

  11. Our focus today…

    View Slide

  12. ■ Methods you’ve never used
    ■ Status codes you didn’t know existed
    ■ Working with HTTP in PHP

    View Slide

  13. Methods you’ve
    never used…

    View Slide

  14. Well, not really
    never.

    View Slide

  15. ■ You know GET
    ■ Retrieval of information
    ■ Transfers a representation of a resource
    from the server to the client
    ■ Safe & idempotent
    GET

    View Slide

  16. GET /user/ramsey HTTP/1.1
    Host: atom.example.org
    HTTP/1.1 200 OK
    Date: Tue, 22 Sep 2009 17:28:14 GMT
    Server: Apache/2.2.11 (Unix) DAV/2 PHP/5.3.0
    X-Powered-By: PHP/5.3.0
    Content-Length: 594
    Content-Type: application/atom+xml;type=entry

    xml:base="http://atom.example.org/">
    ramsey
    ...

    View Slide

  17. He just thinks he’s
    funny.

    View Slide

  18. Stop laughing.
    You’re just
    encouraging him.

    View Slide

  19. POST
    ■ You know POST
    ■ The body content should be accepted as
    a new subordinate of the resource
    ■ Append, annotate, paste after
    ■ Not safe or idempotent

    View Slide

  20. POST /user HTTP/1.1
    Host: atom.example.org
    Content-Type: application/atom+xml;type=entry
    Content-Length: 474

    xml:base="http://atom.example.org/">
    ramsey
    ...

    HTTP/1.1 201 Created
    Date: Tue, 22 Sep 2009 17:39:06 GMT
    Server: Apache/2.2.11 (Unix) DAV/2 PHP/5.3.0
    X-Powered-By: PHP/5.3.0
    Location: http://atom.example.org/user/ramsey
    Content-Length: 133
    Content-Type: text/html; charset=utf-8

    The content was created at the location

    http://atom.example.org/user/ramsey


    View Slide

  21. HEAD
    ■ Identical to GET, except…
    ■ Returns only the headers, not the body
    ■ Useful for getting details about a
    resource representation before retrieving
    the full representation
    ■ Safe & idempotent

    View Slide

  22. HEAD /content/1234.mp4 HTTP/1.1
    Host: atom.example.org
    HTTP/1.1 200 OK
    Date: Tue, 22 Sep 2009 17:28:14 GMT
    Server: Apache/2.2.11 (Unix) DAV/2 PHP/5.3.0
    X-Powered-By: PHP/5.3.0
    Content-Length: 12334753
    Content-Type: application/mp4

    View Slide

  23. PUT
    ■ Opposite of GET
    ■ Storage of information
    ■ Transfers a representation of a resource
    from the client to the server
    ■ Not safe
    ■ Idempotent

    View Slide

  24. PUT /user/ramsey/ HTTP/1.1
    Host: atom.example.org
    Content-Type: application/atom+xml;type=entry
    Content-Length: 594

    xml:base="http://atom.example.org/">
    ramsey
    ...

    HTTP/1.1 200 OK
    Date: Tue, 22 Sep 2009 17:47:27 GMT
    Server: Apache/2.2.11 (Unix) DAV/2 PHP/5.3.0
    X-Powered-By: PHP/5.3.0
    Content-Length: 594
    Content-Type: application/atom+xml;type=entry

    xml:base="http://atom.example.org/">
    ramsey
    ...

    View Slide

  25. DELETE
    ■ Requests that the resource identified be
    removed from public access
    ■ Not safe
    ■ Idempotent

    View Slide

  26. DELETE /content/1234/ HTTP/1.1
    Host: example.org
    HTTP/1.1 204 No Content
    Date: Tue, 22 Sep 2009 18:06:37 GMT
    Server: Apache/2.2.11 (Unix) DAV/2 PHP/5.3.0
    X-Powered-By: PHP/5.3.0
    Content-Length: 0
    Content-Type: text/html; charset=utf-8

    View Slide

  27. What the hell are
    safe & idempotent
    methods?

    View Slide

  28. Safe methods
    ■ GET & HEAD should not take action
    other than retrieval
    ■ These are considered safe
    ■ Allows agents to represent POST, PUT, &
    DELETE in a special way

    View Slide

  29. Idempotence
    ■ Side-effects of N > 0 identical requests is
    the same as for a single request
    ■ GET, HEAD, PUT and DELETE share this
    property
    ■ OPTIONS and TRACE are inherently
    idempotent

    View Slide

  30. Status codes you
    didn’t know existed

    View Slide

  31. ■ Informational (1xx)
    ■ Successful (2xx)
    ■ Redirection (3xx)
    ■ Client error (4xx)
    ■ Server error (5xx)

    View Slide

  32. The look-before-
    you-leap request
    (LBYL)

    View Slide

  33. 1. Client sends a request without a body
    and includes the Expect: 100-continue
    header and all other headers
    2. Server determines whether it will accept
    the request and responds with 100
    Continue (or a 4xx code on error)
    3. Client sends the request again with the
    body and without the Expect header

    View Slide

  34. 1
    POST /content/videos HTTP/1.1
    Host: example.org
    Content-Type: video/mp4
    Content-Length: 115910000
    Authorization: Basic bWFkZTp5b3VfbG9vaw==
    Expect: 100-continue

    View Slide

  35. 2
    HTTP/1.1 413 Request Entity Too Large
    Date: Thu, 21 May 2009 23:05:15 GMT
    Server: Apache/2.2.11 (Unix) DAV/2 PHP/5.3.0
    X-Powered-By: PHP/5.3.0
    Content-Length: 0
    Connection: close
    Content-Type: text/html
    Failure state

    View Slide

  36. 2
    HTTP/1.1 100 Continue
    Date: Thu, 21 May 2009 23:05:15 GMT
    Server: Apache/2.2.11 (Unix) DAV/2 PHP/5.3.0
    X-Powered-By: PHP/5.3.0
    Content-Length: 0
    Content-Type: text/html
    Success state

    View Slide

  37. 3
    POST /content/videos HTTP/1.1
    Host: example.org
    Content-Type: video/mp4
    Content-Length: 115910000
    Authorization: Basic bWFkZTp5b3VfbG9vaw==
    {binary video data}

    View Slide

  38. 4
    HTTP/1.1 201 Created
    Date: Thu, 21 May 2009 23:05:34 GMT
    Server: Apache/2.2.11 (Unix) DAV/2 PHP/5.3.0
    X-Powered-By: PHP/5.3.0
    Content-Length: 119
    Content-Type: text/html
    Location: http://example.org/content/videos/1234
    Video uploaded! Go href="http://example.org/content/videos/
    1234">here to see it.

    View Slide

  39. The created at
    another location
    response

    View Slide

  40. 1
    POST /content/videos HTTP/1.1
    Host: example.org
    Content-Type: video/mp4
    Content-Length: 115910000
    Authorization: Basic bWFkZTp5b3VfbG9vaw==
    {binary video data}

    View Slide

  41. 2
    HTTP/1.x 201 Created
    Date: Thu, 21 May 2009 23:05:34 GMT
    Server: Apache/2.2.11 (Unix) DAV/2 PHP/5.3.0
    X-Powered-By: PHP/5.3.0
    Content-Length: 120
    Content-Type: text/html
    Location: http://example.org/content/videos/1234
    Video uploaded! Go href="http://example.org/content/videos/
    1234">here to see it.

    View Slide

  42. The “it’s not you it’s
    me” response

    View Slide

  43. i.e. I’ve accepted it
    but might have to
    do more processing

    View Slide

  44. 2
    HTTP/1.x 202 Accepted
    Date: Thu, 21 May 2009 23:05:34 GMT
    Server: Apache/2.2.11 (Unix) DAV/2 PHP/5.3.0
    X-Powered-By: PHP/5.3.0
    Content-Length: 137
    Content-Type: text/html
    Location:
    http://example.org/content/videos/1234/status
    Video processing! Check href="http://example.org/content/videos/1234/
    status">here for the status.
    html>

    View Slide

  45. The “I have nothing
    to say to you”
    response…

    View Slide

  46. …but you were still
    successful

    View Slide

  47. 1
    DELETE /content/videos/1234 HTTP/1.1
    Host: example.org
    Authorization: Basic bWFkZTp5b3VfbG9vaw==

    View Slide

  48. 2
    HTTP/1.x 204 No Content
    Date: Thu, 21 May 2009 23:28:34 GMT

    View Slide

  49. The ranged request

    View Slide

  50. ■ Used when requests are made for
    ranges of bytes from a resource
    ■ Determine whether a server supports
    range requests by checking for the
    Accept-Ranges header with HEAD

    View Slide

  51. 1
    HEAD /2390/2253727548_a413c88ab3_s.jpg
    HTTP/1.1
    Host: farm3.static.flickr.com

    View Slide

  52. 2
    HTTP/1.0 200 OK
    Date: Mon, 05 May 2008 00:33:14 GMT
    Server: Apache/2.0.52 (Red Hat)
    Accept-Ranges: bytes
    Content-Length: 3980
    Content-Type: image/jpeg

    View Slide

  53. 3
    GET /2390/2253727548_a413c88ab3_s.jpg HTTP/1.1
    Host: farm3.static.flickr.com
    Range: bytes=0-999

    View Slide

  54. 4
    HTTP/1.0 206 Partial Content
    Date: Mon, 05 May 2008 00:36:57 GMT
    Server: Apache/2.0.52 (Red Hat)
    Accept-Ranges: bytes
    Content-Length: 1000
    Content-Range: bytes 0-999/3980
    Content-Type: image/jpeg
    {binary data}

    View Slide

  55. The GET me from
    another location
    response

    View Slide

  56. ■ 303 See Other
    ■ The response to your request can be
    found at another URL identified by the
    Location header
    ■ The client should make a GET request
    on that URL
    ■ The Location is not a substitute for this
    URL

    View Slide

  57. 1
    POST /contact HTTP/1.1
    Host: example.org
    Content-Type: application/x-www-form-urlencoded
    Content-Length: 1234
    {url-encoded form values from a contact form}

    View Slide

  58. 2
    HTTP/1.1 303 See Other
    Date: Tue, 22 Sep 2009 23:41:33 GMT
    Server: Apache/2.2.11 (Unix) DAV/2 PHP/5.3.0
    X-Powered-By: PHP/5.3.0
    Location: http://example.org/thankyou
    Content-Length: 0

    View Slide

  59. The find me
    temporarily at this
    place response

    View Slide

  60. ■ 307 Temporary Redirect
    ■ The resource resides temporarily at the
    URL identified by the Location
    ■ The Location may change, so don’t
    update your links
    ■ If the request is not GET or HEAD, then
    you must allow the user to confirm the
    action

    View Slide

  61. The permanent
    forwarding address
    response

    View Slide

  62. ■ 301 Moved Permanently
    ■ The resource has moved permanently to
    the URL indicated by the Location
    header
    ■ You should update your links accordingly
    ■ Great for forcing search engines, etc. to
    index the new URL instead of this one

    View Slide

  63. But what about just
    finding the resource
    at another location?

    View Slide

  64. ■ 302 Found
    ■ The resource has been found at another
    URL identified by the Location header
    ■ The new URL might be temporary, so the
    client should continue to use this URL
    ■ Redirections SHOULD be confirmed by
    the user (in practice, browsers don’t
    respect this)

    View Slide

  65. The data validation
    error response

    View Slide

  66. ■ 400 Bad Request
    ■ Generic error message
    ■ The client sent malformed syntax
    ■ The client needs to modify the request
    before sending it again (to fix errors)

    View Slide

  67. POST /user/ HTTP/1.1
    Host: atom.example.org
    Content-Type: application/atom+xml;type=entry
    Content-Length: 474

    xml:base="http://atom.example.org/">
    r@msey
    ...

    HTTP/1.1 400 Bad Request
    Date: Tue, 22 Sep 2009 23:51:00 GMT
    Server: Apache/2.2.11 (Unix) DAV/2 PHP/5.3.0
    X-Powered-By: PHP/5.3.0
    Content-Length: 123
    Connection: close
    Content-Type: text/html; charset=utf-8

    The following errors occurred:

    Title contained invalid characters


    View Slide

  68. But wait! There’s
    more…

    View Slide

  69. Working with HTTP
    in PHP

    View Slide

  70. ■ header() function
    http://php.net/header
    ■ Client URL library (cURL)
    http://php.net/curl
    ■ Streams
    http://php.net/streams
    ■ HTTP extension (pecl/http)
    http://php.net/http

    View Slide

  71. Questions?
    ■ My website is benramsey.com
    ■ @ramsey on Twitter
    ■ Rate this talk at joind.in
    ■ Read the HTTP spec at
    tools.ietf.org/html/rfc2616
    ■ My company is Schematic
    schematic.com

    View Slide

  72. Hidden Gems in HTTP
    Copyright © Ben Ramsey. Some rights reserved.
    This work is licensed under a Creative Commons
    Attribution-Noncommercial-No Derivative Works 3.0 United
    States License.
    For uses not covered under this license, please contact the
    author.

    View Slide