Upgrade to Pro — share decks privately, control downloads, hide ads and more …

The Hidden Gems in HTTP (CodeWorks 2009)

Ben Ramsey
PRO
October 05, 2009
Technology
1
570

The Hidden Gems in HTTP (CodeWorks 2009)

200, 404, 302. Is it a lock combination? A phone number? No, they're HTTP status codes! As we develop Web applications, we encounter these status codes and others, and often we make decisions about which ones to return without giving much thought to their meaning or context. It's time to take a deeper look at HTTP. Knowing the methods, headers, and status codes, what they mean, and how to use them can help you develop richer Internet applications. Join Ben Ramsey as he takes you on a journey through RFC 2616 to discover some of the gems of HTTP.

Ben Ramsey
PRO

October 05, 2009
Tweet

More Decks by Ben Ramsey

See All by Ben Ramsey
Let's Build a Composer Package (php[tek] 2024)
ramsey
PRO
0
24
Internationalization & Localization With PHP (Longhorn PHP 2023)
ramsey
PRO
0
150
Let's Build a Composer Package (Longhorn PHP 2023)
ramsey
PRO
0
160
Put a UUID On It! (php[tek] 2023)
ramsey
PRO
0
140
Cool Tools for PHP Development (php[tek] 2023)
ramsey
PRO
0
180
Cool Tools for PHP Development (Nashville PHP April 2023)
ramsey
PRO
0
18
Cool Tools for PHP Development (MergePHP January 2022)
ramsey
PRO
1
440
Cool Tools for PHP Development (php[MiNDS] August 2021)
ramsey
PRO
0
62
Cool Tools for PHP Development (Essex Web July 2021)
ramsey
PRO
0
42

Other Decks in Technology

See All in Technology
自己改善からチームを動かす! 「セルフエンジニアリングマネージャー」のすゝめ
shoota
6
380
コードを書く隙間を見つけて生きていく技術/Findy 思考の現在地
fujiwara3
27
5.9k
検証を通して見えてきたTiDBの性能特性
lycorptech_jp
PRO
6
3.7k
非同期推論システムによるコスト削減と信頼性向上
koki_nishihara
0
220
現代CSSフレームワークの内部実装とその仕組み
poteboy
8
3.6k
レガシーをぶっ壊せ。AEONで始めるDevRelの話 / Qiita Night 2024-2-22
aeonpeople
3
1.3k
ここが嬉しいABAC ここが辛いよABAC #再解説+補足編
masahirokawahara
1
270
JSON攻略法.pdf
miyakemito
8
5k
家族アルバム みてねにおけるGrafana活用術 / Grafana Meetup Japan Vol.1 LT
isaoshimizu
1
510
SPI原点回帰論:事業課題とFour Keysの結節点を見出す実践的ソフトウェアプロセス改善 / DevOpsDays Tokyo 2024
visional_engineering_and_design
4
1.9k
Azure犬駆動開発の記録/GlobalAzureFukuoka2024_20240420
nina01
1
210
反実仮想機械学習とは何か
usaito
PRO
11
4.2k

Featured

See All Featured
How GitHub (no longer) Works
holman
304
140k
Being A Developer After 40
akosma
57
580k
KATA
mclloyd
15
12k
Clear Off the Table
cherdarchuk
84
310k
YesSQL, Process and Tooling at Scale
rocio
164
13k
What the flash - Photography Introduction
edds
64
11k
The Power of CSS Pseudo Elements
geoffreycrofte
60
5k
How GitHub Uses GitHub to Build GitHub
holman
468
290k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
221
21k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
2
3.4k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
227
16k
Rails Girls Zürich Keynote
gr2m
91
13k

Transcript

  1. Hidden Gems in HTTP Ben Ramsey ▪ Code Works

  2. Why HTTP?

  3. Because you are a Web developer.

  4. HTTP is the Web.

  5. That’s all I have to say about that.

  6. Some properties of HTTP…

  7. ▪ A client-server architecture ▪ Atomic ▪ Cacheable ▪ A

    uniform interface ▪ Layered ▪ Code on demand

  8. Now, what does that sound like?

  9. REST!

  10. And, that’s all I have to say about that, too.

  11. Our focus today…

  12. ▪ Methods you’ve never used ▪ Status codes you didn’t

    know existed ▪ Working with HTTP in PHP

  13. Methods you’ve never used…

  14. Well, not really never.

  15. ▪ You know GET ▪ Retrieval of information ▪ Transfers

    a representation of a resource from the server to the client ▪ Safe & idempotent GET

  16. GET /user/ramsey HTTP/1.1 Host: atom.example.org HTTP/1.1 200 OK Date: Tue,

    22 Sep 2009 17:28:14 GMT Server: Apache/2.2.11 (Unix) DAV/2 PHP/5.3.0 X-Powered-By: PHP/5.3.0 Content-Length: 594 Content-Type: application/atom+xml;type=entry <?xml version="1.0" encoding="utf-8"?> <entry xmlns="http://www.w3.org/2005/Atom" xml:base="http://atom.example.org/"> <title>ramsey</title> ... </entry>

  17. He just thinks he’s funny.

  18. Stop laughing. You’re just encouraging him.

  19. POST ▪ You know POST ▪ The body content should

    be accepted as a new subordinate of the resource ▪ Append, annotate, paste after ▪ Not safe or idempotent

  20. POST /user HTTP/1.1 Host: atom.example.org Content-Type: application/atom+xml;type=entry Content-Length: 474 <?xml

    version="1.0" encoding="utf-8"?> <entry xmlns="http://www.w3.org/2005/Atom" xml:base="http://atom.example.org/"> <title>ramsey</title> ... </entry> HTTP/1.1 201 Created Date: Tue, 22 Sep 2009 17:39:06 GMT Server: Apache/2.2.11 (Unix) DAV/2 PHP/5.3.0 X-Powered-By: PHP/5.3.0 Location: http://atom.example.org/user/ramsey Content-Length: 133 Content-Type: text/html; charset=utf-8 <div> The content was created at the location <a href="/user/ramsey"> http://atom.example.org/user/ramsey </a> </div>

  21. HEAD ▪ Identical to GET, except… ▪ Returns only the

    headers, not the body ▪ Useful for getting details about a resource representation before retrieving the full representation ▪ Safe & idempotent

  22. HEAD /content/1234.mp4 HTTP/1.1 Host: atom.example.org HTTP/1.1 200 OK Date: Tue,

    22 Sep 2009 17:28:14 GMT Server: Apache/2.2.11 (Unix) DAV/2 PHP/5.3.0 X-Powered-By: PHP/5.3.0 Content-Length: 12334753 Content-Type: application/mp4

  23. PUT ▪ Opposite of GET ▪ Storage of information ▪

    Transfers a representation of a resource from the client to the server ▪ Not safe ▪ Idempotent

  24. PUT /user/ramsey/ HTTP/1.1 Host: atom.example.org Content-Type: application/atom+xml;type=entry Content-Length: 594 <?xml

    version="1.0" encoding="utf-8"?> <entry xmlns="http://www.w3.org/2005/Atom" xml:base="http://atom.example.org/"> <title>ramsey</title> ... </entry> HTTP/1.1 200 OK Date: Tue, 22 Sep 2009 17:47:27 GMT Server: Apache/2.2.11 (Unix) DAV/2 PHP/5.3.0 X-Powered-By: PHP/5.3.0 Content-Length: 594 Content-Type: application/atom+xml;type=entry <?xml version="1.0" encoding="utf-8"?> <entry xmlns="http://www.w3.org/2005/Atom" xml:base="http://atom.example.org/"> <title>ramsey</title> ... </entry>

  25. DELETE ▪ Requests that the resource identified be removed from

    public access ▪ Not safe ▪ Idempotent

  26. DELETE /content/1234/ HTTP/1.1 Host: example.org HTTP/1.1 204 No Content Date:

    Tue, 22 Sep 2009 18:06:37 GMT Server: Apache/2.2.11 (Unix) DAV/2 PHP/5.3.0 X-Powered-By: PHP/5.3.0 Content-Length: 0 Content-Type: text/html; charset=utf-8

  27. What the hell are safe & idempotent methods?

  28. Safe methods ▪ GET & HEAD should not take action

    other than retrieval ▪ These are considered safe ▪ Allows agents to represent POST, PUT, & DELETE in a special way

  29. Idempotence ▪ Side-effects of N > 0 identical requests is

    the same as for a single request ▪ GET, HEAD, PUT and DELETE share this property ▪ OPTIONS and TRACE are inherently idempotent

  30. Status codes you didn’t know existed

  31. ▪ Informational (1xx) ▪ Successful (2xx) ▪ Redirection (3xx) ▪

    Client error (4xx) ▪ Server error (5xx)

  32. The look-before- you-leap request (LBYL)

  33. 1. Client sends a request without a body and includes

    the Expect: 100-continue header and all other headers 2. Server determines whether it will accept the request and responds with 100 Continue (or a 4xx code on error) 3. Client sends the request again with the body and without the Expect header

  34. 1 POST /content/videos HTTP/1.1 Host: example.org Content-Type: video/mp4 Content-Length: 115910000

    Authorization: Basic bWFkZTp5b3VfbG9vaw== Expect: 100-continue

  35. 2 HTTP/1.1 413 Request Entity Too Large Date: Thu, 21

    May 2009 23:05:15 GMT Server: Apache/2.2.11 (Unix) DAV/2 PHP/5.3.0 X-Powered-By: PHP/5.3.0 Content-Length: 0 Connection: close Content-Type: text/html Failure state

  36. 2 HTTP/1.1 100 Continue Date: Thu, 21 May 2009 23:05:15

    GMT Server: Apache/2.2.11 (Unix) DAV/2 PHP/5.3.0 X-Powered-By: PHP/5.3.0 Content-Length: 0 Content-Type: text/html Success state

  37. 3 POST /content/videos HTTP/1.1 Host: example.org Content-Type: video/mp4 Content-Length: 115910000

    Authorization: Basic bWFkZTp5b3VfbG9vaw== {binary video data}

  38. 4 HTTP/1.1 201 Created Date: Thu, 21 May 2009 23:05:34

    GMT Server: Apache/2.2.11 (Unix) DAV/2 PHP/5.3.0 X-Powered-By: PHP/5.3.0 Content-Length: 119 Content-Type: text/html Location: http://example.org/content/videos/1234 <html><body><p>Video uploaded! Go <a href="http://example.org/content/videos/ 1234">here</a> to see it.</p></body></html>

  39. The created at another location response

  40. 1 POST /content/videos HTTP/1.1 Host: example.org Content-Type: video/mp4 Content-Length: 115910000

    Authorization: Basic bWFkZTp5b3VfbG9vaw== {binary video data}

  41. 2 HTTP/1.x 201 Created Date: Thu, 21 May 2009 23:05:34

    GMT Server: Apache/2.2.11 (Unix) DAV/2 PHP/5.3.0 X-Powered-By: PHP/5.3.0 Content-Length: 120 Content-Type: text/html Location: http://example.org/content/videos/1234 <html><body><p>Video uploaded! Go <a href="http://example.org/content/videos/ 1234">here</a> to see it.</p></body></html>

  42. The “it’s not you it’s me” response

  43. i.e. I’ve accepted it but might have to do more

    processing

  44. 2 HTTP/1.x 202 Accepted Date: Thu, 21 May 2009 23:05:34

    GMT Server: Apache/2.2.11 (Unix) DAV/2 PHP/5.3.0 X-Powered-By: PHP/5.3.0 Content-Length: 137 Content-Type: text/html Location: http://example.org/content/videos/1234/status <html><body><p>Video processing! Check <a href="http://example.org/content/videos/1234/ status">here</a> for the status.</p></body></ html>

  45. The “I have nothing to say to you” response…

  46. …but you were still successful

  47. 1 DELETE /content/videos/1234 HTTP/1.1 Host: example.org Authorization: Basic bWFkZTp5b3VfbG9vaw==

  48. 2 HTTP/1.x 204 No Content Date: Thu, 21 May 2009

    23:28:34 GMT

  49. The ranged request

  50. ▪ Used when requests are made for ranges of bytes

    from a resource ▪ Determine whether a server supports range requests by checking for the Accept-Ranges header with HEAD

  51. 1 HEAD /2390/2253727548_a413c88ab3_s.jpg HTTP/1.1 Host: farm3.static.flickr.com

  52. 2 HTTP/1.0 200 OK Date: Mon, 05 May 2008 00:33:14

    GMT Server: Apache/2.0.52 (Red Hat) Accept-Ranges: bytes Content-Length: 3980 Content-Type: image/jpeg

  53. 3 GET /2390/2253727548_a413c88ab3_s.jpg HTTP/1.1 Host: farm3.static.flickr.com Range: bytes=0-999

  54. 4 HTTP/1.0 206 Partial Content Date: Mon, 05 May 2008

    00:36:57 GMT Server: Apache/2.0.52 (Red Hat) Accept-Ranges: bytes Content-Length: 1000 Content-Range: bytes 0-999/3980 Content-Type: image/jpeg {binary data}

  55. The GET me from another location response

  56. ▪ 303 See Other ▪ The response to your request

    can be found at another URL identified by the Location header ▪ The client should make a GET request on that URL ▪ The Location is not a substitute for this URL

  57. 1 POST /contact HTTP/1.1 Host: example.org Content-Type: application/x-www-form-urlencoded Content-Length: 1234

    {url-encoded form values from a contact form}

  58. 2 HTTP/1.1 303 See Other Date: Tue, 22 Sep 2009

    23:41:33 GMT Server: Apache/2.2.11 (Unix) DAV/2 PHP/5.3.0 X-Powered-By: PHP/5.3.0 Location: http://example.org/thankyou Content-Length: 0

  59. The find me temporarily at this place response

  60. ▪ 307 Temporary Redirect ▪ The resource resides temporarily at

    the URL identified by the Location ▪ The Location may change, so don’t update your links ▪ If the request is not GET or HEAD, then you must allow the user to confirm the action

  61. The permanent forwarding address response

  62. ▪ 301 Moved Permanently ▪ The resource has moved permanently

    to the URL indicated by the Location header ▪ You should update your links accordingly ▪ Great for forcing search engines, etc. to index the new URL instead of this one

  63. But what about just finding the resource at another location?

  64. ▪ 302 Found ▪ The resource has been found at

    another URL identified by the Location header ▪ The new URL might be temporary, so the client should continue to use this URL ▪ Redirections SHOULD be confirmed by the user (in practice, browsers don’t respect this)

  65. The data validation error response

  66. ▪ 400 Bad Request ▪ Generic error message ▪ The

    client sent malformed syntax ▪ The client needs to modify the request before sending it again (to fix errors)

  67. POST /user/ HTTP/1.1 Host: atom.example.org Content-Type: application/atom+xml;type=entry Content-Length: 474 <?xml

    version="1.0" encoding="utf-8"?> <entry xmlns="http://www.w3.org/2005/Atom" xml:base="http://atom.example.org/"> <title>r@msey</title> ... </entry> HTTP/1.1 400 Bad Request Date: Tue, 22 Sep 2009 23:51:00 GMT Server: Apache/2.2.11 (Unix) DAV/2 PHP/5.3.0 X-Powered-By: PHP/5.3.0 Content-Length: 123 Connection: close Content-Type: text/html; charset=utf-8 <div class="error"> The following errors occurred: <ul> <li>Title contained invalid characters</li> </ul> </div>

  68. But wait! There’s more…

  69. Working with HTTP in PHP

  70. ▪ header() function http://php.net/header ▪ Client URL library (cURL) http://php.net/curl

    ▪ Streams http://php.net/streams ▪ HTTP extension (pecl/http) http://php.net/http

  71. Questions? ▪ My website is benramsey.com ▪ @ramsey on Twitter

    ▪ Rate this talk at joind.in ▪ Read the HTTP spec at tools.ietf.org/html/rfc2616 ▪ My company is Schematic schematic.com

  72. Hidden Gems in HTTP Copyright © Ben Ramsey. Some rights

    reserved. This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 United States License. For uses not covered under this license, please contact the author.