$30 off During Our Annual Pro Sale. View Details »

HTTP (RubyMonsters Edition)

HTTP (RubyMonsters Edition)

An introduction to HTTP

Konstantin Haase

February 09, 2015
Tweet

More Decks by Konstantin Haase

Other Decks in Technology

Transcript

  1. HTTP
    { Hypertext Transfer Protocol }

    View Slide

  2. View Slide

  3. HTML
    HTTP

    View Slide

  4. View Slide

  5. View Slide

  6. https://speakerinnen.org/de/sign_up
    is translated to
    https://54.255.158.2:443/de/sign_up
    using the DNS protocol

    View Slide

  7. View Slide

  8. 4 Connect to the computer reachable under
    IP address 54.255.158.2
    4 Use an SSL/TLS encrypted TCP socket on
    port 443
    4 Speak HTTP
    4 Tell the server we know it as
    speakerinnen.org
    4 Access resource /de/sign_up

    View Slide

  9. Server listens on TCP port

    View Slide

  10. TCP socket
    4 Is opened when client connects to port
    4 Client and server can send each other
    messages

    View Slide

  11. Client starts speaking
    GET /de/sign_up HTTP/1.1
    Host: speakerinnen.org

    View Slide

  12. Server replies
    HTTP/1.1 200 OK
    Content-Type: text/html


    Speakerinnen*-Liste


    View Slide

  13. request vs response
    VERB path HTTP/1.1 HTTP/1.1 code description
    Header: Value Header: Value
    ... ...
    Body (if there is one) Body (if there is one)

    View Slide

  14. Resources
    4 identified by host and path
    4 allow multiple operations
    4 can have multiple representations
    speakerinnen.org/de/sign_up

    View Slide

  15. HTTP methods

    View Slide

  16. GET
    4 Request a resource in its current state.
    4 The standard operation.
    4 Request does not include a body.
    4 Request is safe (and idempotent).

    View Slide

  17. Safe? Idempotent?
    Resource state?
    What??

    View Slide

  18. Resource state
    4 Representations, headers and availability
    associated with a resource.
    4 /de/sign_up exists, is accessible, and has
    an HTML page with a form as its
    representation.

    View Slide

  19. Safe requests
    4 Safe requests do not change the state of
    a resource.
    4 HTTP client does not need to ask the user
    for permission to perform request.

    View Slide

  20. Idempotent requests
    4 The resource state will be the same after
    performing the request once or multiple
    times.
    4 HTTP client does not need to ask the user
    for permission to repeat the request.

    View Slide

  21. Non-idempotent requests
    4 Can't be sure about the resource state
    after multiple requests.
    4 HTTP client should always ask the user for
    confirmation.

    View Slide

  22. View Slide

  23. GET
    4 Request a resource in its current state.
    4 The standard operation.
    4 Request does not include a body.
    4 Request is safe (and idempotent).

    View Slide

  24. HEAD
    4 Same as GET, but there wont be a
    response body.
    4 Useful if you only care about the headers.
    4 Request is safe (and idempotent).

    View Slide

  25. POST
    4 "Do something dangerous."
    4 Default for requests that change
    something.
    4 Used for creating a new speakerinnen.
    4 Unsafe and non-idempotent.

    View Slide







  26. View Slide

  27. POST /de/profiles HTTP/1.1
    Content-Type: application/x-www-form-urlencoded
    Content-Length: 49
    profile[email][email protected]&profile[password]=abc123

    View Slide

  28. PUT
    4 Writing a resource to a given path.
    4 Often used for uploads.
    4 Unsafe, but idempotent (yay).

    View Slide

  29. Other HTTP methods
    4 DELETE: Remove a resource, idempotent.
    4 OPTIONS: Learn about available methods
    and representations for a resource, safe.
    4 PATCH: Update a resource from a partial
    representation, non-idempotent.
    4 LINK and UNLINK: Create or destroy
    relations between resources, idempotent.

    View Slide

  30. View Slide

  31. Response Status
    4 1xx - informational
    4 2xx - success
    4 3xx - redirection
    4 4xx - client error
    4 5xx - server error

    View Slide

  32. If you don't know
    status xyz, treat it
    like x00.

    View Slide

  33. Examples
    4 303 See Other
    4 403 Forbidden
    4 404 File Not Found
    4 405 Method Not Allowed
    4 418 I'm a Teapot
    4 500 Internal Server Error

    View Slide

  34. Headers

    View Slide

  35. Common request headers
    4 Host: Domain name in URI.
    4 User-Agent: Client software used.
    4 Referer[sic]: Page user was on before.

    View Slide

  36. Safari on iPad
    User-Agent: Mozilla/5.0 (iPad; U; CPU OS
    3_2_1 like Mac OS X; en-us) AppleWebKit/
    531.21.10 (KHTML, like Gecko) Mobile/
    7B405

    View Slide

  37. View Slide

  38. Common response headers
    4 Server: Server software used.
    4 Last-Modified: The last time the resource
    state has changed.

    View Slide

  39. Representations

    View Slide

  40. The "file type" of the response
    or request body.

    View Slide

  41. We have seen two so far
    4 text/html
    4 application/x-www-form-urlencoded

    View Slide

  42. Other examples
    4 image/gif, image/png, image/jpeg
    4 text/plain, text/css, text/x-script.ruby
    4 application/javascript, application/
    json

    View Slide

  43. A resource can have
    multiple
    representations
    But we need to tell it which one we want

    View Slide

  44. We want a PNG image
    GET /resource HTTP/1.1
    Host: example.org
    Accept: image/png
    Server gives us PNG image
    HTTP/1.1 200 OK
    Content-Type: image/png
    [ png data ]

    View Slide

  45. We want a PNG image
    GET /resource HTTP/1.1
    Host: example.org
    Accept: image/png
    Resource doesn't have a PNG representation
    HTTP/1.1 406 Not Acceptable
    Content-Type: text/plain
    No PNG, sorry.

    View Slide

  46. We want any kind of image
    GET /resource HTTP/1.1
    Host: example.org
    Accept: image/*
    Server gives us PNG image
    HTTP/1.1 200 OK
    Content-Type: image/png
    [ png data ]

    View Slide

  47. We want a PNG or GIF image
    (but prefer PNG)
    GET /resource HTTP/1.1
    Host: example.org
    Accept: image/png; q=1.0,image/gif; q=0.5
    Server gives us PNG image
    HTTP/1.1 200 OK
    Content-Type: image/png
    [ png data ]

    View Slide

  48. The same works for language.
    GET /resource HTTP/1.1
    Host: example.org
    Accept-Language: en, de

    View Slide

  49. Cookies

    View Slide

  50. HTTP is stateless.
    Cookies are a way to attach state.

    View Slide

  51. HTTP/1.1 200 OK
    Set-Cookie: mycookie=foobar; HttpOnly
    Content-Type: text/plain
    Just gave you a cookie!

    View Slide

  52. GET /somepage HTTP/1.1
    Host: example.org
    Cookie: mycookie=foobar

    View Slide

  53. get '/' do
    name = session[:name]
    "Hello #{ name }!"
    end

    View Slide

  54. View Slide

  55. View Slide

  56. Thank You!

    View Slide