Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Nordic Ruby 2012: We don't know HTTP
Search
Konstantin Haase
June 15, 2012
Technology
5
810
Nordic Ruby 2012: We don't know HTTP
Slides for the talk I gave at Nordic Ruby 2012
Konstantin Haase
June 15, 2012
Tweet
Share
More Decks by Konstantin Haase
See All by Konstantin Haase
RubyConf Philippines 2017: Magenta is a Lie
rkh
0
200
How We Replaced Salary Negotiations with a Sinatra App
rkh
17
4.2k
HTTP (RubyMonsters Edition)
rkh
5
1.1k
GCRC 2015: Abstract Thoughts on Abstract Things
rkh
1
360
Frozen Rails: Magenta - The Art Of Abstraction
rkh
3
300
RedDotRubyConf 2014: Magenta is a Lie - and other tales of abstraction
rkh
0
930
Ancient City Ruby: Hack me, if you can!
rkh
2
430
Boston I/O: Continuous Integration
rkh
3
310
Steel City Ruby: Architecting Chaos
rkh
4
930
Other Decks in Technology
See All in Technology
Oracle Base Database Service 技術詳細
oracle4engineer
PRO
10
75k
「Linux」という言葉が指すもの
sat
PRO
4
140
Autonomous Database - Dedicated 技術詳細 / adb-d_technical_detail_jp
oracle4engineer
PRO
4
10k
JTCにおける内製×スクラム開発への挑戦〜内製化率95%達成の舞台裏/JTC's challenge of in-house development with Scrum
aeonpeople
0
250
AIエージェントで90秒の広告動画を制作!台本・音声・映像・編集をつなぐAWS最新アーキテクチャの実践
nasuvitz
3
310
Aurora DSQLはサーバーレスアーキテクチャの常識を変えるのか
iwatatomoya
1
1.1k
大「個人開発サービス」時代に僕たちはどう生きるか
sotarok
20
10k
LLMを搭載したプロダクトの品質保証の模索と学び
qa
0
1.1k
dbt開発 with Claude Codeのためのガードレール設計
10xinc
2
1.3k
5年目から始める Vue3 サイト改善 #frontendo
tacck
PRO
3
230
【NoMapsTECH 2025】AI Edge Computing Workshop
akit37
0
220
5分でカオスエンジニアリングを分かった気になろう
pandayumi
0
250
Featured
See All Featured
Build The Right Thing And Hit Your Dates
maggiecrowley
37
2.9k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
252
21k
GitHub's CSS Performance
jonrohan
1032
460k
Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]
tammyeverts
8
530
Done Done
chrislema
185
16k
Making the Leap to Tech Lead
cromwellryan
135
9.5k
Speed Design
sergeychernyshev
32
1.1k
Building an army of robots
kneath
306
46k
Gamification - CAS2011
davidbonilla
81
5.4k
Side Projects
sachag
455
43k
How to Ace a Technical Interview
jacobian
279
23k
Building Flexible Design Systems
yeseniaperezcruz
329
39k
Transcript
we don’t know HTTP Konstantin Haase
@konstantinhaase (I’m sorry about that) rkh on github
Sinatra Rack, Tilt, Rubinius, ...
None
None
RFC 2616
Performance
Scalability
Security
Interoperability
HTTP has been made for this
We just don’t know.
Database Application Server
Database Application Server Application Application
Database Application Server Application Application Database Database
Database Application Server Application Application Database Database Cache
Database Application Server Application Application Database Database Cache Cache
Database Application Server Application Application Database Database Cache Cache Cache
Database Application Server Application Application Database Database Cache Cache Cache
Cache Cache Cache
Database Application Server Application Application Database Database !!! Cache !!!
!!! Cache !!! !!! Cache !!! !!! Cache !!! !!! Cache !!! !!! Cache !!!
How to scale further?
Requests Resources Representation
GET / HTTP/1.1 Accept: text/html
Optimizing Requests
Persistent Connections
Pipelining
SPDY
HTTP 2.0
Optimizing Resources
aka RFC 2616 - The Good Parts
GET, HEAD, OPTIONS, TRACE PUT, DELETE POST, PATCH
1 GET / Repeatable! :) No state change! :) Deterministic!
:)
1 2 PUT / 2 PUT / 2 Repeatable! :)
State change! :( Deterministic! :)
1 DELETE / DELETE / Repeatable! :) State change! :(
Deterministic! :)
1 2 PATCH / +1 3 PATCH / +1 Not
repeatable! :( State change! :( Deterministic! :)
Not repeatable! :( State change! :( Non-deterministic! :( 1 ?
POST / ...
Safe: Idempotent: PATCH: POST: :) :) :) :) :( :)
:( :( :) :( :( :(
worst case PATCH = Lock on document + PUT
worst case POST = Lock on system + PUT
Resources Renderer Business Logic Business Data optional
Before Request + Business Logic + DB Access + Rendering
After Request + DB Access + Rendering
Performance
Resources Renderer Business Logic Business Data Renderer
Resources Renderer Business Logic Business Data Renderer Business Logic
Resources Renderer Business Logic Business Data Renderer Business Logic Resources
Resources Renderer Business Logic Business Data Renderer Business Logic Resources
Business Data
Server Box A Box B GET GET
Server Box A Box B PUT PUT PUT
Server Box A Box B PATCH PATCH PUT + Lock
Server POST ? :(
Browser support? :( <a href=”/” method=”delete”> <form method=”patch”>
Locking? HTTP?
Locking :(
Optimistic Locking :)
PATCH / If-Match: “XYZ”
PUT / If-Non-Match: *
DELETE / If-Match: *
PATCH / If-Unmodified- Since: ...
Browser support? :( <form if-match=”...”> <form if-unmodified-since=”...”>
Scalability
Example Attack JSON CSRF
// https://foo/secrets.json [“chunky”, “bacon”]
<script ! src=”https://foo/secrets.json” ! type=”text/javascript” />
Browser support? :( <script ! src=”https://foo/secrets.json” ! type=”text/javascript” /> GET
/secrets.json Accept: */*
var captured = []; var oldArray = Array; function Array()
{ var obj = this, id = 0, capture = function(value) { obj.__defineSetter__(id++, capture); if (value) captured.push(value); }; capture(); }
Old Architecture Rerun Request Without Session Side-effects? Server load? :(
New Architecture Don’t Authenticate with Session Yay!
Security
Also, Hypermedia! ;)
Interoperability
hej och tack för kaffet jag är glad att vara
här sätt på en kanna till för jag stannar ett tag hej och tack för kaffet jag är glad att vara här sätt på en kanna till för jag stannar ett tag