Upgrade to Pro — share decks privately, control downloads, hide ads and more …

What the Heck is HTTP?

Scott McAllister
July 24, 2023
Programming
1
81

What the Heck is HTTP?

You see it on the front of URLs. You know that it's important to APIs. When you write applications that are connecting to services on other machines you're using it. So you're likely using it in everything you build. But, what the heck is HTTP, really?

In this talk, we'll dive into the mechanics of HTTP starting from requests & responses, diving into nouns & verbs, and going deep into the mechanics of how authentication works over the protocol. Come join us as we learn all about something that most of us use everyday.

This talk was given at Nebraska.Code() 2023.

Scott McAllister

July 24, 2023
Tweet

More Decks by Scott McAllister

See All by Scott McAllister
Simple Ways to Make Webhook Security Better
stmcallister
0
37
Modules, Loops and More: How to Scale with Terraform
stmcallister
0
55
Client-side OAuth with PKCE (Indy.code() 2022)
stmcallister
1
50
Building Ingress: From Concept to Connection (#JOTB23)
stmcallister
0
67
Node and OAuth on the Command Line -- Twin Cities Code Camp 2018
stmcallister
0
70

Other Decks in Programming

See All in Programming
Site Reliability Engineering for GMO
pyama86
8
1.1k
効率化に挑戦してみたらモバイル開発が少し快適になった話
ryunakayama
0
140
if constexpr文はテンプレート世界のラムダ式である
faithandbrave
3
670
FigmaとPHPで作る1ミリたりとも表示崩れしない最強の帳票印刷ソリューション
ttskch
43
19k
From Spring Boot 2 to Spring Boot 3 with Java 21 and Jakarta EE
ivargrimstad
0
490
MetricKitで予期せぬ終了を検知する話 / Detect unexpected termination with MetricKit
nekowen
1
200
Hanami and htmx
bkuhlmann
0
220
Azure OpenAI Serviceのプロンプトエンジニアリング入門
tomokusaba
3
870
SwiftUIで使いやすいToastの作り方 / How to build a Toast system which is easy to use in SwiftUI
lovee
3
170
Fast JSX: Don't clone props object #28768
yossydev
1
160
Amazon SQSコンシューマー疎結合への旅 - 出張! #DevelopersIO IT技術ブログの中の人が語る勉強会 #3
quiver
0
300
大規模UIKitベースアプリへのTCAの段階的導入/gradual-adoption-of-tca-in-a-large-scale-uikit-based-app
takehilo
2
200

Featured

See All Featured
We Have a Design System, Now What?
morganepeng
44
6.8k
The Brand Is Dead. Long Live the Brand.
mthomps
49
29k
VelocityConf: Rendering Performance Case Studies
addyosmani
321
23k
Why You Should Never Use an ORM
jnunemaker
PRO
51
8.7k
GitHub's CSS Performance
jonrohan
1025
450k
Put a Button on it: Removing Barriers to Going Fast.
kastner
58
3.1k
Designing Experiences People Love
moore
136
23k
What the flash - Photography Introduction
edds
64
11k
Side Projects
sachag
451
41k
Designing with Data
zakiwarfel
96
4.8k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
123
39k
Infographics Made Easy
chrislema
238
18k

Transcript

  1. What the Heck Is HTTP? Scott McAllister Principal Developer Advocate

    Nebraska.Code() 2023

  2. Protocols @stmcallister

  3. Protocols @stmcallister A set of rules or standards to communicate

    effectively

  4. HyperText Transfer Protocol @stmcallister

  5. HTTP @stmcallister A set of rules or standards for clients

    and web servers to communicate effectively

  6. HTTP @stmcallister Image source: https://developer.mozilla.org/en-US/docs/Web/HTTP/Overview

  7. HTTP @stmcallister Client Server Request

  8. HTTP @stmcallister Response Client Server Request

  9. HTTP @stmcallister Response Client Server Request

  10. © ngrok. All rights reserved. Confidential Information of ngrok Header

    Body HTTP Message Information about the message Data being sent Method The action being taken. POST, GET, PUT, DELETE @stmcallister HTTP Message

  11. HTTP Request @stmcallister GET / HTTP/1.1 Host: demo.ngrokpaperscissors.com User-Agent: Mozilla/5.0

    (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml

  12. HTTP Request @stmcallister GET / HTTP/1.1 Host: demo.ngrokpaperscissors.com User-Agent: Mozilla/5.0

    (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml Method or Verb

  13. HTTP Request @stmcallister GET / HTTP/1.1 Host: demo.ngrokpaperscissors.com User-Agent: Mozilla/5.0

    (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml Headers

  14. HTTP Response @stmcallister HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Content-Length:

    32 <h1>App Running on Server 1</h1> Headers

  15. HTTP Response @stmcallister HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Content-Length:

    32 <h1>App Running on Server 1</h1> Body (or payload)

  16. Evolution of HTTP @stmcallister

  17. HTTP/0.9 @stmcallister Only GET Requests Response only returned HTML file

    No Headers No Status Codes

  18. HTTP/1 @stmcallister Versioning Headers! Status Codes Content-Type SSL

  19. HTTP/1.1 @stmcallister First Standardized Version Reusable Connections Standard REST Relies

    On Extensions (WebSockets, etc)

  20. HTTP/2 @stmcallister Binary rather than Text Multiplexing Messages (Parallel Requests)

    Encapsulates Messages into Frames

  21. HTTP/3 @stmcallister Uses QUIC instead of TCP Lower Latency Packet

    Loss Detection

  22. HTTP Version Adoption @stmcallister Image source: https://radar.cloudflare.com/adoption-and-usage?range=28d

  23. Common Headers @stmcallister Content-Type Accept Authorization User-Agent

  24. HTTP Messages @stmcallister A lot like Washington, D.C.

  25. HTTP Messages @stmcallister Stateless

  26. Cookies @stmcallister

  27. HTTP Response Codes @stmcallister

  28. © ngrok. All rights reserved. Confidential Information of ngrok @stmcallister

    HTTP Status Codes: 100s — Informative

  29. © ngrok. All rights reserved. Confidential Information of ngrok @stmcallister

    SUCCESS SUCCESS

  30. © ngrok. All rights reserved. Confidential Information of ngrok @stmcallister

    REDIRECTION

  31. © ngrok. All rights reserved. Confidential Information of ngrok @stmcallister

    CLIENT ERRORS

  32. © ngrok. All rights reserved. Confidential Information of ngrok @stmcallister

    CLIENT ERRORS

  33. © ngrok. All rights reserved. Confidential Information of ngrok @stmcallister

    CLIENT ERRORS

  34. © ngrok. All rights reserved. Confidential Information of ngrok CLIENT

    ERRORS MOAR @stmcallister

  35. © ngrok. All rights reserved. Confidential Information of ngrok EVEN

    MOAR CLIENT ERRORS @stmcallister

  36. © ngrok. All rights reserved. Confidential Information of ngrok SERVER

    ERRORS @stmcallister

  37. HTTP @stmcallister Response Client Server Request

  38. HTTP @stmcallister Response Client Server Request PLAIN TEXT

  39. HTTPS TLS @stmcallister Response Client Server Request Encrypted

  40. HTTPS @stmcallister Image source: https://developer.mozilla.org/en-US/docs/Web/HTTP/Overview

  41. TLS @stmcallister Requires Digital Certificate from Server Generated from Trusted

    Certificate Authority Public/Private Keys

  42. HTTPS TLS Handshake @stmcallister Presents certificate & public key Client

    Server

  43. HTTPS TLS Handshake @stmcallister Presents certificate & public key Client

    Server Verifies cert. Generates random string. Encrypts with public key.

  44. HTTPS TLS Handshake @stmcallister Presents certificate & public key Client

    Server Verifies cert. Generates random string. Encrypts with public key. Decrypts message with private key. Client and server now have same secret string. Secret string used to generate Session Key

  45. Authentication @stmcallister

  46. Basic Authentication @stmcallister Client Server GET / HTTP/1.1

  47. Basic Authentication @stmcallister Client Server Responds with 401 (Unauthorized) status.

    WWW-Authenticate header w/ challenge GET / HTTP/1.1

  48. Basic Authentication @stmcallister Client Server Responds with 401 (Unauthorized) status.

    WWW-Authenticate header w/ challenge GET / HTTP/1.1 GET / HTTP/1.1 Authorization: Basic bAs364enc0d3Cr3ds

  49. Basic Authentication @stmcallister Client Server Responds with 401 (Unauthorized) status.

    WWW-Authenticate header w/ challenge GET / HTTP/1.1 GET / HTTP/1.1 Authorization: Basic bAs364enc0d3Cr3ds HTTP/1.1 200 OK

  50. OAuth @stmcallister

  51. OAuth ❏ Open standard for authorizing secure access on HTTP

    service ❏ Uses tokens rather than password data to prove identity ❏ Provides “secure delegated access” to client applications ❏ Limits user’s scope of access @stmcallister

  52. Resources @stmcallister HTTP Docs on MDN https://developer.mozilla.org/en-US/docs/Web/HTTP What is HTTP

    and How Does It Work? https://youtu.be/2yfDgnm6eAs Learning ngrok: Inspect and Replay https://dev.to/stmcallister/learning-ngrok-inspect-and-replay-14ge HTTP Status Dogs https://httpstatusdogs.com/ HTTP Status Cats https://httpcats.com/ SSL, TLS, HTTPS Explained https://youtu.be/j9QmMEWmcfo

  53. © ngrok. All rights reserved. Confidential Information of ngrok @stmcallister

  54. Scott McAllister Speaker, Writer, Coder @stmcallister stmcallister.github.io @stmcallister.bsky.social techhub.social/@stmcallister

  55. Thank you

  56. None