Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Nordic Ruby 2012: We don't know HTTP
Search
Konstantin Haase
June 15, 2012
Technology
5
780
Nordic Ruby 2012: We don't know HTTP
Slides for the talk I gave at Nordic Ruby 2012
Konstantin Haase
June 15, 2012
Tweet
Share
More Decks by Konstantin Haase
See All by Konstantin Haase
RubyConf Philippines 2017: Magenta is a Lie
rkh
0
170
How We Replaced Salary Negotiations with a Sinatra App
rkh
17
3.9k
HTTP (RubyMonsters Edition)
rkh
5
890
GCRC 2015: Abstract Thoughts on Abstract Things
rkh
1
330
Frozen Rails: Magenta - The Art Of Abstraction
rkh
3
260
RedDotRubyConf 2014: Magenta is a Lie - and other tales of abstraction
rkh
0
680
Ancient City Ruby: Hack me, if you can!
rkh
2
380
Boston I/O: Continuous Integration
rkh
3
270
Steel City Ruby: Architecting Chaos
rkh
4
800
Other Decks in Technology
See All in Technology
家族アルバム みてねで直面してきた技術的負債 / MIXI KAG 2024
isaoshimizu
17
7.7k
MongoDB Atlas Vectorsearchではじめる生成AIアプリ開発
chie8842
3
500
エンジニアブランディングチームの KPI / KPI's of engineer branding team
chaspy
1
140
OpenTelemetry実践 はじめの一歩
taxin
0
300
Tohoku.Tech #1 「Cursorを使ったRaspberry Piの開発」by ねこまた
jun2882
0
250
Tohoku.Tech #1 「EC-CUBE/AWSの構築をChatGPTに相談してみました」by テンダ
jun2882
0
140
今さら聞けない!? AWSの生成AIサービス Amazon Bedrock入門!
minorun365
PRO
11
2k
Introduction to Jetpack Compose
pohjus
1
110
Getting started with controlling LEGO using Swift
hcrane
0
130
20240321_生成AI時代のDevOps
kzkmaeda
2
610
沒想過的前端錯誤處理可能比你有做的還多
line_developers_tw
PRO
0
1.9k
統計的学習理論読み Chapter 2
kmatsui
1
190
Featured
See All Featured
We Have a Design System, Now What?
morganepeng
42
6.7k
Design by the Numbers
sachag
274
18k
The Invisible Side of Design
smashingmag
293
49k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
111
35k
The Pragmatic Product Professional
lauravandoore
24
5.7k
Clear Off the Table
cherdarchuk
82
310k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
226
16k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
24
2.2k
Large-scale JavaScript Application Architecture
addyosmani
501
110k
Done Done
chrislema
178
15k
Git: the NoSQL Database
bkeepers
PRO
421
63k
Building Better People: How to give real-time feedback that sticks.
wjessup
350
18k
Transcript
we don’t know HTTP Konstantin Haase
@konstantinhaase (I’m sorry about that) rkh on github
Sinatra Rack, Tilt, Rubinius, ...
None
None
RFC 2616
Performance
Scalability
Security
Interoperability
HTTP has been made for this
We just don’t know.
Database Application Server
Database Application Server Application Application
Database Application Server Application Application Database Database
Database Application Server Application Application Database Database Cache
Database Application Server Application Application Database Database Cache Cache
Database Application Server Application Application Database Database Cache Cache Cache
Database Application Server Application Application Database Database Cache Cache Cache
Cache Cache Cache
Database Application Server Application Application Database Database !!! Cache !!!
!!! Cache !!! !!! Cache !!! !!! Cache !!! !!! Cache !!! !!! Cache !!!
How to scale further?
Requests Resources Representation
GET / HTTP/1.1 Accept: text/html
Optimizing Requests
Persistent Connections
Pipelining
SPDY
HTTP 2.0
Optimizing Resources
aka RFC 2616 - The Good Parts
GET, HEAD, OPTIONS, TRACE PUT, DELETE POST, PATCH
1 GET / Repeatable! :) No state change! :) Deterministic!
:)
1 2 PUT / 2 PUT / 2 Repeatable! :)
State change! :( Deterministic! :)
1 DELETE / DELETE / Repeatable! :) State change! :(
Deterministic! :)
1 2 PATCH / +1 3 PATCH / +1 Not
repeatable! :( State change! :( Deterministic! :)
Not repeatable! :( State change! :( Non-deterministic! :( 1 ?
POST / ...
Safe: Idempotent: PATCH: POST: :) :) :) :) :( :)
:( :( :) :( :( :(
worst case PATCH = Lock on document + PUT
worst case POST = Lock on system + PUT
Resources Renderer Business Logic Business Data optional
Before Request + Business Logic + DB Access + Rendering
After Request + DB Access + Rendering
Performance
Resources Renderer Business Logic Business Data Renderer
Resources Renderer Business Logic Business Data Renderer Business Logic
Resources Renderer Business Logic Business Data Renderer Business Logic Resources
Resources Renderer Business Logic Business Data Renderer Business Logic Resources
Business Data
Server Box A Box B GET GET
Server Box A Box B PUT PUT PUT
Server Box A Box B PATCH PATCH PUT + Lock
Server POST ? :(
Browser support? :( <a href=”/” method=”delete”> <form method=”patch”>
Locking? HTTP?
Locking :(
Optimistic Locking :)
PATCH / If-Match: “XYZ”
PUT / If-Non-Match: *
DELETE / If-Match: *
PATCH / If-Unmodified- Since: ...
Browser support? :( <form if-match=”...”> <form if-unmodified-since=”...”>
Scalability
Example Attack JSON CSRF
// https://foo/secrets.json [“chunky”, “bacon”]
<script ! src=”https://foo/secrets.json” ! type=”text/javascript” />
Browser support? :( <script ! src=”https://foo/secrets.json” ! type=”text/javascript” /> GET
/secrets.json Accept: */*
var captured = []; var oldArray = Array; function Array()
{ var obj = this, id = 0, capture = function(value) { obj.__defineSetter__(id++, capture); if (value) captured.push(value); }; capture(); }
Old Architecture Rerun Request Without Session Side-effects? Server load? :(
New Architecture Don’t Authenticate with Session Yay!
Security
Also, Hypermedia! ;)
Interoperability
hej och tack för kaffet jag är glad att vara
här sätt på en kanna till för jag stannar ett tag hej och tack för kaffet jag är glad att vara här sätt på en kanna till för jag stannar ett tag