Title: HTTP Messages
1HTTP Messages
2Outline
- The Flow of Messages
- The Parts of a Message
- The various methods that request message support
- The various status codes that are returned with
response message - What the various headers do
3Messages Commute Inbound to the Origin Server
Inbound(to server)
GET /index.html http/1.0
proxy1
proxy2
proxy3
client
HTTP/1.0 200 ok Content-type text/html
server
Outbound(to user agent)
4All messages flow downstream
Request(flowing downstream)
proxy1
client
proxy2
proxy3
No messages ever go upstream
server
proxy3
proxy2
proxy1
Response(flowing downstream)
client
5The Parts of a Message
client
server
6Request Message Syntax
- ltmethodgt ltrequest-URLgt ltversiongt
- ltheadersgt
- ltentity-bodygt
7Response Message Syntax
- ltversiongt ltstatusgt ltreason-phrasegt
- ltheadersgt
- ltentity-bodygt
- Note that version numbers are not treated as
fractional numbers. That is, HTTP/1.22 is higher
version than HTTP/1.3.
8Message Syntax
HTTP request message contains The command and the
URI
GET /pics/hychen.jpg HTTP/1.0 Host
www.csie.ncnu.edu.tw
Internet
HTTP/1.0 200 OK Content-type
image/jpeg Content-length 12345
www.csie.ncnu.edu.tw
HTTP response message contains The result of the
transaction
9Message Syntax
(b)Response message
(a)Request message
HTTP/1.0 200 ok
GET /test/hi-here.txt HTTP/1.1
Start line
Content-type text/plain Content-length 19
Accept text/ Host www.csie.ncnu.edu.tw
Headers
Hi! Im a message!
Body
10Common HTTP method
- Method Message body?
- GET No
- HEAD No
- POST Yes
- PUT Yes
- TRACE No
- OPTIONS No
- DELETE NO
11Status code
- Overall range Define range Category
- 100-199 100-101 informational
- 200-299 200-206 successful
- 300-399 300-305 redirection
- 400-499 400-415 client error
- 500-599 500-505 server error
- Common status codes
- 200 OK
- 401 Unauthorized
- 404 Not found
12Headers
- HTTP head field add additional information to
request and response messages. They are basically
just lists of name/value pairs. - HTTP specification defines several header fields.
Applications also are free to invent their own
home-brewed headers. - Each HTTP has a simple syntaxa name, followed
by a colon (), followed by optional whitespace,
followed by field value, followed by CRLF.
13Header classification
- General headers
- Can appear in both request and response message
- Request headers
- Provide more information about the request
- Response headers
- Provide more information about the response
- Entity headers
- Describe body size and contents, or the resource
itself - Extension headers
- New headers that are not defined in the
specification
14Common header examples
- Header example
- Date Tue, 3 Oct 1997 021603 GMT
- Content-length 15040
- Content-type image/gif
- Accept image/gif, image/jpeg, text/html
- Header continuation lines
- Long header lines can be made more readable by
breaking them into multiple lines, preceding each
extra line with at least one space or tab
character. For example, - Server Test Server Version 1.0
15Entity bodies
- The third part of an HTTP message is the optional
entity body. Entity bodies are the payload of the
HTTP messages. - HTTP message can carry many kinds of digital
data images, video, HTML documents, software
applications, credit card transactions,
electronic mail, and so on.
16Version 0.9 Messages
The request contained merely the method and the
request URL, and the response contained only
the entity. No version number, no status code,
no headers were included.
GET /pics/hychen.jpg
No version number
www.csie.ncnu.edu.tw
www.csie.ncnu.edu.tw
17Methods
- Note that not all methods are implemented by
every server. - To be compliant with HTTP/1.1, a server need
implement only the GET and HEAD methods for its
resources. - Even when servers do implement all of these
common methods (listed in the slide 10), some
methods such as DELETE and PUT most likely have
restricted use. The restrictions generally are
set up in the servers configuration, so they are
vary from site to site and from server to server.
18GET
The most common method. It usually is used to
ask a server to send a resource.
Request message
GET /hychen/index.html HTTP/1.1 Host
www.csie.ncnu.edu.tw Accept
Response message
HTTP/1.1 200 ok Content-Type text/html Content-Le
ngth 617 lthtmlgt ltHEADgtltTITLEgtHome Pagelt/TITLEgt
www.csie.ncnu.edu.tw
19HEAD
It behaves exactly like the GET method, but
the server returns only the headers in the
response.
Request message
HEAD /hychen/index.html HTTP/1.1 Host
www.csie.ncnu.edu.tw Accept
Response message
HTTP/1.1 200 ok Content-Type text/html Content-Le
ngth 617
www.csie.ncnu.edu.tw
No entity body
20HEAD
- No entity body is ever returned. This allows a
client to inspect the headers for a resource
without having to actually get the resource.
Using the header, you can - Find out about a resource (e.g., determine its
type) without getting it. - See if an object exists, by looking at the status
code of the response. - Test if the resource has been modified, by
looking at the headers.
21PUT
The PUT method writes documents to a server, in
the inverse of the way that GET reads documents
from the server.
Request message
PUT /product-list.txt HTTP/1.1 Host
www.csie.ncnu.edu.tw Content-type
text/plain Updated product list coming soon!
www.csie.ncnu.edu.tw
Server updates/creates resource
/product-list.txt and writes it to its disk.
Response message
HTTP/1.1 201 Created Location Http//www.csie.ncn
u.edu.tw/product-list.txt Content-Type
text/plain Content-Length 47 Http//www.csie.ncn
u.edu.tw/product-list.txt
22PUT
- Some publishing systems (e.g. frontpage,
dreamwaver) let you create web pages in a local
computer and install them directly on a web
server via PUT method. - The semantics of the PUT method are for the
server to take the body of the request and either
use it to create a new document named by the
requested URL, or, if that URL already exists,
use the body to replace it. - Because PUT allows you to change content, many
web servers require you to log in with a password
fore you can perform a PUT.
23POST
- PUT is used to deposit data into a resource on
the server (e.g., a file). In comparison, the
POST method was designed to send input data to
the server. - In practice, it is used to support HTML forms.
The data from a filled-in from typically is sent
to a server gateway program to process it.
24POST
Browser sticks data in entity body of message
Request message
POST /check.cgi HTTP/1.1 Host www.csie.ncnu.edu.t
w Content-Type text/plain Content-Length
18 itembandsaw 2647
YES!
www.csie.ncnu.edu.tw
CGI program
Response message
itembandsaw 2647
HTTP/1.1 200 OK Content-type text/plain Context-l
enght 37 The bandsaw model 2647 is in stock!
Inventory check
Inventory list
25TRACE
- When a client makes a request, that request may
have to travel through firewalls, proxies,
gateways, or other applications. Each of these
has the opportunity to modify the original HTTP
request. - The TRACE method allows clients to see how its
request looks when it finally makes it to the
server. - The TRACE method is used primarily for
diagnostics i.e., verifying that requests are
going through the request/response chain as
intended.
26TRACE
TRACE /product-list.txt HTTP/1.1 Host
www.csie.ncnu.edu.tw Accept Via1.1
proxy.ncnu.edu.tw
Request message
TRACE /product-list.txt HTTP/1.1 Accept Host
www.csie.ncnu.edu.tw
Proxy
www.csie.ncnu.edu.tw
Response message
HTTP/1.1 200 OK Content-type text/plain Content-l
ength 96 Via1.1 proxy.ncnu.edu.tw TRACE
/product-list.txt HTTP/1.1 Host
www.csie.ncnu.edu.tw Accept Via 1.1
proxy.ncnu.edu.tw
HTTP/1.1 200 OK Content-type text/plain Content-l
ength 96 TRACE /product-list.txt HTTP/1.1 Host
www.csie.ncnu.edu.tw Accept Via 1.1
proxy.ncnu.edu.tw
27OPTIONS
- The OPTIONS method asks the server tell us about
the various supported capabilities of the web
server. - Some servers may support particular operations on
on particular kinds of objects.
28OPTIONS
Since the request is for options on all
resources, the server just returns the methods it
supports for its resources.
Request message
OPTIONS HTTP/1.1 Host www.csie.ncnu.edu.tw Acc
ept
Response message
www.csie.ncnu.edu.tw
HTTP/1.1 200 OK Allow GET, POST, PUT,
OPTIONS Context-length 0
29DELETE
- The DELETE method asks the server to delete the
resource specified by the requested URL. - However, the client application is not guaranteed
that the delete is carried out. This is because
the HTTP specification allows the server to
override the request without telling the client.
30DELETE
Request message
File product-list.txt removed from servers disk
DELETE /product-list.txt HTTP/1.1 Host
www.csie.ncnu.edu.tw
www.csie.ncnu.edu.tw
Response message
HTTP/1.1 200 OK Content-Type text/plain Content-L
ength 54 I have your delete request, will take
time to process.
31Extension Methods
- HTTP was designed to be field-extensible, so new
features wouldnt cause older software to fail. - Extension Method are method that are not defined
in HTTP/1.1 specification. They provide
developers with a means of extending the
capabilities of the HTTP services their servers
implement on the resources that the servers
manage.
32WebDAV HTTP extension
- Method Description
- LOCK Allows a user to lock a resource
for example, you could lock a
resource while you are editing it - MKCOL Allows a user to create a resource
- COPY Facilitates copying resources on a server
- MOVE Moves a resource on a server
33Status Codes
- 100-199 Informational Status Code
- Status Code Reason Phrase
- 100 Continue
- 101 Switching Protocols
34200-299 success status code
- Status Code Reason Phrase
- 200 OK
- 201 Created
- 202 Accepted
- 203 Not-Authoritative Information
- 204 Not Content
- 205 Reset Content
- 206 Partial Content
35300-399 Redirection Status Code
- Status code Reason Phrase
- 300 Multiple Choices
- 301 Moved Permanently
- 302 Found
- 303 See other
- 304 Not Modified
- 305 Use Proxy
- 306 (Unused)
- 307 Temporary Redirect
36300-399Redirection Status Codes
Request message
Get /pet-products.txt HTTP/1.1 Host
www.csie.ncnu.edu.tw Accept
Response message
HTTP/1.1 301 OK Location http//english.csie.ncnu
.edu.tw Content-length 56 Content-type
text/plain Please go to our partner
site, English.csie.ncnu.edu.tw
www.csie.ncnu.edu.tw
Request message
Get / HTTP/1.1 Host english.csie.ncnu.edu.tw Acce
pt
Response message
english.csie.ncnu.edu.tw
HTTP/1.1 200 OK Content-type text/html Content-le
ngth 3307
37300-399Redirection Status Codes (cont.)
Request message
Get /m_faculty.html HTTP/1.1 Host
www.csie.ncnu.edu.tw Accept If-Modified-Since
Wed, Sept. 3 2003 021600 GMT
Response message
Client has previously requested copy
of http//www.csie.ncnu.edu.tw/m_faculty.html
www.csie.ncnu.edu.tw
HTTP/1.1 304 Not Modified
Has not changed
Browswe displays local copy, since the original
has not changed since we last requested it
38400-499 Client Errors Status Codes
- Status Code Reason Phrase
- 400 Bad Request
- 401 Unauthorized
- 402 Payment Requested
- 403 Forbidden
- 404 Not Found
- 405 Method Not Allowed
- 406 Not Acceptable
- 407 Proxy Authentication Required
- 408 Request Timeout
- 409 Conflict
39400-499 Client Errors Status Codes
- Status Code Reason Phrase
- 410 Gone
- 411 Length Required
- 412 Precondition Failed
- 413 Request Entity Too Large
- 414 Request URI Too Long
- 415 Unsupported Media Type
- 416 Requested Range Not Satisfiable
- 417 Expectation Failed
40500-599 Server Error
- Status Code Reason Phrase
- 500 Internal Server Error
- 501 Not Implemented
- 502 Bad Gateway
- 503 Service Unavailable
- 504 Gateway Timeout
- 505 HTTP Version Not Supported
41Headers
- General headers
- E.g., Date Tue, 3 Oct 2003 021600 GMT
- Request headers
- E.g., Accept /
- Response headers
- E.g., Server Apache/1.3
- Entity headers
- E.g., Content-Type text/html charsetiso-latin-1
- Extension headers
42General Headers
- Header Description
- Connection Allow clients and servers to
specify options about the request/response
connection - Date
- MIME-Version
- Trailer List the set of headers that are in
the trailer of a message encoded with
the chunked transfer encoding - Transfer-Encoding
- Upgrade
- Via
43General caching headers
- Header Description
- Cache-Control Used to pass caching directions
along with the message - Progma Another way to pass direction along
the message, though not specific caching
44General caching headers
- Header Description
- Cache-Control Used to pass caching directions
along with the message - Progma Another way to pass direction along
the message, though not specific caching
45Request Headers
- Header Description
- Client-IP
- From
- Host
- Referer
- UA-Color
- UA-CPU
- UA-Disp
- UA-OS
- UA-Pixels
- User-Agent
46Accept Headers
- Header Description
- Accept what media types
- Accept-Charset
- Accept-Encoding
- Accept-Language
- TE what extension transfer codings are
okay to use
47Request Headers
- Header Description
- Client-IP
- From
- Host
- Referer
- UA-Color
- UA-CPU
- UA-Disp
- UA-OS
- UA-Pixels
- User-Agent
48Accept Headers
- Header Description
- Accept what media types
- Accept-Charset
- Accept-Encoding
- Accept-Language
- TE what extension transfer codings are
okay to use
49Conditional requester headers
- Header Description
- Expect
- If-Match
- If-Modified-Since
- If-None-Match
- If-Range
- If-Unmodified-Since
- Range
50Request security headers
- Header Description
- Authorization
- Cookie
- Cookie2
51Proxy request headers
- Header Description
- Max-Forwards
- Proxy-Authorization
- Proxy-Connection
52Response headers
- Header Description
- Age
- Public
- Retry-After
- Server
- Title
- Warning
53Negotiation headers
- Header Description
- Accept-Ranges
- Vary
54Response security headers
- Header Description
- Proxy-Authenticate
- Set-Cookie
- Set-Cookie2
- WWW-Authenticate
55Entity Headers
- Header Description
- Content-Base
- Content-Encoding
- Content-Language
- Content-Length
- Content-Location
- Content-MD5
- Content-Range
- Content-Type
56Entity caching headers
- Header Description
- ETag
- Expires
- Last-Modified
57HTTP protocol information
- http//www.w3.org/Protocols/
- The W3C architecture page for HTTP.
- http//www.ietf.org/rfc/rfc2621.txt
- RFC 2616, Hypertext Transfer Protocol-
HTTP/1.1, is the official specification for
HTTP/1.1, the current version of the HTTP
protocol.