HTTP: Web Developer Must Know
HTTP stands for Hypertext Transfer Protocol. This is an application protocol for distributed, collaborative, hypermedia information systems, it is the foundation of data communication for the World Wide Web which was invented by English scientist Tim Berners-Lee in 1989. He wrote the first web browser in 1990. The current version of the protocol is HTTP/1.1, which adds a few extra features to the previous 1.0 version such as Persistent connections, chunked transfer-coding and fine-grained caching headers.
Basically, HTTP is a TCP/IP (Transmission Control Protocol/Internet Protocol) based communication protocol, that is used to deliver data (HTML, PDF, JSON…) on the World Wide Web. The default port is TCP 80, but we can use other ports as well.
The Client (E.g: Web browser) submits an HTTP request to the server -> The Server which provides resources such as HTML, PDF, JSON, etc… or performs other functions on behalf of the client, returns a response messsage to the client. The response contains completion status information about the request and may also contain requested contend in its message body. The communication between a client and server is a request/response pair.
- Connectionless: When a Client initiates a request and after the requestion is made, the client disconnects from the server and waits for a response. The server processes the request and re-establishes the connection to the client to send the response back.
- Stateless: The server and client are aware of each other only during a current request. Afterwards, both of them forget each other.
- Client: Could be any User Agent (UA) or Web client which sends a request to the server in the form of request method, URI (Uniform Resource Identifier) – it’s including URL and URN
- Server: A web server is a program that uses HTTP to serve the files that form Web pages to users. All computers that host Web site must have Web server programs such as: Apache, IIS, NGNIX. Other websers include Novell’s NetWare server, Google Web Server (GWS) and IBM’s family of Domino servers.
- FTP: File Transfer Protocol is a standard network protocol used to transfer computer files from one host to another host over a TCP-based network, such as the Internet.
- Telnet: Telnet is a very useful networking utility. Your can use telnet to establish a TCP connection with a server and issue raw HTTP requests.
- Important and popular:
- GET: fetch an existing resource. The URL contains all the necessary information the server needs to locate and return the resource
- POST: create a new resource. POST requests usually carry a payload that specifies the data for the new resource
- PUT: update an existing resource. The payload may contain the updated data for the resource.
- DELETE: delete an existing resource.
- Less used:
- HEAD: This is similar to GET, but without the response body. This is useful for retrieving meta-information written in response headers, without having to transport the entire content.
- TRACE: This method echoes the received request so that a client can see what (if any) changes or additions have been made by intermediate servers.
- OPTIONS: Used to retrieve the server capabilities. On the client-side, it can be used to modify the request based on what the server can support.
HTTP Response Status Code
- 1xx – Information: It means the request was received and the process is continuing.
- 100 – Continue: A part of the request has been received by the server, the client should continue with the request.
- 101 – Switching Protocols: This means the requester has asked the server to switch protocols and the server is acknowledging.
- 102 – Processing: This code indicates that the server has received and is processing the request, but no response is available yet. This prevents the client from timing out and assuming the request was lost.
- 2xx – Success:
- 200 – OK: Standard response for successful HTTP requests.
- 201 – Created: The request has been fulfilled and resulted in a new resource being created.
- 202 – Accepted: The request has been accepted for processing, but the processing has not been completed.
- 203 – Non Authoritative Information (since HTTP/1.1): The server successfully processed the request, but is returning information that may be from another source.
- 204 – No Content: The server successfully processed the request, but is not returning any content.
- 205 – Reset Content: The server is delivering only part of the resource due to a range header sent by the client.
- 206 – Partial Content: indicates that the response only contains partial content. Additional headers indicate the exact range and content expiration information.
- 207 – Multi Status: The message body that follows is an XML message and can contain a number of separate response codes, depending on how many sub-requests were made.
- 208 – Already Reported: The members of a DAV binding have already been enumerated in a previous reply to this request, and are not being included again.
- 226 – IM Used: The server has fulfilled a request for the resource, and the response is a representation of the result of one or more instance-manipulations applied to the current instance.
- 3xx – Redirection:
- 301 Moved Permanently: This and all future requests should be directed to the given URI
- 302 Found: Some Web applications and frameworks use the 302 status code as if it were the 303.
- 303 See Other: the resource is temporarily located at a new URL. The location response header contains the temporary URL
- 304 Not Modified: the server has determined that the resource has not changed and the client should use its cached copy
- 305 Use Proxy (Since HTTP/1.1): The requested resource is only available through a proxy.
- 306 Switch Proxy: No longer used. Originally meant “Subsequent requests should use the specified proxy.
- 307 Temporary Redirect (Since HTTP/1.1): In this case, the request should be repeated with another URI. However, future requests should still use the original URI.
- 4xx Client Error:
- 400 Bad Request: The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing).
- 401 Unauthorized: request requires authentication. The client can repeat the request with the Authorization header. If the client already included the Authorization header, then the credentials were wrong.
- 403 Forbidden: server has denied access to the resource.
- 404 Not Found: The requested resource could not be found but may be available again in the future.
- 405 Method Not Allowed: Invalid HTTP verb used in the request line, or the server does not support that verb.
- 409 Conflict: The server could not complete the request because the client is trying to modify a resource that is newer than the client’s timestamp. Conflicts arise mostly for PUT requests during collaborative edits on a resource.
- still have many more status: go to wiki for more detail.
- 5xx Server Error:
- 500 Internal Server Error: A generic error message
- 501 Not Implemented: The server either does not recognize the request method, or it lacks the ability to fulfill the request
- 503 Service Unavailable: The server is currently unavailable (because it is overloaded or down for maintenance). Generally, this is a temporary state.
- 504 Gateway Time out: The server was acting as a gateway or proxy and did not receive a timely response from the upstream server.
How to view HTTP Traffic
- Chrome webkit inspector
- Firefox plugin: Firebug
- IE: F12 Developer tools