autoscale: true theme: Next, 3
HTTP Basics
HTTP
- Hypertext Transfer Protocol
- Protocol by which web browsers communicate with web servers
- Very old
- First version (.9) published in 1991
- Very stable
- Standard is version 1.1 published in 1999
HTTP Basics
- Server listens for requests on a port
- Default is 80
- Secure version requires encrypted requests and responses (HTTPS)
- Default port is 443
- Request and Response structure
HTTP 1.1 Characteristics
- Text-based
- Stateless
- Ordered
- Blocking
HTTP Request Format
- Request method
- URI (Uniform Resource Identifier)
- Protocol version (HTTP/1.1)
- Optional Headers
- Optional Body
Http Request Example
GET /v1/pdp/tcin/31173465 HTTP/1.1 Host: someserver.com Connection: keep-alive Pragma: no-cache Cache-Control: no-cache Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 Accept-Encoding: gzip, deflate, sdch, br Accept-Language: en-US,en;q=0.8 Cookie: adpakalb=p_csp1usw2;
Request Methods
- Most commonly used methods
- GET: Gets the resource at the URI
- PUT: Request to store data at the specified URI
- POST: Request a new resource be stored at the specified URI
- Other less frequently used methods -HEAD, DELETE, OPTIONS, TRACE
HTTP Response Format
- Protocol version (HTTP/1.1)
- Status code and reason
- Response headers
- Meta-information about response
- Response message body
Example Response
HTTP/1.1 200 OK Accept-Ranges: bytes Access-Control-Allow-Headers: X-Auth-Token, Content-Type, X-Requested-With Access-Control-Allow-Methods: GET Access-Control-Allow-Origin: * Cache-Control: max-age=0, no-cache, no-store Content-Encoding: gzip Vary: Accept-Encoding X-Response-Time: 6.00000 Content-Length: 6881 Date: Sun, 10 Feb 2017 19:45:11 GMT Connection: keep-alive Content-Type: application/json
…Insert Response Body…
Example Response Statuses
- 200 “OK”
- 302 “Found” (Temporary Redirect)
- 303 “See Other”
- 403 “Forbidden”
- 404 “Not Found”
- 500 “Internal Server Error”
Response Headers
- Optional based on request method and status code
- Examples include:
- Response meta-information (age)
- Server meta-information
- Content meta-information
- encoding, language, length, encryption, type, expiration
Response Body
- Also known as the “Entity”
- What the client is really requesting
- HTML text
- Images
- Multimedia
- Encrypted or encoded data of any kind (could be RMI or IIOP data)
HTML
- Hypertext Markup Language
- A defined DTD for linked documents
- Uses XML markup to define
- Document structure (headings, paragraphs, etc.)
- Formatting (bold, centering, fonts)
- Links (within the document to other resources)
HTML Content
- Originally came from files on the HTTP server
- Placed in a special location visible to server
- Server responds to a request by locating the corresponding file and returning its contents in the response body
CGI
- Common Gateway Interface
- Certain requests cause web server to launch external program
- This program is responsible for
- Processing incoming HTTP request
- Producing the correct HTTP response
- Result: Dynamic content
CGI Programs
- Scripting languages commonly used (Perl)
- Written to interact with database
- Read and update
- Could interface with legacy systems to provide a web front end
CGI Issues
- Scalability issues
- Each request spawns process
- Scripting language limitations
- Resource contention
Web Applications
- CGI was OK for small things
- Big things: Add abstraction layers
- Provide a model for the HTTP world
- Object-oriented
- Provide higher level of server integration for developers
- Simplify and clarify entry points
- Push work to the browser
Web Application Abstractions
- Request
- Response
- Session
- Cookie
- Context scoping
Requests and Responses
- Allow programmers to
- Access header values
- Write response values
- Specify response codes
- Redirect requests
- Store values for later processing
Sessions
- Represents a conversation between a client and the web server
- State that is maintained over several request/response sessions
- Usually time limited
- Prevents resource exhaustion on the server
- Typically maintained within one browser instance interaction
- Classic example: shopping cart
Scoping
- Application data can be stored at various levels:
- Page
- Request
- Session
- Application
Cookies
- Files stored on behalf of the server by the browser on the requesting machine
- Help preserve state between site visits
- Specified using HTTP headers
- Web server program sends cookie information as part of a response
- Browser cooperates by sending cookie information back when user revisits same site
Client-side Behavior
- Beyond HTML formatting browsers can perform advanced application hosting features
- Programs are sent by the server, run by browser
- JavaScript
- Java Applets
- Flash and Silverlight movies
- Provides for rich user experience
JavaScript
- The most common, portable mechanism for client-side behavior is JavaScript
- C-based programming language
- Dynamic Language
- Amongst the most widely used programming languages world-wide
JavaScript Supports
- Respond to UI events
- Inspect HTML DOM (Document Object Model)
- Modify HTML DOM
- Animate the page
- Validate input forms fields
- Make additional HTTP requests (AJAX)
The Future: Http 2
- Binary protocol
- Multiplexed over TCP
- Asynchronous pipelining
- Header compression to reduce overhead
- Supports push responses to clients
- Requires TLS (Transfer Layer Security)
Multiplexing
- Allow multiple request and response messages to be in flight at the same time
- Messages can be intermingled with each other on the wire
- Client shares one connection channel for all messages to the origin
Single connection
- Typical for web pages/applications to open multiple connections to origin (CSS, JavaScript, API calls)
- Multiple connections can result in network congestion and retransmits
- Limiting messages to a single connection reduces load on network resources
Server Push
- Servers can send CSS and JavaScript to browser caches as the HTML loads
- Prevents the round trip of requests for content that is known to be needed
- Proper use of this approach is still experimental
Header Compression
- Typical pages have about 1400 bytes of headers
- Cookies, Referer, Content-type, etc.
- Header compression reduces the need for round-trips to server for simply retrieving headers
- Typically required to properly handle the response
- Header-based latencies, especially on mobile networks, can often exceed several hundred milliseconds
HTTP 2 Availability
- Current versions of
- Edge
- Safari
- Chrome
- Firefox
Summary
- HTTP
- Stateless response/request protocol
- Programming models for the web involve abstraction layers above HTTP
- JavaScript provides support for dynamic behavior
- HTTP 2 is
the futurehere - Still needs lots of adoption
- Lots of server support now (requires extra configuration)
- Limited client support (Netty, OkHttp, .. ?)