Client-Side Web Technologies

Client-Side Web Technologies Introduction to HTTP MIME • Multipurpose Internet Mail Extensions • Introduced in 1996 • Created to extend email to http://www.maran.com/dictionary/m/mime/image.gif support: • Text in character sets other than ASCII • Non-text content • Multi-part message bodies • Header info in non-ASCII character sets MIME Header Fields • MIME-Version • Declares version of message body format standard in use • Content-Type • Describes the data contained in the body • Content-Disposition • Describes how a body part should be presented (e.g. inline or attachment) • There are others but we won’t discuss them… MIME Content-Type

• Describes the data in the body of a MIME entity • Consists of: • Top level media type • Declares the general type of data • Subtype • Specifies a specific format for that type of data • Parameters that modify the subtype (optional) • Due to expanded use, now known as Internet Media Types • IANA maintains the list of registered Media Types: • http://www.iana.org/assignments/media-types Top-Level Media Types • Text • Textual information • Image • Image data • Audio • Audio data • Video • Video data • Application • Some other kind of data (typically binary, to be processed by some application) • Multipart • Data consisting of multiple entities of independent data types • Subtypes such as mixed, alternative, byteranges, and form-data (for HTML forms) MIME Message Examples

From: John Doe Subject: Hello MIME-Version: 1.0 Content-Type: text/plain;

This is a message in MIME format.

From: John Doe Subject: Hello MIME-Version: 1.0 Content-Type: multipart/mixed; boundary=“XXXXboundary”

--XXXXboundary Content-Type: text/plain; this is the body text

--XXXXboundary Content-Type: text/plain; Content-Disposition: attachment; filename="test.txt" this is the attachment text

--XXXXboundary--

Client-Server Model

• Method of computer network programming • Running software applications are assigned one of two possible roles – client or server Server Applications

• Receive and handle service requests from clients (often multiple clients) • Typically run on separate, more powerful machines than clients • Examples: web server applications like Apache, Tomcat, Node.js, and IIS Client Applications

• Initiate service requests to servers • Typically run on separate, less powerful machines than servers • Examples: web browsers like Firefox and Chrome HTTP • Hypertext Transfer Protocol • Operates at the Application layer in TCP/IP and OSI models • Consists of client requests and server responses HTTP (continued) • HTTP/1.1 • Standardized in 1999 • Most commonly used standard • Defined in IETF RFC[7230 – 7235] • https://tools.ietf.org/html/rfc7230 • HTTP/2.0 • Standardized in 2015 • Attempts to solve performance issues with 1.1 • Defined in IETF RFC 7540 • https://tools.ietf.org/html/rfc7540 • Will discuss later in the course

HTTP Request Message • Request-Line • Method • URI • Protocol version • Header fields (optional) • Message-Body (optional) HTTP Response Message • Status-Line • Protocol version • Status code • Header fields (optional) • Message-Body (optional) HTTP Common Methods Method Use Action Type*

OPTIONS Request information about HTTP methods supported by the safe server idempotent GET Retrieve the resource identified by the request URI safe idempotent HEAD Identical to GET but with no message-body in response safe idempotent POST Request that the target resource process the representation NOT safe enclosed in the request according to the resource's own NOT idempotent specific semantics

PUT Request that the server store the enclosed entity under the NOT safe request URI (replacing an existing version if it exists) idempotent DELETE Request that the server delete the resource identified by the NOT safe request URI idempotent

* Safe actions should retrieve information/resources only; idempotent actions should produce the same results if executed once or multiple times URI • Uniform Resource Identifier • String of characters used to identify a resource • Examples: • ftp://ftp.is.co.za/rfc/rfc1808.txt • http://www.ietf.org/rfc/rfc2396.txt • urn:isbn:0451450523 URL • Uniform Resource Locator • URLs are a subset of URIs that also provide means of locating the resource by describing its primary access mechanism (e.g. http, ftp, etc.) • The terms URL and URI are often used interchangeably • Examples: • ftp://ftp.is.co.za/rfc/rfc1808.txt • http://www.ietf.org/rfc/rfc2396.txt • urn:isbn:0451450523 HTTP URLs

"http:" "//" host [":" port] [ abs_path ["?" query]]

*If no port given, then 80 is assumed (443 for HTTPS)

Examples: http://www.google.com/calendar?tab=wc http://localhost:8080/MyWebApp/index.jsp HTTP Status Code Classes

Class Use Example(s)

1xx Information 100 Continue

2xx Success 200 OK

3xx Redirection 301 Moved Permanently 304 Not Modified

4xx Client Error 400 Bad Request 403 Forbidden 404 Not Found 405 Method Not Allowed

5xx Server Error 500 Internal Server Error 503 Service Unavailable HTTP General Headers (a subset, there are others) Header Field Use Example Value(s)

Cache-Control Rules that must be used by all no-cache caching mechanisms max-age

Connection Specifies options that are desired close for a particular connection keep-alive upgrade

Date Specifies date and time at which Tue, 15 Nov 1994 08:12:31 GMT message was generated

Transfer- Specifies what type of chunked Encoding transformation has been applied to the message body

Upgrade Specifies what additional HTTP/2.0 application layer protocols client websocket can support and would like to use HTTP Request-Specific Headers (a subset, there are others) Header Field Use Example Value(s)

Accept Specifies media types that are text/html acceptable for the response image/png, image/*;q=0.8, */*;q=0.5

Accept- Specifies set of natural languages en-US, en;q=0.5 Language that are acceptable in the response

Accept- Specifies content-codings that are gzip, deflate Encoding acceptable in the response

Range Specifies that a sub-range of the bytes=0-10 entity be returned

Host Specifies the Internet host and port www.google.com number of requested resource 127.0.0.1:8080

Cookie Sends stored cookies to server name=value; name2=value2

User-Agent Specifies information about user Mozilla/5.0 (compatible; MSIE 9.0; agent (e.g. browser) making the Windows NT 6.1; Win64; x64; Trident request 5.0) HTTP Response-Specific Headers (a subset, there are others)

Header Field Use Example Value(s)

Age Specifies the sender's estimate of 46450 the amount of time (in seconds) 0 since the response was generated by the origin server

Accept- Indicates the server's acceptance of bytes Ranges range requests for a resource none

Location Used to redirect recipient to a http://www.w3.org/pub/WWW/People.html location other than the request URI

Server Specifies information about the Apache software used by the server to Microsoft-IIS/7.5 handle the request

Set-Cookie Sends a cookie from the server to name=value; Expires=Wed, 13-Jan-2021 the client 22:23:01 GMT name2=value2 HTTP Entity Headers (a subset, there are others) Header Field Use Example Value(s)

Content- Specifies the media type of the entity-body sent in the text/html Type response image/png

Content- Specifies the natural language of the intended audience of en-US Language the enclosed entity-body da

Content- Specifies what content-codings have been applied to the gzip Encoding entity-body deflate

Content- Specifies where in the full entity-body the partial body sent bytes 0-10/500 Range should be applied bytes 0-499/1234

Content- Specifies the size of the entity-body sent in the response in 11 Length decimal number of OCTETs (i.e. bytes) 500

Allow Lists the set of methods supported by the resource GET,HEAD,POST,OPTIONS identified by the request URI (used when a Method Not GET,POST Allowed response is sent) HTTP Request Message Example

GET /calendar?tab=wc HTTP/1.1 Host: www.google.com User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:18.0) Gecko/20100101 Firefox18.0 Accept: text/html,application/xhtl+xml,application/ xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive HTTP Response Message Example

HTTP/1.1 200 OK Cache-Control: private, max-age=0 Content-Encoding: gzip Content-Type: text/html; charset=UTF-8 Date: Mon, 11 Feb 2013 20:15:16 GMT Expires: -1 Server: gws

... Netcat • Network utility for TCP and UDP connections • Originally a UNIX program, now available for many operating systems • If you are using Mac OS X you should already have it • If using Windows, you can obtain it here: http://www.securityfocus.com/tools/139 • Netcat is great for creating our own HTTP 1.1 requests

Ncat

• Ncat is a reimplementation of Netcat with added features • Supports SSL so we can generate HTTPS requests with it • Available for Mac OS X and Windows: http://nmap.org/ncat/ Postman

• Tool for working with APIs • Use to make HTTP 1.1 requests • Supports SSL so we can generate HTTPS requests with it • Available for Mac OS X and Windows • https://www.getpostman.com/ • Standalone app or Chrome extension

Wireshark

• Network protocol analyzer • Allows us to capture network traffic • Available for Mac OS X and Windows: http://www.wireshark.org/