Client-Side Web Technologies
Total Page:16
File Type:pdf, Size:1020Kb
Client-Side Web Technologies Introduction to HTTP MIME • Multipurpose Internet Mail Extensions • Introduced in 1996 • Created to extend email to http://www.maran.com/dictionary/m/mime/image.gif support: • Text in character sets other than ASCII • Non-text content • Multi-part message Bodies • Header info in non-ASCII character sets MIME Header Fields • MIME-Version • Declares version of message Body format standard in use • Content-Type • DescriBes the data contained in the Body • Content-Disposition • DescriBes how a Body part should Be presented (e.g. inline or attachment) • There are others But we won’t discuss them… MIME Content-Type • DescriBes the data in the Body of a MIME entity • Consists of: • Top level media type • Declares the general type of data • SuBtype • Specifies a specific format for that type of data • Parameters that modify the suBtype (optional) • Due to expanded use, now known as Internet Media Types • IANA maintains the list of registered Media Types: • http://www.iana.org/assignments/media-types Top-Level Media Types • Text • Textual information • Image • Image data • Audio • Audio data • Video • Video data • Application • Some other kind of data (typically Binary, to Be processed By some application) • Multipart • Data consisting of multiple entities of independent data types • SuBtypes such as mixed, alternative, byteranges, and form-data (for HTML forms) MIME Message Examples From: John Doe <[email protected]> Subject: Hello MIME-Version: 1.0 Content-Type: text/plain; This is a message in MIME format. From: John Doe <[email protected]> Subject: Hello MIME-Version: 1.0 Content-Type: multipart/mixed; boundary=“XXXXboundary” --XXXXboundary Content-Type: text/plain; this is the body text --XXXXboundary Content-Type: text/plain; Content-Disposition: attachment; filename="test.txt" this is the attachment text --XXXXboundary-- Client-Server Model • Method of computer network programming • Running software applications are assigned one of two possiBle roles – client or server Server Applications • Receive and handle service requests from clients (often multiple clients) • Typically run on separate, more powerful machines than clients • Examples: weB server applications like Apache, Tomcat, Node.js, and IIS Client Applications • Initiate service requests to servers • Typically run on separate, less powerful machines than servers • Examples: weB Browsers like Firefox and Chrome HTTP • Hypertext Transfer Protocol • Operates at the Application layer in TCP/IP and OSI models • Consists of client requests and server responses HTTP (continued) • HTTP/1.1 • Standardized in 1999 • Most commonly used standard • Defined in IETF RFC[7230 – 7235] • https://tools.ietf.org/html/rfc7230 • HTTP/2.0 • Standardized in 2015 • Attempts to solve performance issues with 1.1 • Defined in IETF RFC 7540 • https://tools.ietf.org/html/rfc7540 • Will discuss later in the course HTTP Request Message • Request-Line • Method • URI • Protocol version • Header fields (optional) • Message-Body (optional) HTTP Response Message • Status-Line • Protocol version • Status code • Header fields (optional) • Message-Body (optional) HTTP Common Methods Method Use Action Type* OPTIONS Request information aBout HTTP methods supported By the safe server idempotent GET Retrieve the resource identified By the request URI safe idempotent HEAD Identical to GET But with no message-Body in response safe idempotent POST Request that the target resource process the representation NOT safe enclosed in the request according to the resource's own NOT idempotent specific semantics PUT Request that the server store the enclosed entity under the NOT safe request URI (replacing an existing version if it exists) idempotent DELETE Request that the server delete the resource identified By the NOT safe request URI idempotent * Safe actions should retrieve information/resources only; idempotent actions should produce the same results if executed once or multiple times URI • Uniform Resource Identifier • String of characters used to identify a resource • Examples: • ftp://ftp.is.co.za/rfc/rfc1808.txt • http://www.ietf.org/rfc/rfc2396.txt • urn:isbn:0451450523 URL • Uniform Resource Locator • URLs are a suBset of URIs that also provide means of locating the resource By descriBing its primary access mechanism (e.g. http, ftp, etc.) • The terms URL and URI are often used interchangeaBly • Examples: • ftp://ftp.is.co.za/rfc/rfc1808.txt • http://www.ietf.org/rfc/rfc2396.txt • urn:isbn:0451450523 HTTP URLs "http:" "//" host [":" port] [ abs_path ["?" query]] *If no port given, then 80 is assumed (443 for HTTPS) Examples: http://www.google.com/calendar?tab=wc http://localhost:8080/MyWebApp/index.jsp HTTP Status Code Classes Class Use Example(s) 1xx Information 100 Continue 2xx Success 200 OK 3xx Redirection 301 Moved Permanently 304 Not Modified 4xx Client Error 400 Bad Request 403 Forbidden 404 Not Found 405 Method Not Allowed 5xx Server Error 500 Internal Server Error 503 Service Unavailable HTTP General Headers (a suBset, there are others) Header Field Use Example Value(s) Cache-Control Rules that must Be used By all no-cache caching mechanisms max-age Connection Specifies options that are desired close for a particular connection keep-alive upgrade Date Specifies date and time at which Tue, 15 Nov 1994 08:12:31 GMT message was generated Transfer- Specifies what type of chunked Encoding transformation has Been applied to the message Body Upgrade Specifies what additional HTTP/2.0 application layer protocols client websocket can support and would like to use HTTP Request-Specific Headers (a suBset, there are others) Header Field Use Example Value(s) Accept Specifies media types that are text/html acceptaBle for the response image/png, image/*;q=0.8, */*;q=0.5 Accept- Specifies set of natural languages en-US, en;q=0.5 Language that are acceptaBle in the response Accept- Specifies content-codings that are gzip, deflate Encoding acceptaBle in the response Range Specifies that a suB-range of the bytes=0-10 entity Be returned Host Specifies the Internet host and port www.google.com numBer of requested resource 127.0.0.1:8080 Cookie Sends stored cookies to server name=value; name2=value2 User-Agent Specifies information aBout user Mozilla/5.0 (compatible; MSIE 9.0; agent (e.g. Browser) making the Windows NT 6.1; Win64; x64; Trident request 5.0) HTTP Response-Specific Headers (a suBset, there are others) Header Field Use Example Value(s) Age Specifies the sender's estimate of 46450 the amount of time (in seconds) 0 since the response was generated By the origin server Accept- Indicates the server's acceptance of bytes Ranges range requests for a resource none Location Used to redirect recipient to a http://www.w3.org/pub/WWW/People.html location other than the request URI Server Specifies information aBout the Apache software used By the server to Microsoft-IIS/7.5 handle the request Set-Cookie Sends a cookie from the server to name=value; Expires=Wed, 13-Jan-2021 the client 22:23:01 GMT name2=value2 HTTP Entity Headers (a suBset, there are others) Header Field Use Example Value(s) Content- Specifies the media type of the entity-Body sent in the text/html Type response image/png Content- Specifies the natural language of the intended audience of en-US Language the enclosed entity-body da Content- Specifies what content-codings have Been applied to the gzip Encoding entity-body deflate Content- Specifies where in the full entity-Body the partial Body sent bytes 0-10/500 Range should Be applied bytes 0-499/1234 Content- Specifies the size of the entity-Body sent in the response in 11 Length decimal numBer of OCTETs (i.e. Bytes) 500 Allow Lists the set of methods supported By the resource GET,HEAD,POST,OPTIONS identified By the request URI (used when a Method Not GET,POST Allowed response is sent) HTTP Request Message Example GET /calendar?tab=wc HTTP/1.1 Host: www.google.com User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:18.0) Gecko/20100101 Firefox18.0 Accept: text/html,application/xhtl+xml,application/ xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive HTTP Response Message Example HTTP/1.1 200 OK Cache-Control: private, max-age=0 Content-Encoding: gzip Content-Type: text/html; charset=UTF-8 Date: Mon, 11 Feb 2013 20:15:16 GMT Expires: -1 Server: gws <DOCTYPE html> <HTML lang=“en”> ... </HTML> Netcat • Network utility for TCP and UDP connections • Originally a UNIX program, now availaBle for many operating systems • If you are using Mac OS X you should already have it • If using Windows, you can oBtain it here: http://www.securityfocus.com/tools/139 • Netcat is great for creating our own HTTP 1.1 requests Ncat • Ncat is a reimplementation of Netcat with added features • Supports SSL so we can generate HTTPS requests with it • AvailaBle for Mac OS X and Windows: http://nmap.org/ncat/ Postman • Tool for working with APIs • Use to make HTTP 1.1 requests • Supports SSL so we can generate HTTPS requests with it • AvailaBle for Mac OS X and Windows • https://www.getpostman.com/ • Standalone app or Chrome extension Wireshark • Network protocol analyzer • Allows us to capture network traffic • AvailaBle for Mac OS X and Windows: http://www.wireshark.org/ .