Client-Side Web Technologies Introduction to HTTP MIME • Multipurpose Internet Mail Extensions • Introduced in 1996 • Created to extend email to http://www.maran.com/dictionary/m/mime/image.gif support: • Text in character sets other than ASCII • Non-text content • Multi-part message bodies • Header info in non-ASCII character sets MIME Header Fields • MIME-Version • Declares version of message body format standard in use • Content-Type • Describes the data contained in the body • Content-Disposition • Describes how a body part should be presented (e.g. inline or attachment) • There are others but we won’t discuss them… MIME Content-Type
• Describes the data in the body of a MIME entity • Consists of: • Top level media type • Declares the general type of data • Subtype • Specifies a specific format for that type of data • Parameters that modify the subtype (optional) • Due to expanded use, now known as Internet Media Types • IANA maintains the list of registered Media Types: • http://www.iana.org/assignments/media-types Top-Level Media Types • Text • Textual information • Image • Image data • Audio • Audio data • Video • Video data • Application • Some other kind of data (typically binary, to be processed by some application) • Multipart • Data consisting of multiple entities of independent data types • Subtypes such as mixed, alternative, byteranges, and form-data (for HTML forms) MIME Message Examples
From: John Doe
This is a message in MIME format.
From: John Doe
--XXXXboundary Content-Type: text/plain; this is the body text
--XXXXboundary Content-Type: text/plain; Content-Disposition: attachment; filename="test.txt" this is the attachment text
--XXXXboundary--
Client-Server Model
• Method of computer network programming • Running software applications are assigned one of two possible roles – client or server Server Applications
• Receive and handle service requests from clients (often multiple clients) • Typically run on separate, more powerful machines than clients • Examples: web server applications like Apache, Tomcat, Node.js, and IIS Client Applications
• Initiate service requests to servers • Typically run on separate, less powerful machines than servers • Examples: web browsers like Firefox and Chrome HTTP • Hypertext Transfer Protocol • Operates at the Application layer in TCP/IP and OSI models • Consists of client requests and server responses HTTP (continued) • HTTP/1.1 • Standardized in 1999 • Most commonly used standard • Defined in IETF RFC[7230 – 7235] • https://tools.ietf.org/html/rfc7230 • HTTP/2.0 • Standardized in 2015 • Attempts to solve performance issues with 1.1 • Defined in IETF RFC 7540 • https://tools.ietf.org/html/rfc7540 • Will discuss later in the course
HTTP Request Message • Request-Line • Method • URI • Protocol version • Header fields (optional) • Message-Body (optional) HTTP Response Message • Status-Line • Protocol version • Status code • Header fields (optional) • Message-Body (optional) HTTP Common Methods Method Use Action Type*
OPTIONS Request information about HTTP methods supported by the safe server idempotent GET Retrieve the resource identified by the request URI safe idempotent HEAD Identical to GET but with no message-body in response safe idempotent POST Request that the target resource process the representation NOT safe enclosed in the request according to the resource's own NOT idempotent specific semantics
PUT Request that the server store the enclosed entity under the NOT safe request URI (replacing an existing version if it exists) idempotent DELETE Request that the server delete the resource identified by the NOT safe request URI idempotent
* Safe actions should retrieve information/resources only; idempotent actions should produce the same results if executed once or multiple times URI • Uniform Resource Identifier • String of characters used to identify a resource • Examples: • ftp://ftp.is.co.za/rfc/rfc1808.txt • http://www.ietf.org/rfc/rfc2396.txt • urn:isbn:0451450523 URL • Uniform Resource Locator • URLs are a subset of URIs that also provide means of locating the resource by describing its primary access mechanism (e.g. http, ftp, etc.) • The terms URL and URI are often used interchangeably • Examples: • ftp://ftp.is.co.za/rfc/rfc1808.txt • http://www.ietf.org/rfc/rfc2396.txt • urn:isbn:0451450523 HTTP URLs
"http:" "//" host [":" port] [ abs_path ["?" query]]
*If no port given, then 80 is assumed (443 for HTTPS)
Examples: http://www.google.com/calendar?tab=wc http://localhost:8080/MyWebApp/index.jsp HTTP Status Code Classes
Class Use Example(s)
1xx Information 100 Continue
2xx Success 200 OK
3xx Redirection 301 Moved Permanently 304 Not Modified
4xx Client Error 400 Bad Request 403 Forbidden 404 Not Found 405 Method Not Allowed
5xx Server Error 500 Internal Server Error 503 Service Unavailable HTTP General Headers (a subset, there are others) Header Field Use Example Value(s)
Cache-Control Rules that must be used by all no-cache caching mechanisms max-age
Connection Specifies options that are desired close for a particular connection keep-alive upgrade
Date Specifies date and time at which Tue, 15 Nov 1994 08:12:31 GMT message was generated
Transfer- Specifies what type of chunked Encoding transformation has been applied to the message body
Upgrade Specifies what additional HTTP/2.0 application layer protocols client websocket can support and would like to use HTTP Request-Specific Headers (a subset, there are others) Header Field Use Example Value(s)
Accept Specifies media types that are text/html acceptable for the response image/png, image/*;q=0.8, */*;q=0.5
Accept- Specifies set of natural languages en-US, en;q=0.5 Language that are acceptable in the response
Accept- Specifies content-codings that are gzip, deflate Encoding acceptable in the response
Range Specifies that a sub-range of the bytes=0-10 entity be returned
Host Specifies the Internet host and port www.google.com number of requested resource 127.0.0.1:8080
Cookie Sends stored cookies to server name=value; name2=value2
User-Agent Specifies information about user Mozilla/5.0 (compatible; MSIE 9.0; agent (e.g. browser) making the Windows NT 6.1; Win64; x64; Trident request 5.0) HTTP Response-Specific Headers (a subset, there are others)
Header Field Use Example Value(s)
Age Specifies the sender's estimate of 46450 the amount of time (in seconds) 0 since the response was generated by the origin server
Accept- Indicates the server's acceptance of bytes Ranges range requests for a resource none
Location Used to redirect recipient to a http://www.w3.org/pub/WWW/People.html location other than the request URI
Server Specifies information about the Apache software used by the server to Microsoft-IIS/7.5 handle the request
Set-Cookie Sends a cookie from the server to name=value; Expires=Wed, 13-Jan-2021 the client 22:23:01 GMT name2=value2 HTTP Entity Headers (a subset, there are others) Header Field Use Example Value(s)
Content- Specifies the media type of the entity-body sent in the text/html Type response image/png
Content- Specifies the natural language of the intended audience of en-US Language the enclosed entity-body da
Content- Specifies what content-codings have been applied to the gzip Encoding entity-body deflate
Content- Specifies where in the full entity-body the partial body sent bytes 0-10/500 Range should be applied bytes 0-499/1234
Content- Specifies the size of the entity-body sent in the response in 11 Length decimal number of OCTETs (i.e. bytes) 500
Allow Lists the set of methods supported by the resource GET,HEAD,POST,OPTIONS identified by the request URI (used when a Method Not GET,POST Allowed response is sent) HTTP Request Message Example
GET /calendar?tab=wc HTTP/1.1 Host: www.google.com User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:18.0) Gecko/20100101 Firefox18.0 Accept: text/html,application/xhtl+xml,application/ xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive HTTP Response Message Example
HTTP/1.1 200 OK Cache-Control: private, max-age=0 Content-Encoding: gzip Content-Type: text/html; charset=UTF-8 Date: Mon, 11 Feb 2013 20:15:16 GMT Expires: -1 Server: gws
Ncat
• Ncat is a reimplementation of Netcat with added features • Supports SSL so we can generate HTTPS requests with it • Available for Mac OS X and Windows: http://nmap.org/ncat/ Postman
• Tool for working with APIs • Use to make HTTP 1.1 requests • Supports SSL so we can generate HTTPS requests with it • Available for Mac OS X and Windows • https://www.getpostman.com/ • Standalone app or Chrome extension
Wireshark
• Network protocol analyzer • Allows us to capture network traffic • Available for Mac OS X and Windows: http://www.wireshark.org/