HTTP (RubyMonsters Edition)

Transcript

1. HTTP { Hypertext Transfer Protocol }

2. None

3. HTML HTTP

4. None
5. None

6. https://speakerinnen.org/de/sign_up is translated to https://54.255.158.2:443/de/sign_up using the DNS protocol

7. None

8. 4 Connect to the computer reachable under IP address 54.255.158.2

   4 Use an SSL/TLS encrypted TCP socket on port 443 4 Speak HTTP 4 Tell the server we know it as speakerinnen.org 4 Access resource /de/sign_up

9. Server listens on TCP port

10. TCP socket 4 Is opened when client connects to port

    4 Client and server can send each other messages

11. Client starts speaking GET /de/sign_up HTTP/1.1 Host: speakerinnen.org

12. Server replies HTTP/1.1 200 OK Content-Type: text/html <html> <head> <title>Speakerinnen*-Liste</title>

    </head> </html>

13. request vs response VERB path HTTP/1.1 HTTP/1.1 code description Header:

    Value Header: Value ... ... Body (if there is one) Body (if there is one)

14. Resources 4 identified by host and path 4 allow multiple

    operations 4 can have multiple representations speakerinnen.org/de/sign_up

15. HTTP methods

16. GET 4 Request a resource in its current state. 4

    The standard operation. 4 Request does not include a body. 4 Request is safe (and idempotent).

17. Safe? Idempotent? Resource state? What??

18. Resource state 4 Representations, headers and availability associated with a

    resource. 4 /de/sign_up exists, is accessible, and has an HTML page with a form as its representation.

19. Safe requests 4 Safe requests do not change the state

    of a resource. 4 HTTP client does not need to ask the user for permission to perform request.

20. Idempotent requests 4 The resource state will be the same

    after performing the request once or multiple times. 4 HTTP client does not need to ask the user for permission to repeat the request.

21. Non-idempotent requests 4 Can't be sure about the resource state

    after multiple requests. 4 HTTP client should always ask the user for confirmation.
22. None

23. GET 4 Request a resource in its current state. 4

    The standard operation. 4 Request does not include a body. 4 Request is safe (and idempotent).

24. HEAD 4 Same as GET, but there wont be a

    response body. 4 Useful if you only care about the headers. 4 Request is safe (and idempotent).

25. POST 4 "Do something dangerous." 4 Default for requests that

    change something. 4 Used for creating a new speakerinnen. 4 Unsafe and non-idempotent.

26. <!-- in the /de/sign_up HTML representaion --> <form action="/de/profiles" method="post">

    <input name="profile[email]" /> <input name="profile[password]" type="password" /> <input type="submit" value="Registrieren" /> </form>

27. POST /de/profiles HTTP/1.1 Content-Type: application/x-www-form-urlencoded Content-Length: 49 profile[email]=me@rkh.im&profile[password]=abc123

28. PUT 4 Writing a resource to a given path. 4

    Often used for uploads. 4 Unsafe, but idempotent (yay).

29. Other HTTP methods 4 DELETE: Remove a resource, idempotent. 4

    OPTIONS: Learn about available methods and representations for a resource, safe. 4 PATCH: Update a resource from a partial representation, non-idempotent. 4 LINK and UNLINK: Create or destroy relations between resources, idempotent.
30. None

31. Response Status 4 1xx - informational 4 2xx - success

    4 3xx - redirection 4 4xx - client error 4 5xx - server error

32. If you don't know status xyz, treat it like x00.

33. Examples 4 303 See Other 4 403 Forbidden 4 404

    File Not Found 4 405 Method Not Allowed 4 418 I'm a Teapot 4 500 Internal Server Error

34. Headers

35. Common request headers 4 Host: Domain name in URI. 4

    User-Agent: Client software used. 4 Referer[sic]: Page user was on before.

36. Safari on iPad User-Agent: Mozilla/5.0 (iPad; U; CPU OS 3_2_1

    like Mac OS X; en-us) AppleWebKit/ 531.21.10 (KHTML, like Gecko) Mobile/ 7B405
37. None

38. Common response headers 4 Server: Server software used. 4 Last-Modified:

    The last time the resource state has changed.

39. Representations

40. The "file type" of the response or request body.

41. We have seen two so far 4 text/html 4 application/x-www-form-urlencoded

42. Other examples 4 image/gif, image/png, image/jpeg 4 text/plain, text/css, text/x-script.ruby

    4 application/javascript, application/ json

43. A resource can have multiple representations But we need to

    tell it which one we want

44. We want a PNG image GET /resource HTTP/1.1 Host: example.org

    Accept: image/png Server gives us PNG image HTTP/1.1 200 OK Content-Type: image/png [ png data ]

45. We want a PNG image GET /resource HTTP/1.1 Host: example.org

    Accept: image/png Resource doesn't have a PNG representation HTTP/1.1 406 Not Acceptable Content-Type: text/plain No PNG, sorry.

46. We want any kind of image GET /resource HTTP/1.1 Host:

    example.org Accept: image/* Server gives us PNG image HTTP/1.1 200 OK Content-Type: image/png [ png data ]

47. We want a PNG or GIF image (but prefer PNG)

    GET /resource HTTP/1.1 Host: example.org Accept: image/png; q=1.0,image/gif; q=0.5 Server gives us PNG image HTTP/1.1 200 OK Content-Type: image/png [ png data ]

48. The same works for language. GET /resource HTTP/1.1 Host: example.org

    Accept-Language: en, de

49. Cookies

50. HTTP is stateless. Cookies are a way to attach state.

51. HTTP/1.1 200 OK Set-Cookie: mycookie=foobar; HttpOnly Content-Type: text/plain Just gave

    you a cookie!

52. GET /somepage HTTP/1.1 Host: example.org Cookie: mycookie=foobar

53. get '/' do name = session[:name] "Hello #{ name }!"

    end
54. None
55. None

56. Thank You!