"HTTP" stands for HyperText Transfer Protocol. Remember, networking protocols are just a set of rules that determine how data is being transferred between different devices on a network. HTTP is the set of rules used for communicating with web servers to retrieve web page data. (HTML, Images, Photos, etc.)
"HTTPS" is the secure version of HTTP. (Hence the "S".) HTTPS data is encrypted so it can stop any third parties from seeing any data you may send/receive. It also confirms that you're interacting with the correct server and not someone impersonating it. (Hacker.)
When you access a website, your internet browser will need to make a request to a web server for assets such as images & video and downloads the responses. Before this occurs, you must tell the browser how & where to access these resources. This is the reason we have URL's.
URL - Uniform Resource Locator
Simply put, a URL is a set of instructions on how to access a resource on the internet. The image below shows all of it's different features.
Scheme: This instructs on what protocol to use for accessing the resource such as HTTP, HTTPS, FTP (File Transfer Protocol).
User: Some services require authentication to log in, you can put a username and password into the URL to log in.
Host: The domain name or IP address of the server you wish to access.
Port: The Port that you are going to connect to, usually 80 for HTTP and 443 for HTTPS, but this can be hosted on any port between 1 - 65535.
Path: The file name or location of the resource you are trying to access.
Query String: Extra bits of information that can be sent to the requested path. For example, /blog?id=1 would tell the blog path that you wish to receive the blog article with the id of 1.
Fragment: This is a reference to a location on the actual page requested. This is commonly used for pages with long content and can have a certain part of the page directly linked to it, so it is viewable to the user as soon as they access the page.
HTTP Requests
It's possible to make a request to a webserver with one line of data. - "GET / HTTP/1.1"
However, in order to enrich our web surfing experience, we need to request other data as well. This data is transmitted in what are called "Headers."
Example:
GET / HTTP/1.1
Host: SudoJvck.com User-Agent: Mozilla/5.0 Firefox/87.0 Referer: https://SudoJvck.com/
Line 1: This request is sending the GET method, request the home page with / and telling the web server we are using HTTP protocol version 1.1.
Line 2: We tell the web server we want the website SudoJvck.com
Line 3: We tell the web server we are using the Firefox version 87 Browser
Line 4: We are telling the web server that the web page that referred us to this one is https://SudoJvck.com
Line 5: HTTP requests always end with a blank line to inform the web server that the request has finished.
Here is the response from the web server:
HTTP/1.1 200 OK
Server: nginx/1.15.8 Date: Fri, 09 Apr 2021 13:34:03 GMT Content-Type: text/html Content-Length: 98
<html>
<head>
<title>SudoJvck</title>
</head>
<body> Welcome To SudoJvck.com </body>
</html>
Line 1: HTTP 1.1 is the version of the HTTP protocol the server is using and then followed by the HTTP Status Code in this case "200 Ok" which tells us the request has completed successfully.
Line 2: This tells us the web server software and version number.
Line 3: The current date, time and time zone of the web server.
Line 4: The Content-Type header tells the client what sort of information is going to be sent, such as HTML, images, videos, pdf, XML.
Line 5: Content-Length tells the client how long the response is, this way we can confirm no data is missing.
Line 6: HTTP response contains a blank line to confirm the end of the HTTP response.
Lines 7-14: The information that has been requested, in this instance the homepage.
HTTP Request Methods
There are a ton of request methods that are used frequently but I've listed the most common below:
GET Request
This is used for getting information from a web server.
POST Request
This is used for submitting data to the web server and potentially creating new records
PUT Request
This is used for submitting data to a web server to update information
DELETE Request
This is used for deleting information/records from a web server.
HTTP Status Codes
In the example above, you can see that when a HTTP server responds. the first line always contains a status code informing the client about the status of the request & how to handle it. These codes have 5 different ranges:
100-199 - Information Response - These are sent to tell the client the first part of their request has been accepted and they should continue sending the rest of their request. These codes are no longer very common.
200-299 - Success - This range of status codes is used to tell the client their request was successful.
300-399 - Redirection - These are used to redirect the client's request to another resource. This can be either to a different webpage or a different website altogether.
400-499 - Client Errors - Used to inform the client that there was an error with their request.
500-599 - Server Errors - This is reserved for errors happening on the server-side and usually indicate quite a major problem with the server handling the request.
As you can see, there are a variety of status codes that can be received. Some applications even create their own. Here are the most common status codes you'll encounter today:
200 - OK - The request was completed successfully.
201 - Created - A resource has been created (for example a new user or new blog post).
301 - Permanent Redirect - This redirects the client's browser to a new webpage or tells search engines that the page has moved somewhere else and to look there instead.
302 - Temporary Redirect - Similar to the above permanent redirect, but as the name suggests, this is only a temporary change and it may change again in the near future.
400 - Bad Request - This tells the browser that something was either wrong or missing in their request. This could sometimes be used if the web server resource that is being requested expected a certain parameter that the client didn't send.
401 - Not Authorized - You are not currently allowed to view this resource until you have authorized with the web application, most commonly with a username and password.
403 - Forbidden - You do not have permission to view this resource whether you are logged in or not.
405 - Method Not Allowed - The resource does not allow this method request, for example, you send a GET request to the resource /create-account when it was expecting a POST request instead.
404 - Page Not Found - The page/resource you requested does not exist.
500 - Internal Service Error - The server has encountered some kind of error with your request that it doesn't know how to handle properly.
503 - Service Unavailable - This server cannot handle your request as it's either overloaded or down for maintenance.
HTTP Headers
Headers are just additional bits of data you can send to a web server while making a request. Headers aren't required when sending a request. However, viewing the response properly will be difficult without them.
Here are some of the common request headers you'll see:
Note: These requests are usually sent by your web browser.
Host: Some web servers host multiple websites so by providing the host headers you can tell it which one you require, otherwise you'll just receive the default website for the server.
User-Agent: This is your browser software and version number, telling the web server your browser software helps it format the website properly for your browser and also some elements of HTML, JavaScript and CSS are only available in certain browsers.
Content-Length: When sending data to a web server such as in a form, the content length tells the web server how much data to expect in the web request. This way the server can ensure it isn't missing any data.
Accept-Encoding: Tells the web server what types of compression methods the browser supports so the data can be made smaller for transmitting over the internet.
Cookie: Data sent to the server to help remember your information (see cookies task for more information).
Here are some common headers you'll see in a web server's response to your request:
Note: These responses are returned to the client from the server.
Set-Cookie: Information to store which gets sent back to the web server on each request (see cookies task for more information).
Cache-Control: How long to store the content of the response in the browser's cache before it requests it again.
Content-Type: This tells the client what type of data is being returned, i.e., HTML, CSS, JavaScript, Images, PDF, Video, etc. Using the content-type header the browser then knows how to process the data.
Content-Encoding: What method has been used to compress the data to make it smaller when sending it over the internet.
Cookies:
A cookie is a snack. (jk)
In all seriousness, a cookie is just a piece of data that is stored on your computer. Cookies are saved when you receive a "Set-Cookie" header from a web server. Every request you make to the server after that will include this cookie. HTTP is "stateless", meaning that it doesn't keep track of your previous requests. Cookies are used to remind the server of who you are, your browser settings or whether or not you've been there before. (or logged in.)
Cookies are mostly used for website authentication. Cookie values aren't usually displayed in clear text, but a token. (A unique code that is extremely difficult to guess.)
Here is a visual example of the cookie process:
Well, that's HTTP in a nutshell. Hope you can use this on your journey.
See you next week.
Comments