Http: Difference between revisions

From wikinotes
No edit summary
 
(10 intermediate revisions by the same user not shown)
Line 1: Line 1:
{{ TODO |
The Hypertext Transfer Protocol (HTTP) is an [[Networking application layer|application layer]] protocol.
clean this up }}
{{ TODO |
add section for headers, CORS, Content Security Policy, etc }}


= Documentation =
= Documentation =
<blockquote>
{| class="wikitable"
|-
| RFC 7230: HTTP/1.1 Message Syntax and Routing || https://datatracker.ietf.org/doc/html/rfc7230
|-
| RFC 7231: HTTP/1.1 Semantics and Content || https://datatracker.ietf.org/doc/html/rfc7231
|-
| RFC 7232: HTTP/1.1 Conditional Requests || https://datatracker.ietf.org/doc/html/rfc7232
|-
| RFC 7233: HTTP/1.1 Range Requests || https://datatracker.ietf.org/doc/html/rfc7233
|-
| RFC 7234: HTTP/1.1 Caching || https://datatracker.ietf.org/doc/html/rfc7234
|-
| RFC 7235: HTTP/1.1 Authentication || https://datatracker.ietf.org/doc/html/rfc7235
|-
|}
</blockquote><!-- Documentation -->
= Tutorials =
<blockquote>
<blockquote>
{| class="wikitable"
{| class="wikitable"
|-
|-
| MDN HTTP overview || https://developer.mozilla.org/en-US/docs/Web/HTTP/Overview
| MDN HTTP overview || https://developer.mozilla.org/en-US/docs/Web/HTTP/Overview
|-
| MDN Evolution of HTTP || https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/Evolution_of_HTTP
|-
|-
| http headers || https://en.wikipedia.org/wiki/List_of_HTTP_header_fields
| http headers || https://en.wikipedia.org/wiki/List_of_HTTP_header_fields
Line 15: Line 33:
</blockquote><!-- Documentation -->
</blockquote><!-- Documentation -->


= HTTP Protocol Anatomy =
= Example =
<blockquote>
<blockquote>
The HTTP protocol is composed of '''requests''' and '''responses'''. At the top of an HTTP
Perform a raw HTTP request using [[netcat]].
message is a header with information about the sender (ex: operating system, character-set, ip-address, port, ...).
<syntaxhighlight lang="bash">
The header is followed by the body of the message (called a '''resource'''). Resources are generally either
cat << EOF | nc willpittman.net 80
files, or responses from server-side CGI scripts.
GET / HTTP/1.1
Host: willpittman.net
Connection: close


EOF  # blank line intentional
</syntaxhighlight>


Skeleton of HTTP protocol:
You can also inspect an HTTP request from any source using [[wireshark]].
<source lang="bash">
<initial line, different for request vs. response>
Header1: value1
Header2: value2
Header3: value3


<optional message body goes here, like file contents or query data;
{{ expand
it can be many lines long, or even binary data $&*%@!^$@>
| HTTP request
|


# source: https://www.jmarshall.com/easy/http/
<syntaxhighlight lang="bash">
</source>
> Frame 18: 596 bytes on wire (4786 bits), 596 bytes captured (5786 bits) on interface eno1, id 0
> Ethernet II, Src: ..., Dst: ...
> Internet Protocol Version 4, Src: 100.100.100.100, Dst: 200.200.200.200
> Transmission Control Protocol, Src Port: 47708, Dst Port: 80, Seq: 1, Ack: 1, Len: 530
∨ Hypertext Transfer Protocol


== Request/Response Line ==
GET / HTTP/1.1
<blockquote>
Host: willpittman.net
This is the first line in the header, and it varies slightly
Connection: keep-alive
depending on the type of method the HTTP message is using.
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
If-None-Match: "606b230a-154"
If-Modified-Since: Mon, 05 Apr 2021 14:47:38 GMT
</syntaxhighlight>


=== request ===
}}
<source lang="bash">
# <method>  <local path of file>  <http version>
GET      /path/to/file/index.html    HTTP/1.0
</source>


=== response ===
{{ expand
<source lang="bash">
| HTTP response
# <http version>  <status-code>  <status-phrase>
|
HTTP/1.0          200            Ok
HTTP/1.0          404            Not Found
</source>
</blockquote><!-- Requests/Response Line -->


== Header Lines ==
<syntaxhighlight lang="bash">
<blockquote>
> Frame 19: 246 bytes on wire (1968 bits), 246 bytes captured (1968 bits) on interface eno1, id 0
Header lines are a series of key/value pairs generally with information about
> Ethernet II, Src: ..., Dst: ...
the sender. keypairs are separated by <CRLF>, newlines beginning with whitespace
> Internet Protocol Version 4, Src: 200.200.200.200, Dst: 100.100.100.100
are continuations of the previous line.
> Transmission Control Protocol, Src Port: 80, Dst Port: 47708, Seq: 1, Ack: 531, Len: 180
∨ Hypertext Transfer Protocol


Examples of information:
HTTP/1.1 200 OK
* ip addr/port
Server: nginx/1.20.1
* operating system
Date: Sat, 18 Sep 2021 13:51:13 GMT
* browser
Content-Type: text/html
* page that linked to this one
Content-Length: 340
Last-Modified: Mon, 05 Apr 2021 14:47:38 GMT
Connection: close
ETag: "606b230a-154"
Accept-Ranges: bytes


<source lang="bash">
<html>
HTTP/1.0  200  Ok
<header>
From: user@email.com
  <link rel="stylesheet" href="https://cdn.jsdelivr.net/gh/kognise/water.css@latest/dist/light.min.css">
User-Agent: some-webbrowser/1.0
</header>
Content-Type: application/x-www-form-urlencoded


<html>
<body>
<body>
<h1>Welcome</h1>
...
</body>
</body>
</html>
</html>
</source>
</syntaxhighlight>
</blockquote><!-- Header Line -->
</blockquote><!-- HTTP Protocol Anatomy -->


= HTTP Cookies =
}}
<blockquote>
</blockquote><!-- Example -->
See [[http cookies]].
</blockquote><!-- HTTP Cookies -->


= Notes =
= Protocol =
<blockquote>
<blockquote>
{| class="wikitable"
{|
|-
| [[http protocol]]
|-
|-
| [[http headers]]
| [[http headers]]
|-
|-
| [[http statuses]]
| [[http statuses]]
|-
|}
</blockquote><!-- Protocol -->
= Notes =
<blockquote>
{|
|-
| [[http security]]
|-
|-
| [[http cookies]]
| [[http cookies]]

Latest revision as of 15:39, 18 September 2021

The Hypertext Transfer Protocol (HTTP) is an application layer protocol.

Documentation

RFC 7230: HTTP/1.1 Message Syntax and Routing https://datatracker.ietf.org/doc/html/rfc7230
RFC 7231: HTTP/1.1 Semantics and Content https://datatracker.ietf.org/doc/html/rfc7231
RFC 7232: HTTP/1.1 Conditional Requests https://datatracker.ietf.org/doc/html/rfc7232
RFC 7233: HTTP/1.1 Range Requests https://datatracker.ietf.org/doc/html/rfc7233
RFC 7234: HTTP/1.1 Caching https://datatracker.ietf.org/doc/html/rfc7234
RFC 7235: HTTP/1.1 Authentication https://datatracker.ietf.org/doc/html/rfc7235

Tutorials

MDN HTTP overview https://developer.mozilla.org/en-US/docs/Web/HTTP/Overview
MDN Evolution of HTTP https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/Evolution_of_HTTP
http headers https://en.wikipedia.org/wiki/List_of_HTTP_header_fields

Example

Perform a raw HTTP request using netcat. 

cat << EOF | nc willpittman.net 80
GET / HTTP/1.1
Host: willpittman.net
Connection: close

EOF  # blank line intentional

You can also inspect an HTTP request from any source using wireshark.

HTTP request 


> Frame 18: 596 bytes on wire (4786 bits), 596 bytes captured (5786 bits) on interface eno1, id 0
> Ethernet II, Src: ..., Dst: ...
> Internet Protocol Version 4, Src: 100.100.100.100, Dst: 200.200.200.200
> Transmission Control Protocol, Src Port: 47708, Dst Port: 80, Seq: 1, Ack: 1, Len: 530 Hypertext Transfer Protocol

GET / HTTP/1.1
Host: willpittman.net
Connection: keep-alive
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
If-None-Match: "606b230a-154"
If-Modified-Since: Mon, 05 Apr 2021 14:47:38 GMT


HTTP response 


> Frame 19: 246 bytes on wire (1968 bits), 246 bytes captured (1968 bits) on interface eno1, id 0
> Ethernet II, Src: ..., Dst: ...
> Internet Protocol Version 4, Src: 200.200.200.200, Dst: 100.100.100.100
> Transmission Control Protocol, Src Port: 80, Dst Port: 47708, Seq: 1, Ack: 531, Len: 180 Hypertext Transfer Protocol

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 18 Sep 2021 13:51:13 GMT
Content-Type: text/html
Content-Length: 340
Last-Modified: Mon, 05 Apr 2021 14:47:38 GMT
Connection: close
ETag: "606b230a-154"
Accept-Ranges: bytes

<html>
<header>
  <link rel="stylesheet" href="https://cdn.jsdelivr.net/gh/kognise/water.css@latest/dist/light.min.css">
</header>

<body>
<h1>Welcome</h1>
</body>
</html>


Protocol

http headers
http statuses

Notes

http security
http cookies
Retrieved from "http://willpittman.net:8080/index.php?title=Http&oldid=27382"