Skip to content

Latest commit

 

History

History
65 lines (49 loc) · 6.38 KB

File metadata and controls

65 lines (49 loc) · 6.38 KB

1.3 HTTP/HTTPS

HTTP (Hypertext Transfer Protocol):

  • HTTP is an application layer protocol used for transmitting hypermedia documents, such as HTML files, over the internet. It follows a client-server model, where clients (e.g., web browsers) send requests to servers (e.g., web servers) to retrieve or manipulate resources.
  • HTTP operates over TCP/IP (Transmission Control Protocol/Internet Protocol), typically using port 80 for unencrypted communication and port 443 for encrypted communication (HTTPS).
  • It is stateless, meaning each request from a client is independent and not related to previous requests. However, mechanisms like cookies and session management can be used to maintain state across multiple requests.
  • HTTP/1.1, the widely used version of the HTTP protocol, introduced features like persistent connections, pipelining, and chunked transfer encoding to enhance performance and efficiency. It standardized the Host header for distinguishing between virtual hosts on a server, supported range requests for fetching specific segments of resources, and implemented cache control mechanisms for optimizing resource delivery.

HTTP Request

  • An HTTP request is composed of several components:

    • Request Line: Includes the HTTP method (e.g., GET, POST), the requested URI (Uniform Resource Identifier), and the HTTP version (e.g., HTTP/1.1).
    • Request Headers: Additional metadata sent along with the request, such as user-agent (identifying the client software), accept (supported content types), content-type (type of data in the request body), and cookies.
    • Request Body: Optional data sent with the request, typically used in POST, PUT, or PATCH requests to transmit form data, JSON, XML, or binary payloads.
  • Example HTTP request:

    GET /index.html HTTP/1.1
    Host: example.com
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.102 Safari/537.36
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8

HTTP Response

  • An HTTP response consists of the following components:

    • Status Line: Contains the HTTP version, a status code indicating the outcome of the request (e.g., 200 OK, 404 Not Found), and a status message.
    • Response Headers: Additional metadata about the response, such as content type, content length, caching directives, and cookies.
    • Response Body: The actual content sent back to the client, such as HTML, JSON, XML, or binary data.
  • Example HTTP response:

    phpCopy codeHTTP/1.1 200 OK
    Content-Type: text/html
    Content-Length: 1234
    
    <!DOCTYPE html>
    <html>
    <head>
    <title>Example</title>
    </head>
    <body>
    <h1>Hello, World!</h1>
    </body>
    </html>

Status codes

https://itnext.io/api-calls-and-http-status-codes-e0240f78f585?gi=d8fcf9ba557f

Status CodeStatus TextMeaning
200OKThe request has succeeded.
201CreatedThe request has been fulfilled and a new resource has been created.
204No ContentThe server successfully processed the request, but there is no content to return.
301Moved PermanentlyThe requested resource has been permanently moved to a new location.
302FoundThe requested resource has been temporarily moved to a different location.
400Bad RequestThe server cannot process the request due to client error (e.g., malformed request syntax).
401UnauthorizedThe request requires authentication, but the client has not provided valid credentials.
403ForbiddenThe server understood the request, but refuses to authorize it.
404Not FoundThe requested resource could not be found on the server.
405Method Not AllowedThe request method is not supported for the requested resource.
500Internal Server ErrorThe server encountered an unexpected condition that prevented it from fulfilling the request.
502Bad GatewayThe server received an invalid response from an upstream server.
503Service UnavailableThe server is currently unable to handle the request due to temporary overload or maintenance.
504Gateway TimeoutThe server did not receive a timely response from an upstream server while acting as a gateway or proxy.

HTTPS (Hypertext Transfer Protocol Secure)

https://www.javatpoint.com/http-vs-https

  • HTTPS is an extension of HTTP that adds encryption and secure communication protocols (SSL/TLS) to ensure the confidentiality, integrity, and authenticity of data exchanged between the client and server.
  • It encrypts the data transmitted over the network, preventing eavesdropping and man-in-the-middle attacks.
  • HTTPS uses SSL/TLS certificates to establish a secure connection between the client and server, providing authentication and encryption of data in transit.
  • URLs using HTTPS start with "https://" instead of "http://", and browsers display a padlock icon to indicate a secure connection.
  • HTTPS typically operates over port 443, and secure connections are established through a process called SSL/TLS handshake, where the client and server exchange cryptographic keys to encrypt data transmission.

HTTP is a protocol used for communication between clients and servers, where clients send requests to servers, and servers respond with appropriate responses. HTTPS adds security to HTTP by encrypting data transmission using SSL/TLS encryption protocols, but all them aren't immune by threats, with encryption we can prevent man in the middle attack, but not most common like as SQLi, XSS and many others.