HTTP Messages

1
HTTP Messages

• Herng-Yow Chen

2
Outline

• The flow of messages
• The parts of a message
• The various methods that request message support
• The various status codes that are returned with
  response message
• What the various headers do

3
Messages Commute to Server
Inbound (to server)
GET /index.html http/1.0
proxy1
proxy2
proxy3
client
HTTP/1.0 200 ok Content-type text/html
server
Outbound (to user agent)
4
All messages flow downstream
Request (flowing downstream)
proxy1
client
proxy2
proxy3
No messages ever go upstream
server
proxy3
proxy2
Response (flowing downstream)
proxy1
client
5
The Parts of a Message
client
server
6
Request Message Syntax

• ltmethodgt ltrequest-URLgt ltversiongt
• ltheadersgt
• ltentity-bodygt

7
Response Message Syntax

• ltversiongt ltstatusgt ltreason-phrasegt
• ltheadersgt
• ltentity-bodygt
• Note that version numbers are not treated as
  fractional numbers. That is, HTTP/1.22 is higher
  version than HTTP/1.3.

8
Message Syntax
HTTP request message contains The command and the
URI
GET /pics/hychen.jpg HTTP/1.0 Host
www.csie.ncnu.edu.tw
Internet
HTTP/1.0 200 OK Content-type
image/jpeg Content-length 12345
www.csie.ncnu.edu.tw
HTTP response message contains The result of the
transaction
9
Message Syntax
(b)Response message
(a)Request message
HTTP/1.0 200 ok
GET /test/hi-here.txt HTTP/1.1
Start line
Content-type text/plain Content-length 19
Accept text/ Host www.csie.ncnu.edu.tw
Headers
Hi! Im a message!
Body
10
Common HTTP method

• Method Message body?
• GET No
• HEAD No
• POST Yes
• PUT Yes
• TRACE No
• OPTIONS No
• DELETE NO

11
Status code

• Overall range Define range Category
• 100-199 100-101 informational
• 200-299 200-206 successful
• 300-399 300-305 redirection
• 400-499 400-415 client error
• 500-599 500-505 server error
• Common status codes
• 200 OK
• 401 Unauthorized
• 404 Not found

12
Headers

• HTTP head field adds additional information to
  request and response messages. They are basically
  just lists of name/value pairs.
• HTTP specification defines several header fields.
  Applications also are free to invent their own
  home-brewed headers.
• Each HTTP has a simple syntaxa name, followed
  by a colon (), followed by optional whitespace,
  followed by field value, followed by CRLF.

13
Header classification

• General headers
• Can appear in both request and response message
• Request headers
• Provide more information about the request
• Response headers
• Provide more information about the response
• Entity headers
• Describe body size and contents, or the resource
  itself
• Extension headers
• New headers that are not defined in the
  specification

14
Common header examples

• Header example
• Date Tue, 3 Oct 1997 021603 GMT
• Content-length 15040
• Content-type image/gif
• Accept image/gif, image/jpeg, text/html
• Header continuation lines
• Long header lines can be made more readable by
  breaking them into multiple lines, preceding each
  extra line with at least one space or tab
  character. For example,
• Server Test Server Version 1.0

15
Entity bodies

• The third part of an HTTP message is the optional
  entity body. Entity bodies are the payload of the
  HTTP messages.
• HTTP message can carry many kinds of digital
  data images, video, HTML documents, software
  applications, credit card transactions,
  electronic mail, and so on.

16
Version 0.9 Messages
The request contained merely the method and the
request URL, and the response contained only
the entity. No version number, no status code,
no headers were included.
GET /pics/hychen.jpg
No version number
www.csie.ncnu.edu.tw
www.csie.ncnu.edu.tw
17
Methods

• Note that not all methods are implemented by
  every server.
• To be compliant with HTTP/1.1, a server need
  implement only the GET and HEAD methods for its
  resources.
• Even when servers do implement all of these
  common methods (listed in the slide 10), some
  methods such as DELETE and PUT most likely have
  restricted use.
• The restrictions generally are set up in the
  servers configuration, so they vary from site to
  site and from server to server.

18
GET
The most common method. It usually is used to
ask a server to send a resource.
Request message
GET /hychen/index.html HTTP/1.1 Host
www.csie.ncnu.edu.tw Accept
Response message
HTTP/1.1 200 ok Content-Type text/html Content-Le
ngth 617 lthtmlgt ltHEADgtltTITLEgtHome Pagelt/TITLEgt
www.csie.ncnu.edu.tw
19
HEAD
It behaves exactly like the GET method, but
the server returns only the headers in the
response.
Request message
HEAD /hychen/index.html HTTP/1.1 Host
www.csie.ncnu.edu.tw Accept
Response message
HTTP/1.1 200 ok Content-Type text/html Content-Le
ngth 617
www.csie.ncnu.edu.tw
No entity body
20
HEAD

• No entity body is ever returned. This allows a
  client to inspect the headers for a resource
  without having to actually get the resource.
• Using the header, you can
• Find out about a resource (e.g., determine its
  type) without getting it.
• See if an object exists, by looking at the status
  code of the response.
• Test if the resource has been modified, by
  looking at the headers.

21
PUT
The PUT method writes documents to a server, in
the inverse of the way that GET reads documents
from the server.
Request message
PUT /product-list.txt HTTP/1.1 Host
www.csie.ncnu.edu.tw Content-type
text/plain Updated product list coming soon!
www.csie.ncnu.edu.tw
Server updates/creates resource
/product-list.txt and writes it to its disk.
Response message
HTTP/1.1 201 Created Location Http//www.csie.ncn
u.edu.tw/product-list.txt Content-Type
text/plain Content-Length 47 http//www.csie.ncn
u.edu.tw/product-list.txt
22
PUT

• Some publishing systems (e.g. frontpage,
  dreamwaver) let you create web pages in a local
  computer and install them directly on a web
  server via PUT method.
• The semantics of the PUT method are for the
  server to take the body of the request and either
  use it to create a new document named by the
  requested URL, or, if that URL already exists,
  use the body to replace it.
• Because PUT allows you to change content, many
  web servers require you to log in with a password
  before you can perform a PUT.

23
POST

• PUT is used to deposit data into a resource on
  the server (e.g., a file).
• In comparison, the POST method was designed to
  send input data to the server.
• In practice, it is used to support HTML forms.
  The data from a filled-in form typically is sent
  to a server gateway program to process it.

24
POST
Browser sticks data in entity body of message
Request message
POST /check.cgi HTTP/1.1 Host www.csie.ncnu.edu.t
w Content-Type text/plain Content-Length
18 itembandsaw 2647
YES!
www.csie.ncnu.edu.tw
CGI program
Response message
itembandsaw 2647
HTTP/1.1 200 OK Content-type text/plain Context-l
enght 37 The bandsaw model 2647 is in stock!
Inventory check
Inventory list
25
TRACE

• When a client makes a request, that request may
  have to travel through firewalls, proxies,
  gateways, or other applications. Each of these
  has the opportunity to modify the original HTTP
  request.
• The TRACE method allows clients to see how its
  request looks when it finally makes it to the
  server.
• The TRACE method is used primarily for
  diagnostics i.e., verifying that requests are
  going through the request/response chain as
  intended.

26
TRACE
TRACE /product-list.txt HTTP/1.1 Host
www.csie.ncnu.edu.tw Accept Via1.1
proxy.ncnu.edu.tw
Request message
TRACE /product-list.txt HTTP/1.1 Accept Host
www.csie.ncnu.edu.tw
Proxy
www.csie.ncnu.edu.tw
Response message
HTTP/1.1 200 OK Content-type text/plain Content-l
ength 96 Via1.1 proxy.ncnu.edu.tw TRACE
/product-list.txt HTTP/1.1 Host
www.csie.ncnu.edu.tw Accept Via 1.1
proxy.ncnu.edu.tw
HTTP/1.1 200 OK Content-type text/plain Content-l
ength 96 TRACE /product-list.txt HTTP/1.1 Host
www.csie.ncnu.edu.tw Accept Via 1.1
proxy.ncnu.edu.tw
27
OPTIONS

• The OPTIONS method asks the server tell us about
  the various supported capabilities of the web
  server.
• Some servers may support particular operations on
  on particular kinds of objects.

28
OPTIONS
Since the request is for options on all
resources, the server just returns the methods it
supports for its resources.
Request message
OPTIONS HTTP/1.1 Host www.csie.ncnu.edu.tw Acc
ept
Response message
www.csie.ncnu.edu.tw
HTTP/1.1 200 OK Allow GET, POST, PUT,
OPTIONS Context-length 0
29
DELETE

• The DELETE method asks the server to delete the
  resource specified by the requested URL.
• However, the client application is not guaranteed
  that the delete is carried out. This is because
  the HTTP specification allows the server to
  override the request without telling the client.

30
DELETE
Request message
File product-list.txt removed from servers disk
DELETE /product-list.txt HTTP/1.1 Host
www.csie.ncnu.edu.tw
www.csie.ncnu.edu.tw
Response message
HTTP/1.1 200 OK Content-Type text/plain Content-L
ength 54 I have your delete request, will take
time to process.
31
Extension Methods

• HTTP was designed to be field-extensible, so new
  features wouldnt cause older software to fail.
• Extension Methods are method that are not defined
  in HTTP/1.1 specification.
• They provide developers with a means of extending
  the capabilities of the HTTP services their
  servers implement on the resources that the
  servers manage.

32
WebDAV HTTP extension

• Method Description
• LOCK Allows a user to lock a resource
  for example, you could lock a
  resource while you are editing it
• MKCOL Allows a user to create a resource
• COPY Facilitates copying resources on a server
• MOVE Moves a resource on a server

33
Status Codes

• 100-199 Informational Status Code
• Status Code Reason Phrase
• 100 Continue
• 101 Switching Protocols

34
200-299 success status code

• Status Code Reason Phrase
• 200 OK
• 201 Created
• 202 Accepted
• 203 Not-Authoritative Information
• 204 Not Content
• 205 Reset Content
• 206 Partial Content

35
300-399 Redirection Status Code

• Status code Reason Phrase
• 300 Multiple Choices
• 301 Moved Permanently
• 302 Found
• 303 See other
• 304 Not Modified
• 305 Use Proxy
• 306 (Unused)
• 307 Temporary Redirect

36
300-399Redirection Status Codes
Request message
Get /pet-products.txt HTTP/1.1 Host
www.csie.ncnu.edu.tw Accept
Response message
HTTP/1.1 301 OK Location http//english.csie.ncnu
.edu.tw Content-length 56 Content-type
text/plain Please go to our partner
site, English.csie.ncnu.edu.tw
www.csie.ncnu.edu.tw
Request message
Get / HTTP/1.1 Host english.csie.ncnu.edu.tw Acce
pt
Response message
english.csie.ncnu.edu.tw
HTTP/1.1 200 OK Content-type text/html Content-le
ngth 3307
37
300-399Redirection Status Codes (cont.)
Request message
Get /m_faculty.html HTTP/1.1 Host
www.csie.ncnu.edu.tw Accept If-Modified-Since
Wed, Sept. 3 2003 021600 GMT
Response message
Client has previously requested copy
of http//www.csie.ncnu.edu.tw/m_faculty.html
www.csie.ncnu.edu.tw
HTTP/1.1 304 Not Modified
Has not changed
Browswe displays local copy, since the original
has not changed since we last requested it
38
400-499 Client Errors Status Codes

• Status Code Reason Phrase
• 400 Bad Request
• 401 Unauthorized
• 402 Payment Requested
• 403 Forbidden
• 404 Not Found
• 405 Method Not Allowed
• 406 Not Acceptable
• 407 Proxy Authentication Required
• 408 Request Timeout
• 409 Conflict

39
400-499 Client Errors Status Codes

• Status Code Reason Phrase
• 410 Gone
• 411 Length Required
• 412 Precondition Failed
• 413 Request Entity Too Large
• 414 Request URI Too Long
• 415 Unsupported Media Type
• 416 Requested Range Not Satisfiable
• 417 Expectation Failed

40
500-599 Server Error

• Status Code Reason Phrase
• 500 Internal Server Error
• 501 Not Implemented
• 502 Bad Gateway
• 503 Service Unavailable
• 504 Gateway Timeout
• 505 HTTP Version Not Supported

41
Headers

• General headers
• E.g., Date Tue, 3 Oct 2003 021600 GMT
• Request headers
• E.g., Accept /
• Response headers
• E.g., Server Apache/1.3
• Entity headers
• E.g., Content-Type text/html charsetiso-latin-1
  
• Extension headers

42
General Headers

• Header Description
• Connection Allow clients and servers to
  specify options about the request/response
  connection
• Date
• MIME-Version
• Trailer List the set of headers that are in
  the trailer of a message encoded with
  the chunked transfer encoding
• Transfer-Encoding
• Upgrade
• Via

43
General caching headers

• Header Description
• Cache-Control Used to pass caching directions
  along with the message
• Progma Another way to pass direction along
  the message, though not specific caching

44
Request Headers

• Header Description
• Client-IP
• From
• Host
• Referer
• UA-Color
• UA-CPU
• UA-Disp
• UA-OS
• UA-Pixels
• User-Agent

45
Accept Headers

• Header Description
• Accept what media types
• Accept-Charset
• Accept-Encoding
• Accept-Language
• TE what extension transfer codings are
  okay to use

46
Conditional requester headers

• Header Description
• Expect
• If-Match
• If-Modified-Since
• If-None-Match
• If-Range
• If-Unmodified-Since
• Range

47
Request security headers

• Header Description
• Authorization
• Cookie
• Cookie2

48
Proxy request headers

• Header Description
• Max-Forwards
• Proxy-Authorization
• Proxy-Connection

49
Response headers

• Header Description
• Age
• Public
• Retry-After
• Server
• Title
• Warning

50
Negotiation headers

• Header Description
• Accept-Ranges
• Vary

51
Response security headers

• Header Description
• Proxy-Authenticate
• Set-Cookie
• Set-Cookie2
• WWW-Authenticate

52
Entity Headers

• Header Description
• Content-Base
• Content-Encoding
• Content-Language
• Content-Length
• Content-Location
• Content-MD5
• Content-Range
• Content-Type

53
Entity caching headers

• Header Description
• ETag
• Expires
• Last-Modified

54
HTTP protocol information

• http//www.w3.org/Protocols/
• The W3C architecture page for HTTP.
• http//www.ietf.org/rfc/rfc2621.txt
• RFC 2616, Hypertext Transfer Protocol-
  HTTP/1.1, is the official specification for
  HTTP/1.1, the current version of the HTTP
  protocol.