HTTP
Versions
| Version | Description |
|---|---|
| HTTP0.9 | 只有GET方法/没有headers |
| HTTP1.0 | 一个TCP连接只能发送一�个HTTP请求 |
| HTTP1.1 | Connection: Keep-Alive/Connection: Pipeline |
| SPDY→HTTP2 | Binary Framing(二进制分帧)/Multiplexing(多路复用)/Header Compression(头部压缩)/Server Push(服务器推送) |
| QUIC→HTTP3 | UDP |
Protocol
Format
# Request
Method PATH HTTP/Version
Headers
Body
# Response
HTTP/Version Status Code
Headers
Body
Request Methods
| Name | Type | Description |
|---|---|---|
| Connect | hop-by-hop | |
| DELETE | end-to-end | |
| GET | end-to-end | |
| HEAD | end-to-end | |
| OPTIONS | end-to-end | |
| PATCH | end-to-end | |
| POST | end-to-end | |
| PUT | end-to-end | |
| TRACE | end-to-end |
Response Status Code
| Code | Name | Status | Description |
|---|---|---|---|
| 100 | Continue | ||
| 101 | Switching Protocol | ||
| 102 | Processing | Deprecated | |
| 103 | Early Hints | Experimental | |
| 200 | OK | ||
| 201 | Created | ||
| 202 | Accepted | ||
| 203 | Non-Authoritative Information | ||
| 204 | No Content | ||
| 205 | Reset Content | ||
| 206 | Partial Content | ||
| 207 | Multi-Status | WebDAV | |
| 208 | Already Reported | WebDAV | |
| 226 | IM Used | ||
| 300 | Multiple Choices | ||
| 301 | Moved Permanently | ||
| 302 | Found | ||
| 303 | See Other | ||
| 304 | Not Modified | ||
| 307 | Temporary Redirect | ||
| 308 | Permanent Redirect | ||
| 400 | Bad Request | ||
| 401 | Unauthorized | ||
| 402 | Payment Required | ||
| 403 | Forbidden | ||
| 404 | Not Found | ||
| 405 | Method Not Allowed | ||
| 406 | Not Acceptable | ||
| 407 | Proxy Authentication | ||
| 408 | Request Timeout | ||
| 409 | Conflict | ||
| 410 | Gone | ||
| 411 | Lenght Required | ||
| 412 | Precondition Failed | ||
| 413 | Content Too Large | ||
| 414 | URI Too Long | ||
| 415 | Unsupported Media Type | ||
| 416 | Range Not Satisfiable | ||
| 417 | Expectation Failed | ||
| 418 | I’m a teapot | ||
| 421 | Misdirected Request | ||
| 422 | Unprocessable Content | ||
| 423 | Locked | ||
| 424 | Failed Dependency | ||
| 425 | Too Early | ||
| 426 | Upgrade Required | ||
| 428 | Precondition Required | ||
| 429 | Too Many Requests | ||
| 431 | Request Header Field Too Large | ||
| 451 | Unavailable For Legal Reasons | ||
| 500 | Internal Server Error | ||
| 501 | Not Implemented | ||
| 502 | Bad Gateway | ||
| 503 | Service Unavailable | ||
| 504 | Gateway Timeout | ||
| 505 | HTTP Version Not Supported | ||
| 506 | Variant Also Negotiates | ||
| 507 | Insufficient Storage | ||
| 508 | Loop Detected | ||
| 510 | Not Extended | ||
| 511 | Network Authentication Required |
Headers
| Name | Type | End/Hop | Status | Description |
|---|---|---|---|---|
| Accept | Request | |||
| Accept-CH | Request | 只在HTTPS可用 | ||
| Accept-CH-Lifetime | Request | Deprecated | ||
| Accept-Charset | Do not use this header. Browsers omit this header and servers should ignore it | |||
| Accept-Encoding | ||||
| Accept-Language | ||||
| Accept-Patch | ||||
| Accept-Post | ||||
| Accept-Ranges | ||||
| Access-Control-Allow-Credentials | ||||
| Access-Control-Allow-Headers | ||||
| Access-Control-Allow-Methods | ||||
| Access-Control-Allow-Origin | ||||
| Access-Control-Expose-Headers | ||||
| Access-Control-Max-Age | ||||
| Access-Control-Request-Headers | ||||
| Access-Control-Request-Method | ||||
| Age | ||||
| Allow | ||||
| Alt-Svc | ||||
| Authorization | ||||
| Cache-Control | ||||
| Clear-Site-Data | ||||
| Connection | ||||
Security
SOP
- Include
- XMLHttpRequest(JavaScript)
- iframe DOM
- Cookie/LocalStorage/IndexDB
- Exclude
- script(jsonp)
- img
- style
CORS
-
CORS
-
postMessage(DOM Cross Origin:iframe)
# Send
var target = window.open('https://example.com');
target.postMessaget('Post Message');
# Receive
window.addEventListener("message", receiveMessage, false); -
JSONP
-
document.domain
-
location.hash
CSP
Client
Server
Interface
| Language | Interface |
|---|---|
| Python | WSGI/ASGI |
| Ruby | Rack |
| Php | mod_php/PHP-FPM |
| CGI | |
| FastCGI |