HTTP message is the information transaction between the client and server.
Two types of HTTP Message:
1. Requests
a. Client to server
2. Responses
a. Server to client
Fields
· Request line or Response line
· General header
· Request header or Response header
· Entity header
· Entity body
Request Message:
Request Line:
• A request line has three parts, separated by spaces o a method name
o the local path of the requested resource o the version of HTTP being used
• A typical request line is:
o GET /path/to/file/index.html HTTP/1.1
• Notes:
o GET is the most common HTTP method; it says “give me this resource”. Other methods include POST and HEAD. Method names are always uppercase
o The path is the part of the URL after the host name, also called the request URI o The HTTP version always takes the form “HTTP/x.x“, uppercase.
Request Header:
Response Message:
Response Line:
• A request line has three parts, separated by spaces o the HTTP version,
o a response status code that gives the result of the request, and o an English reason phrase describing the status code
• Typical status lines are:
o HTTP/1.0 200 OK or
o HTTP/1.0 404 Not Found
• Notes:
o The HTTP version is in the same format as in the request line, “HTTP/x.x“.
o The status code is meant to be computer-readable; the reason phrase is meant to be human-readable, and may vary.
HTTP Request Header:
EXAMPLE
HTTP Method:
• HTTP method is supplied in the request line and specifies the operation that the client has requested.
Some common methods:
• Options
• Get
• Head
• Post
• Put
• Move
• Delete
Two methods that are mostly used are the GET and POST: o GET for queries that can be safely repeated
o POST for operations that may have side effects (e.g. ordering a book from an on-line store).
The GET Method
• It is used to retrieve information from a specified URI and is assumed to be a safe, repeatable operation by browsers, caches and other HTTP aware components
• Operations have no side effects and GET requests can be re-issued.
• For example, displaying the balance of a bank account has no effect on the account and can be safely repeated.
• Most browsers will allow a user to refresh a page that resulted from a GET, without displaying any kind of warning
• Proxies may automatically retry GET requests if they encounter a temporary network connection problem.
• GET requests is that they can only supply data in the form of parameters encoded in the URI (known as a Query String) – [downside]
Cannot be unused for uploading files or other operations that require large amounts of data to be sent to the server.
The POST Method
• Used for operations that have side effects and cannot be safely repeated.
• For example, transferring money from one bank account to another has side effects and should not be repeated without explicit approval by the user.
If you try to refresh a page in Internet Explorer that resulted from a POST, it displays the following message to warn you that there may be side effects:
The POST request message has a content body that is normally used to send parameters and data
• The IIS server returns two status codes in its response for a POST request
o The first is 100 Continue to indicate that it has successfully received the POST request
o The second is 200 OK after the request has been processed.
HTTP response status codes
• Informational (1xx)
• Successful (2xx)
• Redirection (3xx)
o 301: moved permanently
• Client error (4xx)
o 403 : forbidden o 404: Not found
• Server error (5xx)
o 503: Service unavailable
o 505: HTTP version not supported