Most of the web and mobile apps interact with the global network. Almost all such web requests are made using HTTP. Let’s describe the process.
Basic About the HTTP Protocol
HTTP is used for internet access. The client and server take part in the exchange of information over the HTTP protocol. This happens according to the following scheme:
- The client requests a certain resource from the server.
- The server handles the request and provides the resource back to the client.
HTTP Messages: Requests And Responses
Within the protocol's framework, data is exchanged between the client and server using HTTP messages. These messages come in two varieties:
The structure is the same in both cases:
- Start line
- HTTP Headers
- An empty string
- An optional message body
The starting line of an HTTP request consists of three elements:
- HTTP request method or verb.
- The purpose of the request (URL).
- The protocol version (HTTP/1.1 or HTTP/2).
The methods indicate the action we want the server to perform upon receiving the request. Some of these methods allow the browser to send additional information in the body of the request.
|GET||Allows you to request a specific resource.|
|POST||Enables data to be sent to the server.|
|HEAD||This method, when used in a request, retrieves only the headers that the server would have returned for a GET request to the same resource.|
|PUT||Used for creating (placing) new resources on the server.|
|DELETE||Allows for the deletion of existing resources on the server.|
|OPTIONS||Enables a request for information about the server, including details on the HTTP methods allowed for use on the server.|
|PATCH||Allows for partial modifications to a specified resource at a given location.|
Getting access to resources via the HTTP protocol is carried out using the URL pointer. The URL is a string that allows to specify the requested resource and several other parameters.
The use of the URL is linked with other elements of the protocol:
- query string.
Not all components are necessary to access the resource. Only the 'Scheme' and 'Host' fields should always be used.
There are some differences between the HTTP/1.X versions and HTTP/2.X.
The last stable HTTP/1.1 version was released back in 1997. It has several significant drawbacks:
- Headers, unlike the message body, were transmitted uncompressed.
- Most of the headers in the messages were the same, but they continued to be transmitted over the network.
- There was no multiplexing.
HTTP/2 introduces several improvements. For instance, where HTTP/1.X used messages, HTTP/2 splits these messages into frames within a data stream.
In HTTP/2, data frames (or message bodies) were separated from header frames, enabling the use of compression. Additionally, HTTP/2 introduced a 'raw' binary format for data.
The HTTP header is a string of the format "Name-Header:Value", with a colon (:) as the separator. The header name is case-insensitive. That's why there is no difference between ‘Host’ and ‘host’, from the HTTP perspective.
All headers can be divided into three categories:
- General purpose.
- Request headers.
- Representation headers.
Below you can see an example of headers in the request:
Not all HTTP methods have an associated request body. For example, methods such as GET, HEAD, DELETE, and OPTIONS usually don't need a body. However, some request types can send data to the server within the request body, with POST being the most prevalent of these methods.
Its structure is equal to the structure of an HTTP request.
The starting line of an HTTP response is called the status line. It contains the following elements:
- The HTTP-protocol version.
- The status code.
- Human-readable explanation.
Status codes and status messages
To inform the client about the status of their request, HTTP status codes are utilized. The HTTP server is capable of providing a code from any of the five groups of status codes.
|1xx||are purely informational and do not affect the processing of the request|
|2xx||indicate that the client's request was successfully processed|
|3xx||used when the server requires redirecting the client|
|4xx||signify that the client sent an invalid or incorrect request|
|5xx||indicate an error occurred on the server side|
They are used to add the data to the response.
Below are the most commonly encountered response headers:
|Server||Contains information about the server that processed the request|
|Set-Cookie||Includes the cookies needed to identify the client. The browser parses the cookies and stores them for subsequent requests.|
|WWW-Authenticate||Informs the client about the type of authentication required to access the requested resource.|
The body is the last part of the answer. It’s not mandatory, in some cases the body is not used.
HTTP Request Security, or what is HTTPs
HTTP is a versatile protocol offering a wide array of features, including file transfer. However, transmitting data over HTTP poses a risk, as someone might intercept the request since the data is sent without any protection.
HTTPs is an extension of HTTP that enables data encryption. When intercepting an HTTPS request, data is transmitted in a single encrypted stream, making it impossible to obtain user credentials and other critical information through regular interception.
Web browsers are our primary tools for interacting with the HTTP protocol. Web developers, in particular, often use browser-based developer tools. By pressing [Ctrl+Shift+I] or [F12], you can access these tools in most modern browsers. Within this panel, the 'Network' tab lets you enter and view site requests. For example, let's use the 3HCloud website.
This is a list of essential resources required for the website to function properly.
By clicking on any of them, we can view the request processing details.
HTTP is an application-level protocol powering the web. In this article, we explored its operation, structure, and components of HTTP requests. We touched on protocol versions, the encryption-enhanced HTTPS extension, and delved into request mechanics, demonstrating how to send an HTTP request and receive a server response.