HTTP

[magicdawn]

All about HTTP & HTTP in node.js

[magicdawn]

参考资料

• rfc2616 http://www.w3.org/Protocols/rfc2616/rfc2616.html
• rfc2616 on ietf https://tools.ietf.org/html/rfc2616
• mdn https://developer.mozilla.org/en-US/docs/Web/HTTP

关于HTTP method

http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html
常见 GET/POST PUT/DELETE OPTIONS/HEAD/TRACE/PATCH/CONNECT

[magicdawn]

GET

GET 可带请求体?

Authors of services which use the HTTP protocol SHOULD NOT use GET based forms for the submission of sensitive data, because this will cause this data to be encoded in the Request-URI.
http://www.w3.org/Protocols/rfc2616/rfc2616-sec15.html#sec15.1.3

<form method="GET">

GET提交表单,会将值encode在url中,也就是query string . 也就是说GET没有请求体,能带query string ?

[magicdawn]

POST

[magicdawn]

HEAD

The HEAD method is identical to GET except that the server MUST NOT return a message-body in the response. The metainformation contained in the HTTP headers in response to a HEAD request SHOULD be identical to the information sent in response to a GET request. This method can be used for obtaining metainformation about the entity implied by the request without transferring the entity-body itself. This method is often used for testing hypertext links for validity, accessibility, and recent modification.

HEAD同GET一样,HEAD请求Server不会返回请求体body,发送的header应该与GET请求此url时相同. 此方法可用于url所代表的 entity信息,常用于 测试链接可用性、最近修改等。

The response to a HEAD request MAY be cacheable in the sense that the information contained in the response MAY be used to update a previously cached entity from that resource. If the new field values indicate that the cached entity differs from the current entity (as would be indicated by a change in Content-Length, Content-MD5, ETag or Last-Modified), then the cache MUST treat the cache entry as stale.

此方法的响应是可缓存的。

[magicdawn]

OPTIONS

The OPTIONS method represents a request for information about the communication options available on the request/response chain identified by the Request-URI. This method allows the client to determine the options and/or requirements associated with a resource, or the capabilities of a server, without implying a resource action or initiating a resource retrieval.

OPTIONS 请求的是 一个url所available的communicate options,说白了就是一个url允许你用什么方法去请求. OPTIONS方法允许客户端(如浏览器)决定一个resource的requirements or/and options , 同时不去请求这个resource 内容.

Responses to this method are not cacheable.
不使用缓存.

[magicdawn]

put

The PUT method requests that the enclosed entity be stored under the supplied Request-URI. If the Request-URI refers to an already existing resource, the enclosed entity SHOULD be considered as a modified version of the one residing on the origin server. If the Request-URI does not point to an existing resource, and that URI is capable of being defined as a new resource by the requesting user agent, the origin server can create the resource with that URI. If a new resource is created, the origin server MUST inform the user agent via the 201 (Created) response. If an existing resource is modified, either the 200 (OK) or 204 (No Content) response codes SHOULD be sent to indicate successful completion of the request.

• put的资源已存在,请求体中的资源用当被视作修改过的版本,返回200(OK)/204(No Content)
• put的资源不存在,返回 201(Credated)

If the resource could not be created or modified with the Request-URI, an appropriate error response SHOULD be given that reflects the nature of the problem. The recipient of the entity MUST NOT ignore any Content-* (e.g. Content-Range) headers that it does not understand or implement and MUST return a 501 (Not Implemented) response in such cases.

如果不能create/modify server上的版本,应返回对应的 error.
server端不能忽略 Content-* header,如果尚未实现,应返回 501(Not Implemanted)

[magicdawn]

DELETE

The DELETE method requests that the origin server delete the resource identified by the Request-URI. This method MAY be overridden by human intervention (or other means) on the origin server. The client cannot be guaranteed that the operation has been carried out, even if the status code returned from the origin server indicates that the action has been completed successfully. However, the server SHOULD NOT indicate success unless, at the time the response is given, it intends to delete the resource or move it to an inaccessible location.
A successful response SHOULD be 200 (OK) if the response includes an entity describing the status, 202 (Accepted) if the action has not yet been enacted, or 204 (No Content) if the action has been enacted but the response does not include an entity.
If the request passes through a cache and the Request-URI identifies one or more currently cached entities, those entries SHOULD be treated as stale.

一堆规则

Responses to this method are not cacheable.
不可缓存

[magicdawn]

enctype when post

• application/x-www-form-url-encoded
  简单urlencode 一下
• multipart/form-data
  http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.7.2
  https://tools.ietf.org/html/draft-fossati-core-multipart-ct-03
  form-data 的specification在这 http://www.ietf.org/rfc/rfc1867.txt

格式就是
Content-Type: multipart/form-data; boundary=xxxx
然后每个都以 boundary 间隔
见 https://github.com/node-modules/formstream/blob/master/lib%2Fformstream.js#L7

[magicdawn]

express 中对于 head 和 options 的特殊处理

head

options

method 为options, 会贯穿整个router, 找出所有可以 handle 当前path 的 http method
然后, 设置 Allow: options.join(',')

会拦截 done, 发送的body为文本, 与 Allow 一样

[magicdawn]

cache

request header

1. cache-control: max-age=0 // 不要使用缓存
2. If-modified-since 上次得到的 last-modified的值

cache-control

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control

• no-cache 必须要重新请求验证 cache 是否可用
• no-store 不能存储任何文件
• public 公开的
• private 私有的, client 端可以存储, 任何中间的 shared cache 不能存储

response headers

1. Expires: 过期时间
2. cache-control: max-age=86400; // 秒
3. last-modified: 上次修改时间

[magicdawn]

connection

connection 头列出的 headers 表示这次连接使用的信息
https://tools.ietf.org/html/rfc2616#section-14.10

HTTP/1.1 proxies MUST parse the Connection header field before a
message is forwarded and, for each connection-token in this field,
remove any header field(s) from the message with the same name as the
connection-token.

必须解析HTTP 1.1 的 Connection 头部, 在转发之前, 移除 Connection 头中包含的其他 fields. 如

connection: header-a , header-b, close
header-a: value-a
header-b: value-b

在server端得到 Connection 头之后, 会将 header-a & header-b 当做跟此次连接相关的 header, 将其移除之后再向上游 server 转发此次 request.

[magicdawn]

Proxy-Connection

[magicdawn]

connect method

• Node.js Api ref https://nodejs.org/api/http.html#http_event_connect_1
• rfc ref https://tools.ietf.org/html/rfc2616#page-57
• kneesocks src https://github.com/magicdawn/kneesocks/blob/master/lib%2Fkneesocks.js#L97

This specification reserves the method name CONNECT for use with a
proxy that can dynamically switch to being a tunnel (e.g. SSL
tunneling [44]).

rfc 2616 将 connect 作为保留方法名, 被 proxy 使用时可切换为 tunnel

tunnel

// TODO: add tunnel intro

使用 connect 方法的 http tunnel 介绍

什么是HTTP隧道，怎么理解HTTP隧道呢？ - andwxh的回答 - 知乎
https://www.zhihu.com/question/21955083/answer/142736329

应用例子

https://github.com/koichik/node-tunnel/blob/v0.0.6/lib/tunnel.js#L108-L125

charles 抓不到 http tunnel 的包

[magicdawn]

PAC

more on HTTP Definitive Guide 第二十章

[magicdawn]

header in proxy

[magicdawn]

vary

• https://imququ.com/post/vary-header-in-http.html
• http://shunter.blog.51cto.com/2183398/1076521

简单来说用于 缓存server 判断一个请求是否是 fresh, 如果写上 Vary: user-agent, 那么针对 ua1 进行缓存了一份，ua2 进行请求时, 发现这个 ua2 != ua1, 于是缓存不命中，从源中取。

对于常见的 Vary: accept-encoding 来说, 如果 client 期望的 encoding 都变了, 那么就重新去源server取。

[magicdawn]

chunked

https://www.httpwatch.com/httpgallery/chunked/

http2

http2 可以省略 transfer-encoding: chunked
比如上边链接里的图片
用 curl --http1.1 强制指定 HTTP 1.1 是有的

em...冇事不是省略, 是机制变了
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Transfer-Encoding