Shiny New HTTP Shit

3,190 views

Published on

Quick and dirty talk about new stuff in HTTP for a pub crowd.

Published in: Technology
  • Be the first to comment

Shiny New HTTP Shit

  1. 1. Shiny new* HTTP shit. Mark Nottingham * or coming sometime soon. Or old shit that you probably don’t know about.
  2. 2. New Specs.
  3. 3. HTTPbis • IETF Working Group to clean up the mess. • One 176 page spec -> Seven modular specs • Mere mortals SHOULD now be able to understand.
  4. 4. header i18n • HTTP/1.1 makes headers Latin-1 • Can encode using RFC2231, but that’s freaking MIME! • Asia, rest of world: “pls fix this kthxbye.” • draft-reschke-rfc2231-in-http
  5. 5. HTTPstate • Netscape Specification - NOT COMPLETE • RFC2109 - WRONG • RFC2965 - FAIL • IETF Working Group to document reality.
  6. 6. Stale Controls • Two Cache-Control extensions: • Hide latency by serving stale content while doing an async refresh. • Serve stale content if there’s a problem. • RFC5861
  7. 7. Prefer • Allow clients to ask for an empty response • E.g., on a POST / PUT API • draft-snell-http-prefer-02
  8. 8. Link • HTTP header to express typed links • Coordination between Atom, HTML5, W3C TAG, RDF, IETF, IESG... • Registry of link relation types • Build protocols -- e.g., discovery • draft-nottingham-http-link-header-10
  9. 9. PATCH • Send a diff to a resource to update it • Think of it as a partial PUT • Requires client support • RFC5789
  10. 10. CORS • “Cross-Origin Resource Sharing” • Protocol to enable cross-site requests • e.g., in XmlHttpRequest
  11. 11. Misc. Security Headers • X-Content-Security-Policy • X-Content-Type-Options • X-Download-Options • X-Frame-Options • X-XSS-Protection
  12. 12. Shit that Might Happen.
  13. 13. Optimised Long Poll • (a.k.a. Comet) • Intermediary fan-out • Connection hinting
  14. 14. Signed Responses • Intermediaries should look but not touch. • Signing the response bytes + some headers • Allows caches to work without worrying about integrity / modification. • SINE
  15. 15. SPDY • HTTP header compression • Connection multiplexing • Semi-binary encoding • Two-way?
  16. 16. New Implementations.
  17. 17. Apache Traffic Server • 4 Core HT box = 75,000 req/sec • 16ms latency at that load
  18. 18. node.js • Just really cool.
  19. 19. Other Shit.
  20. 20. Back-End Caching • Memcache vs. [ Squid | Traffic Server ]
  21. 21. Browsers • BrowserScope
  22. 22. Browser APIs • Cache-Control • Connection hinting • Invalidation
  23. 23. Edge Processing • ESI
  24. 24. REDbot • Check your HTTP resources for common problems, cacheability and more: http://redbot.org/

×