Ben Ramsey, profile picture
Uploaded byBen Ramsey
2,228 views

Hidden Gems in HTTP

The document discusses the essential properties of HTTP and its methods, emphasizing the client-server architecture, safety, and idempotence. It outlines various HTTP methods such as GET, POST, PUT, and DELETE, detailing their usage, characteristics, and example status codes. Additionally, it introduces lesser-known HTTP status codes and responses, along with practical tips for working with HTTP in PHP.

Embed presentation

Downloaded 102 times
Hidden Gems in HTTP Ben Ramsey ■ Code Works
Why HTTP?
Because you are a Web developer.
HTTP is the Web.
That’s all I have to say about that.
Some properties of HTTP…
■ A client-server architecture ■ Atomic ■ Cacheable ■ A uniform interface ■ Layered ■ Code on demand
Now, what does that sound like?
REST!
And, that’s all I have to say about that, too.
Our focus today…
■ Methods you’ve never used ■ Status codes you didn’t know existed ■ Working with HTTP in PHP
Methods you’ve never used…
Well, not really never.
GET ■ You know GET ■ Retrieval of information ■ Transfers a representation of a resource from the server to the client ■ Safe & idempotent
GET /user/ramsey HTTP/1.1 Host: atom.example.org HTTP/1.1 200 OK Date: Tue, 22 Sep 2009 17:28:14 GMT Server: Apache/2.2.11 (Unix) DAV/2 PHP/5.3.0 X-Powered-By: PHP/5.3.0 Content-Length: 594 Content-Type: application/atom+xml;type=entry <?xml version="1.0" encoding="utf-8"?> <entry xmlns="http://www.w3.org/2005/Atom" xml:base="http://atom.example.org/"> <title>ramsey</title> ... </entry>
He just thinks he’s funny.
Stop laughing. You’re just encouraging him.
POST ■ You know POST ■ The body content should be accepted as a new subordinate of the resource ■ Append, annotate, paste after ■ Not safe or idempotent
POST /user HTTP/1.1 Host: atom.example.org Content-Type: application/atom+xml;type=entry Content-Length: 474 <?xml version="1.0" encoding="utf-8"?> <entry xmlns="http://www.w3.org/2005/Atom" xml:base="http://atom.example.org/"> <title>ramsey</title> ... </entry> HTTP/1.1 201 Created Date: Tue, 22 Sep 2009 17:39:06 GMT Server: Apache/2.2.11 (Unix) DAV/2 PHP/5.3.0 X-Powered-By: PHP/5.3.0 Location: http://atom.example.org/user/ramsey Content-Length: 133 Content-Type: text/html; charset=utf-8 <div> The content was created at the location <a href="/user/ramsey"> http://atom.example.org/user/ramsey </a> </div>
HEAD ■ Identical to GET, except… ■ Returns only the headers, not the body ■ Useful for getting details about a resource representation before retrieving the full representation ■ Safe & idempotent
HEAD /content/1234.mp4 HTTP/1.1 Host: atom.example.org HTTP/1.1 200 OK Date: Tue, 22 Sep 2009 17:28:14 GMT Server: Apache/2.2.11 (Unix) DAV/2 PHP/5.3.0 X-Powered-By: PHP/5.3.0 Content-Length: 12334753 Content-Type: application/mp4
PUT ■ Opposite of GET ■ Storage of information ■ Transfers a representation of a resource from the client to the server ■ Not safe ■ Idempotent
PUT /user/ramsey/ HTTP/1.1 Host: atom.example.org Content-Type: application/atom+xml;type=entry Content-Length: 594 <?xml version="1.0" encoding="utf-8"?> <entry xmlns="http://www.w3.org/2005/Atom" xml:base="http://atom.example.org/"> <title>ramsey</title> ... </entry> HTTP/1.1 200 OK Date: Tue, 22 Sep 2009 17:47:27 GMT Server: Apache/2.2.11 (Unix) DAV/2 PHP/5.3.0 X-Powered-By: PHP/5.3.0 Content-Length: 594 Content-Type: application/atom+xml;type=entry <?xml version="1.0" encoding="utf-8"?> <entry xmlns="http://www.w3.org/2005/Atom" xml:base="http://atom.example.org/"> <title>ramsey</title> ... </entry>
DELETE ■ Requests that the resource identified be removed from public access ■ Not safe ■ Idempotent
DELETE /content/1234/ HTTP/1.1 Host: example.org HTTP/1.1 204 No Content Date: Tue, 22 Sep 2009 18:06:37 GMT Server: Apache/2.2.11 (Unix) DAV/2 PHP/5.3.0 X-Powered-By: PHP/5.3.0 Content-Length: 0 Content-Type: text/html; charset=utf-8
What the hell are safe & idempotent methods?
Safe methods ■ GET & HEAD should not take action other than retrieval ■ These are considered safe ■ Allows agents to represent POST, PUT, & DELETE in a special way
Idempotence ■ Side-effects of N > 0 identical requests is the same as for a single request ■ GET, HEAD, PUT and DELETE share this property ■ OPTIONS and TRACE are inherently idempotent
Status codes you didn’t know existed
■ Informational (1xx) ■ Successful (2xx) ■ Redirection (3xx) ■ Client error (4xx) ■ Server error (5xx)
The look-before- you-leap request (LBYL)
1. Client sends a request without a body and includes the Expect: 100-continue header and all other headers 2. Server determines whether it will accept the request and responds with 100 Continue (or a 4xx code on error) 3. Client sends the request again with the body and without the Expect header
1 POST /content/videos HTTP/1.1 Host: example.org Content-Type: video/mp4 Content-Length: 115910000 Authorization: Basic bWFkZTp5b3VfbG9vaw== Expect: 100-continue
Failure state 2 HTTP/1.1 413 Request Entity Too Large Date: Thu, 21 May 2009 23:05:15 GMT Server: Apache/2.2.11 (Unix) DAV/2 PHP/5.3.0 X-Powered-By: PHP/5.3.0 Content-Length: 0 Connection: close Content-Type: text/html
Success state 2 HTTP/1.1 100 Continue Date: Thu, 21 May 2009 23:05:15 GMT Server: Apache/2.2.11 (Unix) DAV/2 PHP/5.3.0 X-Powered-By: PHP/5.3.0 Content-Length: 0 Content-Type: text/html
3 POST /content/videos HTTP/1.1 Host: example.org Content-Type: video/mp4 Content-Length: 115910000 Authorization: Basic bWFkZTp5b3VfbG9vaw== {binary video data}
4 HTTP/1.1 201 Created Date: Thu, 21 May 2009 23:05:34 GMT Server: Apache/2.2.11 (Unix) DAV/2 PHP/5.3.0 X-Powered-By: PHP/5.3.0 Content-Length: 119 Content-Type: text/html Location: http://example.org/content/videos/1234 <html><body><p>Video uploaded! Go <a href="http://example.org/content/videos/ 1234">here</a> to see it.</p></body></html>
The created at another location response
1 POST /content/videos HTTP/1.1 Host: example.org Content-Type: video/mp4 Content-Length: 115910000 Authorization: Basic bWFkZTp5b3VfbG9vaw== {binary video data}
2 HTTP/1.x 201 Created Date: Thu, 21 May 2009 23:05:34 GMT Server: Apache/2.2.11 (Unix) DAV/2 PHP/5.3.0 X-Powered-By: PHP/5.3.0 Content-Length: 120 Content-Type: text/html Location: http://example.org/content/videos/1234 <html><body><p>Video uploaded! Go <a href="http://example.org/content/videos/ 1234">here</a> to see it.</p></body></html>
The “it’s not you it’s me” response
i.e. I’ve accepted it but might have to do more processing
2 HTTP/1.x 202 Accepted Date: Thu, 21 May 2009 23:05:34 GMT Server: Apache/2.2.11 (Unix) DAV/2 PHP/5.3.0 X-Powered-By: PHP/5.3.0 Content-Length: 137 Content-Type: text/html Location: http://example.org/content/videos/1234/status <html><body><p>Video processing! Check <a href="http://example.org/content/videos/1234/ status">here</a> for the status.</p></body></ html>
The “I have nothing to say to you” response…
…but you were still successful
1 DELETE /content/videos/1234 HTTP/1.1 Host: example.org Authorization: Basic bWFkZTp5b3VfbG9vaw==
2 HTTP/1.x 204 No Content Date: Thu, 21 May 2009 23:28:34 GMT
The ranged request
■ Used when requests are made for ranges of bytes from a resource ■ Determine whether a server supports range requests by checking for the Accept-Ranges header with HEAD
1 HEAD /2390/2253727548_a413c88ab3_s.jpg HTTP/1.1 Host: farm3.static.flickr.com
2 HTTP/1.0 200 OK Date: Mon, 05 May 2008 00:33:14 GMT Server: Apache/2.0.52 (Red Hat) Accept-Ranges: bytes Content-Length: 3980 Content-Type: image/jpeg
3 GET /2390/2253727548_a413c88ab3_s.jpg HTTP/1.1 Host: farm3.static.flickr.com Range: bytes=0-999
4 HTTP/1.0 206 Partial Content Date: Mon, 05 May 2008 00:36:57 GMT Server: Apache/2.0.52 (Red Hat) Accept-Ranges: bytes Content-Length: 1000 Content-Range: bytes 0-999/3980 Content-Type: image/jpeg {binary data}
The GET me from another location response
■ 303 See Other ■ The response to your request can be found at another URL identified by the Location header ■ The client should make a GET request on that URL ■ The Location is not a substitute for this URL
1 POST /contact HTTP/1.1 Host: example.org Content-Type: application/x-www-form-urlencoded Content-Length: 1234 {url-encoded form values from a contact form}
2 HTTP/1.1 303 See Other Date: Tue, 22 Sep 2009 23:41:33 GMT Server: Apache/2.2.11 (Unix) DAV/2 PHP/5.3.0 X-Powered-By: PHP/5.3.0 Location: http://example.org/thankyou Content-Length: 0
The find me temporarily at this place response
■ 307 Temporary Redirect ■ The resource resides temporarily at the URL identified by the Location ■ The Location may change, so don’t update your links ■ If the request is not GET or HEAD, then you must allow the user to confirm the action
The permanent forwarding address response
■ 301 Moved Permanently ■ The resource has moved permanently to the URL indicated by the Location header ■ You should update your links accordingly ■ Great for forcing search engines, etc. to index the new URL instead of this one
But what about just finding the resource at another location?
■ 302 Found ■ The resource has been found at another URL identified by the Location header ■ The new URL might be temporary, so the client should continue to use this URL ■ Redirections SHOULD be confirmed by the user (in practice, browsers don’t respect this)
The data validation error response
■ 400 Bad Request ■ Generic error message ■ The client sent malformed syntax ■ The client needs to modify the request before sending it again (to fix errors)
POST /user/ HTTP/1.1 Host: atom.example.org Content-Type: application/atom+xml;type=entry Content-Length: 474 <?xml version="1.0" encoding="utf-8"?> <entry xmlns="http://www.w3.org/2005/Atom" xml:base="http://atom.example.org/"> <title>r@msey</title> ... </entry> HTTP/1.1 400 Bad Request Date: Tue, 22 Sep 2009 23:51:00 GMT Server: Apache/2.2.11 (Unix) DAV/2 PHP/5.3.0 X-Powered-By: PHP/5.3.0 Content-Length: 123 Connection: close Content-Type: text/html; charset=utf-8 <div class="error"> The following errors occurred: <ul> <li>Title contained invalid characters</li> </ul> </div>
But wait! There’s more…
Working with HTTP in PHP
■ header() function http://php.net/header ■ Client URL library (cURL) http://php.net/curl ■ Streams http://php.net/streams ■ HTTP extension (pecl/http) http://php.net/http
Questions? ■ My website is benramsey.com ■ @ramsey on Twitter ■ Rate this talk at joind.in ■ Read the HTTP spec at tools.ietf.org/html/rfc2616 ■ My company is Schematic schematic.com
Hidden Gems in HTTP Copyright © Ben Ramsey. Some rights reserved. This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 United States License. For uses not covered under this license, please contact the author.

More Related Content

PDF
DEF CON 27- ALBINOWAX - http desync attacks
byFelipe Prado
 
PDF
Help, my browser is leaking! Exploring XSLeaks attacks and defenses - Tom Van...
byNoNameCon
 
PDF
Making the Most of HTTP In Your Apps
byBen Ramsey
 
PPTX
SPDY - or maybe HTTP2.0
byAndreas Bjärlestam
 
PPTX
Nginx Scalable Stack
byBruno Paiuca
 
ODP
MNPHP Scalable Architecture 101 - Feb 3 2011
byMike Willbanks
 
PPT
Roy foubister (hosting high traffic sites on a tight budget)
byWordCamp Cape Town
 
PPTX
Altitude San Francisco 2018: Programming the Edge
byFastly
 
DEF CON 27- ALBINOWAX - http desync attacks
byFelipe Prado
 
Help, my browser is leaking! Exploring XSLeaks attacks and defenses - Tom Van...
byNoNameCon
 
Making the Most of HTTP In Your Apps
byBen Ramsey
 
SPDY - or maybe HTTP2.0
byAndreas Bjärlestam
 
Nginx Scalable Stack
byBruno Paiuca
 
MNPHP Scalable Architecture 101 - Feb 3 2011
byMike Willbanks
 
Roy foubister (hosting high traffic sites on a tight budget)
byWordCamp Cape Town
 
Altitude San Francisco 2018: Programming the Edge
byFastly
 

What's hot

PPTX
Introduction to HTTP/2
byIdo Flatow
 
PDF
HTTP/2 standard for video streaming
byHung Thai Le
 
PDF
Nginx, PHP, Apache and Spelix
byHarald Zeitlhofer
 
PPTX
5 steps to faster web sites & HTML5 games - updated for DDDscot
byMichael Ewins
 
PDF
HTTP Caching in Web Application
byMartins Sipenko
 
PPT
Web Server Load Balancer
byMobME Technical
 
ODP
HAProxy scale out using open source
byIngo Walz
 
PPTX
Altitude San Francisco 2018: Testing with Fastly Workshop
byFastly
 
KEY
Load Balancing with Apache
byBradley Holt
 
PDF
Rooting your internals - Exploiting Internal Network Vulns via the Browser Us...
byMichele Orru
 
PDF
[MathWorks] Versioning Infrastructure
byPerforce
 
PDF
Leverage HTTP to deliver cacheable websites - Codemotion Rome 2018
byThijs Feryn
 
PDF
Leverage HTTP to deliver cacheable websites - Thijs Feryn - Codemotion Rome 2018
byCodemotion
 
PPT
WE18_Performance_Up.ppt
bywebhostingguy
 
PDF
HTTP2 is Here!
byAndy Davies
 
PDF
HTTP - The Protocol of Our Lives
byBrent Shaffer
 
KEY
Apache httpd-2.4 : Watch out cloud!
byJim Jagielski
 
PPT
are available here
bywebhostingguy
 
PDF
Bandwidth limiting howto
byDien Hien Tran
 
KEY
I got 99 problems, but ReST ain't one
byAdrian Cole
 
Introduction to HTTP/2
byIdo Flatow
 
HTTP/2 standard for video streaming
byHung Thai Le
 
Nginx, PHP, Apache and Spelix
byHarald Zeitlhofer
 
5 steps to faster web sites & HTML5 games - updated for DDDscot
byMichael Ewins
 
HTTP Caching in Web Application
byMartins Sipenko
 
Web Server Load Balancer
byMobME Technical
 
HAProxy scale out using open source
byIngo Walz
 
Altitude San Francisco 2018: Testing with Fastly Workshop
byFastly
 
Load Balancing with Apache
byBradley Holt
 
Rooting your internals - Exploiting Internal Network Vulns via the Browser Us...
byMichele Orru
 
[MathWorks] Versioning Infrastructure
byPerforce
 
Leverage HTTP to deliver cacheable websites - Codemotion Rome 2018
byThijs Feryn
 
Leverage HTTP to deliver cacheable websites - Thijs Feryn - Codemotion Rome 2018
byCodemotion
 
WE18_Performance_Up.ppt
bywebhostingguy
 
HTTP2 is Here!
byAndy Davies
 
HTTP - The Protocol of Our Lives
byBrent Shaffer
 
Apache httpd-2.4 : Watch out cloud!
byJim Jagielski
 
are available here
bywebhostingguy
 
Bandwidth limiting howto
byDien Hien Tran
 
I got 99 problems, but ReST ain't one
byAdrian Cole
 

Similar to Hidden Gems in HTTP

PDF
HTTP colon slash slash: the end of the road?
byAlessandro Nadalin
 
PDF
Web Services PHP Tutorial
byLorna Mitchell
 
PDF
HTTP and Your Angry Dog
byRoss Tuck
 
PDF
Resource-Oriented Web Services
byBradley Holt
 
PDF
HTTP Request and Response Structure
byBhagyashreeGajera1
 
PDF
When RSS Fails: Web Scraping with HTTP
byMatthew Turland
 
PDF
RESTful Web Services
byChristopher Bartling
 
ODP
Web Scraping with PHP
byMatthew Turland
 
PPTX
HTTP
byvaibhavrai1993
 
PPT
Http request&response by Vignesh 15 MAR 2014
byNavaneethan Naveen
 
PDF
Web services tutorial
byLorna Mitchell
 
PDF
Web Services Tutorial
byLorna Mitchell
 
PDF
Rest
byBrian Kaney
 
PDF
HTTP colon slash slash: end of the road? @ CakeFest 2013 in San Francisco
byAlessandro Nadalin
 
PDF
Communicating on the web
byAdrian Cardenas
 
PDF
So you think you know REST - DPC11
byEvert Pot
 
PPTX
RESTful for opentravel.org by HP
byRoni Schuetz
 
PPT
HTTPProtocol HTTPProtocol.pptHTTPProtocol.ppt
byVietAnhNguyen337355
 
PDF
Http Status Report
byConSanFrancisco123
 
ODP
NEPHP '13: Pragmatic API Development
byAndrew Curioso
 
HTTP colon slash slash: the end of the road?
byAlessandro Nadalin
 
Web Services PHP Tutorial
byLorna Mitchell
 
HTTP and Your Angry Dog
byRoss Tuck
 
Resource-Oriented Web Services
byBradley Holt
 
HTTP Request and Response Structure
byBhagyashreeGajera1
 
When RSS Fails: Web Scraping with HTTP
byMatthew Turland
 
RESTful Web Services
byChristopher Bartling
 
Web Scraping with PHP
byMatthew Turland
 
HTTP
byvaibhavrai1993
 
Http request&response by Vignesh 15 MAR 2014
byNavaneethan Naveen
 
Web services tutorial
byLorna Mitchell
 
Web Services Tutorial
byLorna Mitchell
 
Rest
byBrian Kaney
 
HTTP colon slash slash: end of the road? @ CakeFest 2013 in San Francisco
byAlessandro Nadalin
 
Communicating on the web
byAdrian Cardenas
 
So you think you know REST - DPC11
byEvert Pot
 
RESTful for opentravel.org by HP
byRoni Schuetz
 
HTTPProtocol HTTPProtocol.pptHTTPProtocol.ppt
byVietAnhNguyen337355
 
Http Status Report
byConSanFrancisco123
 
NEPHP '13: Pragmatic API Development
byAndrew Curioso
 

More from Ben Ramsey

PDF
Introduction to AtomPub Web Services
byBen Ramsey
 
PDF
Api Versioning
byBen Ramsey
 
PDF
Grokking the REST Architectural Style
byBen Ramsey
 
PDF
You Look Like You Could Use Some REST!
byBen Ramsey
 
PDF
Grokking REST (ZendCon 2010)
byBen Ramsey
 
PDF
Desktop Apps with PHP and Titanium
byBen Ramsey
 
PDF
Caching with Memcached and APC
byBen Ramsey
 
PDF
Desktop Apps with PHP and Titanium (ZendCon 2010)
byBen Ramsey
 
PDF
Around the PHP Community
byBen Ramsey
 
PDF
Distribution and Publication With Atom Web Services
byBen Ramsey
 
PDF
Give Your Site a Boost with Memcache
byBen Ramsey
 
PDF
Distribution and Publication With Atom Web Services
byBen Ramsey
 
Introduction to AtomPub Web Services
byBen Ramsey
 
Api Versioning
byBen Ramsey
 
Grokking the REST Architectural Style
byBen Ramsey
 
You Look Like You Could Use Some REST!
byBen Ramsey
 
Grokking REST (ZendCon 2010)
byBen Ramsey
 
Desktop Apps with PHP and Titanium
byBen Ramsey
 
Caching with Memcached and APC
byBen Ramsey
 
Desktop Apps with PHP and Titanium (ZendCon 2010)
byBen Ramsey
 
Around the PHP Community
byBen Ramsey
 
Distribution and Publication With Atom Web Services
byBen Ramsey
 
Give Your Site a Boost with Memcache
byBen Ramsey
 
Distribution and Publication With Atom Web Services
byBen Ramsey
 

Recently uploaded

PDF
Games vs Traditional Learning: Emotional Skills in Kids
byChomChomTech
 
PDF
Dominic Boddie - A Hybrid Athlete
byDominic Boddie
 
PPTX
This is about physical education project in physiology and sports activities
byk11370964
 
PPTX
CODE-OF-CONDUCT-FOR-PLAYERS-AND-COACHES.pptx
bylittlepaulo1988
 
PDF
Ambassador_RIYAZ MOHAMMAD in my study computer science
byRIYAZ MOHAMMAD
 
PPTX
5v5 Basketball Rules(Updated 2025) .pptx
bynucampusrec
 
PPTX
2025 Technique Development Clinic for WAFSU.org from Jonty Skinner
byMark Rauterkus
 
DOCX
Mexico FIFA World Cup As Pressure Mounts, Mexico Eyes Favorable World Cup Dra...
byWorld Creative Solutions
 
DOCX
Europa League Final Spiel: Top Scorer St
byEuropa League Final Tickets
 
DOCX
Buy FIFA World Cup Possible group stage rivals for Mexico at the FIFA 2026.docx
byFIFA World Cup Tickets
 
Games vs Traditional Learning: Emotional Skills in Kids
byChomChomTech
 
Dominic Boddie - A Hybrid Athlete
byDominic Boddie
 
This is about physical education project in physiology and sports activities
byk11370964
 
CODE-OF-CONDUCT-FOR-PLAYERS-AND-COACHES.pptx
bylittlepaulo1988
 
Ambassador_RIYAZ MOHAMMAD in my study computer science
byRIYAZ MOHAMMAD
 
5v5 Basketball Rules(Updated 2025) .pptx
bynucampusrec
 
2025 Technique Development Clinic for WAFSU.org from Jonty Skinner
byMark Rauterkus
 
Mexico FIFA World Cup As Pressure Mounts, Mexico Eyes Favorable World Cup Dra...
byWorld Creative Solutions
 
Europa League Final Spiel: Top Scorer St
byEuropa League Final Tickets
 
Buy FIFA World Cup Possible group stage rivals for Mexico at the FIFA 2026.docx
byFIFA World Cup Tickets
 

Hidden Gems in HTTP

  • 1.
    Hidden Gems inHTTP Ben Ramsey ■ Code Works
  • 2.
  • 3.
    Because you area Web developer.
  • 4.
  • 5.
    That’s all Ihave to say about that.
  • 6.
  • 7.
    ■ A client-serverarchitecture ■ Atomic ■ Cacheable ■ A uniform interface ■ Layered ■ Code on demand
  • 8.
  • 9.
  • 10.
    And, that’s allI have to say about that, too.
  • 11.
  • 12.
    ■ Methods you’venever used ■ Status codes you didn’t know existed ■ Working with HTTP in PHP
  • 13.
  • 14.
  • 15.
    GET ■ You know GET ■ Retrieval of information ■ Transfers a representation of a resource from the server to the client ■ Safe & idempotent
  • 16.
    GET /user/ramsey HTTP/1.1 Host:atom.example.org HTTP/1.1 200 OK Date: Tue, 22 Sep 2009 17:28:14 GMT Server: Apache/2.2.11 (Unix) DAV/2 PHP/5.3.0 X-Powered-By: PHP/5.3.0 Content-Length: 594 Content-Type: application/atom+xml;type=entry <?xml version="1.0" encoding="utf-8"?> <entry xmlns="http://www.w3.org/2005/Atom" xml:base="http://atom.example.org/"> <title>ramsey</title> ... </entry>
  • 17.
    He just thinkshe’s funny.
  • 18.
  • 19.
    POST ■ You know POST ■ The body content should be accepted as a new subordinate of the resource ■ Append, annotate, paste after ■ Not safe or idempotent
  • 20.
    POST /user HTTP/1.1 Host:atom.example.org Content-Type: application/atom+xml;type=entry Content-Length: 474 <?xml version="1.0" encoding="utf-8"?> <entry xmlns="http://www.w3.org/2005/Atom" xml:base="http://atom.example.org/"> <title>ramsey</title> ... </entry> HTTP/1.1 201 Created Date: Tue, 22 Sep 2009 17:39:06 GMT Server: Apache/2.2.11 (Unix) DAV/2 PHP/5.3.0 X-Powered-By: PHP/5.3.0 Location: http://atom.example.org/user/ramsey Content-Length: 133 Content-Type: text/html; charset=utf-8 <div> The content was created at the location <a href="/user/ramsey"> http://atom.example.org/user/ramsey </a> </div>
  • 21.
    HEAD ■ Identical to GET, except… ■ Returns only the headers, not the body ■ Useful for getting details about a resource representation before retrieving the full representation ■ Safe & idempotent
  • 22.
    HEAD /content/1234.mp4 HTTP/1.1 Host:atom.example.org HTTP/1.1 200 OK Date: Tue, 22 Sep 2009 17:28:14 GMT Server: Apache/2.2.11 (Unix) DAV/2 PHP/5.3.0 X-Powered-By: PHP/5.3.0 Content-Length: 12334753 Content-Type: application/mp4
  • 23.
    PUT ■ Opposite of GET ■ Storage of information ■ Transfers a representation of a resource from the client to the server ■ Not safe ■ Idempotent
  • 24.
    PUT /user/ramsey/ HTTP/1.1 Host:atom.example.org Content-Type: application/atom+xml;type=entry Content-Length: 594 <?xml version="1.0" encoding="utf-8"?> <entry xmlns="http://www.w3.org/2005/Atom" xml:base="http://atom.example.org/"> <title>ramsey</title> ... </entry> HTTP/1.1 200 OK Date: Tue, 22 Sep 2009 17:47:27 GMT Server: Apache/2.2.11 (Unix) DAV/2 PHP/5.3.0 X-Powered-By: PHP/5.3.0 Content-Length: 594 Content-Type: application/atom+xml;type=entry <?xml version="1.0" encoding="utf-8"?> <entry xmlns="http://www.w3.org/2005/Atom" xml:base="http://atom.example.org/"> <title>ramsey</title> ... </entry>
  • 25.
    DELETE ■ Requests that the resource identified be removed from public access ■ Not safe ■ Idempotent
  • 26.
    DELETE /content/1234/ HTTP/1.1 Host:example.org HTTP/1.1 204 No Content Date: Tue, 22 Sep 2009 18:06:37 GMT Server: Apache/2.2.11 (Unix) DAV/2 PHP/5.3.0 X-Powered-By: PHP/5.3.0 Content-Length: 0 Content-Type: text/html; charset=utf-8
  • 27.
    What the hellare safe & idempotent methods?
  • 28.
    Safe methods ■ GET & HEAD should not take action other than retrieval ■ These are considered safe ■ Allows agents to represent POST, PUT, & DELETE in a special way
  • 29.
    Idempotence ■ Side-effects of N > 0 identical requests is the same as for a single request ■ GET, HEAD, PUT and DELETE share this property ■ OPTIONS and TRACE are inherently idempotent
  • 30.
  • 31.
    ■ Informational (1xx) ■Successful (2xx) ■ Redirection (3xx) ■ Client error (4xx) ■ Server error (5xx)
  • 32.
  • 33.
    1. Client sendsa request without a body and includes the Expect: 100-continue header and all other headers 2. Server determines whether it will accept the request and responds with 100 Continue (or a 4xx code on error) 3. Client sends the request again with the body and without the Expect header
  • 34.
    1 POST /content/videos HTTP/1.1 Host:example.org Content-Type: video/mp4 Content-Length: 115910000 Authorization: Basic bWFkZTp5b3VfbG9vaw== Expect: 100-continue
  • 35.
    Failure state 2 HTTP/1.1 413 Request Entity Too Large Date: Thu, 21 May 2009 23:05:15 GMT Server: Apache/2.2.11 (Unix) DAV/2 PHP/5.3.0 X-Powered-By: PHP/5.3.0 Content-Length: 0 Connection: close Content-Type: text/html
  • 36.
    Success state 2 HTTP/1.1 100 Continue Date: Thu, 21 May 2009 23:05:15 GMT Server: Apache/2.2.11 (Unix) DAV/2 PHP/5.3.0 X-Powered-By: PHP/5.3.0 Content-Length: 0 Content-Type: text/html
  • 37.
    3 POST /content/videos HTTP/1.1 Host:example.org Content-Type: video/mp4 Content-Length: 115910000 Authorization: Basic bWFkZTp5b3VfbG9vaw== {binary video data}
  • 38.
    4 HTTP/1.1 201 Created Date:Thu, 21 May 2009 23:05:34 GMT Server: Apache/2.2.11 (Unix) DAV/2 PHP/5.3.0 X-Powered-By: PHP/5.3.0 Content-Length: 119 Content-Type: text/html Location: http://example.org/content/videos/1234 <html><body><p>Video uploaded! Go <a href="http://example.org/content/videos/ 1234">here</a> to see it.</p></body></html>
  • 39.
    The created at anotherlocation response
  • 40.
    1 POST /content/videos HTTP/1.1 Host:example.org Content-Type: video/mp4 Content-Length: 115910000 Authorization: Basic bWFkZTp5b3VfbG9vaw== {binary video data}
  • 41.
    2 HTTP/1.x 201 Created Date:Thu, 21 May 2009 23:05:34 GMT Server: Apache/2.2.11 (Unix) DAV/2 PHP/5.3.0 X-Powered-By: PHP/5.3.0 Content-Length: 120 Content-Type: text/html Location: http://example.org/content/videos/1234 <html><body><p>Video uploaded! Go <a href="http://example.org/content/videos/ 1234">here</a> to see it.</p></body></html>
  • 42.
    The “it’s notyou it’s me” response
  • 43.
    i.e. I’ve acceptedit but might have to do more processing
  • 44.
    2 HTTP/1.x 202 Accepted Date:Thu, 21 May 2009 23:05:34 GMT Server: Apache/2.2.11 (Unix) DAV/2 PHP/5.3.0 X-Powered-By: PHP/5.3.0 Content-Length: 137 Content-Type: text/html Location: http://example.org/content/videos/1234/status <html><body><p>Video processing! Check <a href="http://example.org/content/videos/1234/ status">here</a> for the status.</p></body></ html>
  • 45.
    The “I havenothing to say to you” response…
  • 46.
    …but you werestill successful
  • 47.
    1 DELETE /content/videos/1234 HTTP/1.1 Host:example.org Authorization: Basic bWFkZTp5b3VfbG9vaw==
  • 48.
    2 HTTP/1.x 204 NoContent Date: Thu, 21 May 2009 23:28:34 GMT
  • 49.
  • 50.
    ■ Used whenrequests are made for ranges of bytes from a resource ■ Determine whether a server supports range requests by checking for the Accept-Ranges header with HEAD
  • 51.
  • 52.
    2 HTTP/1.0 200 OK Date:Mon, 05 May 2008 00:33:14 GMT Server: Apache/2.0.52 (Red Hat) Accept-Ranges: bytes Content-Length: 3980 Content-Type: image/jpeg
  • 53.
    3 GET /2390/2253727548_a413c88ab3_s.jpg HTTP/1.1 Host:farm3.static.flickr.com Range: bytes=0-999
  • 54.
    4 HTTP/1.0 206 PartialContent Date: Mon, 05 May 2008 00:36:57 GMT Server: Apache/2.0.52 (Red Hat) Accept-Ranges: bytes Content-Length: 1000 Content-Range: bytes 0-999/3980 Content-Type: image/jpeg {binary data}
  • 55.
    The GET mefrom another location response
  • 56.
    ■ 303 SeeOther ■ The response to your request can be found at another URL identified by the Location header ■ The client should make a GET request on that URL ■ The Location is not a substitute for this URL
  • 57.
    1 POST /contact HTTP/1.1 Host:example.org Content-Type: application/x-www-form-urlencoded Content-Length: 1234 {url-encoded form values from a contact form}
  • 58.
    2 HTTP/1.1 303 SeeOther Date: Tue, 22 Sep 2009 23:41:33 GMT Server: Apache/2.2.11 (Unix) DAV/2 PHP/5.3.0 X-Powered-By: PHP/5.3.0 Location: http://example.org/thankyou Content-Length: 0
  • 59.
    The find me temporarilyat this place response
  • 60.
    ■ 307 TemporaryRedirect ■ The resource resides temporarily at the URL identified by the Location ■ The Location may change, so don’t update your links ■ If the request is not GET or HEAD, then you must allow the user to confirm the action
  • 61.
  • 62.
    ■ 301 MovedPermanently ■ The resource has moved permanently to the URL indicated by the Location header ■ You should update your links accordingly ■ Great for forcing search engines, etc. to index the new URL instead of this one
  • 63.
    But what aboutjust finding the resource at another location?
  • 64.
    ■ 302 Found ■The resource has been found at another URL identified by the Location header ■ The new URL might be temporary, so the client should continue to use this URL ■ Redirections SHOULD be confirmed by the user (in practice, browsers don’t respect this)
  • 65.
  • 66.
    ■ 400 BadRequest ■ Generic error message ■ The client sent malformed syntax ■ The client needs to modify the request before sending it again (to fix errors)
  • 67.
    POST /user/ HTTP/1.1 Host:atom.example.org Content-Type: application/atom+xml;type=entry Content-Length: 474 <?xml version="1.0" encoding="utf-8"?> <entry xmlns="http://www.w3.org/2005/Atom" xml:base="http://atom.example.org/"> <title>r@msey</title> ... </entry> HTTP/1.1 400 Bad Request Date: Tue, 22 Sep 2009 23:51:00 GMT Server: Apache/2.2.11 (Unix) DAV/2 PHP/5.3.0 X-Powered-By: PHP/5.3.0 Content-Length: 123 Connection: close Content-Type: text/html; charset=utf-8 <div class="error"> The following errors occurred: <ul> <li>Title contained invalid characters</li> </ul> </div>
  • 68.
  • 69.
  • 70.
    ■ header() function http://php.net/header ■ Client URL library (cURL) http://php.net/curl ■ Streams http://php.net/streams ■ HTTP extension (pecl/http) http://php.net/http
  • 71.
    Questions? ■ My website is benramsey.com ■ @ramsey on Twitter ■ Rate this talk at joind.in ■ Read the HTTP spec at tools.ietf.org/html/rfc2616 ■ My company is Schematic schematic.com
  • 72.
    Hidden Gems inHTTP Copyright © Ben Ramsey. Some rights reserved. This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 United States License. For uses not covered under this license, please contact the author.