HTTP is a client-server protocol for transmitting hypermedia documents across the internet. It uses a request-response paradigm where clients make requests which are answered by HTTP servers. Requests use methods like GET and POST, and include headers. Responses contain status lines, headers, and content. HTTP allows caching, cookies, authentication, and redirects. It is the foundation of data communication for the World Wide Web via the hypertext transfer protocol.
https://www.youtube.com/watch?v=lKrbeJ7-J98
HTTP messages are how data is exchanged between a server and a client. There are two types of messages: requests sent by the client to trigger an action on the server, and responses, the answer from the server.
SPDY - http reloaded - WebTechConference 2012Fabian Lange
The SPDY Protocol is likely going to be the successor of http. This short talk summarizes the most important points and includes a demo on how to migrate a Wordpress blog on httpd.
The SPDY Protocol is likely going to be the successor of http. This short talk summarizes the most important points and includes a demo on how to migrate a Wordpress blog on httpd.
https://www.youtube.com/watch?v=lKrbeJ7-J98
HTTP messages are how data is exchanged between a server and a client. There are two types of messages: requests sent by the client to trigger an action on the server, and responses, the answer from the server.
SPDY - http reloaded - WebTechConference 2012Fabian Lange
The SPDY Protocol is likely going to be the successor of http. This short talk summarizes the most important points and includes a demo on how to migrate a Wordpress blog on httpd.
The SPDY Protocol is likely going to be the successor of http. This short talk summarizes the most important points and includes a demo on how to migrate a Wordpress blog on httpd.
Learn about HTTP/2 and its relationship to HTTP 1.1 and SPDY. Understand core features and how they benefit security and browser efficiency. More that a "what's new" this talk will leave you with an understanding of why choices in HTTP/2 were made. You'll leave knowing what HTTP/2 is and why it is better for clients and servers.
DEMYSTIFYING REST
Kirsten Jones
REST web services are everywhere! It seems like everything you want is available via a web service, but getting started with one of these web services can be overwhelming – and debugging the interactions bewilders some of the smartest developers I know. In this talk, I will talk about HTTP, how it works, and how to watch and understand the traffic between your system and the server. From there I’ll proceed to REST – how REST web services layer on top of HTTP and how you can expect a REST web service to behave. We’ll go over how to monitor and understand requests and responses for these services. Once we’ve covered that, I’ll talk about how OAuth is used for authentication in the framework of a REST application. PHP code samples will be shown for interacting with an OAuth REST web service, and I will cover http monitoring tools for multiple OS’s. When you’re done with this talk you’ll understand enough about REST web services to be able to get started confidently, and debug many of the common issues you may encounter.
200, 404, 302. Is it a lock combination? A phone number? No, they're HTTP status codes! As we develop Web applications, we encounter these status codes and others, and often we make decisions about which ones to return without giving much thought to their meaning or context. It's time to take a deeper look at HTTP. Knowing the methods, headers, and status codes, what they mean, and how to use them can help you develop richer Internet applications. Join Ben Ramsey as he takes you on a journey through RFC 2616 to discover some of the gems of HTTP.
200, 404, 302. Is it a lock combination? A phone number? No, they're HTTP status codes! As we develop Web applications, we encounter these status codes and others, and often we make decisions about which ones to return without giving much thought to their meaning or context. It's time to take a deeper look at HTTP. Knowing the methods, headers, and status codes, what they mean, and how to use them can help you develop richer Internet applications. Join Ben Ramsey as he takes you on a journey through RFC 2616 to discover some of the gems of HTTP.
In this webinar we discuss new features in NGINX Plus R15, which includes support for gRPC, HTTP/2 Server Push, enhanced clustering, and OpenID Connect SSO integration.
Watch this webinar to learn:
- About new HTTP/2 enhancements: gRPC and HTTP/2 server push support
- About new state sharing and clustering support in NGINX Plus, with support for Sticky Learn session persistence
- How to integrate with Okta, OneLogin, and other identity providers to provide single sign on (SSO) for your applications
- How to initiate subrequests with the NGINX JavaScript module, new variables, and other great new enhancements in this release
https://www.nginx.com/resources/webinars/whats-new-nginx-plus-r15/
In this webinar we discuss new features in NGINX Plus R15, which includes support for gRPC, HTTP/2 Server Push, enhanced clustering, and OpenID Connect SSO integration.
Watch this webinar to learn:
- About new HTTP/2 enhancements: gRPC and HTTP/2 server push support
- About new state sharing and clustering support in NGINX Plus, with support for Sticky Learn session persistence
- How to integrate with Okta, OneLogin, and other identity providers to provide single sign on (SSO) for your applications
- How to initiate subrequests with the NGINX JavaScript module, new variables, and other great new enhancements in this release
https://www.nginx.com/resources/webinars/whats-new-nginx-plus-r15/
NGINX: HTTP/2 Server Push and gRPC – EMEANGINX, Inc.
We discuss new NGINX support for HTTP/2 server push and proxying gRPC traffic.
Join this webinar to learn:
- About NGINX HTTP/2 support
- How to use HTTP/2 server push with NGINX
- How to proxy gRPC traffic using NGINX
- How to configure both features, with live demonstrations
Platform as a Runtime - PaaR QCON 2024 - FinalAviran Mordo
In this talk, Aviran will describe how http://Wix.com is pushing this trend even further to build its own Platform as a Runtime (PaaR) infrastructure that allows developers to develop faster, better with higher quality. By allowing nano deployments of different modules into a “SingleRuntime” inside a robust internal platform that handles many of the non-functional concerns developers are facing on a daily basis.
Scaling Engineering by Hacking Conway’s Law - Geecon,2022Aviran Mordo
Working in a fast-growing company that doubles in size every year, maintaining the quality of products and engineers is a very challenging task. In this talk I will describe how Wix org structure evolved from functional teams to gangs, cross-functional teams responsible for end-to-end delivery; guilds, professional groups responsible for methodology, best practices, and training; and mini-companies that serve as internal startups to support rapid growth while maintaining velocity. Unlike many implementations of the Guild structure, at Wix the guilds are operational guilds that are involved in the day to day life of a developers throughout their journey at the company. I will also discuss how we poured our culture into a game-like “guild day”, that helps us maintain alignment, keep the high quality of our work and people, share knowledge, recruit and preserve the best developers, and support a quality-based culture of innovation.
Scaling your application servers is easy with microservices, but the actual scaling and operation challenge is the data. Your database is your bottleneck and the biggest scaling and availability concern. Working with a large scale distributed system entails many challenges in data processing.
How do you handle distributed transactions?
How to scale your data beyond a single data center and how to handle the eventual consistency state that you may cause by doing that?
How do you migrate data and database schemas without downtime?
And many more issues when the world of microservices and large scale meets databases.
In this talk we’ll try to answer this kind of questions, by exploring some patterns used by Wix.com, which operates hundreds of microservices and petabytes of data across multiple datacenters, as well as multiple clouds on a large scale. Hopefully you can adapt some of these patterns to better handle your data.
In few years, Wix grew from a small startup with traditional system architecture (based on a monolithic server) to a company that serves 100 million users. Aviran Mordo explains how Wix evolved from a monolithic system to microservices, using some interesting patterns like CQRS to build a blazing-fast, highly scalable, and highly available system.
Mircoservices, dev ops and Engineering best practices at Wix.comAviran Mordo
How Wix.com migrated from a monolith to microservices architecture, what was the effect on the company structure and how Wix built a top of the line engineering group
Working in a fast-growing company that doubles in size every year, maintaining the quality of products and engineers is a very challenging task.
In this talk I will describe how Wix corporate structure evolved from functional teams to gangs, cross-functional teams responsible for end-to-end delivery; guilds, professional groups responsible for methodology, best practices, and training; and mini-companies that serve as internal startups to support rapid growth while maintaining velocity. I will also discuss how we poured our culture into a game-like “guild day”, that helps us maintain alignment, keep the high quality of our work and people, share knowledge, recruit and preserve the best developers, and support a quality-based culture of innovation.
Scaling wix with microservices and multi cloud - 2015Aviran Mordo
Many small startups build their systems on top of a traditional toolset like Tomcat, Hibernate, and MySQL. These systems are used because they facilitate easy development and fast progress, but many of them are monolithic and have limited scalability. So as a startup grows, the team is confronted with the problem of how to evolve the system and make it scalable. Facing the same dilemma, Wix.com grew from 0 to 70 million users in just a few years. Facing some interesting challenges, like performance and availability. Traditional performance solutions, such as caching, would not help due to a very long tail problem which causes caching to be highly inefficient. And because every minute of downtime means customers lose money, the product needed to have near 100% availability. Solving these issues required some interesting and out-of-the-box thinking, and this talk will discuss some of these strategies: building a highly preformant, highly available and highly scalable system; and leveraging microservices architecture and multi-cloud platforms to help build a very efficient and cost-effective system.
Guide to continuous delivery and the journey wix.com had made transitioning to DevOps and continuous delivery culture making ~100 production changes daily
Advanced A/B Testing - Jax London 2015Aviran Mordo
How do you know what 60 millions users are like? Wix.com is conducting hundreds of experiments per month on production to understand, which features our users like and which hurt or improve our business. In this talk we’ll explain how the engineering team is supporting product managers in making the right decisions and getting our product road map on the right path. We will also present some of the open source tools we developed that help us experimenting our products on humans.
Scaling wix with microservices architecture jax london-2015Aviran Mordo
Many small startups build their systems on top of a traditional toolset. These systems are used because they facilitate easy development and fast progress, but many of them are monolithic and have limited scalability. As a startup grows, the team is confronted with the problem of how to evolve and scale the system.
Scaling wix with microservices architecture devoxx London 2015Aviran Mordo
Many small startups build their systems on top of a traditional toolset like Tomcat, Hibernate, and MySQL. These systems are used because they facilitate easy development and fast progress, but many of them are monolithic and have limited scalability. So as a startup grows, the team is confronted with the problem of how to evolve the system and make it scalable.
Facing the same dilemma, Wix.com grew from 0 to 60 million users in just a few years. Facing some interesting challenges, like performance and availability. Traditional performance solutions, such as caching, would not help due to a very long tail problem which causes caching to be highly inefficient. And because every minute of downtime means customers lose money, the product needed to have near 100% availability.
Solving these issues required some interesting and out-of-the-box thinking, and this talk will discuss some of these strategies: building a highly preformant, highly available and highly scalable system; and leveraging microservices architecture and multi-cloud platforms to help build a very efficient and cost-effective system.
How do you know what 60 millions users like? Wix.com is conducting hundreds of experiments per month on production to understand which features our users like and which hurt or improve our business. In this talk we’ll explain how the engineering team is supporting product managers in making the right decisions and getting our product road map on the right path. We will also present some of the open source tools we developed that help us experimenting our products on humans.
Wix.com back-end engineering guild activities and culture manifesto describes our guild activities and culture that support a highly innovative and renowned engineering group
Scaling Wix with microservices architecture and multi-cloud platforms - Reve...Aviran Mordo
In 6 years, Wix grew from a small startup with traditional system architecture (based on a monolithic server running on Tomcat, Hibernate, and MySQL) to a company that serves 60 million users. To keep up with this tremendous growth, Wix’s architecture had to evolve from a monolithic system to microservices, using some interesting patterns like CQRS to achieve our goal of building a blazing fast highly scalable and highly available system.
Experimenting on Humans - Advanced A/B Tests - QCon SF 2014Aviran Mordo
How do you know what 55 millions users like? Wix.com is conducting hundreds of experiments every month on production to understand which features our users like and which hurt or improve our business.
In this talk we’ll explain how our engineering team is supporting our product managers in making the right decisions and getting our product road map on the right path. We will also present some of the open source tools we developed that help us experimenting our products on humans.
While A/B test is a very known and familiar methodology for conducting experiments on production when you do that on a large scale by changing your system behavior every 9 minutes, it entails many challenges in the organization level from developers, product managers, QA, marketing and management.
In this talk we will explain what is the life-cycle of an experiment, some of the challenges we faced and the effect on our development process and product evolution.
Wix Architecture at Scale - QCon London 2014Aviran Mordo
In this talk I will go over Wix's architecture, how we evolved our system to be highly available even at the worst case scenarios when everything can break, how we built a self-healing eventual consistency system for website data distribution and will show some of the patterns we use that helps us render 45M websites while maintaining a relatively low number of servers.
Scaling r&d org while maintaining qualityAviran Mordo
As a fast growing company Wix R&D doubles every year. In this talk I will describe how we structured our R&D division, what we are doing to build and keep an "A" team of developers and our dev centric and quality based culture that supports innovation.
As a growing company Wix has tried many monitoring solutions some worked better than others. In this talk we will go over the lessons we learned at Wix about what to monitor and how to monitor production systems; when to trigger alerts and also when not to trigger alerts.
We will go over some of the tools we use and also some of the tools we built to help us sleep better at night while doing 400 deployments to production every month.
http://www.youtube.com/watch?v=OLPA2KOWJ8I
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
Introduction to HTTP protocol
1. Introduction to HTTP
Aviran Mordo
Head Of Back-End Engineering @ Wix
@aviranm
http://www.linkedin.com/in/aviran
http://www.aviransplace.com
2. Intro
• The Hyper Text Transfer Protocol (HTTP) is a client-server
network protocol
• In use by the World-Wide Web since 1990.
• It is based on Request – Response Paradigm.
3. HTTP Request Message
HTTP
Method
relative URL of the resource
or a full URL
HTTP
Version
GET /website/template/photography/
HTTP/1.1
Accept:*/*
Accept-Language: en-gb
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible;
MSIE 6.0)
Host: www.httpwatch.com
Connection: Keep-Alive
Head
ers
4. HTTP Response
Status
line
HTTP/1.1 200 OK
X-Seen-By: sputnik3.aus_dsp
X-Seen-By: s3.aus_pp
Date: Wed, 21 Aug 2013 09:02:49 GMT
Server: Apache
cache-control: max-age=604800
cache-control: no-cache
Pragma: no-cache
Set-Cookie: _wixAB2=5371#5567#2014-03-19T14-27-00.000-0500|15711#3472#2014-08-13T11-01-00.0000500|14841#8565#2014-07-23T09-16-00.000-0500|15551#935#2014-08-11T07-55-00.000-0500|15451#3523#2014-08-07T0755-00.000-0500|14451#3267#2014-07-14T09-23-00.000-0500|15941#4497#2014-08-15T15-39-00.0000500|14951#8608#2014-07-28T07-24-00.000-0500|15861#7296#2014-08-15T10-02-00.000-0500|12891#3395#2014-06-23T0734-00.000-0500|13501#6547#2014-07-01T12-46-00.000-0500|15361#2985#2014-08-05T13-30-00.000-0500;
Domain=.wix.com; Expires=Tue, 21-Aug-2018 14:06:39 GMT; Path=/
Set-Cookie: _wixCIDX=7e98f6cd-1c79-4661-9312-6f7aaeebf932; Domain=.wix.com; Expires=Mon, 17-Feb-2014 09:02:49 GMT;
Path=/
Set-Cookie: _wixUIDX=10647958|1a2c4034-469d-4f4d-bbd9-17deddaf67ec; Domain=.wix.com; Expires=Mon, 17-Feb-2014
09:02:49 GMT; Path=/
Vary: User-Agent,Accept-Encoding
Content-Language: en
Content-Encoding: gzip
double CRLF (carriage return, line feed)
Content-Length: 8162
Content-Type: text/html;charset=UTF-8
Expires: 0
Cache-Control: no-cache
Headers
contents of the requested resource
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/ns#" xmlns:fb="https://www.facebook.com/2008/fbml" >
<head>
<meta http-equ
5. Everything is an extendable convention
• You may create your own headers
• You may create your own methods
• You may not implement some methods
• You may not implement header logic
6. HTTP Methods
• GET method means retrieve whatever information. Is identified
by the Request-URI
• POST - used to send data to the server for updates.
• PUT - method requests that the enclosed entity be stored under
the supplied Request-URI.
• DELETE - requests that the origin server delete the resource
identified by the Request-URI.
• HEAD - identical to GET except that the server MUST NOT
return a message-body in the response.
• TRACE - llows the client to see what is being received at the
other end of the request chain and use that data for testing or
7. HTTP Headers
• Accept: text/plain; - specify certain media types which are acceptable for the response.
• Accept-Encoding: compress, gzip ;
• Accept-Language: da, en-gb;q=0.8, en;q=0.7 ;
• Cache-Control: max-age=0, must-revalidate
• Vary: User-Agent,Accept-Encoding
• ETag: "xyzzy"
• Set-Cookie: _wixAB2=15361#2985#2014-08-05T13-30-00.000-0500
• Access-Control-Allow-Origin: *
• X-Seen-By: sputnik3.aus_dsp
• X-Wix-Dispatcher-Cache-Hit: no
• X-Wix-Renderer-Server: apu2.aus.wixpress.com
• X-Wix-Not-Found-Reason: Meta Site was not found
8. HTTP Status Codes and Errors
• 1xx – Informational - intermediate response and indicates that the server
has received the request but has not finished processing it.
• 2xx – Successful: 200 OK
• 3xx – Redirection: 301-permanent, 302-temporary
• 4xx - Client Error: 400-bad request, 403-forbidden, 404-not found, 418
I'm a teapot
• 5xx - Server Error: 500 Internal Server Error, 503-Service
Unavailable,504-Gateway Timeout
9. Cookies
Servers supply cookies by populating the set-cookie
response header with the following details: Set-Cookie: name=value
Name Name of the cookie
Value Textual value to be held by the cookie
Expire Date/time when the cookie should be discarded by the browser.
s
If this field is empty the cookie expires at the end of the current browser session. This field can
also be used to delete a cookie by setting a date/time in the past.
Path Path below which the cookie should be supplied by the browser.
Domai Web site domain to which this cookie applies.
n
This will default to the current domain and attempts to set cookies on other domains are subject
to the privacy controls built into the browser.
10. Type of cookies - Terminology
• Session cookie - Web browsers normally delete session cookies when the user closes
the browser
• Persistent cookie - A persistent cookie will outlast user sessions – expires on a set
timestamp
• Secure cookie - A secure cookie has the secure attribute enabled and is only used via
HTTPS
• HttpOnly cookie - On a supported browser, only when transmitting HTTP (or HTTPS)
requests. Not accessible to Javascript.
• Third-party cookie - cookies that belong to domains different from the one shown in the
address bar.
Browsers send cookies via request header. Cookie: name=value; name2=value2
• Supercookie - cookie with an origin of a TLD(such as .com)
11. HTTP Caching
• Preventing Caching - Cache-Control: no-cache (HTTP 1.1);
Pragma: no-cache (HTTP 1.0)
• Last-Modified: Wed, 15 Sep 2004 12:00:00 GMT – Browser can
check the server for changes
• GET /images/logo.gif HTTP/1.1 Jan 2038 19:14:07 GMT - browser can reuse
Expires: Sun, 17
Accept: */*
the content without having to check the server
Referer: http://www.google.com/
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 23 Sep 2004 17:42:04 GMT
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)
Host: www.google.com
HTTP/1.1 304 Not Modified
Content-Type: text/html
Server: GWS/2.1
Content-Length: 0
Date: Thu, 04 Oct 2004 12:00:00 GMT
12. HTTP Methods
• GET - method is used to retrieve information from a specified
URI and is assumed to be a safe, have no side effects
repeatable operation by browsers, caches and other HTTP
aware components.
• GET can only supply data in the form of parameters encoded in the
URI (Query String) or as cookies. Therefore, GET cannot be used for
uploading files or other operations that require large amounts of data to
be sent to the server.
• POST method is used for operations that have side effects and
cannot be safely repeated.
• POST request message has a content body that is normally used to
send parameters and data. Unlike using the request URI or cookies,
there is no upper limit on the amount of data that can be sent
14. Redirection
• HTTP allows servers to redirect a client request to a different
location. Although, this will usually result in another network
30 round trip
Permanent redirect – Content move permanently at the location specified by the Location header
1 and future requests should be directed to this location.
30 Temporary Redirect - future requests should still be sent to the original location
2
30 This status code was intended to be the only status code that caused a POST to be converted to a
3 GET. However, most browsers treat a 302 like a 303.
30 Not modified - Used in response to an If-Modified header to redirect a request to the browser's local
4HTTP/1.1 302 Found
cache.
Cache-Control: private,Public
Content-Length: 162
Content-Type: text/html; charset=utf-8
Location: /httpgallery/redirection/default.aspx#example
Set-Cookie: balance=990; path=/httpgallery/redirection/
15. HTTPS
• The Secure Sockets Layer (SSL) was designed to encrypt any
TCP/IP based network traffic and provide the following
capabilities
• Prevents eavesdropping
• Prevents tampering or replaying of messages
• Uses certificates to authenticate servers and optionally clients
• The HTTPS protocol is the same text based protocol as HTTP
but is run over an encrypted SSL session.
16. AJAX
XML
- Asynchronous JavaScript And
• AJAX is a technology used by interactive web applications to
make HTTP requests to a server without causing page
transitions.
• Requests have to go to the same domain as the page
<script type="text/javascript">
function GetShoppingList()
{
// Create an instance of the HTTP request object
var xmlHttp = new XMLHttpRequest();
// Specify HTTP GET by default and supply the relative url
xmlHttp.open("GET", "getlist.aspx", false);
// Start a synchronous AJAX request and wait for the response
xmlHttp.send(null);
var targetNode = document.getElementById("divShoppingList")
;
// Use the HTML returned from server to create list
targetNode.innerHTML = xmlHttp.responseText;
}
17. Cross-origin resource sharing (CORS)
• Allows JavaScript on a web page to make XMLHttpRequests to
another domain
• "preflighted" requests first send an HTTP OPTIONS method
OPTIONS /resources/post-here/ HTTP/1.1 on the other domain, to determine if the
request to the resource
Host: bar.other
request is safe to send.
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1b3pre) Gecko/20081130
Minefield/3.1b3pre
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Connection: keep-alive
Origin: http://foo.example
Access-Control-Request-Method: POST
Access-Control-Request-Headers: X-PINGOTHER
HTTP/1.1 200 OK
Date: Mon, 01 Dec 2008 01:15:39 GMT
Access-Control-Allow-Origin: http://foo.example
Access-Control-Allow-Methods: POST, GET, OPTIONS
Access-Control-Allow-Headers: X-PINGOTHER
Access-Control-Max-Age: 1728000
POST /resources/post-here/ HTTP/1.1
Host: bar.other
…
18. JSONP - "JSON with padding"
• Provides a method to request data from a server in a different
domain
• JSONP has nothing to do with Ajax, since it does not use
XMLHttpRequest. Instead it dynamically inserts
Step 1 - You need to create a callback function. The function accepts
some data.
function w3r_callback(data){
console.log(data);
}
Step 2 - Include a script in your web page which contains the callback
function created a step 1 as a parameter
<script src="http://www.example.com?q=w3r_callback"><script>
Step 3 - It outputs a script which calls the function
and requested data is passed
w3r_callback({
"FirstName" : "xyz",
"LastName" : "abc",
"Grade" : "A"
}
);