1.3. HTTP

1.3.1. Recap

  • DNS

  • /etc/hosts

1.3.2. Tooling

  • Web Inspector

  • curl

  • wget

1.3.3. HTTP Protocol

  • Stateless

  • Text protocol

  • HTTP and HTTPS

  • HTTP/1.1 vs. HTTP/2.0

  • URI vs URL

1.3.4. Status Code

Table 1.4. Http Response Codes

Status

Name

Description

200

OK

201

Created

301

Moved Permanently

400

Bad Request

403

Forbidden

404

File not Found

500

Internal Server Error

1.3.6. q=... parameters

Accept-Language: en-US,en;q=0.9,pl;q=0.8

1.3.7. Request

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9,pl;q=0.8
Cache-Control: max-age=0
Connection: keep-alive
Cookie: _ga=GA1.2.1711323714.1523218102; csrftoken=CwTmac4VUT7FcyFAEKkIXWCxQurIZVbU
DNT: 1
Host: python3.info
If-Modified-Since: Wed, 13 Jun 2018 00:15:11 GMT
If-None-Match: W/"5b20620f-60e2"
Referer: https://python3.info/django/django-apps.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36

1.3.8. Response

Connection: keep-alive
Date: Wed, 13 Jun 2018 07:21:58 GMT
ETag: "5b20620f-60e2"
Last-Modified: Wed, 13 Jun 2018 00:15:11 GMT
Server: nginx/1.10.3 (Ubuntu)
X-Cname-TryFiles: True
X-Deity: web01
X-Served: Nginx

1.3.9. Sessions

  • Database

  • Cache

  • Files

  • Memory

1.3.10. Cookies

  • EU cookies regulation from 2009

1.3.11. HTTP Methods

Table 1.5. Http Response Codes

GET

POST

PUT

PATCH

DELETE

HEAD

OPTIONS

TRACE

1.3.12. GET vs POST

  • ?argument1=value&argument2=value

  • single argument

  • multiple arguments

  • arrays

  • files

  • multipart

  • security

1.3.13. POST vs. PUT

1.3.14. POST and CSRF

  • csrf_token

1.3.15. PATCH?!

1.3.16. OPTIONS and CORS

http_method_names = ['get', 'post', 'options']

def options(self, request, *args, **kwargs):
    response = HttpResponse(status=200)
    response['Access-Control-Allow-Origin'] = '*'
    response['Access-Control-Allow-Methods'] = ', '.join(http_method_names).upper()
    response['Access-Control-Allow-Headers'] = 'Content-Type'
    return response

1.3.17. HTML + JS + CSS