HTTP Hyper Text Transfer Protocol Part 2 1

HTTP – Hyper. Text Transfer Protocol Part 2 1

HTTP Responses 2

The Format of a Response version header sp status code sp : value cr phrase cr lf lf status line headers lines header cr lf : value cr lf Entity Body 3

The Initial Line of a Response • The initial line of a response is also called the status line • The initial line consists of – HTTP version – response status code – reason phrase that describes the status code 4

Response Example HTTP/1. 0 200 OK Date: Fri, 31 Dec 1999 23: 59 GMT Content-Type: text/html Content-Length: 1354 <html> <body> <h 1>Hello World</h 1> (more file contents). . . </body> </html> 5

Response Example version status code reason phrase HTTP/1. 0 200 OK Date: Fri, 31 Dec 1999 23: 59 GMT Content-Type: text/html Content-Length: 1354 <html> <body> <h 1>Hello World</h 1> (more file contents). . . </body> </html> headers message body 6

Status Codes in Responses 7

Status Codes in Responses • The status code is a three-digit integer, and the first digit identifies the general category of response: – – 1 xx 2 xx 3 xx 4 xx indicates an informational message indicates success of some kind redirects the client to another URL indicates an error on the client's part • Yes, the system blames it on the client if a resource is not found (i. e. , 404) – 5 xx indicates an error on the server's part 8

Status Codes 1 xx • The 100 (Continue) Status – Allows a client to determine if the Server is willing to accept the request (based on the request headers) before the client sends the request body – The client’s request must have the header Expect: 100 (Continue) What is it good for? 9

Status Codes 2 xx Status codes 2 xx – Success • The action was successfully received, understood, and accepted • Usually upon success a status code 200 and a message OK are sent • This is the default 10

More 2 xx Codes • 201 (Created) – Location header gives the URL • 202 (Accepted) – Processing is not yet complete • 204 (No Content) – Browser should keep displaying previous document 11

More 2 xx Codes • 205 (Reset Content) – No new document, but the browser should reset the document view – It is used to force browsers to clear fields of forms – New in HTTP 1. 1 12

Status Codes 3 xx Status codes 3 xx – Redirection • Further action must be taken in order to complete the request • The client is redirected to get the resource from another URL 13

More 3 xx Codes • 301 – Moved Permanently – The new URL is given in the Location header – Browsers should automatically follow the link to the new URL • 302 – Moved Temporarily – In HTTP 1. 1 “Found” instead of “Moved Temporarily” • But “Moved Temporarily” is still used – Similar to 301, except that the URL given in the Location header is temporary – Most browsers treat 301 and 302 in the same way 14

More 3 xx Codes • 303 – See Other – Similar to 301 and 302, except that if the original request was POST, the new document (given in the Location header) should be retrieved with GET – New in HTTP 1. 1 15

More 3 xx Codes 304 – Not Modified – This is a response to the If-Modified-Since request header – If the page has been modified, then it should be returned with a 200 (OK) status code 16

More 3 xx Codes 307 – Temporary Redirect – New URL is given in the Location header – Only GET but not POST requests should follow the new URL – In 303 (See Other), both GET and POST requests follow the new URL – New in HTTP 1. 1 17

Status Codes 4 xx Status codes 4 xx – Client error • The request contains bad syntax or cannot be fulfilled 404 File not found 18

4 xx Codes • 400 – Bad Request – Syntax error in the request • 401 – Unauthorized • 403 – Forbidden – “permission denied” to the server to access the page • 404 – Not Found • Turn off “Show friendly HTTP error messages” in Internet Explorer (Internet Options Advanced) 19

More 4 xx Codes (All New in HTTP 1. 1) • • 405 410 411 413 – – Method Not Allowed Gone Length Required Request Entity Too Large – Server may include a Retry-After response header 20

More 4 xx Codes (All New in HTTP 1. 1) • 414 – Request URI Too Long • 415 – Unsupported Media Type • 417 – Expectation Failed – It the server receives an Expect request header with a value of 100 (Continue), it means that the client is asking if it can send an attached document in a follow-up request – The server should respond with either 417 or 100 (Continue) 21

Status Codes 5 xx Status codes 5 xx – Server error • The server failed to fulfill an apparently valid request For example, 502 Bad gateway 22

5 xx Codes • • 500 501 502 503 – – Internal Server Error Not Implemented Bad Gateway Service Unavailable – The response may include a Retry-After header to indicate when the client might try again • 505 – HTTP Version Not Supported – New in HTTP 1. 1 23

Response Headers 24

The Purposes of Response Headers • • Give forwarding location Specify cookies Supply the page modification date Instruct the browser to reload the page after a designated interval • Give the document size so that persistent (keep -alive) connection can be used • Designate the type of document being generated • Etc. 25

Allow Response Header • It specifies the request methods (GET, POST, etc. ) that are allowed for the requested URL • It is required for 405 (Method Not Allowed) responses • The default service method of servlets automatically generates this header for OPTIONS requests 26

Cache-Control (1. 1) and Pragma (1. 0) Response Header • A no-cache value prevents proxies and browsers from caching the page • More on this header later, when we will talk about caching • Don’t use the Pragma header in responses – The meaning of “Pragma: no-cache” is only specified for requests • A safer approach is to use both the Pragma header and the Cache-Control header with the no-cache value 27

Connection Response Header • A value of close instructs the client not to use persistent HTTP connections • In HTTP 1. 1, persistent connections are the default 28

Content Response Headers • Content-Encoding – It indicates how the page was encoded • Content-Language – It gives the language in which the page is written • The value should be one of the standard language codes, e. g. , en-us, da 29

Content-Length Response Header • It specifies the number of bytes in the response • It is needed only if a persistent (keepalive) connection is used 30

Content-Type Response Header • It gives the MIME (Multipurpose Internet Mail Extension) type of the response document • MIME types are of the form: – maintype/subtype for officially registered types – maintype/x-subtype for unregistered types • Examples: text/html, image/jpeg, application/x-gzip 31

Expires Response Header • It gives the time at which the document should be considered out-of-date and thus should no longer be cached • It can be used, for example, if the document is valid only for a short time • To achieve the desired effect, some other Cache-Control headers must also be used 32

Last-Modified Response Header • This header gives the time when the document was last changed • The date that is given in the Last-Modified response header can be used in later requests in the If-Modified-Since request header • When using servlets, don’t set this header explicitly; implement a get. Last. Modified method instead 33

Location Response Header • This header should be included in all responses that have a 3 xx status code • The browser automatically retrieves the document from the new location that is given as the value of this header 34

Refresh Response Header • The number of seconds until the browser should reload the page • Can also include the URL of a document that should be loaded (instead of the original document) • This header is not part of HTTP 1. 1 but is an extension supported by Netscape and Internet Explorer 35

Retry-After Response Header • This header can be used in conjunction with a 503 (Service Unavailable) response to tell the client how soon it can repeat its request 36

Set-Cookie Response Header • This header specifies a cookie associated with the page; it has several fields: Set-Cookie: name=value; expires= value; path= value; domain= value; secure • Each cookie requires a separate header • Servlets should use the special-purpose add. Cookie method of Http. Servlet. Repsonse instead of setting the value of this header directly • This header is not part of HTTP 1. 1 but is widely supported 37

WWW-Authenticate Response Header • This header is always included with a 401 (Unauthorized) status code • It gives the authentication scheme(s) and parameters applicable to the URL that was requested 38

Server Response Header • Indicates the name of the vendor of the HTTP server 39

Meta HTTP-EQUIV Tags 40

Meta HTTP-EQUIV Tags • The browser interprets these tags as if they were headers in the HTTP response • For example <META HTTP-EQUIV=“Refresh” CONTENT=“ 5; URL=http: //host/path/”> • If the value is 0 (instead of 5) and there is no URL parameter, the same page is continuously refreshed, causing the Back button to stop working 41

Meta HTTP-EQUIV Tags Are Only Read by Browsers • Meta HTTP-EQUIV tags are interpreted by browsers • Proxies usually don’t read the HTML documents – they only read the headers of the HTTP requests and responses • Therefore, Cache-Control headers in META HTTP-EQUIV tags actually apply only to the browser’s cache 42

Manually Experimenting with HTTP 43

Manually Experimenting with HTTP >host www. cs. huji. ac. il is a nickname for vafla. cs. huji. ac. il has address 132. 65. 80. 39 vafla. cs. huji. as. il mail is handled (pri=10) by cs. huji. ac. il >telnet www. cs. huji. ac. il 80 Trying 132. 65. 80. 39… Connected to vafla. cs. huji. ac. il. Escape character is ‘^]’. 44

Sending a Request >GET /~dbi/index. html HTTP/1. 0 [blank line] 45

The Response HTTP/1. 1 200 OK Date: Sun, 11 Mar 2001 21: 42: 15 GMT Server: Apache/1. 3. 9 (Unix) Last-Modified: Sun, 25 Feb 2001 21: 42: 15 GMT Content-Length: 479 Content-Type: text/html <html> (html code …) </html> 46

GET /~dbi/index. html HTTP/1. 0 HTTP/1. 1 200 OK HTML code 47

GET /~dbi/no-such-page. html HTTP/1. 0 HTTP/1. 1 404 Not Found HTML code 48

GET /index. html HTTP/1. 1 400 Bad Request HTML code Why is it a Bad Request? HTTP/1. 1 without Host Header 49