How browsers talk to servers. What does this do?

Similar documents
HTTP Protocol and Server-Side Basics

Introduction to HTML5

HTTP (HyperText Transfer Protocol)

Vebra Search Integration Guide

New Media Production HTML5

CSCI-1680 WWW Rodrigo Fonseca

Lecture 7b: HTTP. Feb. 24, Internet and Intranet Protocols and Applications

LAMP, WEB ARCHITECTURE, AND HTTP

CSCI-1680 WWW Rodrigo Fonseca

HTML 5 Form Processing

CITS1231 Web Technologies. PHP s, Cookies and Session Control

The HTTP Protocol HTTP

Chapter 9. Managing State Information. Understanding State Information (continued) Understanding State Information 10/29/2011.

Lecture 7: Dates/Times & Sessions. CS 383 Web Development II Wednesday, February 14, 2018

Lecture 6: Web Security CS /17/2017

COSC 2206 Internet Tools. The HTTP Protocol

Micronet International College

Loops/Confirm Tutorial:

You can also set the expiration time of the cookie in another way. It may be easier than using seconds.

CSE 154 LECTURE 21: COOKIES

CSE 154 LECTURE 21: COOKIES

Chapter 4 Sending Data to Your Application

WEB APPLICATION ENGINEERING II

Migration Tool. User Guide. SHOPIFY to MAGENTO. Copyright 2014 LitExtension.com. All Rights Reserved.

COMPUTER NETWORKS AND COMMUNICATION PROTOCOLS. Web Access: HTTP Mehmet KORKMAZ

Applications & Application-Layer Protocols: The Web & HTTP

World Wide Web, etc.

WIRIS quizzes web services Getting started with PHP and Java

GIMP WEB 2.0 MENUS. Before we begin this tutorial let s visually compare a standard navigation bar and a web 2.0 navigation bar.

WEB TECHNOLOGIES CHAPTER 1

Design Project. i385f Special Topics in Information Architecture Instructor: Don Turnbull. Elias Tzoc

The HTTP protocol. Fulvio Corno, Dario Bonino. 08/10/09 http 1

Produced by. Mobile Application Development. Higher Diploma in Science in Computer Science. Eamonn de Leastar

EDA095 HTTP. Pierre Nugues. March 30, Lund University

How to work with HTTP requests and responses

Chapter 7:- PHP. Compiled By:- Sanjay Patel Assistant Professor, SVBIT.

Server-Side Web Programming: Python (Part 1) Copyright 2017 by Robert M. Dondero, Ph.D. Princeton University

Session 8. Introduction to Servlets. Semester Project

Browser behavior can be quite complex, using more HTTP features than the basic exchange, this trace will show us how much gets transferred.

MAGENTO Migration Tools

Internet Architecture. Web Programming - 2 (Ref: Chapter 2) IP Software. IP Addressing. TCP/IP Basics. Client Server Basics. URL and MIME Types HTTP

What is XHTML? XHTML is the language used to create and organize a web page:

Introduction. Server-side Techniques. Introduction. 2 modes in the PHP processor:

Implementing a chat button on TECHNICAL PAPER

Using Active Directory Certificate Services. Copyright 2016 Hewlett Packard Enterprise Development LP

CS 355. Computer Networking. Wei Lu, Ph.D., P.Eng.

Web Programming 4) PHP and the Web

Alpha College of Engineering and Technology. Question Bank


First, create a web page with a submit button on it (remember from creating forms in html?):

CSCI 1100L: Topics in Computing Spring 2018 Web Page Project 50 points

Schenker AB. Interface documentation Map integration

Notes beforehand... For more details: See the (online) presentation program.

If you re serious about Cookie Stuffing, take a look at Cookie Stuffing Script.

Scalable applications with HTTP

CNIT 129S: Securing Web Applications. Ch 3: Web Application Technologies

Introduction to HTTP. Jonathan Sillito

Qualys Cloud Platform v2.x API Release Notes

HTML Overview. With an emphasis on XHTML

Apple URL Scheme Reference

Copyright 2011 Sakun Sharma

HTML Summary. All of the following are containers. Structure. Italics Bold. Line Break. Horizontal Rule. Non-break (hard) space.

EEC-682/782 Computer Networks I

django-sekizai Documentation

HTTP Console Documentation

Database Systems Fundamentals

INF5750. RESTful Web Services

More cool scripts: Slide Show: What the settimeout() function does:

Yandex.Widgets Quick start

User authentication, passwords

introduction to XHTML

ValuePRO Tutorial Internet Explorer 8 Configuration

HTTP Review. Carey Williamson Department of Computer Science University of Calgary

Best Practices for developing REST API using PHP

Web Development & Design Foundations with XHTML. Chapter 2 Key Concepts

Information Network Systems The application layer. Stephan Sigg

Session 8. Reading and Reference. en.wikipedia.org/wiki/list_of_http_headers. en.wikipedia.org/wiki/http_status_codes

Enter Grade Report. No Place Like Gilbert Duenas. California State University San Marcos. Johnny Koons. CS 441 Software Engineering

CS 43: Computer Networks. HTTP September 10, 2018

Outline. Computer Center, CS, NCTU. Web hosting. Proxy. Basics Client-Server architecture HTTP protocol Static vs. dynamic pages Virtual hosts

Discovery Service Infrastructure for Test- bädden

3 Categories and Attributes

PIC 40A. Lecture 19: PHP Form handling, session variables and regular expressions. Copyright 2011 Jukka Virtanen UCLA 1 05/25/12

Hypertext Transport Protocol

Table of contents. DMXzoneUniformManual DMXzone

World-Wide Web Protocols CS 571 Fall Kenneth L. Calvert All rights reserved

INTERNET ENGINEERING. HTTP Protocol. Sadegh Aliakbary

REST Easy with Infrared360

Arc en Ciel Ltd. Gazetteer Webservice FactSheet

Kerberos and Single Sign On with HTTP

Building Your Blog Audience. Elise Bauer & Vanessa Fox BlogHer Conference Chicago July 27, 2007

An Introduction To HTML5

Application Level Protocols

CMPE 151: Network Administration. Servers

zend. Number: Passing Score: 800 Time Limit: 120 min.

Web Security. Jace Baker, Nick Ramos, Hugo Espiritu, Andrew Le

How to test and debug a PHP project In particular, proj2

pages Jason Chambers AJUG February 2005

Web Application Development (WAD) V th Sem BBAITM(Unit-1) By: Binit Patel

jquery Basic HTTP communication

Transcription:

HTTP HEADERS How browsers talk to servers This is more of an outline than a tutorial. I wanted to give our web team a quick overview of what headers are and what they mean for client-server communication. Mainly, what HTTP headers mean for cookies and for other information that they see when they re programming on web pages. It s unlikely I ll ever do this tutorial again, so this document is probably more useful as a starting point for giving a tutorial, rather than as a standalone tutorial. What does this do? <? setcookie('greeting', 'yes');?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/tr/ xhtml1/dtd/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>mimsy Were the Borogoves</title> <meta http-equiv="content-type" content="text/html;charset=utf-8" /> <meta name="description" content="hello, World." /> </head> <body> <h1>world</h1> </body> </html> <?IF ($_COOKIE['greeting'] == 'yes'):?> <p>world, say hello.</p> <?ELSE:?> <p>please go away.</p> <?ENDIF;?> What will this page display? The answer has to do with HTTP headers and the way that browsers and servers communicate with each other.

Examining headers curl curl --head URL HTTP Client For looking at what the browser sends as well as what the server returns. http://ditchnet.org/httpclient/ Common headers Headers always look like Some-Name: some value. Content-Type Date User-Agent Last-Modified Cache-Control Cookies Both the client and the server send headers. Among the headers that clients send are cookies, in the Cookie: header. Setting cookies doesn t make them available in the script you set them in, because cookies are headers. The headers have already been sent.

Trusting headers Headers from clients can t be trusted; you can t trust User-Agent, Date, HTTP-Referer, or anything else that the client sends (just look at the options in curl and HTTP Client: they can be faked easily). Manipulating headers The header() function in PHP lets you manipulate headers, and this is most commonly how we do it when we need to set headers inside of a PHP script. Browsers give us a way of manipulating the headers they re storing for the page, in the HEAD of a web document. We use it to set the character set of our newer web pages: <meta http-equiv="content-type" content="text/html; charset=utf-8" /> This tells the browser to replace whatever it has for the Content-Type header and replace it with text/html; charset=utf-8. Finally, you can also manipulate headers in the.htaccess file of Apache servers. You can add or change them directly with the header directive. There are also directives for commonlymanipulated headers such as Content-Type (AddType) and Location (Redirect, RedirectPermanent, RedirectMatch). AddType 'text/html; charset=utf-8'.html RedirectPermanent /as/ http://www.example.com/antstorm/ Header set Content-Type "text/html; charset=utf-8" Header add Timing "Hello Joe. It took %D microseconds for Apache to serve this request." Header unset Location For more information, see these pages: http://php.net/manual/function.header http://www.w3schools.com/tags/att_meta_http_equiv.asp http://httpd.apache.org/docs/2.2/mod/mod_headers.html http://httpd.apache.org/docs/2.2/mod/mod_alias.html http://httpd.apache.org/docs/2.2/mod/mod_mime.html Redirects One of the most common manipulations is to redirect the visitor to another page. You might want to force them to always use the secure version of a page, or you might want to create a single, simple redirect page that redirects different types of visitors to different pages.

header("location: http://my.example.com/really/long/oracle.db/style.aspx/url/ AS5SK689HG ); Downloads We ve already looked at one header manipulation: the downloads class sends headers that cause the browser to download the file instead of display it. header('content-type: audio/mpeg'); header('content-disposition: attachment; filename="complicated Man.mp3"'); What is a content type? The Internet uses MIME types to identify a type of file, so that the visitor s operating system can know what applications are able to open it. You can see more about MIME types at: http://www.w3schools.com/media/media_mimeref.asp http://en.wikipedia.org/wiki/internet_media_type MIME types are used by e-mail (just as most headers are) as well as web servers. Host On the client end: Host: www.hoboes.com Host: hoboes.com Host: www.godsmonsters.com Asking for http://www.hoboes.com/ is just like asking for http://216.92.252.156/; the client adds Host: www.hoboes.com (or www.godsmonsters.com) to let the server know which hostname is being requested. Before HTTP/1.1, every hostname had to have its own IP address. In HTTP Client, you can set Host to each of the above examples and get a different page back each time. The IP address is the same in each case; the server looks at the Host header to see which hostname the browser wants to see. Filling out forms, getting a cookie In this part of the tutorial, we will log in to a remote server by sending the headers and body that get sent when a visitor fills out a form and submits it. We will then take the cookie that the remote server sends to the client on a successful login and use that cookie to maintain the session. curl --form user=username --form password="password" https://www.example.com/ login/ --trace-ascii -

Look for the Set-Cookie: header from the server. Copy it out and use it in HTTP Client. Cookie: cookie=value Cookie: ExampleKey=79202038fea9608456ad6aa363173dea In HTTP Client, send this body to http://www.example.com/login/: with user=username&password=password Content-Type: application/x-www-form-urlencoded to see the cookie and cookie value. Then, look for the Set-Cookie header and use that cookie to enter the page. If the password contains special characters, they may need to be encoded. For example, an ampersand will need to be %26, and an apostrophe %27. Response codes Code 200 301 303 307 403 404 418 503 Meaning Success Moved permanently See other Temporary redirect Forbidden Page not found I m a teapot Service unavailable See http://en.wikipedia.org/wiki/list_of_http_status_codes for more information. Response codes are sent as part of the very first header, usually HTTP/1.1 XXX Status Name, for example, HTTP/1.1 503 Service Unavailable. Common PHP Header Functions header() http://php.net/manual/function.header

The basic header function lets you send any header you want to the client. You can send any Header: value, and you can also set the return code: header("http/1.1 404 Not Found"); header($_server["server_protocol"]." 404 Not Found"); However, it makes it easier to set the response code. This is especially useful for redirects: header("location: http://www.example.com/new/location/", true, 301); setcookie() This lets you send cookies to the client without knowing the format for the Set-Cookie header. setcookie("testcookie", $value); setcookie("testcookie", $value, time()+3600); /* expire in 1 hour */ setcookie("testcookie", $value, time()+3600, "/~rasmus/", ".example.com", 1); apache_request_headers() This provides all of the headers that the client sent, as an associative array. headers_sent() This returns true or false, depending on whether or not headers have already been sent to the client. Necessary tutorial files HTTP Client curl

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback