HTTP Basics

http_basic.md

HTTP

HTTP is a protocol which allows the fetching of resources, such as HTML documents. It is the foundation of any data exchange on the Web and a client-server protocol, which means requests are initiated by the recipient, usually the Web browser. A complete document is reconstructed from the different sub-documents fetched, for instance text, layout description, images, videos, scripts, and more. It functions mainly as a request-response cycle between a client and a server. A client makes a request and a server responds. HTTP is a plain text protocol, which means that messages sent using HTTP. HTTP itself is a stateless protocol. There's no record of previous interactions, and each interaction is processed with only with the information that comes with that particular interaction.

HTTP (note: no "s" on the end) data is not encrypted, and it can be intercepted by third parties to gather data being passed between the two systems.

HTTPS

'S' at the end stands for Secure

HTTPS creates a secure channel over an insecure network. This ensures reasonable protection from eavesdroppers and man-in-the-middle attacks, provided that adequate cipher suites are used and that the server certificate is verified and trusted.

HTTP Methods (GET and Post)

GET Requests data from a specified resource

In a get request, additional data related to your requested resource is passed as a query string in the URI. You'll send the data in query string format by appending it to the URI, starting with a question mark.

• GET requests can be cached
• GET requests remain in the browser history
• GET requests can be bookmarked
• GET requests should never be used when dealing with sensitive data
• GET requests have length restrictions
• GET requests should be used only to retrieve data

POST Submits data to be processed to a specified resource

POST requests lead to a change on the server and a change to the resource listed in the URI of the request.

• POST requests are never cached
• POST requests do not remain in the browser history
• POST requests cannot be bookmarked
• POST requests have no restrictions on data length

HTTP Status Code

http://www.restapitutorial.com/httpstatuscodes.html

• 1xx Informational
• 2xx Success
• 3xx Redirection
• 4xx Client Error
• 5xx Server Error

What http action happens when reloading a page

Data will be re-submitted (the browser should alert the user that the data are about to be re-submitted)

Browser requests from the address bar can only be GET
But forms and JavaScript can use POST
JavaScript can send any kind of request
An actually HTTP request is made up of many parts. the GET/POST/PUT/PATCH/DELETE is called the HTTP METHOD or HTTP VERB

When reload button is pressed on UI, it sends the last request
If the last request was a GET it does that
if the last request was a POST it does that
What the reload actually does is just replay the previous request, whatever it was.
So if the last request was a form POST then it will reattempt the form POST

URI
Uniform Resource Identifier (URI) is a string of characters used to identify a resource.

Such identification enables interaction with representations of the resource over a network, typically the World Wide Web, using specific protocols. Schemes specifying a concrete syntax and associated protocols define each URI. The most common form of URI is the Uniform Resource Locator (URL), frequently referred to informally as a web address. More rarely seen in usage is the Uniform Resource Name (URN), which was designed to complement URLs by providing a mechanism for the identification of resources in particular namespaces.

Payload
In computing and telecommunications, the payload is the part of transmitted data that is the actual intended message. Headers and metadata are sent only to enable payload delivery.

In the context of a computer virus or worm, the payload is the portion of the malware which performs malicious action.