HTTP GET vs POST SE-2840 Dr. Mark L. Hornick.

Slides:



Advertisements
Similar presentations
23-Aug-14 HTML/XHTML Forms. 2 What are forms? is just another kind of XHTML/HTML tag Forms are used to create (rather primitive) GUIs on Web pages Usually.
Advertisements

24-Aug-14 HTML Forms. 2 What are forms? is just another kind of HTML tag HTML forms are used to create (rather primitive) GUIs on Web pages Usually the.
CGI & HTML forms CGI Common Gateway Interface  A web server is only a pipe between user-agents  and content – it does not generate content.
Lecture 6/2/12. Forms and PHP The PHP $_GET and $_POST variables are used to retrieve information from forms, like user input When dealing with HTML forms.
Video, audio, embed, iframe, HTML Form
SE-2840 Dr. Mark L. Hornick 1 HTML input elements and forms.
Session 2 Tables and forms in HTML Adapted by Sophie Peter from original document by Charlie Foulkes.
CGI Programming: Part 1. What is CGI? CGI = Common Gateway Interface Provides a standardized way for web browsers to: –Call programs on a server. –Pass.
PHP Forms. I. Using PHP with HTML Forms A very common application of PHP is to have an HTML form gather information from a website's visitor and then.
Forms. Form An HTML form is a section of a document containing normal content, special elements called controls (checkboxes, radio buttons, buttons, etc.),
SE-2840 Dr. Mark L. Hornick1 Java Servlet-based web apps Servlet Architecture.
HTML F ORMS. F ORMS HTML forms are used to pass data to a server. An HTML form can contain input elements like text fields, checkboxes, radio-buttons,
Form Handling, Validation and Functions. Form Handling Forms are a graphical user interfaces (GUIs) that enables the interaction between users and servers.
PHP Tutorials 02 Olarik Surinta Management Information System Faculty of Informatics.
Advance Database Management Systems Lab no. 5 PHP Web Pages.
Reading Data in Web Pages tMyn1 Reading Data in Web Pages A very common application of PHP is to have an HTML form gather information from a website's.
PHP Forms and User Input The PHP $_GET and $_POST variables are used to retrieve information from forms, like user input.
1 Creating Web Forms in HTML Web forms collect information from customers Web forms include different control elements including: –Input boxes –Selection.
Web application architecture
CSC 2720 Building Web Applications HTML Forms. Introduction  HTML forms are used to collect user input.  The collected input is typically sent to a.
Forms and Server Side Includes. What are Forms? Forms are used to get user input We’ve all used them before. For example, ever had to sign up for courses.
LOGO FORMs in HTML CHAPTER 5 Eastern Mediterranean University School of Computing and Technology Department of Information Technology ITEC229 Client-Side.
1 © Netskills Quality Internet Training, University of Newcastle HTML Forms © Netskills, Quality Internet Training, University of Newcastle Netskills is.
HTML FORMS GET/POST METHODS. HTML FORMS HTML Forms HTML forms are used to pass data to a server. A form can contain input elements like text fields, checkboxes,
XHTML & Forms. PHP and the WWW PHP and HTML forms – Forms are the main way users can interact with your PHP scrip Typical usage of the form tag in HTML.
Creating Web Page Forms. Introducing Web Forms Web forms collect information from users Web forms include different control elements including: –Input.
Forms Collecting Data CSS Class 5. Forms Create a form Add text box Add labels Add check boxes and radio buttons Build a drop-down list Group drop-down.
Web Technologies Lecture 3 Web forms. HTML5 forms A component of a webpage that has form controls – Text fields – Buttons – Checkboxes – Range controls.
1 HTML forms (cont.)
©SoftMooreSlide 1 Introduction to HTML: Forms ©SoftMooreSlide 2 Forms Forms provide a simple mechanism for collecting user data and submitting it to.
HTML Forms. A form is simply an area that can contain form fields. Form fields are objects that allow the visitor to enter information - for example text.
1 HTML Forms. Objectives You will be able to: Compose HTML forms, to accept input from the user. Identify the different kinds of input tags that can appear.
1 HTML forms (cont.)
Internet & World Wide Web How to Program, 5/e Copyright © Pearson, Inc All Rights Reserved.
Lesson 5 Introduction to HTML Forms. Lesson 5 Forms A form is an area that can contain form elements. Form elements are elements that allow the user to.
HTML Structure II (Form) WEEK 2.2. Contents Table Form.
Unit 4 Working with data. Form Element HTML forms are used to pass data to a server. A form can contain input elements like text fields, checkboxes, radio-buttons,
FORMS Explained By: Jasdeep Kaur. Lecturer, Department of Computer Application, PGG.C.G., Sector: 42, Chandigarh.
2440: 141 Web Site Administration Web Forms Instructor: Joseph Nattey.
Tutorial 6 Working with Web Forms
How to Write Web Forms By Mimi Opkins.
Data Virtualization Tutorial… CORS and CIS
CIIT-Human Computer Interaction-CSC456-Fall-2015-Mr
Play Framework: Introduction
FORMS Explained By: Sarbjit Kaur.
Basic XHTML Tables XHTML tables—a frequently used feature that organizes data into rows and columns. Tables are defined with the table element. Table.
Cross-Site Forgery
PHP FORM HANDLING Post Method
HTML/XHTML Forms 18-Sep-18.
Validation and Building Small Apps
MIT GSL 2018 week 1 | day 4 Introduction to Web Development II.
Introducing Forms.
HTML Forms and User Input
HTML: Basic Tags & Form Tags
CGI Programming Part II UNIX Security
Client side & Server side scripting
Asynchronous Javascript And XML
Forms, cont’d.
Web Server Design Week 15 Old Dominion University
Creating Forms on a Web Page
Lecture 5: Functions and Parameters
HTML Forms 18-Apr-19.
© Hugh McCabe 2000 Web Authoring Lecture 8
PHP Forms and Databases.
Web Server Design Week 14 Old Dominion University
PHP-II.
Cross Site Request Forgery (CSRF)
HTML: Basic Tags & Form Tags
Web Forms.
Presentation transcript:

HTTP GET vs POST SE-2840 Dr. Mark L. Hornick

A Form is a webpage containing HTML input elements that allow a user to enter information A form consists of static HTML markup… …as well as controls that permit input of various kinds of data SE-2840 Dr. Mark L. Hornick

In the old days, <form> elements were used to contain input elements whose data would be automatically submitted to a web server when the submit button was pressed <body> <h3>Fill out the fields below:</h3> <form action=“http://...” method=“post”> <!– or method=“get”  <p>Your name: <br /> First: <input type="text" id=“first” name=“firstname" /> <br> Last: <input type="text" id=“last” name=“lastname" /> </p> <p>Press <strong>Send</strong> to submit your information. <!– ‘submit’ is s special type of button that automatically causes the browser to collect the form data and generate an http request to the url  <input id=“send” type="submit" value="Send" /> </form> </body> Obsolete! SE-2840 Dr. Mark L. Hornick

What happened when forms were submitted? 1) You browse to a webpage containing forms and fill it out; then press the submit button 3)The server receives the form data and passes it on to a resource for processing. Obsolete! 2)The browser automatically packages the data in the form and sends it to the web server via an http POST (or GET) request Web Browser 4) The Web application generates a response and sends it to the browser – the usual response was a new web page or “redirect” command to tell the browser what page to display next. Web Server SE-2840 Dr. Mark L. Hornick

HTML <form> tag element …and the name of the Web Resource that will process the form data if it is submitted The opening <form> tag – all form elements go between the opening and closing tag. Obsolete! <form action="http://<url>" method=“post"> <!-- form elements go here --> </form> The method attribute specifies which HTTP message will be used to send the data in the form to the server – default is “get” The required action attribute specifies the url of where to send the form’s data. SE-2840 Dr. Mark L. Hornick

In modern web page implementation, we use JS and Ajax to generate GET and POST requests See code in Phone.html and Phone.js: <input id="send" type="button" value="Submit"> $("#send").click( function() { console.log("submit clicked"); doAjaxSubmitRequest(); // invoke ajax request to POST new data to the server }); CS-4220 Dr. Mark L. Hornick

GET vs. POST scenarios Browser/JS sends HTTP GET request with parameters Fill out form and press SEND Server responds, but does not change state; the GET request is IDEMPOTENT Browser/JS sends HTTP POST request with parameters Server changes state by accepting data; responds indicating success or failure. Fill out form and press SEND SE-2840 Dr. Mark L. Hornick

HTTP GET appends parameters to the end of the URL (insecure) The parameters are plainly visible in the url (insecure!), even when https is used GET requests also have a limit of 256 characters in the URL Use GET only to provide small amounts of insensitive data which the server app will NOT use to modify its internal state! SE-2840 Dr. Mark L. Hornick

HTTP POST encodes parameters into the HTTP POST header A post request header can be securely encrypted (using HTTPS) in order to protect sensitive data, such as a credit card numbers or passwords There is no limit on the size of the data packet that can be sent to the server Note: You cannot bookmark a url that was generated as a POST message, since the form data is not in the bookmarked url Always use POST to send form data that Is sensitive (use https encryption in that case) If the data is large (>256 bytes) Will change the state of the web application SE-2840 Dr. Mark L. Hornick

Cross-Origin Resource Sharing (CORS) Modern browsers apply a “same-origin” policy to web pages as a security precaution RFC 6454 defines the “origin” of a web page as the combination of protocol, host, port (http://localhost:3003/welcome.html) When enforced, this policy prevents the web page from accessing resources from an origin that differs from that of the web page itself Different origin means that the protocol, url , or port of the requested resource In some circumstances, enforcing this policy is too restrictive and is relaxed This is how a web page can freely access images, stylesheets, and scripts from other servers – for example: bootstrap.css and jquery.js However, the policy is NOT relaxed (i.e. IS ENFORCED) when a web page attempts to access a “different origin” resource via an XMLHttpRequest (i.e. an Ajax call to a different server) CS-4220 Dr. Mark L. Hornick This Photo by Unknown Author is licensed under CC BY-SA

The CORS standard defines a specific mechanism that a browser and server must implement For Ajax, the browser first makes an HTTP OPTIONS request to the server, asking for permission to make a subsequent HTTP GET or POST This is called a “preflight” request Certain headers in the HTTP OPTIONS request are used to convey the information the browser supplies to the server For example, the HTTP OPTIONS preflight request header may contain Host: http://www.mcts.com Origin: http://localhost:3003 The server responds with “approval” or “denial” with certain HTTP headers in the response For example, if the server’s HTTP OPTIONS response header contains Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET this indicates that the server allows GET (but not PUT) requests from ANY origin as it is serving up public content If the response indicates “denial”, or the server simply does not honor/respond to the HTTP OPTIONS request, the browser does not make the subsequent HTTP GET/POST and the Ajax request fails NOTE: It is possible to disable the preflight request on the browser, but this undermines security – so it is not recommened/dangerous.

CORS flowchart MCTS Path https://en.wikipedia.org/wiki/Cross-origin_resource_sharing#/media/File:Flowchart_showing_Simple_and_Preflight_XHR.svg

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.