HTTP – HyperText Transfer Protocol Part 2
HTTP Responses
The Format of a Response status line version sp status code sp phrase cr lf header : value cr lf headers lines header : value cr lf cr lf Entity Body
The Initial Line of a Response The initial line of a response is also called the status line The initial line consists of HTTP version response status code reason phrase that describes the status code
Response Example HTTP/1.0 200 OK Date: Fri, 31 Dec 1999 23:59:59 GMT Content-Type: text/html Content-Length: 1354 <html> <body> <h1>Hello World</h1> (more file contents) . . . </body> </html>
Response Example version status code reason phrase headers HTTP/1.0 200 OK Date: Fri, 31 Dec 1999 23:59:59 GMT Content-Type: text/html Content-Length: 1354 <html> <body> <h1>Hello World</h1> (more file contents) . . . </body> </html> headers message body
Status Codes in Responses
Status Codes in Responses The status code is a three-digit integer, and the first digit identifies the general category of response: 1xx indicates an informational message 2xx indicates success of some kind 3xx redirects the client to another URL 4xx indicates an error on the client's part Yes, the system blames it on the client if a resource is not found (i.e., 404) 5xx indicates an error on the server's part
Status Codes 1xx The 100 (Continue) Status Allows a client to determine if the Server is willing to accept the request (based on the request headers) before the client sends the request body The client’s request must have the header Expect: 100 (Continue) What is it good for?
Status Codes 2xx Status codes 2xx – Success The action was successfully received, understood, and accepted Usually upon success a status code 200 and a message OK are sent This is the default
More 2xx Codes 201 (Created) 202 (Accepted) 204 (No Content) Location header gives the URL 202 (Accepted) Processing is not yet complete 204 (No Content) Browser should keep displaying previous document
More 2xx Codes 205 (Reset Content) No new document, but the browser should reset the document view It is used to force browsers to clear fields of forms New in HTTP 1.1
Status Codes 3xx Status codes 3xx – Redirection Further action must be taken in order to complete the request The client is redirected to get the resource from another URL
More 3xx Codes 301 – Moved Permanently 302 – Moved Temporarily The new URL is given in the Location header Browsers should automatically follow the link to the new URL 302 – Moved Temporarily In HTTP 1.1 “Found” instead of “Moved Temporarily” But “Moved Temporarily” is still used Similar to 301, except that the URL given in the Location header is temporary Most browsers treat 301 and 302 in the same way
More 3xx Codes 303 – See Other Similar to 301 and 302, except that if the original request was POST, the new document (given in the Location header) should be retrieved with GET New in HTTP 1.1
More 3xx Codes 304 – Not Modified This is a response to the If-Modified-Since request header If the page has been modified, then it should be returned with a 200 (OK) status code
More 3xx Codes 307 – Temporary Redirect New URL is given in the Location header Only GET but not POST requests should follow the new URL In 303 (See Other), both GET and POST requests follow the new URL New in HTTP 1.1
Status Codes 4xx Status codes 4xx – Client error The request contains bad syntax or cannot be fulfilled 404 File not found
4xx Codes 400 – Bad Request 401 – Unauthorized 403 – Forbidden Syntax error in the request 401 – Unauthorized 403 – Forbidden “permission denied” to the server to access the page 404 – Not Found Turn off “Show friendly HTTP error messages” in Internet Explorer (Internet Options Advanced)
More 4xx Codes (All New in HTTP 1.1) 405 – Method Not Allowed 410 – Gone 411 – Length Required 413 – Request Entity Too Large Server may include a Retry-After response header
More 4xx Codes (All New in HTTP 1.1) 414 – Request URI Too Long 415 – Unsupported Media Type 417 – Expectation Failed It the server receives an Expect request header with a value of 100 (Continue), it means that the client is asking if it can send an attached document in a follow-up request The server should respond with either 417 or 100 (Continue)
Status Codes 5xx Status codes 5xx – Server error The server failed to fulfill an apparently valid request For example, Bad gateway
5xx Codes 500 – Internal Server Error 501 – Not Implemented 502 – Bad Gateway 503 – Service Unavailable The response may include a Retry-After header to indicate when the client might try again 505 – HTTP Version Not Supported New in HTTP 1.1
Response Headers
The Purposes of Response Headers Give forwarding location Specify cookies Supply the page modification date Instruct the browser to reload the page after a designated interval Give the document size so that persistent (keep-alive) connection can be used Designate the type of document being generated Etc.
Allow Response Header It specifies the request methods (GET, POST, etc.) that are allowed for the requested URL It is required for 405 (Method Not Allowed) responses The default service method of servlets automatically generates this header for OPTIONS requests
Cache-Control (1.1) and Pragma (1.0) Response Header A no-cache value prevents proxies and browsers from caching the page More on this header later, when we will talk about caching Don’t use the Pragma header in responses The meaning of “Pragma: no-cache” is only specified for requests A safer approach is to use both the Pragma header and the Cache-Control header with the no-cache value
Connection Response Header A value of close instructs the client not to use persistent HTTP connections In HTTP 1.1, persistent connections are the default
Content Response Headers Content-Encoding It indicates how the page was encoded Content-Language It gives the language in which the page is written The value should be one of the standard language codes, e.g., en, en-us, da
Content-Length Response Header It specifies the number of bytes in the response It is needed only if a persistent (keep-alive) connection is used
Content-Type Response Header It gives the MIME (Multipurpose Internet Mail Extension) type of the response document MIME types are of the form: maintype/subtype for officially registered types maintype/x-subtype for unregistered types Examples: text/html, image/jpeg, application/x-gzip
Expires Response Header It gives the time at which the document should be considered out-of-date and thus should no longer be cached It can be used, for example, if the document is valid only for a short time To achieve the desired effect, some other Cache-Control headers must also be used
Last-Modified Response Header This header gives the time when the document was last changed The date that is given in the Last-Modified response header can be used in later requests in the If-Modified-Since request header When using servlets, don’t set this header explicitly; implement a getLastModified method instead
Location Response Header This header should be included in all responses that have a 3xx status code The browser automatically retrieves the document from the new location that is given as the value of this header
Refresh Response Header The number of seconds until the browser should reload the page Can also include the URL of a document that should be loaded (instead of the original document) This header is not part of HTTP 1.1 but is an extension supported by Netscape and Internet Explorer
Retry-After Response Header This header can be used in conjunction with a 503 (Service Unavailable) response to tell the client how soon it can repeat its request
Set-Cookie Response Header This header specifies a cookie associated with the page; it has several fields: Each cookie requires a separate header Servlets should use the special-purpose addCookie method of HttpServletRepsonse instead of setting the value of this header directly This header is not part of HTTP 1.1 but is widely supported Set-Cookie: name=value; expires= value; path= value; domain= value; secure
WWW-Authenticate Response Header This header is always included with a 401 (Unauthorized) status code It gives the authentication scheme(s) and parameters applicable to the URL that was requested
Server Response Header Indicates the name of the vendor of the HTTP server
Meta HTTP-EQUIV Tags
Meta HTTP-EQUIV Tags The browser interprets these tags as if they were headers in the HTTP response For example <META HTTP-EQUIV=“Refresh” CONTENT=“5; URL=http://host/path/”> If the value is 0 (instead of 5) and there is no URL parameter, the same page is continuously refreshed, causing the Back button to stop working
Meta HTTP-EQUIV Tags Are Only Read by Browsers Meta HTTP-EQUIV tags are interpreted by browsers Proxies usually don’t read the HTML documents – they only read the headers of the HTTP requests and responses Therefore, Cache-Control headers in META HTTP-EQUIV tags actually apply only to the browser’s cache
Manually Experimenting with HTTP
Manually Experimenting with HTTP >host www www.cs.huji.ac.il is a nickname for vafla.cs.huji.ac.il vafla.cs.huji.ac.il has address 132.65.80.39 vafla.cs.huji.as.il mail is handled (pri=10) by cs.huji.ac.il >telnet www.cs.huji.ac.il 80 Trying 132.65.80.39… Connected to vafla.cs.huji.ac.il. Escape character is ‘^]’.
Sending a Request >GET /~dbi/index.html HTTP/1.0 [blank line]
The Response HTTP/1.1 200 OK Date: Sun, 11 Mar 2001 21:42:15 GMT Server: Apache/1.3.9 (Unix) Last-Modified: Sun, 25 Feb 2001 21:42:15 GMT Content-Length: 479 Content-Type: text/html <html> (html code …) </html>
GET /~dbi/index.html HTTP/1.0 HTTP/1.1 200 OK HTML code
GET /~dbi/no-such-page.html HTTP/1.0 HTTP/1.1 404 Not Found HTML code
HTTP/1.1 without Host Header GET /index.html HTTP/1.1 HTTP/1.1 400 Bad Request HTML code Why is it a Bad Request? HTTP/1.1 without Host Header