Last updated on
HTTP
💻 The Client-Server Model
The client-server model is a fundamental concept in networking where a client requests a resource or service, and a server provides it.
- Client: The entity that initiates the request.
- It doesn’t have to be an end-user machine (like a browser, desktop, or phone).
- A client can often be another server (e.g., a server using a third-party service).
- Server: The entity that serves requests.
- Typically a powerful computer located in a data center or warehouse.
- Its responsibility is to accept a request, fulfill it (run code), and send a response back.
📞 Remote Procedure Call (RPC)
RPC stands for Remote Procedure Call.
- Concept: It’s the mechanism of executing code (a “procedure call” or “function call”) on a remote machine (the server) over a network, as if it were a local call.
- Purpose: It allows machines to communicate and execute specific functionalities residing on a different machine.
- Example: When you request your video feed on YouTube, your browser (client) makes an RPC to the YouTube server to run the code that generates your feed.
- Relevance: At their core, most application layer protocols, including HTTP, are essentially implementations of the RPC concept
🌐 HyperText Transfer Protocol (HTTP)
HTTP is the primary application layer protocol used on the internet, built on top of the reliable TCP and IP layers.
Request-Response Structure
HTTP is fundamentally a request-response protocol.
- The Client initiates the communication by sending a Request.
- The Server processes the request and sends a Response (or “RES”) back.
Key Characteristics
- Stateless: There is no state management between the client and server. All necessary information to process the request is included within the request itself.
- URL/Route: Every request is sent to a specific URL (Uniform Resource Locator), which defines the route or address of the resource.
- Endpoint: A specific URL combined with an HTTP method (e.g.,
GET /users) defines an endpoint, which represents a unique server function.
HTTP Anatomy (Request & Response)
Both the request and the response consist of two main components: Headers and an optional Body (or “Payload”).
| Component | Description | Examples |
|---|---|---|
| General Headers | Basic metadata about the transaction. | URL, Request Method, Status Code. |
| Request Headers | Information set by the client. | User-Agent (browser type), Accept (data formats client accepts). |
| Response Headers | Information set by the server. | Content-Type (data format being returned, e.g., text/html). |
| Body (Payload) | The actual data content being transferred. | Request Body (Client $\rightarrow$ Server): Form submission data, JSON/XML data for creating/updating a resource (used in POST/PUT). Response Body (Server $\rightarrow$ Client): The requested HTML page content, an image file, a JSON object containing data (the results of a GET request). |
HTTP Methods (The “Verbs”)
These methods define the intended action on the resource, often mapped to CRUD (Create, Read, Update, Delete) operations.
| Method | Primary Use (CRUD) | Body Allowed? | Characteristics |
|---|---|---|---|
| GET | Read (Retrieve a resource or list resources) | No | Idempotent and highly cacheable. Data is passed in the URL (query parameters). |
| POST | Create (Submit data to the server, creating a new resource) | Yes | Not idempotent; not cacheable. Data is passed in the request body. |
| PUT | Update (Replace an existing resource entirely) | Yes | Idempotent. |
| DELETE | Delete (Remove a specified resource) | No (usually) | Idempotent (though the response changes after the first delete). |
幂等性 (Idempotence) 意味着无论你执行同一个操作一次还是多次,系统的状态(State)或最终结果都将是相同的。
Status Codes
These are three-digit codes returned in the response that inform the client about the outcome of the request.
| Range | Meaning | Common Examples |
|---|---|---|
| 2xx | Success | 200 OK (The request succeeded), 201 Created (Resource was successfully created). |
| 4xx | Client Error | 400 Bad Request (Invalid input from client), 401 Unauthorized, 404 Not Found. |
| 5xx | Server Error | 500 Internal Service Error, 503 Service Unavailable. |
🔒 HTTPS (HTTP Secure)
HTTPS is the secure version of HTTP.
- Mechanism: It uses a protocol like TLS (Transport Layer Security) or its predecessor SSL (Secure Sockets Layer) to encrypt the data exchanged between the client and the server.
- Purpose: To prevent a Man-In-The-Middle (MITM) attack, where an unauthorized party could eavesdrop and read sensitive, unencrypted data (like passwords) being sent over the network.
- High-Level Security: Data sent (e.g., a password) is encrypted by the client into an unreadable hash, transmitted over the network, and then decrypted back into the original data by the server.