HTTP messages are text-oriented. Each field in the message is an ASCII code string, and the length of each field is uncertain. HTTP has two types of messages: request messages and response messages.
HTTP request message
An HTTP request message consists of a request line and a request header. It consists of four parts: , blank line and request data. The following figure shows the general format of the request message.
or
<request-line> <headers> <blank line> [<request-body>
1. Request header
The request line consists of the request method field, URL field and HTTP The protocol version field consists of three fields, which are separated by spaces. For example, GET /index.html HTTP/1.1.
The request methods of HTTP protocol include GET, POST, HEAD, PUT, DELETE, OPTIONS, TRACE, and CONNECT.
The common ones are as follows:
1).GET
The most common request method, when the client wants to request from the server When reading a document, when you click on a link on the webpage or browse the webpage by entering the URL in the browser's address bar, the GET method is used. The GET method requires the server to put the resource located by the URL in the data part of the response message and send it back to the client. When using the GET method, the request parameters and corresponding values are appended to the URL. A question mark ("?") is used to represent the end of the URL and the beginning of the request parameters. The length of the passed parameters is limited. For example, /index.jsp?id=100&op=bind, the data passed through GET is directly represented in the address, so we can send the request result to our friends in the form of a link. Taking the search for domety with Google as an example, the Request format is as follows:
GET /search?hl=zh-CN&source=hp&q=domety&aq=f&oq= HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-silverlight, application/x-shockwave-flash, */* Referer: <a href="http://www.google.cn/">http://www.google.cn/</a> Accept-Language: zh-cn Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; TheWorld) Host: <a href="http://www.google.cn">www.google.cn</a> Connection: Keep-Alive Cookie: PREF=ID=80a06da87be9ae3c:U=f7167333e2c3b714:NW=1:TM=1261551909:LM=1261551917:S=ybYcq2wpfefs4V9g; NID=31=ojj8d-IygaEtSxLgaJmqSjVhCspkviJrB6omjamNrSm8lZhKy_yMfO2M4QMRKcH1g0iQv9u-2hfBW7bUFwVh7pGaRUb0RnHcJU37y- FxlRugatx63JLv7CWMD6UB_O_r
As you can see, GET requests generally do not include the "request content" part, and the request data is expressed in the request line in the form of an address. The address link is as follows:
<a href="http://www.google.cn/search?hl=zh-CN&source=hp&q=domety&aq=f&oq=">http://www.google.cn/search?hl=zh-CN&source=hp &q=domety&aq=f&oq=</a>
The part after "?" in the address is the request data sent through GET. We can clearly see in the address bar that between each data Separate them with the "&" symbol. Obviously, this method is not suitable for transmitting private data. In addition, since different browsers have different character restrictions on addresses, generally they can only recognize up to 1024 characters, so if a large amount of data needs to be transmitted, the GET method is not suitable.
2).POST
For the above-mentioned situations where the GET method is not suitable, you can consider using the POST method, because using the POST method allows the client to The server provides more information. The POST method encapsulates the request parameters in the HTTP request data, appearing in the form of name/value, and can transmit a large amount of data. In this way, the POST method has no limit on the size of the data transmitted, and it will not be displayed in the URL. Taking the above search domety as an example, if the POST method is used, the format is as follows:
POST /search HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-silverlight, application/x-shockwave-flash, */* Referer: <a href="http://www.google.cn/">http://www.google.cn/</a> Accept-Language: zh-cn Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; TheWorld) Host: <a href="http://www.google.cn">www.google.cn</a> Connection: Keep-Alive Cookie: PREF=ID=80a06da87be9ae3c:U=f7167333e2c3b714:NW=1:TM=1261551909:LM=1261551917:S=ybYcq2wpfefs4V9g; NID=31=ojj8d-IygaEtSxLgaJmqSjVhCspkviJrB6omjamNrSm8lZhKy_yMfO2M4QMRKcH1g0iQv9u-2hfBW7bUFwVh7pGaRUb0RnHcJU37y- FxlRugatx63JLv7CWMD6UB_O_r hl=zh-CN&source=hp&q=domety
3).HEAD
HEAD is like GET, However, after receiving the HEAD request, the server only returns the response header and does not send the response content. When we only need to check the status of a certain page, using HEAD is very efficient because the page content is omitted during the transmission process.
2. Request header
The request header consists of keyword/value pairs, one pair per line, and the keywords and values are separated by English colons ":" . The request header informs the server about the client's request. Typical request headers are:
User-Agent: The type of browser that generated the request.
Accept: List of content types recognized by the client.
Host: The requested host name, allowing multiple domain names to be at the same IP address, that is, a virtual host.
3. Blank line
After the last request header is a blank line, sending carriage return and line feed characters to notify the server that there are no more request headers below.
4. Request data
The request data is not used in the GET method, but in the POST method. The POST method is suitable for situations where customers are required to fill out a form. The most commonly used request headers related to request data are Content-Type and Content-Length.
HTTP message
HTTP response also consists of three parts, namely: status line, message header, and response body.
As shown below, the format of the HTTP response is very similar to the format of the request:
<status-line> <headers> <blank line> [<response-body>]
As you can see, the only real difference in the response is the use of status in the first line Information instead of requesting information. The status line describes the requested resource by providing a status code.
The status line format is as follows:
HTTP-Version Status-Code Reason-Phrase CRLF
其中,HTTP-Version表示服务器HTTP协议的版本;Status-Code表示服务器发回的响应状态代码;Reason-Phrase表示状态代码的文本描述。状态代码由三位数字组成,第一个数字定义了响应的类别,且有五种可能取值。
常见状态代码、状态描述的说明如下。
下面给出一个HTTP响应报文例子
HTTP/1.1 200 OK Date: Sat, 31 Dec 2005 23:59:59 GMT Content-Type: text/html;charset=ISO-8859-1 Content-Length: 122 <html> <head> <title>Wrox Homepage</title> </head> <body> <!-- body goes here --> </body> </html>
1.GET提交,请求的数据会附在URL之后(就是把数据放置在HTTP协议头<request-line>中),以?分割URL和传输数据,多个参数用&连接;例如:login.action?name=hyddd&password=idontknow&verify=%E4%BD%A0 %E5%A5%BD。如果数据是英文字母/数字,原样发送,如果是空格,转换为+,如果是中文/其他字符,则直接把字符串用BASE64加密,得出如: %E4%BD%A0%E5%A5%BD,其中%XX中的XX为该符号以16进制表示的ASCII。
POST提交:把提交的数据放置在是HTTP包的包体<request-body>中。上文示例中红色字体标明的就是实际的传输数据
因此,GET提交的数据会在地址栏中显示出来,而POST提交,地址栏不会改变
2.传输数据的大小:
首先声明,HTTP协议没有对传输的数据大小进行限制,HTTP协议规范也没有对URL长度进行限制。 而在实际开发中存在的限制主要有:
GET:特定浏览器和服务器对URL长度有限制,例如IE对URL长度的限制是2083字节(2K+35)。对于其他浏览器,如Netscape、FireFox等,理论上没有长度限制,其限制取决于操作系统的支持。
因此对于GET提交时,传输数据就会受到URL长度的限制。
POST:由于不是通过URL传值,理论上数据不受限。但实际各个WEB服务器会规定对post提交数据大小进行限制,Apache、IIS6都有各自的配置。
3.安全性:
POST的安全性要比GET的安全性高。注意:这里所说的安全性和上面GET提到的“安全”不是同个概念。上面“安全”的含义仅仅是不作数据修改,而这里安全的含义是真正的Security的含义,比如:通过GET提交数据,用户名和密码将明文出现在URL上,因为(1)登录页面有可能被浏览器缓存, (2)其他人查看浏览器的历史纪录,那么别人就可以拿到你的账号和密码了。
The above is the detailed content of Detailed explanation of http message format. For more information, please follow other related articles on the PHP Chinese website!