手绘图解HTTP

HTTP
HTTP
HTTP
HTTP
OSI
Web
CDN
WAF
WebService
HTML
Web
HTTP
TCP/IP
DNS
URI / URL
HTTPS
HTTP
HTTP
HTTP
HTTP
HTTP URL
HTTP
HTTP
Cache-Control
Connection
Date
Pragma
Trailer
Transfer-Encoding
Upgrade
Via
Warning
Accept
Accept-Charset
Accept-Encoding
Accept-Language
Authorization
Expect
From
Host
If-Match
If-Modified-Since
If-None-Match
If-Range
If-Unmodified-Since
Max-Forwards
Proxy-Authorization
Range
Referer
TE
User-Agent
Accept-Ranges
Age
ETag
Location
Proxy-Authenticate
Retry-After
Server
Vary
www-Authenticate
Access-Control-Allow-Origin
Allow
Content-Encoding
Content-Language
Content-Length
Content-Location
Content-MD5
Content-Range
Content-Type
Expires
Last-Modified
HTTP
Accept
Accept-Charset
Accept-Language
Accept-Encoding
Content-Type
Content-Encoding
Content-Language
HTTP
HTTP
Proxy-Authenticate
Proxy-Authorization
WWW-Authenticate Proxy-Authenticate
Authorization Proxy-Authorization
HTTP
Etag
HTTP CROS
Origin
HTTP
Access-Control-Allow-Credentials
Access-Control-Allow-Headers
Access-Control-Allow-Methods
Access-Control-Expose-Headers
Access-Control-Max-Age
Access-Control-Request-Headers
Access-Control-Request-Method
Origin
HTTP
If-Match
If-None-Match
If-Modified-Since
If-Range
If-Unmodified-Since
HTTP Cookies
Cookie
Set-Cookie Cookie
Cookies
Cookies
Cookie Secure HttpOnly
Cookie
HTTP
HTTP
HTTP
HTTPS
HTTPS
HTTPS
HTTPS
SSL/TLS
SSL/TLS
HTTPS HTTP
HTTPS
Cookie Session
Session
Session
Session
Cookies
Cookie
Set-Cookie Cookie
Cookies
Cookies
Cookie
JSON Web Token Session Cookies
JWT Session Cookies
Session Cookies
Json Web Tokens
JWT
JWT Session Cookies
JSON
JWT
JWT Session Cookies
HTTP HTTPS
HTTP Get Post
HTTP
UDP TCP
UDP
TCP
TCP UDP
TCP
TCP
TCP
HTTP
URL
HTTPS
HTTP HTTP HTTP HTTP HTTPS

Session Cookie Token HTTP
HTTP
HTTP (Hypertext Transfer Protocol)
Hypertext Transfer Protocol
> >
(Hypertext)
(transfer)
A B A
B B B
A A B
( )
HTTP HTTP
HTTP
HTTP HTTP
HTTP
(layer)
(service) (service
model) (protocol stack)
->
web
HTTP SMTP FTP
DNS
(message)
TCP
UDP
TCP
UDP
(segment)
(datagram)
IP IP IP
IP IP
IP
IP
WiFi DOCSIS
(frame)
OSI
ISO
7 7 5
OSI
SMTP HTTP
Web Broser
Web World Wide Web
URL DNS
URL IP
HTML HTML
Web
Web Web Server Web
HTTP Web HTTP Web Web
Web Apache Nginx IIS
CDN
CDN Content Delivery Network HTTP
CDN
CDN
WAF
WAF Web Web Application Firewall WAF
HTTP / HTTPS Web
HTTP Web
WAF Web SQL

ModSecurity Apache Nginx
WebService
WebService Web WebService
Web Service W3C client-server WSDL

HTTP XML SOAP Web HTTP
HTML
HTML
Internet HTML HTML
HTML
Web
Web Web page (Objecy)
HTML JPEG Java
URL Web HTML
Web HTML 5 JPEG Web 6

HTML 5 JPEG HTML URL
HTTP
HTTP HTTP
HTTP
TCP/IP
TCP/IP TCP/IP TCP/IP
TCP IP TCP /
IP UDP ICMP ARP
TCP Transmission Control Protocol HTTP

TCP TCP
IP Internet Protocol IP
IP IP
IP TCP
IP
DNS
www.google.com
IP IP DNS
DNS Domain Name System DNS IP
URI / URL
www.google.com
AAA.BBB.CCC URI
URI Uniform Resource Identifier
URL Uniform Resource Locator

URI
URI URL URN
HTTPS
HTTP HTTPS HTTPS
Hyper Text Transfer Protocol over SecureSocket Layer HTTPS HTTP
HTTPS HTTP HTTP
HTTPS HTTP SSL HTTPS = HTTP + SSL
HTTPS
HTTP
URL
http://www.someSchool.edu/someDepartment/home.index
DNS www.someSchool.edu HTTP

80 www.someSchool.edu TCP 80 HTTP
HTTP HTTP
someDepartment/home.index HTTP
HTTP (RAM )
www.someSchool.edu/someDepartment/home.index
HTTP
HTTP TCP TCP
TCP
HTTP TCP HTTP
HTML HTML
HTTP
-
-
HTTP
HTTP
-
GET
HEAD POST HTTP
HTTP
HTTP Content-Type
HTTP
HTTP
HTTP
HTTP
HTTP
start line
header key-value
entity
Header
body HTTP Header body
header body CRLF
http
http://www.someSchool.edu/someDepartment/home.index
HTTP ASCII
URL HTTP
HTTP
HTTP 8
GET GET URI
POST GET GET

POST
PUT PUT FTP

URI
HTTP PUT ,
W eb W eb
REST REpresentational State Transfer Web
PUT
HEAD HEAD GET URI
DELETE DELETE PUT DELETE

URI
OPTIONS OPTIONS URI
TRACE TRACE Web
CONNECT CONNECT
TCP SSL Secure Sockets Layer
TLS Transport Layer Security
GET POST HTTP1.0

HTTP1.1
HTTP URL
HTTP URI URI
URL
/somedir/page.html
URL
http://www.example.com:80/path/to/myfile.html?
key1=value1&key2=value2#SomewhereInTheDocument URL URL
URL
http
http:// Web HTTP

HTTPS mailto:
ftp:
www.example.com
IP address IP
TCP + Web
Web HTTP HTTP 80 HTTPS
443 URI
URL URL
/path/to/myfile.html Web / ?
/ URL html
?key1=value1&key2=value2 Web GET

URL POST & /
key1 = value1 key2 = value2
#SomewhereInTheDocument “ ”
“ ” HTML
#
HTTP
HTTP 1.0
HTTP 1.0 1996
HTTP 1.0
HTTP 1.0 TCP
HTTP 1.0 header If-Modified-Since Expires

HTTP 1.0
HTTP 1.0 IP URL
hostname
HTTP 1.1
HTTP 1.1 HTTP 1.0 1999
HTTP 1.1
HTTP 1.1
keep-alive
HTTP 1.1 E-tag If-Unmodified-Since, If-Match, If-None-Match
HTTP 1.1 Range

HTTP 1.1 Multi-homed Web
Servers IP
HTTP 2.0
HTTP 2.0 2015
HTTP 1.1 User-Agent Cookie Accept Server Range

Body HTTP 2.0
HPACK
HTTP 2.0 TCP/IP ASCII
HTTP2.0 HTTPS
id
HTTP
HTTP 1.1
HTTP
HTTP
Cache-Control
Connection
Date
Pragma
Trailer
Transfer-Encoding
Upgrade
Via
Warning
Cache-Control
Cache CPU
Cache-Control HTTP
RFC 2616
Cache-Control
Cache-Control
no-cache no-store private public
max-age s-maxage max-stale min-fresh
must-revalidate proxy-revalidate
only-if-cached no-transform
no-cache
no-cache no-store no-cache
no-cache
1 Cache-Control: no-cache
no-cache
No-Cache
no-store
no-store
1 Cache-Control: no-store
max-age
max-age max-age
max-age max-age
max-age
1 Cache-Control: max-age=60
max-age = 0
max-age
must-revalidate
1 Cache-Control: must-revalidate
no-store no_cache must-revalidate max-age
public
public
1 Cache-Control: public
private
private public
1 Cache-Control: private
s-maxage
s-maxage max-age s-maxage
1 Cache-Control: s-maxage=60
min-fresh
min-fresh min-fresh min-fresh

Cache-Control:min-fresh=60 60
1 Cache-Control: min-fresh=60
max-stable
max-stable
1 Cache-Control: max-stable=60
only-if-cached
only-if-cached
1 Cache-Control: only-if-cached
proxy-revalidate
proxy-revalidate
1 Cache-Control: proxy-revalidate
no-transform
no-transform
1 Cache-Control: no-transform
Connection
HTTP TCP
TCP
TCP
1 Connection: keep-alive
HTTP 1.1
keep-alive Connection keep-alive keep-alive

timeout max
1 Connection: Keep-Alive
2 Keep-Alive: timeout=5, max=1000
timeout: 5
max:
/ HTTP 1.1
1 Connection: close
Date
Date
1 Date: Wed, 21 Oct 2015 07:28:00 GMT
Pragma
Pragma http 1.1 http
1 Pragma: no-cache
HTTP /1.1 Cache-Control: no-cache
2 Pragma: no-cache
Trailer
Trailer HTTP/1.1
1 Transfer-Encoding: chunked
2 Trailer: Expires
Trailer Expires 0
Expires
Transfer-Encoding
Transfer-Encoding
Transfer-Encoding
HTTP 1.1 HTTP 2.0
Transfer-Encoding Hop-by-hop HTTP
(End-to-End) (Top-to-Top)
Connection Keep-Alive Proxy-Authenticate Proxy-Authorization Trailer TE Transfer-

Encoding Upgrade
Transfer-Encoding
Transfer-Encoding
Transfer-Encoding Transfer-Encoding
chunked Content-Length
'\r\n'
'\r\n'
HTML
1 HTTP/1.1 200 OK
2 Content-Type: text/plain
4
5 7\r\n
6 Mozilla\r\n
7 9\r\n
8 Developer\r\n
9 7\r\n
10 Network\r\n
11 0\r\n
12 \r\n
0 Transfer-Encoding Trailer Trailer
compress Lempel-Ziv-Welch(LZW) UNIX

2003
deflate zlib( RFC 1950 ) deflate

gzip Lempel-Ziv LZ77 32 CRC UNIX gzip
HTTP / 1.1 x-gzip
identity
1 Transfer-Encoding: gzip, chunked
Upgrade
Upgrade HTTP
Upgrade TLS/1.0
Connection Upgrade Upgrade
Upgrade Connection: Upgrade
Upgrade 101 Switching Protocols
Via
Via / /
Via
Via 1.1, 1.0 HTTP Via

TRACE
Warning
Warning
Warning (https://github.com/httpwg/http-core/issues/139) and Warning: header &

stale-while-revalidate (https://github.com/whatwg/fetch/issues/913)
Warning HTTP
HTTP/1.1 7
HTTP HTTP
Accept
Accept-Charset
Accept-Encoding
Accept-Language
Authorization
Expect
From
Host
If-Match
If-Modified-Since
If-None-Match
If-Range
If-Unmodified-Since
Max-Forwards
Proxy-Authorization
RangeReferer
TE
User-Agent
Accept
HTTP MIME
MIME MIME
MIME: MIME (Multipurpose Internet Mail Extensions) MIME
MIME MIME
text/html text/plain text/css application/xhtml+xml application/xml
image/jpeg image/gif image/png
video/mpeg video/quicktime
application/octet-stream application/zip
PNG Accept image/png

image/gif image/jpeg
MIME q q q
1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
q=
1.0
q MIME
1.0 text/html
1.0 application/xhtml+xml
0.9 application/xml
0.8 */*
application/xml;q=0.9
Accept-Charset
Accept-Charset Accept-Charset
Accept q
1 Accept-Charset: iso-8859-1
2 Accept-Charset: utf-8, iso-8859-1;q=0.5
3 Accept-Charset: utf-8, iso-8859-1;q=0.5, *;q=0.1
Accept-*
Accept-Encoding
HTTP Accept-Encoding
Content-Encoding
CPU 80%
Microsoft
Accept-Encoding
1 Accept-Encoding: gzip
2 Accept-Encoding: compress
3 Accept-Encoding: deflate
4 Accept-Encoding: br
5 Accept-Encoding: identity
6 Accept-Encoding: *
7 Accept-Encoding: deflate, gzip;q=1.0, *;q=0.5
Accept-Encoding
gzip : gzip Lempel-Ziv LZ77 32 CRC
https://en.wikipedia.org/wiki/LZ77_and_LZ78#LZ77
compress : Lempel-Ziv-Welch LZW https:/

/en.wikipedia.org/wiki/LZW
deflate : zlib deflate https://en.wikipedia.org/wik

i/Zlib https://en.wikipedia.org/wiki/DEFLATE
br : Brotli https://en.wikipedia.org/wiki/Brotli
* : Accept-Encoding
;q= q Accept
Accept-Language
Accept-Language Accept-Language
Content-Language Accept q
1 Accept-Language: de
2 Accept-Language: de-CH
3 Accept-Language: en-US,en;q=0.5
Authorization
HTTP Authorization 401

WWW-Authenticate
Authorization
200 OK 401
Authorization
Expect
Expect HTTP
417 Expectation Failed HTTP 1.1
100-continue
100
4xx 417
1 PUT /somewhere/fun HTTP/1.1

2 Host: origin.example.com
3 Content-Type: video/h264
4 Content-Length: 1234567890987
5 Expect: 100-continue
From
From
From
1 From: webmaster@example.org
From
Host
Host TCP
HTTP URL 80
1 Host: developer.mozilla.org
Host HTTP/1.1
If-Match
If-Match If-Match
If-Match If-Modified-Since If-None-Match If-Range If-Unmodified-Since
GET POST ETag

ETag ETag PUT
GET POST Range

416
PUT If-Match If-Match
ETag 412
Precondition Failed
1 If-Match: "bfc13a64729c4290ef5b2c2730249c88ca92d82d"
2 If-Match: *
If-Modified-Since
If-Modified-Since HTTP
200 OK 304
If-Modified-Since GET HEAD
If-Modified-Since If-None-Match If-None-Match
1 If-Modified-Since: Wed, 21 Oct 2015 07:28:00 GMT

HTTP
If-None-Match
If-Match If-None-Match ETag

GET HEAD ETag
200 ETag
GET POST If-None-Match ETag 304
1 If-None-Match: "bfc13a64729c4290ef5b2c2730249c88ca92d82d"
2 If-None-Match: W/"67ab43", "54ed21", "7892dd"
3 If-None-Match: *
W/ ETag ETag
If-Range
If-Range If-Range ETag
1 If-Range: Wed, 21 Oct 2015 07:28:00 GMT
If-Unmodified-Since
If-Unmodified-Since HTTP
412
Precondition Failed
1 If-Unmodified-Since: Wed, 21 Oct 2015 07:28:00 GMT
Max-Forwards
MDN HTTP
Max-Forwards TRACE OPTION Max-Forwards

Max-Forwards -1 Max-Forwards 0 Max-Forwards
1 Max-Forwards: 10
Max-Forwards Max-Forwards
0
Proxy-Authorization
Proxy-Authorization HTTP
Authorization Authorization - Proxy-Authorization
Proxy-
Authorization
1 Proxy-Authorization: Basic YWxhZGRpbjpvcGVuc2VzYW1l
Range
Range HTTP Range

206
Range 416 Range Not Satisfiable Range
200
1 Range: bytes=200-1000, 2000-6576, 19000-
Referer
HTTP Referer web

Referer
1 Referer: https://developer.mozilla.org/testpage.html
TE
TE
Accept-Encoding
1 TE: gzip, deflate;q=0.5
TE trailer
trailers
1 TE: trailers, deflate;q=0.5
User-Agent
User-Agent
1 Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0
Accept-Ranges
Age
ETag
Location
Proxy-Authenticate
Retry-After
Server
Vary
www-Authenticate
Accept-Ranges
Accept-Ranges HTTP
bytes
none
1 Accept-Ranges: bytes
2 Accept-Ranges: none
Age
Age HTTP Age

0 0 Age
Age
1 Age: 24
ETag
ETag ETag
ETag
Web ETag
URL ETag
ETag ETag ETag
ETag
1 ETag: "33a64df551425fcc55e4d42a148795d9f25f89d4"
ETag ETag
ETag W/
1 ETag: W/"0815"
Location
Location URL 3xx( ) 201( )
Location URI
Location content-Location Location

URL Content-Location URL
Location Content-Location
1 Location: /index.html
Proxy-Authenticate
HTTP Proxy-Authenticate
1 Proxy-Authenticate: Basic
2 Proxy-Authenticate: Basic realm="Access to the internal site"
Retry-After
HTTP Retry-After
503( )
429( )
301( )
1 Retry-After: Wed, 21 Oct 2015 07:28:00 GMT

2 Retry-After: 120
Server
Server
1 Server: Apache/2.4.1 (Unix)
Vary
Vary HTTP
1 Vary: User-Agent
www-Authenticate
HTTP WWW-Authenticate WWW-

Authenticate 401
1 WWW-Authenticate: Basic
2 WWW-Authenticate: Basic realm="Access to the staging site", charset="UTF-8"
HTTP Access-Control-Allow-Origin Access-Control-Allow-
Origin - *
https://mozilla.org
1 Access-Control-Allow-Origin: https://mozilla.org
2 Vary: Origin
* Vary Origin
HTTP Content-Length Content-Language Content-Encoding

Content-Length
1 POST /myform.html HTTP/1.1

3 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:50.0) Gecko/20100101
Firefox/50.0
Allow
Content-Encoding
Content-Language
Content-Length
Content-Location
Content-MD5
Content-Range
Content-Type
Expires
Last-Modified
Allow
HTTP Allow 405 Method Not Allowed
1 Allow: GET, POST, HEAD
GET POST HEAD HTTP

405 Method Not Allowed
Content-Encoding
Accept-Encoding
Content-Encoding
Accept-Encoding gzip compress deflate
identity /
1 Accept-Encoding: gzip, deflate

2 Content-Encoding: gzip
Content-Language
Content-Language Accept-Language
/
1 Content-Language: de-DE, en-CA
Content-Length
Content-Length
3000
Content-Location
Content-Location Accept-Location Content-

Location Location
Location Content-Location Location URL Content-Location

URL Location
Content-Location
Request header Response header
Accept: application/json, Content-Location:

text/json /documents/foo.json
Accept: application/xml, text/xml Content-Location: /documents/foo.xml
Accept: text/plain, text/* Content-Location: /documents/foo.txt
Content-MD5
MD5 Content-MD5
1 Content-MD5: e10adc3949ba59abbe56e057f20f883e
Content-MD5 MD5
Content-Range
HTTP Content-Range Content-

Range
1 Content-Range: bytes 200-1000/67589
67589 200-1000
Content-Type
HTTP Content-Type Accept
Expires
HTTP Expires / /
0
1 Expires: Wed, 21 Oct 2015 07:28:00 GMT
Expires
Expires Date
Cache-Control max-age Expires
max-age
Last-Modified
Last-Modified
ETag If-Modified-Since If-
Unmodified-Since
1 Last-Modified: Wed, 21 Oct 2015 07:28:00 GMT
HTTP
HTTP URL
Server-driven Negotiation
Agent-driven Negotiation
Transparent Negotiation
Accept Accept-Charset Accept-Encoding

Accept-Language Content-Language
Accept Content
TCP HTTP
TCP / IP header+body TCP UDP

body
HTTP
Accept
HTTP MIME
MIME MIME
MIME: MIME (Multipurpose Internet Mail Extensions) MIME
MIME MIME
text/html text/plain text/css application/xhtml+xml application/xml
image/jpeg image/gif image/png
video/mpeg video/quicktime
application/octet-stream application/zip
PNG Accept image/png

image/gif image/jpeg
MIME q q q
q=
1.0
q MIME
1.0 text/html
1.0 application/xhtml+xml
0.9 application/xml
0.8 */*
application/xml;q=0.9
Accept-Charset
Accept-charset Accept-charset
Accept-Charset Content-Type charset=xxx
GBK UTF-8 UTF-8
1 Accept-Charset: gbk, utf-8

2 Content-Type: text/html; charset=utf-8
Accept-Language
Accept-Language
Accept q=
1 Accept-Language: en-US,en;q=0.5
Accept-Encoding
HTTP Accept-Encoding
Content-Encoding
CPU 80%
Microsoft
Accept-Encoding
1 Accept-Encoding: gzip
2 Accept-Encoding: compress
3 Accept-Encoding: deflate
4 Accept-Encoding: br
5 Accept-Encoding: identity
6 Accept-Encoding: *
7 Accept-Encoding: deflate, gzip;q=1.0, *;q=0.5
Accept-Encoding
gzip : gzip Lempel-Ziv LZ77 32 CRC

https://en.wikipedia.org/wiki/LZ77_and_LZ78#LZ77
compress : Lempel-Ziv-Welch LZW https:/

/en.wikipedia.org/wiki/LZW
deflate : zlib deflate https://en.wikipedia.org/wik

i/Zlib https://en.wikipedia.org/wiki/DEFLATE
br : Brotli https://en.wikipedia.org/wiki/Brotli
* : Accept-Encoding
;q= q Accept
Content-Type
Content-Type MIME Content-Type

Content-type : MIME
1 Content-Type: text/html; charset=UTF-8
MIME
X-Content-Type-Options nosniﬀ
Content-Encoding
Content-Encoding
Content-Type MIME
2 Content-Encoding: compress
3 Content-Encoding: deflate
4 Content-Encoding: identity
5 Content-Encoding: br
6 Content-Encoding: gzip, identity
7 Content-Encoding: deflate, gzip
Content-Language
Content-Language
1 Content-Language: de-DE
2 Content-Language: en-US
3 Content-Language: de-DE, en-CA
/ Accept-Charset
Content-Charset Content-Type
HTTP
HTTP HTTP
HTTP
RFC 7235 HTTP
/ 401( )
www-Authenticate
HTTP HTTP
HTTP www-Authenticate 401
HTTP HTTP
HTTPS
403 Forbidden
200 OK
HTTP
407( ) Proxy-Authenticate Proxy-

Authorization
Proxy-Authenticate
1 Proxy-Authenticate: Basic
2 Proxy-Authenticate: Basic realm="Access to the internal site"
Proxy-Authorization
403
Forbidden 401 Unauthorized 407 Proxy Authorization
Required
1 WWW-Authenticate: <type> realm=<realm>
2 Proxy-Authenticate: <type> realm=<realm>
<type> realm
<type> Basic
RFC 7617 Basic HTT P ID /

base64 ( https://tools.ietf.org/html/rfc7617 )
Basic RFC 7617 base64
Bearer RFC 6750 OAuth 2.0
RFC 7616 Firefox md5 bug 472823

Digest
SHA
HOBA RFC 7486
Mutual RFC 8120
AWS4-HMAC-
AWS docs
SHA256
realm Access to the staging site(

)
1 Authorization: Basic YWxhZGRpbjpvcGVuc2VzYW1l

HTTP
/ Web
HTTP
Web
HTTP
HTTP
CDN
Web Web
no-cache
no-cache Cache-Control
max-age = 0
HTTP /
private public
1 Cache-Control: private
public
public
1 Cache-Control: public
HTTP/1.1 Cache-Control
no-store
1 Cache-Control: no-store
max-age Expires
mag-age
must-revalidate
1 Cache-Control: must-revalidate
(cache eviction)
HTTP -
HTTP
(Eviction algorithms)
If-
None-Match 304 Not Modified
Age Age HTTP
Age 0 0
Age
Cache-
control:max-age=N N
Expires Exprires Date
max-age expires Last-Modified
Date Last-modified 10
Cache-control must-
revalidate ->
Etag
Etag HTTP
Etag
If-None-Match
Last-Modified 1
Last-Modified If-Modified-Since
Etag
Etag If-Match
MDN Wiki Etag
1 Etag: "33a64df551425fcc55e4d42a148795d9f25f89d4"
Wiki POST If-Match Etag
1 If-Match: "33a64df551425fcc55e4d42a148795d9f25f89d4"
412 Precondition Failed
Etag URL Etag

URL If-None-Match Etag
1 If-None-Match: "33a64df551425fcc55e4d42a148795d9f25f89d4"
Etag If-None-Match Etag

304 Not Modified
HTTP CROS
CROS Cross-Origin Resource Sharing(CROS)

(origin) Web
(origin)
Origin
Web (Origin) scheme(protocol) - host(domain) -
URL port - scheme host port
Same Origin Policy)
CORS
1 (1) http://example.com/app1/index.html
2 (2) http://example.com/app2/index.html
URL
URL URL (scheme) (host)
1 http://Example.com:80
2 http://example.com
URL
URL
Windows Mac OS
X UNIX Linux
Example.com example.com
scheme host 80 HTTP
URL
1 http://example.com/app1
2 https://example.com/app2
URL scheme URL
URL
2 http://www.example.com
3 http://myapp.example.com
URL host
URL
2 http://example.com:8080
URL URL
HTTP XMLHttpRequest Fetch
(same-origin policy) API
CORS
URL URL
http://store.company.com/dir/page.html
URL Outcome Reason
http://store.company.com/dir2/other.html path
http://store.company.com/dir/inner/another.html path
https://store.company.com/page.html
http://store.company.com:81/dir/page.html
http://news.company.com/dir/page.html
URL
1. XMLHttpRequest Fetch api
XMLHttpRequest
XMLHttpReqeust
XMLHttpReqeust XMLHttpReqeust
XMLHttpRequest(XHR) URL
XMLHttpRequest AJAX
Fetch API Fetch
CORS HTTP Origin
2. Web CSS @ font-face TrueType
3. WebGL
4. drawImage() /
5. CSS
HTTP Web
HTTP GET
MIME POST HTTP HTTP OPTIONS
Cookies HTTP
CORS JavaScript
XMLHttpRequest
CORS
GET HEAD POST
Connection User-Agent Fetch

Fetch CORS
Accept
Accept-Language
Content-Language
Content-Type
DPR
Downlink
Save-Data
Viewport-Width
Width
Content-Type
application/x-www-form-urlencoded
multipart/form-data
text/plain
XMLHttpRequestUpload
XMLHttpRequest.upload
ReadableStream
web https://foo.example https://bar.other

JavaScript
1 const xhr = new XMLHttpRequest();

2 const url = 'https://bar.other/resources/public-data/';
3
4 xhr.open('GET', url);
5 xhr.onreadystatechange = someHandler;
6 xhr.send();
CORS
1 GET /resources/public-data/ HTTP/1.1

2 Host: bar.other
Firefox/71.0
5 Accept-Language: en-us,en;q=0.5
6 Accept-Encoding: gzip,deflate
8 Origin: https://foo.example
Origin https://foo.example
1 HTTP/1.1 200 OK
2 Date: Mon, 01 Dec 2008 00:23:53 GMT
3 Server: Apache/2
4 Access-Control-Allow-Origin: *
8 Content-Type: application/xml
9
10 […XML Data…]
Access-Control-Allow-Origin Origin Access-

Control-Allow-Origin Access-
Control-Allow-Origin
https://bar.other
https://foo.example
1 Access-Control-Allow-Origin: https://foo.example
https://foo.example https://bar.other
OPTIONS HTTP
1 const xhr = new XMLHttpRequest();

2 xhr.open('POST', 'https://bar.other/resources/post-here/');
3 xhr.setRequestHeader('X-PINGOTHER', 'pingpong');
4 xhr.setRequestHeader('Content-Type', 'application/xml');
5 xhr.onreadystatechange = handler;
6 xhr.send('<person><name>Arun</name></person>');
XML POST X-
PINGOTHER HTTP/1.1 Web
Content-Type application/xml
POST Access-Control-Request- * OPTIONS
/ /
1 OPTIONS /resources/post-here/ HTTP/1.1

2 Host: bar.other
Firefox/71.0
8 Origin: http://foo.example
9 Access-Control-Request-Method: POST
10 Access-Control-Request-Headers: X-PINGOTHER, Content-Type
11
1 HTTP/1.1 204 No Content
2 Date: Mon, 01 Dec 2008 01:15:39 GMT
3 Server: Apache/2
5 Access-Control-Allow-Methods: POST, GET, OPTIONS
6 Access-Control-Allow-Headers: X-PINGOTHER, Content-Type
7 Access-Control-Max-Age: 86400
8 Vary: Accept-Encoding, Origin
1 -11 OPYIIONS JavaScript
OPTIONS HTTP / 1.1

OPTIONS
9 10
POST
Access-Control-Request-Headers X-PINGOTHER
Content-Type
1 - 11 POST X-PINGOTHER
1 Access-Control-Allow-Origin: http://foo.example
3 Access-Control-Allow-Headers: X-PINGOTHER, Content-Type
http://foo.example URL POST GET

OPTIONS X-PINGOTHER, Content-Type Access-Control-
Max-Age
1 POST /resources/post-here/ HTTP/1.1

2 Host: bar.other
Firefox/71.0
8 X-PINGOTHER: pingpong
9 Content-Type: text/xml; charset=UTF-8
10 Referer: https://foo.example/examples/preflightInvocation.html
12 Origin: https://foo.example
13 Pragma: no-cache
15
16 <person><name>Arun</name></person>
1 HTTP/1.1 200 OK
2 Date: Mon, 01 Dec 2008 01:15:40 GMT
3 Server: Apache/2
11
12 [Some GZIP'd payload]
HTTP
XMLHttpRequest Fetch CORS HTTP Cookie HTTP

XMLHttpRequest Fetch
XMLHttpRequest Request
http://foo.example Cookies
http://bar.other GET foo.example
1 const invocation = new XMLHttpRequest();

2 const url = 'http://bar.other/resources/credentialed-content/';
3
4 function callOtherDomain() {
5 if (invocation) {
6 invocation.open('GET', url, true);
7 invocation.withCredentials = true;
8 invocation.onreadystatechange = handler;
9 invocation.send();
10 }
11 }
7 XMLHttpRequest Cookie
Cookie GET
Access-Control-Allow-Credentials true
web
1 GET /resources/access-control-with-credentials/ HTTP/1.1
2 Host: bar.other
Firefox/71.0
8 Referer: http://foo.example/examples/credential.html
9 Origin: http://foo.example
10 Cookie: pageAccess=2
1 HTTP/1.1 200 OK
2 Date: Mon, 01 Dec 2008 01:34:52 GMT
3 Server: Apache/2
5 Access-Control-Allow-Credentials: true
7 Pragma: no-cache
8 Set-Cookie: pageAccess=3; expires=Wed, 31-Dec-2008 01:34:53 GMT
15
16
17 [text/plain payload]
10 http://bar.other Cookie bar.other Access-
Control-Allow-Credentials:true
*
Cookie Access-Control-Allow-Credentials
*
Set-Cookie
API
HTTP
HTTP
Origin
Access-Control-Allow-Origin HTTP
*
https://mozilla.org
1 Access-Control-Allow-Origin: https://mozilla.org
2 Vary: Origin
* Vary
Access-Control-Allow-Credentials HTTP
Request.credentials JavaScript
Request.credentials Request
Request Fetch API Request

Request() Request
FetchEvent.request api
Request.credentials Request
cookie Request https://developer.mozilla.or
g/en-US/docs/Web/API/Request
Request.credentials Access-Control-Allow-Credentials
true JavaScript
1 Access-Control-Allow-Credentials: true
cookie TLS
GET
https://www.jianshu.com/p/ea485e5665b3
HTTP
Access-Control-Allow-Headers CROS
CROS X-Custom-Header
1 Access-Control-Allow-Headers: X-Custom-Header
1 Access-Control-Allow-Headers: X-Custom-Header, Upgrade-Insecure-Requests
CORS Access-Control-Allow-Headers
1 Access-Control-Allow-Headers: Accept
CORS
Accep Accept-Language Content-Language Content-Type

CORS

2 Access-Control-Allow-Methods: *
6 CORS
Cache-Control
Content-Language
Content-Type
Expires
Last-Modified
Pragma
CORS
1 Access-Control-Expose-Headers: Content-Length
X-Kuma-Revision
1 Access-Control-Expose-Headers: Content-Length, X-Kuma-Revision
1 Access-Control-Expose-Headers: *
Authorization
1 Access-Control-Expose-Headers: *, Authorization
10
HTTP
Access-Control-Request-Method HTTP
OPTIONS
Origin
Origin CORS
POST Referer
1 Origin: https://developer.mozilla.org
HTTP
HTTP
HTTP
GET
HTTP
GET
GET HEAD OPTIONS
PUT
DELETE
HTTP HTTP
PUT
PUT FTP
Etag
Etag
Etag
HTTP
Last-Modified MD5 Etag
Etag
Etag
Etag
Web Etag
URL Etag
Etag Etag Etag
Etag
1 Etag: "33a64df551425fcc55e4d42a148795d9f25f89d4"
Etag Etag
Etag W/
1 Etag: W/"0815"
Etag
If-Match
If-None-Match
If-Modified-Since
If-Unmodified-Since
If-Range
If-Match
GET POST Etag

Etag Etag PUT
GET POST Range

416
PUT If-Match If-Match
Etag 412
Precondition Failed
1 If-Match: "bfc13a64729c4290ef5b2c2730249c88ca92d82d"
2 If-Match: *
If-None-Match
If-Match If-None-Match Etag

GET HEAD Etag
200 OK Etag
GET POST If-None-Match Etag 304
1 If-None-Match: "bfc13a64729c4290ef5b2c2730249c88ca92d82d"
2 If-None-Match: W/"67ab43", "54ed21", "7892dd"
3 If-None-Match: *
If-Modified-Since
If-Modified-Since HTTP
200 OK 304
If-Modified-Since GET HEAD
If-Modified-Since If-None-Match If-None-Match
1 If-Modified-Since: Wed, 21 Oct 2015 07:28:00 GMT

HTTP
If-Range
If-Range If-Range Etag
1 If-Range: Wed, 21 Oct 2015 07:28:00 GMT

2 If-Range: bfc13a64729c4290ef5b2c2730249c88ca92d82d
If-Unmodified-Since
If-Unmodified-Since HTTP
412
Precondition Failed
1 If-Unmodified-Since: Wed, 21 Oct 2015 07:28:00 GMT
200 OK
Last-Modified Etag
If-Modified-Since If-Match
304 Not
Modified /
200 OK
HTTP
Accept-Ranges
Ranges
Ranges Content-Range
Range
Range HTTP Range
206
Range 416 Range Not Satisfiable Range
200
1 Range: bytes=200-1000, 2000-6576, 19000-
1 Range: bytes=0-499, -500
500 500
Content-Range
HTTP Content-Range Content-

Range
1 Content-Range: bytes 200-1000/67589
67589 200-1000
Content-Range
If-Modified-Since If-Match
/
HTTP If-Range
Etag
Web
put
If-Match If-Unmodified-Since Etag
412 Precondition Failed
HTTP Cookies
HTTP Cookie Web Cookie Cookie Web

Cookie
HTTP Cookie HTTP
Cookie
Cookie
API Cookie
API Web API localStorage sessionStorage
IndexedDB
Cookie
HTTP Set-Cookie Cookie
Cookie HTTP
Cookie cookie
Set-Cookie Cookie
Set-Cookie HTTP cookie Cookie
1 HTTP/2.0 200 OK
2 Content-type: text/html
3 Set-Cookie: yummy_cookie=choco
4 Set-Cookie: tasty_cookie=strawberry
5
6 [page content]
Cookie
Cookie cookie
1 GET /sample_page.html HTTP/2.0

2 Host: www.example.org
3 Cookie: yummy_cookie=choco; tasty_cookie=strawberry
Cookie Cookie Cookie Cookie Secure HttpOnly
Cookies
Cookie Cookie Cookie

Expires Max-Age
Web Cookie
Cookies
Cookie Expires Max-Age
1 Set-Cookie: id=a3fWa; Expires=Wed, 21 Oct 2015 07:28:00 GMT;

Cookie HTTPS
cookie
HttpOnly
cookie HttpOnly (JS Applet )

cookie cookie
HttpOnly cookie cookie
Cookie HttpOnly true Cookie Cookie
ASP.NET ID Forms
Cookie
Cookie
Domain Path Cookie Cookie URL
Domain Cookie (
Domain
Domain=mozilla.org Cookie
developer.mozilla.org
Path=/docs
/docs
/docs/Web/
/docs/Web/HTTP
HTTP
HTTP
HTTP
HTTP header + body

HTTP
HTTP
HTTP
HTTP URI
HTTP
HTTP
HTTP Web
JSON XML APP
HTTP
CPU
HTTP
Cookie
HTTP
header
TCP UDP
Wireshark tcpdump
HTTP
HTTPS
HTTPS HTTP
HTTPS
HTTP HTTP HTTP
HTTP HTTP
HTTP
HTTP
HTTPS
HTTPS
HTTP HTTP (Hypertext Transfer Protocol)
HTTPS
HTTPS Hypertext Transfer Protocol Secure

(secure communication) HTTP Secure
HTTPS HTTPS
HTTPS HTTP
HTTPS (TLS)
(SSL) HTTP + SSL(TLS) = HTTPS
HTTPS
HTTPS
(Encryption) HTTPS
(Data integrity)
(Authentication)
HTTPS HTTPS HTTP
HTTPS RFC 7
443 URI HTTP
HTTP 80 HTTPS
HTTP HTTP HTTPS HTTPS HTTP
S SSL/TLS
SSL/TLS
SSL/TLS
TLS(Transport Layer Security) SSL(Secure Socket Layer)
SSL/TLS SSL/TLS X.509
(key pairs)
(private key) (public key)
X.509 X.509
X.509
SSL/TLS HTTPS Web

S/MIME
SSL.com
https://www.ssl.com/article/pki-and-digital-certificates-f
or-government/
HTTPS HTTP
HTTPS HTTP SSL TLS
HTTP TCP SSL HTTPS SSL
SSL TCP HTTPS SSL HTTP
SSL HTTP SMTP(

) Telnet( )
HTTPS
HTTPS TLS/SSL
HTTPS TLS
SSL OSI SSL 1999 IETF(

) TLS TLS 1.1 1.2 1.3
1.2 TLS 1.2
TLS TLS
TLS TLS TLS

https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml
1 ECDHE-ECDSA-AES256-GCM-SHA384
TLS
- - -
ECDHE ECDSA AES
256 GCM SHA384
TLS
(Plaintext)
m p
(Ciphertext)
(Encrypt)
(Decrypt)
(Symmetrical Encryption)
TLS DES 3DES AES ChaCha20 TDEA Blowfish

RC2 RC4 RC5 IDEA SKIPJACK AES-128, AES-192 AES-256
ChaCha20
DES Data Encryption Standard( )

56
3DES DES 90
3DES
AES-128, AES-192 AES-256 AES AES Advanced Encryption

Standard( ) DES
ChaCha20 Google 256

AES ARMv8 AES
GCM AES CAMELLIA ARIA
AES
ECB CBC CFB OFB

AEAD Authenticated Encryption with Associated
Data GCM CCM Poly1305
ECDHE_ECDSA_AES128_GCM_SHA256 128 AES256 256

GCM 128 AEAD
(Asymmetrical Encryption)
DH
DSA RSA ECC
RSA DHE_RSA_CAMELLIA128_GCM_SHA256
ECC Elliptic Curve Cryptography

ECDHE ECDSA
TLS
RSA AES TLS

RSA ECDHE
session key
(Digest Algorithm)
TLS (Digest Algorithm)
MD5 MD5 Message Digest Algorithm 5
(cryptographic hash algorithm) MD5 128
MD5 MD5
SSH SSL IPSec
MD5
MD5 SHA-1(Secure Hash Algorithm 1)

SHA-1 TLS TLS SHA-1
SHA-2
SHA-2 Secure Hash Algorithm 2 2001 SHA-1

SHA-2 224 256 384 512
SHA-224, SHA-256, SHA-384, SHA-512 28 32 48 64
SHA-2
SHA-2
HMAC HMAC MAC
MAC message authentication code MAC MAC
HMAC MAC MAC + Hash HMAC

SHA-256
CA CA Certificate Authority CA
CA DV OV EV DV
EV
Apple GitHub
CSR CSR
CSR CSR
CA
CSR CA CA
Cookie Session
HTTP
Session Cookie HTTP
Session
Session
ConcurrentHashMap Session HTTP Session
Session
Session Session
sessionId Set-Cookie JSESSIONID=XXXXXXX
Cookie JSESSIONID=XXXXXXX Cookie
Cookie
Cookie sessionId
Cookie JSESSIONID
sessionId
Session
Session A Session A
B B A Session Session
Cookies
HTTP Cookie Web Cookie Cookie Web

Cookie
HTTP Cookie HTTP
Cookie
Cookie
API Cookie
Cookie
HTTP Set-Cookie Cookie
Cookie HTTP
Set-Cookie Cookie
Set-Cookie HTTP cookie Cookie
Cookie
Cookie Cookie
Cookies Session Cookies Persistent Cookies Cookie
Cookie Cookie
Cookie
Cookies

Expires Max-Age
Web Cookie
Cookies
Cookie Expires Max-Age
1 Set-Cookie: id=a3fWa; Expires=Wed, 21 Oct 2015 07:28:00 GMT;
Cookie HTTPS
cookie
HttpOnly
Cookie HttpOnly (JS Applet )

Cookie Cookie
HttpOnly Cookie Cookie
Cookie HttpOnly true Cookie Cookie
ASP.NET ID Forms
Cookie
Cookie
Domain Path Cookie Cookie URL
Domain Cookie (
Domain
Domain=mozilla.org Cookie
developer.mozilla.org
Path=/docs
/docs
/docs/Web/
/docs/Web/HTTP
JSON Web Token Session Cookies
JSON Web Token JWT Session
JWT Session
JWT Session Cookies

JWT Session Cookies
HTTP
HTTP
JWT Session Cookies
JWT Session Cookies
Session Cookies
Session Cookies Cookies Session Cookies
Session
Cookie SessionId SessionId

Json Web Tokens
Json Web Token JWT Json RFC 7519
Json JWT
HMAC RSA/ECDSA / JWT
JWT
(Authorization) JWT
JWT
JWT
(Information Exchange) JWT /
JWT head payload
JWT
JWT
JWT .
Header
Payload
Signature
JWT
Header
Header JWT ( JWT)

HMAC SHA256 RSA
1 {
2 "alg": "HS256",
3 "typ": "JWT"
4 }
Json Base64Url JWT
Payload
Token Payload Payload

registered, public private
registered
ISS
iss (issuer)
exp (expiration time)
sub (subject)
aud (audience)
nbf (Not Before)
iat (Issued At)
jti (JWT ID)

public
private
1 {
2 "sub": "1234567890",
3 "name": "John Doe",
4 "admin": true
5 }
payload Json Base64Url JWT
signature
JWT
header (base64 )
payload (base64 )
secret
HMAC SHA256
1 HMACSHA256(
2 base64UrlEncode(header) + "." +
3 base64UrlEncode(payload),
4 secret)
JWT
Base64-URL HTML
HTTP
JWT header payload signature
1 eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gR
G9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ
JWT https://jwt.io/#debugger-io
JWT Session Cookies

JWT Session Cookies
JWT Session Cookies
JSON
JWT
Session Cookies
JWT JWT Session
Cookies
JWT
Session Cookies
JWT JWT
JWT Session Cookies

JWT Cookies
Session Cookies
API JWT
Cookies
Session PHP ......
Cookies Session
Cookies sessionId cookie

cookie ( sessionId)
session URL https://www.cnblog
s.com/Renyi-Fan/p/11012086.html
HTTP HTTPS
HTTP (Hypertext Transfer Protocol) HTTP

HTTP Hypertext Transfer Protocol
( )
HTTP TCP/IP
OSI
HTTPS Hypertext Transfer Protocol Secure HTTPS

HTTPS secure HTTPS
HTTP + TLS/SSL TLS/SSL
HTTPS SSL HTTP
HTTP HTTPS
HTTP http:// HTTPS

https://
1 http://www.cxuanblog.com/
2 https://www.cxuanblog.com/
HTTP
HTTPS - - -
HTTP 80 HTTPS 443
HTTP Get Post
HTTP Get Post HTTP HTTP

99% Get Post
get www.cxuanblog.com
get post <form>
get pull/ post
push/
get URL
1 /test/demo_form.asp?name1=value1&name2=value2
post body
1 POST /test/demo_form.asp HTTP/1.1

2 Host: w3schools.com
3 name1=value1&name2=value2
get URL post

get cache post
get / post
get TCP post TCP
get http header data 200
post header 100 continue data
200 ok
HTTP
(Stateless Protocol)
HTTP
HTTP
(Cookie)
cookie chrome://settings/content/cookies
......
Session Session sessionId
Set-Cookie JSESSIONID=XXXXXXX Cookie
JSESSIONID=XXXXXXX Cookie
Cookie
Cookie sessionId
Cookie JSESSIONID
sessionId
JWT Cookie
JWT JWT
JWT Cookie JWT

Token Session
token
JWT Cookies
JWT JWT
UDP TCP
TCP UDP
TCP UDP
UDP
UDP User Datagram Protocol
UDP
UDP
UDP
UDP
UDP DNS DNS UDP
TCP
TCP Transmission Control Protocol
Internet TCP
TCP
TCP
TCP
TCP
TCP
TCP
TCP UDP
TCP UDP
TCP UDP
TCP UDP
UDP
TCP
UDP
TCP
TCP UDP
TCP 20 UDP 8
TCP TCP UDP
UDP
TCP
TCP UDP
TCP SYN SYN-ACK ACK
UDP
TCP
TCP
TCP TCP
TCP
SYN
ACK SYN
SYN-ACK SYN ACK
FIN
SYN Synchronize Sequence Numbers TCP/IP

TCP
SYN X
SYN-ACK SYN SYN-ACK
X+1 Y
ACK Acknowledge character ,
ACK Y+1
- -
TCP
( ) FIN
FIN_WAIT_1 FIN_WAIT_1
ACK
FIN ACK
ACK FIN_WAIT_2
FIN
ACK FIN
FIN FIN_WAIT_2 TIME_WAIT

TIME_WAIT ACK
TIME_WAIT
HTTP
HTTP
https://mp.weixin.qq.com/s/XZZR0945IcI6X4S0g5fZXg
HTTP
Date Cache-Control Connection
Date
Date
1 Date: Wed, 21 Oct 2015 07:28:00 GMT
Cache-Control
Cache-Control Cache-Control
Connection
Connection Connection
1 Connection: close
HTTP1.1
HTTP HTTP Content-
Length Content-Language Content-Encoding
Content-Length
Content-Language
Content-Encoding Content-
Encoding
gzip compress deflate identity
1 Accept-Encoding: gzip, deflate //

2 Content-Encoding: gzip //
Host
Host TCP
HTTP URL 80
Accpet Accept-Language Accept-Encoding
Referer
HTTP Referer web

Referer
1 Referer: https://developer.mozilla.org/testpage.html
If-Modified-Since
If-Modified-Since If-None-Match If-Modified-Since

Last-Modified
Last-Modified 200
Last-Modified 304
1 If-Modified-Since: Mon, 18 Jul 2016 02:36:04 GMT
If-None-Match
If-None-Match HTTP GET HEAD

ETag 200
ETag
1 If-None-Match: "c561c68d0ba92bbeb8b0fff2a9199f722e3a621a"
Accept
HTTP MIME
Accept-Charset
accept-charset
UTF-8 - Unicode ISO-8859-1 -
Accept-Language
Accept-Language
HTTP 1.1
HTTP Access-Control-Allow-Origin Access-Control-Allow-

Origin
Keep-Alive
Keep-Alive Connection
Server
Server
1 Server: Apache/2.4.1 (Unix)
Set-Cookie
Set-Cookie sessionID
Transfer-Encoding
Transfer-Encoding
HTTP /1.1
X-Frame-Options
HTTP Web
X-Frame-Options HTTP Web Frame

clickjacking
HTTP 1.1
URL
URL
URL
URL DNS DNS

URL ip URL
hosts ip
DNS
DNS IP
IP
IP DNS DNS
Domain Name System DNS DNS
DNS UDP 53
DNS
DNS
DNS (local DNS server) DNS
DNS ISP(Internet Service Provider) ISP
ISP DNS ISP ISP IP
DNS IP
DNS IP DNS DNS
DNS
DNS IP DNS IP
DNS
DNS (Recursive query)

(Iteration query)
DNS
DNS
-> -> DNS IP

DNS IP
TCP
HTTP-GET URL HTTP 1.1
200 301,302 3
Location
URL 200 OK
HTTPS
HTTP HTTPS HTTPS
HTTPS SSL/TLS
TLS Internet TLS TLS

TLS Internet
HTTPS TLS
HTTPS API HTTPS DNS TLS
TLS
RSA TLS
HTTP TLS
ClientHello hello
TLS (TLS1.0 TLS1.2 TLS1.3)
ServerHello hello SSL
(Authentication) SSL Certificate

ServerHelloDone hello
ClientKeyExchange
The premaster secret
ChangeCipherSpec
premaster secret Finished
Session key
ChangeCipherSpec Finished
RSA
Java cxuan

手绘图解HTTP

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

手绘图解HTTP

Uploaded by

Copyright:

Available Formats

HTTP

JWT Session Cookies

HTTP HTTP HTTP HTTP HTTPS

HTTP (Hypertext Transfer Protocol)

Hypertext Transfer Protocol

Web Apache Nginx IIS

WAF Web SQL

Web Service W3C client-server WSDL

Web HTML 5 JPEG Web 6

TCP Transmission Control Protocol HTTP

DNS Domain Name System DNS IP

URI Uniform Resource Identifier

URL Uniform Resource Locator

URI URL URN

DNS www.someSchool.edu HTTP

GET GET URI

POST GET GET

PUT PUT FTP

HEAD HEAD GET URI

DELETE DELETE PUT DELETE

OPTIONS OPTIONS URI

TRACE TRACE Web

GET POST HTTP1.0

http:// Web HTTP

?key1=value1&key2=value2 Web GET

HTTP 1.0 1996

HTTP 1.0 header If-Modified-Since Expires

HTTP 1.1 HTTP 1.0 1999

HTTP 1.1 Range

HTTP 2.0 2015

HTTP 1.1 User-Agent Cookie Accept Server Range

no-cache no-store no-cache

no-store no_cache must-revalidate max-age

min-fresh min-fresh min-fresh

keep-alive Connection keep-alive keep-alive

1 Date: Wed, 21 Oct 2015 07:28:00 GMT

Pragma http 1.1 http

HTTP /1.1 Cache-Control: no-cache

HTTP 1.1 HTTP 2.0

Transfer-Encoding Hop-by-hop HTTP

Connection Keep-Alive Proxy-Authenticate Proxy-Authorization Trailer TE Transfer-

0 Transfer-Encoding Trailer Trailer

compress Lempel-Ziv-Welch(LZW) UNIX

deflate zlib( RFC 1950 ) deflate

1 Transfer-Encoding: gzip, chunked

Via 1.1, 1.0 HTTP Via

Warning (https://github.com/httpwg/http-core/issues/139) and Warning: header &

MIME: MIME (Multipurpose Internet Mail Extensions) MIME

text/html text/plain text/css application/xhtml+xml application/xml

image/jpeg image/gif image/png

PNG Accept image/png

compress : Lempel-Ziv-Welch LZW https:/

deflate : zlib deflate https://en.wikipedia.org/wik

HTTP Authorization 401

1 PUT /somewhere/fun HTTP/1.1

If-Match If-Modified-Since If-None-Match If-Range If-Unmodified-Since

GET POST ETag

GET POST Range

If-Modified-Since If-None-Match If-None-Match

1 If-Modified-Since: Wed, 21 Oct 2015 07:28:00 GMT

If-Match If-None-Match ETag

GET POST If-None-Match ETag 304

If-Range If-Range ETag