Detailed explanation of http message format

HTTP messages are text-oriented. Each field in the message is an ASCII code string, and the length of each field is uncertain. HTTP has two types of messages: request messages and response messages.

HTTP request message

An HTTP request message consists of a request line and a request header. It consists of four parts: , blank line and request data. The following figure shows the general format of the request message.

or

＜request-line＞
＜headers＞
＜blank line＞
[＜request-body＞

1. Request header

The request line consists of the request method field, URL field and HTTP The protocol version field consists of three fields, which are separated by spaces. For example, GET /index.html HTTP/1.1.

The request methods of HTTP protocol include GET, POST, HEAD, PUT, DELETE, OPTIONS, TRACE, and CONNECT.

The common ones are as follows:

1).GET

The most common request method, when the client wants to request from the server When reading a document, when you click on a link on the webpage or browse the webpage by entering the URL in the browser's address bar, the GET method is used. The GET method requires the server to put the resource located by the URL in the data part of the response message and send it back to the client. When using the GET method, the request parameters and corresponding values ​​are appended to the URL. A question mark ("?") is used to represent the end of the URL and the beginning of the request parameters. The length of the passed parameters is limited. For example, /index.jsp?id=100&op=bind, the data passed through GET is directly represented in the address, so we can send the request result to our friends in the form of a link. Taking the search for domety with Google as an example, the Request format is as follows:

GET /search?hl=zh-CN&source=hp&q=domety&aq=f&oq= HTTP/1.1  
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, 
application/msword, application/x-silverlight, application/x-shockwave-flash, */*  
Referer: <a href="http://www.google.cn/">http://www.google.cn/</a>  Accept-Language: zh-cn  
Accept-Encoding: gzip, deflate  
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; TheWorld)  
Host: <a href="http://www.google.cn">www.google.cn</a>  Connection: Keep-Alive  
Cookie: PREF=ID=80a06da87be9ae3c:U=f7167333e2c3b714:NW=1:TM=1261551909:LM=1261551917:S=ybYcq2wpfefs4V9g; 
NID=31=ojj8d-IygaEtSxLgaJmqSjVhCspkviJrB6omjamNrSm8lZhKy_yMfO2M4QMRKcH1g0iQv9u-2hfBW7bUFwVh7pGaRUb0RnHcJU37y-
FxlRugatx63JLv7CWMD6UB_O_r

As you can see, GET requests generally do not include the "request content" part, and the request data is expressed in the request line in the form of an address. The address link is as follows:

<a href="http://www.google.cn/search?hl=zh-CN&source=hp&q=domety&aq=f&oq=">http://www.google.cn/search?hl=zh-CN&source=hp
&q=domety&aq=f&oq=</a>

The part after "?" in the address is the request data sent through GET. We can clearly see in the address bar that between each data Separate them with the "&" symbol. Obviously, this method is not suitable for transmitting private data. In addition, since different browsers have different character restrictions on addresses, generally they can only recognize up to 1024 characters, so if a large amount of data needs to be transmitted, the GET method is not suitable.

2).POST

For the above-mentioned situations where the GET method is not suitable, you can consider using the POST method, because using the POST method allows the client to The server provides more information. The POST method encapsulates the request parameters in the HTTP request data, appearing in the form of name/value, and can transmit a large amount of data. In this way, the POST method has no limit on the size of the data transmitted, and it will not be displayed in the URL. Taking the above search domety as an example, if the POST method is used, the format is as follows:

POST /search HTTP/1.1  
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, 
application/msword, application/x-silverlight, application/x-shockwave-flash, */*  
Referer: <a href="http://www.google.cn/">http://www.google.cn/</a>  Accept-Language: zh-cn  
Accept-Encoding: gzip, deflate  
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; TheWorld)  
Host: <a href="http://www.google.cn">www.google.cn</a>  Connection: Keep-Alive  
Cookie: PREF=ID=80a06da87be9ae3c:U=f7167333e2c3b714:NW=1:TM=1261551909:LM=1261551917:S=ybYcq2wpfefs4V9g; 
NID=31=ojj8d-IygaEtSxLgaJmqSjVhCspkviJrB6omjamNrSm8lZhKy_yMfO2M4QMRKcH1g0iQv9u-2hfBW7bUFwVh7pGaRUb0RnHcJU37y-
FxlRugatx63JLv7CWMD6UB_O_r  

hl=zh-CN&source=hp&q=domety

As you can see, the POST method request line does not contain data strings, and these data are saved in the "Request Content" section. Each data is also separated by the "&" symbol. The POST method is mostly used in page forms. Because POST can also complete the function of GET, most people always use the POST method when designing forms. In fact, this is a misunderstanding. The GET method also has its own characteristics and advantages. We should choose whether to use GET or POST according to different situations

3).HEAD

HEAD is like GET, However, after receiving the HEAD request, the server only returns the response header and does not send the response content. When we only need to check the status of a certain page, using HEAD is very efficient because the page content is omitted during the transmission process.

2. Request header

The request header consists of keyword/value pairs, one pair per line, and the keywords and values ​​are separated by English colons ":" . The request header informs the server about the client's request. Typical request headers are:

User-Agent: The type of browser that generated the request.

Accept: List of content types recognized by the client.

Host: The requested host name, allowing multiple domain names to be at the same IP address, that is, a virtual host.

3. Blank line

After the last request header is a blank line, sending carriage return and line feed characters to notify the server that there are no more request headers below.

4. Request data

The request data is not used in the GET method, but in the POST method. The POST method is suitable for situations where customers are required to fill out a form. The most commonly used request headers related to request data are Content-Type and Content-Length.

HTTP message

HTTP response also consists of three parts, namely: status line, message header, and response body.

As shown below, the format of the HTTP response is very similar to the format of the request:

＜status-line＞
＜headers＞
＜blank line＞
[＜response-body＞]

As you can see, the only real difference in the response is the use of status in the first line Information instead of requesting information. The status line describes the requested resource by providing a status code.

The status line format is as follows:

HTTP-Version Status-Code Reason-Phrase CRLF

其中，HTTP-Version表示服务器HTTP协议的版本；Status-Code表示服务器发回的响应状态代码；Reason-Phrase表示状态代码的文本描述。状态代码由三位数字组成，第一个数字定义了响应的类别，且有五种可能取值。

• 1xx：指示信息--表示请求已接收，继续处理。
• 2xx：成功--表示请求已被成功接收、理解、接受。
• 3xx：重定向--要完成请求必须进行更进一步的操作。
• 4xx：客户端错误--请求有语法错误或请求无法实现。
• 5xx：服务器端错误--服务器未能实现合法的请求。

常见状态代码、状态描述的说明如下。

• 200 OK：客户端请求成功。
• 400 Bad Request：客户端请求有语法错误，不能被服务器所理解。
• 401 Unauthorized：请求未经授权，这个状态代码必须和WWW-Authenticate报头域一起使用。
• 403 Forbidden：服务器收到请求，但是拒绝提供服务。
• 404 Not Found：请求资源不存在，举个例子：输入了错误的URL。
• 500 Internal Server Error：服务器发生不可预期的错误。
• 503 Server Unavailable：服务器当前不能处理客户端的请求，一段时间后可能恢复正常，举个例子：HTTP/1.1 200 OK（CRLF）。

下面给出一个HTTP响应报文例子

HTTP/1.1 200 OK
Date: Sat, 31 Dec 2005 23:59:59 GMT
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 122

＜html＞
＜head＞
＜title＞Wrox Homepage＜/title＞
＜/head＞
＜body＞
＜!-- body goes here --＞
＜/body＞
＜/html＞

关于HTTP请求GET和POST的区别

1.GET提交，请求的数据会附在URL之后（就是把数据放置在HTTP协议头＜request-line＞中），以?分割URL和传输数据，多个参数用&连接;例如：login.action?name=hyddd&password=idontknow&verify=%E4%BD%A0 %E5%A5%BD。如果数据是英文字母/数字，原样发送，如果是空格，转换为+，如果是中文/其他字符，则直接把字符串用BASE64加密，得出如： %E4%BD%A0%E5%A5%BD，其中％XX中的XX为该符号以16进制表示的ASCII。

  POST提交：把提交的数据放置在是HTTP包的包体＜request-body＞中。上文示例中红色字体标明的就是实际的传输数据

  因此，GET提交的数据会在地址栏中显示出来，而POST提交，地址栏不会改变

2.传输数据的大小：

首先声明,HTTP协议没有对传输的数据大小进行限制，HTTP协议规范也没有对URL长度进行限制。 而在实际开发中存在的限制主要有：

GET:特定浏览器和服务器对URL长度有限制，例如IE对URL长度的限制是2083字节(2K+35)。对于其他浏览器，如Netscape、FireFox等，理论上没有长度限制，其限制取决于操作系统的支持。

因此对于GET提交时，传输数据就会受到URL长度的限制。

POST:由于不是通过URL传值，理论上数据不受限。但实际各个WEB服务器会规定对post提交数据大小进行限制，Apache、IIS6都有各自的配置。

3.安全性：

POST的安全性要比GET的安全性高。注意：这里所说的安全性和上面GET提到的“安全”不是同个概念。上面“安全”的含义仅仅是不作数据修改，而这里安全的含义是真正的Security的含义，比如：通过GET提交数据，用户名和密码将明文出现在URL上，因为(1)登录页面有可能被浏览器缓存， (2)其他人查看浏览器的历史纪录，那么别人就可以拿到你的账号和密码了。

The above is the detailed content of Detailed explanation of http message format. For more information, please follow other related articles on the PHP Chinese website!