Oleksandr Gavenko's blog
2017-01-22 16:30 HTTP interview questions

Let's answer to some interview questions about HTTP protocol.

What is a "MIME type"

MIME is an acronym for Multi-purpose Internet Mail Extensions.

It defines kinds of documents. There is a registry of MIME types: http://www.iana.org/assignments/media-types/media-types.xhtml

HTTP response carries MIME type in Content-Type header:

Content-Type: text/html

HTTP request carries supported MIME type in Accept header:

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

MIME is a string of base type with specific type separated by slash:

application/atom+xml
audio/mpeg
image/gif
multipart/form-data
text/html
video/webm

There are several base types:

application  audio  image  message  model
multipart  text  video  vnd  x  x-pkcs

Nonstandard base type prefixed by x-:

application/x-dvi

HTTP/2 vs HTTP 1.1

HTTP/2 is binary packed protocol and allow:

  • Loading of page elements in parallel over a single TCP connection.

  • Data compression of HTTP headers.

What is an ETag?

ETag is opaque identifier assigned by a web server to a specific version of a resource found at

an URL. If the resource content at that URL ever changes, a new and different ETag is assigned.

If client cached resource it can ask if resource was changed by:

If-None-Match: "ETag UID"

Server may replay with:

HTTP 304 Not Modified

if resource wan't changed.

What is "long polling"?

HTTP protocol is request/responce oriented, one way directed. In order to send data on server demand long polling pattern is used. Cliend send response to server and server respond when it will. On timeout client repeat actions.

Because each browser tab have restricted number of simultaneous connection keeped alive it may cause web application performance degradation and other harm.

HTML5 JS API have alternative to long polling - WebSocket.

Explain the basic structure of a MIME multipart message

On server:

$ nc -l 5555

On client:

$ curl -F "name=Bob" -F "id=1" http://localhost:5555

On server we got:

POST / HTTP/1.1
Host: localhost:5555
User-Agent: curl/7.51.0
Accept: */*
Content-Length: 234
Expect: 100-continue
Content-Type: multipart/form-data; boundary=------------------------14afeab2aa1c4cbf

--------------------------14afeab2aa1c4cbf
Content-Disposition: form-data; name="name"

Bob
--------------------------14afeab2aa1c4cbf
Content-Disposition: form-data; name="id"

1
--------------------------14afeab2aa1c4cbf--

Explain the purpose of each of the HTTP request types when used with a RESTful web service.

  • GET Retrieves data from the server (should only retrieve data and should have no other effect).

  • POST Sends data to the server for a new entity. It is often used when uploading a file or submitting a completed web form.

  • PUT Similar to POST, but used to replace an existing entity.

  • PATCH Similar to PUT, but used to update only certain fields within an existing entity.

  • DELETE Removes data from the server.

  • TRACE Provides a means to test what a machine along the network path receives when a request is made. As such, it simply returns what was sent.

  • OPTIONS Allows a client to request information about the request methods supported by a service. The relevant response header is Allow and it simply lists the supported methods.

  • HEAD Same as the GET method for a resource, but returns only the response headers (i.e., with no entity-body).

  • CONNECT Primarily used to establish a network connection to a resource (usually via some proxy that can be requested to forward an HTTP request as TCP and maintain the connection). Once established, the response sends a 200 status code and a “Connection Established” message.

"Do Not Track" header

DNT header is voluntarily respected by advertising and data collecting companies.

https://en.wikipedia.org/wiki/Do_Not_Track

X-Frame-Options header

The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a <frame>, <iframe> or <object> . Sites can use this to avoid clickjacking attacks, by ensuring that their content is not embedded into other sites:

X-Frame-Options: DENY
X-Frame-Options: SAMEORIGIN
X-Frame-Options: ALLOW-FROM https://example.com/

https://developer.mozilla.org/ru/docs/Web/HTTP/Headers/X-Frame-Options

interview, quiz

Feeds

all / emacs / java / python

Tags

admin(1), anki(1), blog(1), css(2), cygwin(2), emacs(3), fs(1), git(1), hg(2), html(1), interview(11), java(1), js(3), lighttpd(1), mobile(1), naming(1), printer(1), problem(5), quiz(6), rst(1), security(1), sql(1), srs(1), unit(1), utils(1), vcs(1), web(2), win(2)

Archive