Let's answer to some interview questions about HTTP protocol.
MIME is an acronym for Multi-purpose Internet Mail Extensions.
It defines kinds of documents. Here is a registry of MIME types: http://www.iana.org/assignments/media-types/media-types.xhtml
HTTP response carries MIME type in
HTTP request carries supported MIME type in
MIME is a string of base type + specific type separated by slash:
application/atom+xml audio/mpeg image/gif multipart/form-data text/html video/webm
There are several base types:
application audio image message model multipart text video vnd x x-pkcs
Nonstandard base type prefixed by
HTTP/2 is a binary packed protocol and it allows:
Loading of page elements in parallel over a single TCP connection (good for mobile networks).
Data compression of HTTP headers.
ETag is a opaque identifier assigned by a web server to a specific version of a resource found at an URL. If the resource content at that URL ever changes, a new and different ETag is assigned.
If client cached resource it can ask if resource was changed by:
If-None-Match: "ETag UID"
Server may replay with:
HTTP 304 Not Modified
if resource hasn't been changed.
HTTP protocol is request/response oriented, one way directed. In order to send data on server demand long polling pattern is used. Client send response to server and server respond when it will. On timeout client repeat actions.
Because each browser tab has restricted number of simultaneous connection keeping alive it may cause web application performance degradation and other harm.
HTML5 JS API has alternative to long polling -
$ nc -l 5555
$ curl -F "name=Bob" -F "id=1" http://localhost:5555
On server we got:
POST / HTTP/1.1 Host: localhost:5555 User-Agent: curl/7.51.0 Accept: */* Content-Length: 234 Expect: 100-continue Content-Type: multipart/form-data; boundary=------------------------14afeab2aa1c4cbf --------------------------14afeab2aa1c4cbf Content-Disposition: form-data; name="name" Bob --------------------------14afeab2aa1c4cbf Content-Disposition: form-data; name="id" 1 --------------------------14afeab2aa1c4cbf--
GET Retrieves data from the server (should only retrieve data and should have no other effects).
POST Sends data to the server for a new entity. It is often used when uploading a file or
submitting a completed web form.
PUT Similar to POST, but used to replace an existing entity.
PATCH Similar to PUT, but used to update only certain fields within an existing entity.
DELETE Removes data from the server.
TRACE Provides a means to test what a machine along the network path receives when a request
is made. As such, it simply returns what was sent.
OPTIONS Allows a client to request information about the request methods supported by a
service. The relevant response header is Allow and it simply lists the supported methods.
HEAD Same as the GET method for a resource, but returns only the response headers (i.e., with no entity-body).
CONNECT Primarily used to establish a network connection to a resource (usually via some proxy
that can be requested to forward an HTTP request as TCP and maintain the connection). Once
established, the response sends a 200 status code and a “Connection Established” message.
DNT header is voluntarily respected by advertising and data collecting companies.
The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a <frame>, <iframe> or <object> . Sites can use this to avoid clickjacking attacks, by ensuring that their content is not embedded into other sites:
X-Frame-Options: DENY X-Frame-Options: SAMEORIGIN X-Frame-Options: ALLOW-FROM https://example.com/