What is a "MIME type"
MIME is an acronym for Multi-purpose Internet Mail Extensions.
It defines kinds of documents. Here is a registry of MIME types: http://www.iana.org/assignments/media-types/media-types.xhtml
HTTP response carries MIME type in Content-Type header:
Content-Type: text/html
HTTP request carries supported MIME type in Accept header:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
MIME is a string of base type + specific type separated by slash:
application/atom+xml audio/mpeg image/gif multipart/form-data text/html video/webm
There are several base types:
application audio image message model multipart text video vnd x x-pkcs
Nonstandard base type prefixed by x-:
application/x-dvi
HTTP/2 vs HTTP 1.1
HTTP/2 is a binary packed protocol and it allows:
-
Loading of page elements in parallel over a single TCP connection (good for mobile networks).
-
Data compression of HTTP headers.
What is an ETag?
ETag is a opaque identifier assigned by a web server to a specific version of a resource found at an URL. If the resource content at that URL ever changes, a new and different ETag is assigned.
If client cached resource it can ask if resource was changed by:
If-None-Match: "ETag UID"
Server may replay with:
HTTP 304 Not Modified
if resource hasn't been changed.
What is "long polling"?
HTTP protocol is request/response oriented, one way directed. In order to send data on server demand long polling pattern is used. Client send response to server and server respond when it will. On timeout client repeat actions.
Because each browser tab has restricted number of simultaneous connection keeping alive it may cause web application performance degradation and other harm.
HTML5 JS API has alternative to long polling - WebSocket.
Explain the basic structure of a MIME multipart message
On server:
$ nc -l 5555
On client:
$ curl -F "name=Bob" -F "id=1" http://localhost:5555
On server we got:
POST / HTTP/1.1 Host: localhost:5555 User-Agent: curl/7.51.0 Accept: */* Content-Length: 234 Expect: 100-continue Content-Type: multipart/form-data; boundary=------------------------14afeab2aa1c4cbf --------------------------14afeab2aa1c4cbf Content-Disposition: form-data; name="name" Bob --------------------------14afeab2aa1c4cbf Content-Disposition: form-data; name="id" 1 --------------------------14afeab2aa1c4cbf--
Explain the purpose of each of the HTTP request types when used with a RESTful web service.
-
GETRetrieves data from the server (should only retrieve data and should have no other effects). -
POSTSends data to the server for a new entity. It is often used when uploading a file or submitting a completed web form. -
PUTSimilar to POST, but used to replace an existing entity. -
PATCHSimilar to PUT, but used to update only certain fields within an existing entity. -
DELETERemoves data from the server. -
TRACEProvides a means to test what a machine along the network path receives when a request is made. As such, it simply returns what was sent. -
OPTIONSAllows a client to request information about the request methods supported by a service. The relevant response header is Allow and it simply lists the supported methods. -
HEADSame as the GET method for a resource, but returns only the response headers (i.e., with no entity-body). -
CONNECTPrimarily used to establish a network connection to a resource (usually via some proxy that can be requested to forward an HTTP request as TCP and maintain the connection). Once established, the response sends a 200 status code and a “Connection Established” message.
"Do Not Track" header
DNT header is voluntarily respected by advertising and data collecting companies.
X-Frame-Options header
The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a <frame>, <iframe> or <object> . Sites can use this to avoid clickjacking attacks, by ensuring that their content is not embedded into other sites:
X-Frame-Options: DENY X-Frame-Options: SAMEORIGIN X-Frame-Options: ALLOW-FROM https://example.com/
https://developer.mozilla.org/ru/docs/Web/HTTP/Headers/X-Frame-Options
