Sunday, 21 February 2016

HTTP Methods

 HTTP Methods

HTTP methods are similar to commands given to an application. Depending on the method used in the request, the server's response will vary. Successful responses to some request methods do not even contain body data.
The HTTP/1.1 standard defines the methods GET, POST, OPTIONS, HEAD, TRACE, PUT, DELETE, CONNECT. The most often used methods are GET and POST.

  • [GET]is used to retrieve an entity of information without the need to submit additional data in the message body. Before HTTP 1.0, GET was the only method to request information.
  • [POST]is similar to a GET request, but POST always includes a message body in the request message to send information of any type to the server. Usually information submitted via POST is used to generate dynamic content, for further processing, or the information is simply stored to be used by other applications. POST is a method that was introduced with HTTP version 1.0.
To send information to the server with GET, the client has to append it to the request URI. That causes several difficulties however:

  • The length of the request URI can cause problems at the server,
  • some clients can only transmit a Request URI of a certain length
  • most clients display the additional Request URI information to the user
Even though POST is the better way to transmit additional information to the server, some applications use GET for that purpose, especially for small amounts of data or to allow bookmarking of the URL.
All other methods are rarely used and will only be covered briefly:

  • [HEAD]This method asks for the header of a reply only. It can be used when checking for the existence of a certain document on a web server. The response will look exactly as if requested via GET but will not include the message body
  • [OPTIONS]Using this method a client can query a server for the available methods and options concerning a resource.
  • [TRACE]The TRACE method is similar to ping in TCP/IP. The request message contains a mandatory header field called Max-Forwards. Each time the message passes a proxy server, the value of that field is decremented by one. The server that gets the message with a value of zero will send a reply. If the server to whom the message is addressed gets the message, it will send a reply regardless of the value in the max-forwards header field. Using a sequence of these requests, a client can identify all proxy servers involved in forwarding a certain request.
  • [PUT]used to transmit files to a server. This method is similar to the PUT command used in FTP. This imposes a security threat and is therefore almost never used.
  • [DELETE]This method asks the server to delete the file addressed in the URI. Since this method imposes a security risk no known productive HTTP servers support that method. The DELETE method is very similar to the DELETE command in FTP.
  • [CONNECT]is a command used to create a secure socket layer (SSL) tunnel through a HTTP proxy server. A proxy server addressed with that method would open a connection to the target server and forward all data regardless of its content. That way a secure connection can be established from client to the server even though a proxy server is in use.


Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)