====== HTTP ====== ===== Intro ===== HTTP can run in two modes: * Non-Persistent - each response/request is sent over separate TCP connection * Persistent - re-using same TCP connection for all request/responses There are two HTTP message types: * Request * Response Both have a start line, headers, an empty line and optional body. **Version** - the application doesn't usually care which protocol version is being used. The web-server translates the protocol details into standard request before passing it to the application. The version is **negotiated** during TLS handshake. The browser advertises the application protocols it supports using TLS extension called ALPN. There is no TLS handshake for HTTP, so the browser simply starts with **HTTP/1.1**. **HTTP/3**\\ HTTP/3 runs on top of the QUIC (Quick UDP). The main idea that we eliminate two handshaks that were needed in HTTPs (TCP + TLS). In QUIC TLS handshake is absorbed into the initial setup handshake. HTTP/3 does not run TLS "on top" of QUIC. Instead, **TLS 1.3** is built into the QUIC protocol itself. QUIC mitigates HOL (Head of Line) problem by treating each stream within a single connection independently. If one particular frame is lost, QUIC will handle it separately without blocking the rest of the streams. ===== HTTP Request Message ===== First line in the Request Message is called a **request** line. The subsequent lines are called **headers** line. Request line has three fields: - Method - URL - HTTP version ==== HTTP Response Message ==== First line in Response Message is called a **status** line. Then we have six **header** lines and then **entity body**. Status line has three fields: - Protocol version - Status code - Corresponding status message ==== Cookie ==== HTTP is a Stateless protocol. Cookie is the primary mechanism for maintaining state. Cookies allows a web server to know: * Whether you've visited before * Whether you're logged in * What's in your shopping cart * What language you selected