Okay, let's discuss 2.3.c HTTP/HTTPS. These are fundamental protocols for web communication.

HTTP (Hypertext Transfer Protocol)

  • Definition: An application-layer protocol used for transmitting hypermedia documents (like HTML) and other resources between web clients (typically browsers) and web servers. It follows a request-response model.
  • Stateless: By default, HTTP is stateless. Each request from a client to a server is treated independently. The server doesn't inherently remember previous requests from the same client (state is often managed using cookies or session tokens passed in headers).
  • Runs on TCP: Typically uses TCP as its underlying transport protocol to ensure reliable delivery of requests and responses.

HTTP Request Structure:

An HTTP request consists of:

  1. Method (Verb): Indicates the desired action to be performed on the resource. Common methods include:

    • GET: Retrieve a representation of a resource (e.g., fetch a webpage or user data). Should be safe (no side effects) and idempotent.
    • POST: Submit data to be processed to a specified resource (e.g., submitting a form, creating a new user). Often results in a change in state or side effects on the server. Not idempotent.
    • PUT: Replace the entire current representation of the target resource with the request payload. Idempotent.
    • DELETE: Remove the specified resource. Idempotent.
    • PATCH: Apply partial modifications to a resource. (Idempotency depends on the patch operation itself).
    • HEAD: Similar to GET, but asks for the response headers only, without the response body. Used to check resource metadata before fetching the full resource. Idempotent.
    • OPTIONS: Describe the communication options (e.g., allowed methods) for the target resource. Idempotent.
    • Idempotency: An operation is idempotent if making the same request multiple times has the same effect as making it once. GET, PUT, DELETE, HEAD, OPTIONS are typically idempotent. POST is not. PATCH may or may not be.

  2. URI (Uniform Resource Identifier): The path identifying the resource on the server (e.g., /products/123, /search?query=apple).

  3. HTTP Version: The version of the HTTP protocol being used (e.g., HTTP/1.1, HTTP/2, HTTP/3).

    • HTTP/1.1: Introduced persistent connections, pipelining. Can suffer from Head-of-Line blocking.
    • HTTP/2: Introduced multiplexing (multiple requests/responses over a single TCP connection), header compression (HPACK), server push. Improves performance significantly.
    • HTTP/3: Uses QUIC (a new transport protocol over UDP) instead of TCP, reducing connection establishment time and further mitigating Head-of-Line blocking.

  4. Headers: Key-value pairs providing metadata about the request (e.g., Host, User-Agent, Accept [acceptable response formats], Content-Type [format of request body], Authorization [credentials]).

  5. Body (Optional): Contains the data payload for methods like POST, PUT, PATCH (e.g., form data, JSON object).

HTTP Response Structure:

An HTTP response consists of:

  1. HTTP Version: The version used by the server.
  2. Status Code: A 3-digit code indicating the result of the request. Key categories:
    • 1xx (Informational): Request received, continuing process. (Rarely seen by end-users).
    • 2xx (Success): The action was successfully received, understood, and accepted.
      • 200 OK: Standard success response.
      • 201 Created: Request succeeded, and a new resource was created.
      • 204 No Content: Request succeeded, but there's no content to send back (e.g., for a DELETE request).
    • 3xx (Redirection): Further action must be taken by the client to complete the request.
      • 301 Moved Permanently: The resource has permanently moved to a new URL.
      • 302 Found: The resource is temporarily at a different URL.
      • 304 Not Modified: Used for caching; indicates the client's cached version is still valid.
    • 4xx (Client Error): The client seems to have erred.
      • 400 Bad Request: The server could not understand the request due to invalid syntax.
      • 401 Unauthorized: Authentication is required and has failed or has not yet been provided.
      • 403 Forbidden: The client does not have permission to access the resource.
      • 404 Not Found: The server cannot find the requested resource.
    • 5xx (Server Error): The server failed to fulfill an apparently valid request.
      • 500 Internal Server Error: A generic error message; something went wrong on the server.
      • 503 Service Unavailable: The server is currently unable to handle the request (e.g., overloaded or down for maintenance).
  3. Status Message: A short textual description of the status code (e.g., "OK", "Not Found", "Internal Server Error").
  4. Headers: Key-value pairs providing metadata about the response (e.g., Content-Type [format of response body], Content-Length, Set-Cookie [to set cookies on the client], Cache-Control [caching directives]).
  5. Body (Optional): Contains the actual resource data requested (e.g., HTML content, JSON data, image file).

HTTPS (HTTP Secure)

  • Definition: HTTPS is simply HTTP layered over SSL/TLS (Secure Sockets Layer / Transport Layer Security) encryption protocols.
  • Purpose: Provides security for web communication:
    • Encryption: Protects the confidentiality of data exchanged between the client and server (prevents eavesdropping).
    • Authentication: Verifies the identity of the web server using SSL/TLS certificates, ensuring the client is talking to the legitimate server and not an imposter.
    • Integrity: Ensures that the data has not been tampered with during transmission.
  • Standard: HTTPS is the standard for virtually all modern web communication, especially anywhere sensitive information (passwords, payment details, personal data) is involved. Browsers increasingly flag non-HTTPS sites as insecure.

In an Interview:

  • Understand the basic HTTP request/response flow.
  • Know the common HTTP methods (GET, POST, PUT, DELETE) and their general purpose, particularly idempotency.
  • Be familiar with the status code categories (2xx, 3xx, 4xx, 5xx) and common codes like 200, 201, 400, 401, 403, 404, 500.
  • Understand the purpose of HTTPS (encryption, authentication, integrity).
  • Awareness of HTTP/2 and HTTP/3 benefits (multiplexing, performance improvements) is a plus.
Advertisement