Write in front
This is the core knowledge of http protocol. The knowledge involved includes the separation of front and rear ends, common http problems, distributed login solution JWT, etc. it can be used to review the treasure book of eight part essay and deepen the knowledge. It is recommended that you read it in the mode of breaking through the customs, and then check the omissions and fill the gaps according to the content. You are welcome to ask questions and learn from each other.
It was done before
- Click the core knowledge of javase to learn the new version
- Necessary core knowledge of concurrent programming, click to learn
- Message queue of Middleware
- Mysql core knowledge
Follow up also like update
- Spring mybatis core knowledge points
- Core knowledge points of distributed cache
http protocol core knowledge
Knowledge points 1 What are HTTP methods and their usage scenarios
http1.0 defines three types:
GET: Obtain resources from the server, such as common query requests POST: A request sent to submit data to a server Head: and get Similarly, there is no specific content in the returned response, which is used to obtain the header
http1.1 defines six
PUT: It is generally used for updating requests, such as updating personal information and commodity information PATCH: PUT Method supplement,Update partial data of the specified resource DELETE: Used to delete the specified resource OPTIONS: Get server supported HTTP Request method,Server performance, cross domain inspection, etc CONNECT: The function of this method is to use the server as a springboard to let the server visit other web pages instead of users, and then return the data to users in original form. This method is basically not used in web page development. If it is http The proxy will use this to let the server proxy users to access other web pages, similar to intermediaries TRACE: Echo the request received by the server, which is mainly used for testing or diagnosis
Knowledge points 2 Common http status code analysis
When the browser requests from the server, there is a status code in the message header of the server response, indicating the status of the request result
classification
-
1XX: after receiving the request, the requester needs to continue to perform the operation, which is less used
-
2XX: request succeeded, common 200
-
3XX: redirection. After getting the status code returned by the server, the browser will automatically jump to a new URL address, which can be obtained from the Location header of the response;
Benefits: website revision, domain name migration, etc. multiple domain names point to the same master site
You must remember: 301: permanent jump, such as domain name expiration, change domain name 302: temporary jump -
4XX: customer service side error, request contains syntax error or cannot complete the request
It must be remembered that:
400: request error, such as syntax protocol
403: no access
404: the interface or file corresponding to this path cannot be found
405: this method is not allowed to submit. For example, the interface must be in POST mode, and you use GET -
5XX: there was an error on the server. The server made an error while processing the request
It must be remembered that:
500: the server reported an internal error and could not complete the request
503: server downtime
Knowledge points 3 The difference and relation between cookie and Session
cookie The data is saved on the client, session The data is saved on the server cookie It's not very safe and easy to leak. It can't directly store information in plaintext Cookie Limited size and number of storage
Knowledge points 4 Common login solutions for distributed business scenarios JWT
What is JWT
JWT Is an open standard, which defines a simple, self-contained method for communication between two parties JSON Method for safely transmitting information in the form of object. have access to HMAC Algorithm or RSA Sign the public key pair
JWT Format composition header, payload, signature
header+payload+signature
Header: mainly describes the signature algorithm
Load: it mainly describes the information of the encrypted object, such as the information of the user id And so on, you can also add some things in the specification, such as iss Issued by, exp Expiration time, sub User oriented
Signature: it mainly encrypts the first two parts to prevent others from getting it token conduct base Tampering after decryption token
advantage
Produced token It can contain basic information, such as id,The user's nickname, avatar and other information shall be avoided from searching the database again
It is stored on the client side and does not occupy the memory resources of the server side. It is verified by encryption and decryption, which can better improve performance and save space in distributed services
shortcoming
token Is through base64 Encoding, so it can be decoded, so token Objects before encryption should not contain sensitive information, such as user permissions, passwords, etc
If there is no server storage, the login invalidation cannot be handled unless the server changes the secret key
Generated token,Can be stored in cookie,localstorage and sessionStorage inside
Knowledge points 5 The browser inputs a url to the user to see the result. What is the general process in the middle
1. Browser input url, analysis url Is the address legal 2. The browser checks whether there is a cache, If there is a direct display. If not, skip to step 3. 3. Sending http Domain name resolution is required before the request( DNS Parse), parse and obtain the corresponding ip Address. 4. Browser initiates to server tcp Link, done tcp Three handshakes 5. After the handshake is successful, the browser sends a message to the server http request 6. The server receives the processed request and returns the data to the browser 7. Browser received http Response. 8. The browser parses the response. If the response can be cached, it is stored in the cache 9. Browser for page rendering
Knowledge points 6 Browser homology policy
The Same origin policy is a kind of agreement. It is the core and basic security function of the browser. If the Same origin policy is missing, the normal functions of the browser may be affected.
A famous security policy proposed by Netscape.
When the two tab pages of a browser are opened to Baidu and Google respectively, when the baidu tab page of the browser executes a script, it will check which page the script belongs to, that is, check whether it is homologous. Only scripts homologous to Baidu will be executed.
If it is not from the same source, when requesting data, the browser will report an exception in the console and prompt that access is denied. The homology strategy is the behavior of the browser to protect the local data from being polluted by the data obtained by JavaScript code. Therefore, what is intercepted is the data reception of the request sent by the client, that is, the request is sent, the server responds, but it cannot be received by the browser
Knowledge points 7 Why does cross domain occur? What are the common solutions
Cross domain: Browser homology policy in 1995, the homology policy was established by Netscape The company introduced browsers. At present, all browsers implement this policy. Initially, it meant, A Web page settings Cookie,B Web pages cannot be opened unless these two pages"Homology". so-called"Homology"refer to"The three are the same" Same agreement http https Same domain name www.xdclass.net Same port 80 81 Bottom line: when a browser requests resources of another domain name from a web page of one domain name, any difference in domain name, port and protocol is cross domain Browser console cross domain prompt: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access.
resolvent
-
JSONP
-
The page layer is wrapped with another layer of services. At present, nodejs is the most
-
Http response header configuration allows cross domain
1.nginx proxy server 2. Backend program code configuration
For more details, please refer to the blog:
http super details, click to read