Author: Xu FC
标准 Methods
Method = token,大小写敏感。
| Method | Description |
|---|---|
| GET | 获取目标资源 |
| HEAD | 应答中的头部与 GET,但应答中不带 body |
| POST | 指定资源处理请求中的 payload |
| PUT | 请求中的 payload 替换指定资源 |
| DELETE | 删除指定资源 |
| OPTIONS | 获取目标资源所支持的 method |
| CONNECT | Establish a tunnel to the server identified by the target resource. |
| TRACE | 使源服务器在应答 body 中原样返回请求 |
RFC: https://tools.ietf.org/html/rfc7231
Methods 分类
- Safe Methods
对资源的访问权限是 read-only 的请求 method,被归类为 safe methods,例如 GET, HEAD, OPTIONS, TRACE。 - Idempotent Methods
多次请求与一次请求所得到的结果相同,被归类为 idempotent method,例如 PUT, DELETE 和 safe methods。 - Cacheable Methods
应答允许缓存的methods,例如 GET, HEAD, POST (大多数实现只支持GET 和 HEAD)。 - 扩展 methods: HTTP 支持 method 扩展,详细请见https://tools.ietf.org/html/rfc7231#section-8.1
请求method相关的应答
- 当接收到源服务器无法识别或未实现的请求 method 时, 源服务器应响应 501 Not Implemented 应答
PATCH /WebGoat/css/img/logoBG.jpg HTTP/1.1
Host: 179.1.1.63:8061
HTTP/1.1 501 Not Implemented
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=utf-8
Content-Language: en
Content-Length: 1106
Date: Fri, 23 Mar 2018 19:04:55 GMT
Connection: close
<html>...</html>
- 当接收到源服务器已知但不允许目标资源使用的请求 method 时, 源服务器响应 405 Method Not Allowed 应答
DELETE / HTTP/1.1
Host: 172.16.77.99
HTTP/1.1 405 Method Not Allowed
Date: Fri, 23 Mar 2018 11:15:57 GMT
Server: Apache/2.2.14 (Win32)
Allow: GET,HEAD,POST,OPTIONS,TRACE
Content-Length: 224
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>...</html>
GET
- 标准的 GET 请求将获取源服务器上指定资源的副本,即应答中的body,但 GET 请求并不仅限于此,很多实现中, GET 请求也用于传输数据查询数据库记录等。GET 请求中不带有 body, 但 RFC 中并没有强制 GET 请求不能带有 body。
GET / HTTP/1.1
Host: 172.16.77.99
HTTP/1.1 200 OK
Date: Fri, 23 Mar 2018 11:50:14 GMT
Server: Apache/2.2.14 (Win32)
Set-cookie: t=1521805814119777
test: t=1521805814119777
Content-Length: 587
Content-Type: text/html;charset=UTF-8
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>...</html>
Range Request
- 应答中包含 Accept-Ranges: bytes,表示 web 应用支持 Range Request,如果不包含该 header,或者包含 Accept-Ranges: none 表示 web 应用不支持 Range Request
HTTP/1.1 200 OK
Date: Mon, 28 May 2018 17:14:51 GMT
Server: Apache/2.2.14 (Win32)
Last-Modified: Sat, 20 Nov 2004 07:16:26 GMT
ETag: "100000000f6f7-2c-3e94b66c2e680"
Accept-Ranges: bytes
Content-Length: 44
Content-Type: text/html
Via: 1.1 ID-7716077302313420 uproxy-2
<html><body><h1>It works!</h1></body></html>
- Range header 用于规定期望请求片段
# 字节范围(bytes)可以携带多个
Range: bytes=0-0, 2-10
# 倒数500个字节
Range: bytes=-500
# 正数500后面的字节
Range: bytes=500-
- 部分相应中 header 部分会有一个总的响应 body 长度,即 content-length。
- 部分响应的 content-type 为 multipart/byteranges, 用于与单个响应相区分,还包括 boundary 部分,用于分隔 body 中的每个部分响应范围。
- 部分响应的主体部分的每个响应范围都包含连个 header: content-type;用于指定该范围部分的 MIME,content-range,用于指定该部分的响应范围。
GET / HTTP/1.1
Host: aaa
Range: bytes=2-3,-10
HTTP/1.1 206 Partial Content
Date: Mon, 28 May 2018 17:28:03 GMT
Server: Apache/2.2.14 (Win32)
Last-Modified: Sat, 20 Nov 2004 07:16:26 GMT
ETag: "100000000f6f7-2c-3e94b66c2e680"
Accept-Ranges: bytes
Content-Length: 197
Content-Type: multipart/byteranges; boundary=56d4770a4cd411290
--56d4770a4cd411290
Content-type: text/html
Content-range: bytes 2-3/44
tm
--56d4770a4cd411290
Content-type: text/html
Content-range: bytes 34-43/44
dy></html>
--56d4770a4cd411290--
- If-range: entity-tag / HTTP-date, 请求中包含 If-range header,如果缓存或者资源没有过期,部分响应 Range Request,如果过期则响应完整资源。
GET / HTTP/1.1
Host: aaa
Range: bytes=1-2, 10-
If-range: "100000000f6f7-2c-3e94b66c2e680"
HTTP/1.1 206 Partial Content
Date: Tue, 29 May 2018 18:20:15 GMT
Server: Apache/2.2.14 (Win32)
Last-Modified: Sat, 20 Nov 2004 07:16:26 GMT
ETag: "100000000f6f7-2c-3e94b66c2e680"
Accept-Ranges: bytes
Content-Length: 221
Content-Type: multipart/byteranges; boundary=56d5c492474f91290
--56d5c492474f91290
Content-type: text/html
Content-range: bytes 1-2/44
ht
--56d5c492474f91290
Content-type: text/html
Content-range: bytes 10-43/44
y><h1>It works!</h1></body></html>
--56d5c492474f91290--
GET / HTTP/1.1
Host: aaa
Range: bytes=1-2, 10-
If-range: "100000000f6f7-2c-3e94b66c2e681"
HTTP/1.1 200 OK
Date: Tue, 29 May 2018 18:20:34 GMT
Server: Apache/2.2.14 (Win32)
Last-Modified: Sat, 20 Nov 2004 07:16:26 GMT
ETag: "100000000f6f7-2c-3e94b66c2e680"
Accept-Ranges: bytes
Content-Length: 44
Content-Type: text/html
<html><body><h1>It works!</h1></body></html>
- 当请求中的 range 错误,比如超出范围等,服务器返回 416 应答
GET / HTTP/1.1
Host: aaa
Range: bytes=a
HTTP/1.1 416 Requested Range Not Satisfiable
Date: Tue, 29 May 2018 18:34:50 GMT
Server: Apache/2.2.14 (Win32)
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1
13a
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>416 Requested Range Not Satisfiable</title>
</head><body>
<h1>Requested Range Not Satisfiable</h1>
<p>None of the range-specifier values in the Range
request-header field overlap the current extent
of the selected resource.</p>
</body></html>
0
HEAD
- 应答中的头部与 GET 相同,但应答中不带 body,常用于确认资源的有效性、可访问性、最近是否有修改。
- HEAD 请求中不带有 body, 但 RFC 中并未强制要求不带body。
HEAD / HTTP/1.1
Host: aaa
HTTP/1.1 200 OK
Date: Fri, 23 Mar 2018 11:52:39 GMT
Server: Apache/2.2.14 (Win32)
Set-cookie: t=1521805959699233
test: t=1521805959699233
Content-Type: text/html;charset=UTF-8
HEAD / HTTP/1.1
Host: aaa
Range: bytes=-10
HTTP/1.1 206 Partial Content
Date: Tue, 29 May 2018 18:28:03 GMT
Server: Apache/2.2.14 (Win32)
Last-Modified: Sat, 20 Nov 2004 07:16:26 GMT
ETag: "100000000f6f7-2c-3e94b66c2e680"
Accept-Ranges: bytes
Content-Length: 10
Content-Range: bytes 34-43/44
Content-Type: text/html
OPTIONS
- 获取目标资源所支持的 methods,如果 URI 为 * ,则返回的 methods 为服务器支持的 methods,如果不是 * , 则返回的 methods 为该资源支持的 methods。
OPTIONS 请求不带 body。 - Allow:应答中的header,列出指定资源所支持的method
OPTIONS /WebGoat/login.mvc HTTP/1.1
Host: 179.1.1.63:8061
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
Content-Length: 0
Date: Fri, 23 Mar 2018 18:39:50 GMT
TRACE
- 使源服务器在应答 body 中原样返回请求,一般用于调试。
TRACE / HTTP/1.1
Host: 172.16.77.99
HTTP/1.1 200 OK
Date: Fri, 23 Mar 2018 11:58:11 GMT
Server: Apache/2.2.14 (Win32)
Transfer-Encoding: chunked
Content-Type: message/http
28
TRACE / HTTP/1.1
Host: 172.16.77.99
0
网友评论