HTTP概要
HTTP協議(HyperText Transfer Protocol,超文本傳輸協議)是因特網上應用最為廣泛的一種網絡傳輸協議,所有的WWW文件都必須遵守這個標准。
HTTP基於TCP/IP通信協議來傳遞數據。
HTTP默認端口號為80。
(HTTPS默認端口號為443。)
HTTP請求與響應
1.get無參請求與響應:
get無參請求(cookie有刪減):
GET / HTTP/1.1
Host: www.baidu.com
Connection: keep-alive
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36
Sec-Fetch-Dest: document
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Cookie: BIDUPSID=ABC012398147;ZD_ENTRY=baiduget無參請求對應的響應報文(響應體有刪減):
HTTP/1.1 200 OK
Bdpagetype: 1
Bdqid: 0xe584e1b8000e5952
Cache-Control: private
Content-Encoding: gzip
Content-Type: text/html;charset=utf-8
Date: Thu, 16 Jul 2020 06:37:20 GMT
Expires: Thu, 16 Jul 2020 06:37:20 GMT
Server: BWS/1.1
Set-Cookie: BDSVRTM=1; path=/
Set-Cookie: BD_HOME=1; path=/
Set-Cookie: H_PS_PSSID=1447_32140_31253_32046_32230_31321_32259_32261; path=/; domain=.baidu.com
Strict-Transport-Security: max-age=172800
Traceid: 1594881440070543540216538591912002476370
X-Ua-Compatible: IE=Edge,chrome=1
Transfer-Encoding: chunked
Connection: keep-alive
<!DOCTYPE html><!--STATUS OK-->
<html><head><meta http-equiv="Content-Type" content="text/html;charset=utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"><meta content="always" name="referrer"><meta name="theme-color" content="#2932e1"><meta name="description" content="全球最大的中文搜索引擎、致力於讓網民更便捷地獲取信息,找到所求。百度超過千億的中文網頁數據庫,可以瞬間找到相關的搜索結果。">
</script>
2.get有參請求與響應:
get有參請求(有刪減):
GET /s?ie=utf-8&wd=get&rsv_sug7=100 HTTP/1.1
Host: www.baidu.com
Connection: keep-alive
Accept: */*
Sec-Fetch-Dest: empty
is_xhr: 1
X-Requested-With: XMLHttpRequest
is_referer: https://www.baidu.com/s?ie=utf-8&f=3&rsv_bp=1&rsv_sug4=6997
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Referer: https://www.baidu.com/s?ie=utf-8&f=8&rsv_bp=1&rsv_sug7=000&bs=get%E8%AF%B7%E6%B1%82%E6%9C%89%E8%AF%B7%E6%B1%82%E4%BD%93%E5%90%97
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Cookie: BIDUPSID=8C6D6577D7C; WWW_ST=1594881925661
get有參請求對應的響應(無刪減):
HTTP/1.1 200 OK
Bdpagetype: 3
Bdqid: 0xe551123c00109c39
Content-Encoding: gzip
Content-Type: text/html
Date: Thu, 16 Jul 2020 06:45:26 GMT
Is_status: 1
Server: BWS/1.1
Set-Cookie: delPer=0; path=/; domain=.baidu.com
Set-Cookie: BD_CK_SAM=1;path=/
Set-Cookie: PSINO=2; domain=.baidu.com; path=/
Set-Cookie: BDSVRTM=197; path=/
Set-Cookie: H_PS_PSSID=1447_32140_31253_32046_32230_31321_32259_32261; path=/; domain=.baidu.com
Strict-Transport-Security: max-age=172800
Traceid: 1594881926039656500216524008556707486777
Vary: Accept-Encoding
X-Ua-Compatible: IE=Edge,chrome=1
Content-Length: 78
Connection: keep-alive
<div><div id="__status">0</div><div id="__redirect">0</div><div id="__switchtime">0</div></div>需要注意的點:
(1)get請求傳遞參數在url中,"?"后,例如【/s?ie=utf-8&wd=get&rsv_sug7=100】
(2)此時實際訪問的url為:【https://www.baidu.com/s?ie=utf-8&wd=get&rsv_sug7=100】,是get后的參數與host拼接成的。
(3)嚴格來說,get是可以帶請求體的,不過大部分服務器會忽略(丟棄)get中的請求體;以及違背了安全性原則,會導致緩存機制失效(不安全的數據不會緩存)。詳情可見https://my.oschina.net/airship/blog/3081424
(4)服務器在解析有參get與post時,都可以使用getParameter()的方法拿出來(java方法),區別不大。
(5)目前的代碼樣例是規范的,get沒有請求體。
3.post有參請求與響應(鍵值對)
post有參請求(無刪減):
POST /Login/index HTTP/1.1
Host: www.everyonepiano.cn
Connection: keep-alive
Content-Length: 207
Cache-Control: max-age=0
Origin: https://www.everyonepiano.cn
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36
Sec-Fetch-Dest: document
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Referer: https://www.everyonepiano.cn/Login?page=login
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=e8b11f164555704a82cfae9619da9fb9; think_language=zh-CN
username=alsdkfjla%3Bdskfj&password=alsda%3Bfkjka%3Bs&submit=1&care_url=https%3A%2F%2Fwww.everyonepiano.cn%2F&backsure=&backurl=&go=&__hash__=2ca285a02068d544d718761d69e912cf_4786a46c6dcdcc3c12aff75bb80955aapost有參請求對應的響應(有刪減):
HTTP/1.1 200 OK
Cache-Control: private
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Server: WWW Server/1.1
Set-Cookie: username=deleted; expires=Wed, 17-Jul-2019 08:00:57 GMT; path=/; domain=everyonepiano.cn
Set-Cookie: password=deleted; expires=Wed, 17-Jul-2019 08:00:57 GMT; path=/; domain=everyonepiano.cn
Set-Cookie: remember=deleted; expires=Wed, 17-Jul-2019 08:00:57 GMT; path=/; domain=everyonepiano.cn
Set-Cookie: menunew=6-6-6-6; expires=Sun, 19-Jul-2020 08:00:58 GMT; path=/
Set-Cookie: menunew=6-6-6-6; expires=Sun, 19-Jul-2020 08:00:58 GMT; path=/
Set-Cookie: menunew=6-6-6-6; expires=Sun, 19-Jul-2020 08:00:58 GMT; path=/
Set-Cookie: menunew=6-6-6-6; expires=Sun, 19-Jul-2020 08:00:58 GMT; path=/
Set-Cookie: menunew=6-6-6-6; expires=Sun, 19-Jul-2020 08:00:58 GMT; path=/
Set-Cookie: menunew=6-6-6-6; expires=Sun, 19-Jul-2020 08:00:58 GMT; path=/
X-Powered-By: ThinkPHP
X-Safe-Firewall: zhuji.360.cn 1.0.8.6 F1W1
Date: Thu, 16 Jul 2020 08:00:58 GMT
Content-Length: 24357
Connection: close
<!doctype html>
<html>
<head>
<meta charset="utf-8">需要注意的點:
(1)此時post實際訪問的網址為【https://www.everyonepiano.cn/Login/index】,是post后的url與host拼接成的;
(2)post的請求參數在body中,也是鍵值對的形式。
(3)post發送鍵值對時,一般請求頭有:【Content-Type: application/x-www-form-urlencoded;charset=UTF-8】
4.post發送json請求:
post有參請求(json):
:method: POST
:authority: passport.csdn.net
:scheme: https
:path: /v1/register/pc/login/doLogin
content-length: 1747
accept: application/json, text/plain, */*
sec-fetch-dest: empty
x-requested-with: XMLHttpRequest
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36
x-tingyun-id: im-pGljNfnc;r=888813786
content-type: application/json;charset=UTF-8
origin: https://passport.csdn.net
sec-fetch-site: same-origin
sec-fetch-mode: cors
referer: https://passport.csdn.net/login?code=public
accept-encoding: gzip, deflate, br
accept-language: zh-CN,zh;q=0.9
cookie: uuid_tt_dd=10_17447173020-1594867082496-217710
cookie: dc_session_id=10_1594867082496.622646
cookie: c_first_ref=www.baidu.com
cookie: dc_sid=abd45ba3533ad29a18f8c13b46b24055
cookie: Hm_up_6bcd52f51e9b3dce32bec4a3997715ac=%7B%22islogin%22%3A%7B%22value%22%3A%220%22%2C%22scope%22%3A1%7D%2C%22isonline%22%3A%7B%22value%22%3A%220%22%2C%22scope%22%3A1%7D%2C%22isvip%22%3A%7B%22value%22%3A%220%22%2C%22scope%22%3A1%7D%7D
cookie: Hm_ct_6bcd52f51e9b3dce32bec4a3997715ac=6525*1*10_17447173020-1594867082496-217710
cookie: __gads=ID=2903463479c099dd:T=1594867088:S=ALNI_MbOss36SzV25SCDEGlhe-4KZIMd0g
cookie: c-toolbar-writeguide=1
cookie: c_first_page=https%3A//blog.csdn.net/u010361662/article/details/54645470/
cookie: Hm_lvt_6bcd52f51e9b3dce32bec4a3997715ac=1594869642,1594885025,1594885092,1594885632
cookie: c-login-auto=9
cookie: announcement=%257B%2522isLogin%2522%253Afalse%252C%2522announcementUrl%2522%253A%2522https%253A%252F%252Flive.csdn.net%252Froom%252FPayPal_pp%252F59oaV3tv%253Futm_source%253Dan_1594008357%2522%252C%2522announcementCount%2522%253A0%252C%2522announcementExpire%2522%253A3600000%257D
cookie: SESSION=5930c879-1751-4f70-b8cb-a01978691083
cookie: TY_SESSION_ID=8b5b3787-d244-42a8-9d71-cfe091810c8c
cookie: c_ref=https%3A//blog.csdn.net/lyhDream/article/details/90346590
cookie: c_page_id=https%3A//passport.csdn.net/login
cookie: dc_tos=qdk02l
cookie: Hm_lpvt_6bcd52f51e9b3dce32bec4a3997715ac=1594888798
{"loginType":"1","pwdOrVerifyCode":"123123123","userIdentification":"123213123","uaToken":"125#aW1canOCcW04J5rIggfKFHTVjION3ytfLw/It235Bpp98gY6Q80hvOz2QwjSU1MuLtvHo7gdstI1ycJFOrvB9xtk0zT/LPdtuo6LHD4DCsmDZNDjansZFwe0uNZZZGQmHECfnYM6TtyiNJNhYoFGZFPqxXIK1GT0z12jTxItyr1fydRzdbIIiXhXhDDk77JjpgE/lEJ/+aLnMPeohBkzSnrc5AcuPRI971BHaV+7R7pa0dDagZbS/fiarVPwQdNCnTnA2dalxHQj0C4OUC11Gil+FAWFi6yeKGPKhPWDgoDkX+adf2nFq0d+JqKiD6uanMyt76alM1/lmuDtKfIAy4fQLMhuYYnyF010pX9RVyKomQuT5mLqyaEiMe/Wg9VI/oB7A2I5TMNzJOo/wbSyKpjYSp0vPSAY0Xd87D7FOENBVIRbiuFZppocvLXUKxjlg1esDARJHcqpCAWKEJt1oPxoT23vvBeaSuPSrORINzbRvA8dTQel61vJ1JUoYJcSd2jlxj6uQKXaIZrr1+Xz7yAIMwWklKBQ3bwYPj0VAJ9fIdZM3v+vsPr1DlE464a67hrhGUI+rDAOpjuyWoVehQUGqEpBz/nXlmim/IfAf5jfJrhmEh2twE+Z/fKtc6k/DaYjgxS24Fjx7kJBA3txV+KAWjLvDobgv9YdgbhuRRbReMq4u1JvJ8P8apW3deh1AKBbbgGesqC3Ciz2n6VNUjcScvsOcgDbUgsLbhf4YbEpfp0p/Bo4gXi4cCcm5NyBiR5SkK2fT/e2eNhW/vsPsb4GcL12TGk2UjcSKX5fm5SNaKXDtbuVS37tRSO2Oy+3Le1XCMmv+7zHvBxp4fXHda5aoQ9+2ebl566dV5jmAWangUZDeidaLO8RCNmrXGCuUJYbtvY057MlciHcJa3dmxhqf2wTQlddWn5PNXJKT9D+1bca+OtdFIf9EwmyqmGV9AfjWsBSIUDkkFarnZ27kOzg/uJciGm4zJihCwAoGZbSqoagTgbHZV0OUfOxbrBNQTOWmNIe1mwmAEiQHtveIKeMRbxjq9lAk9eyJsBaCmLAA6Qb1UkTgWT2xs2vkeUNTQ2dTrBILK4pg+Fy6TEMsUvmcCg2ew929DffuVR4wkpjkZ3K6zXvV8EVQD4uYHZ9YJ/H1Ot9/yDnmO9CrVZS+WpwlbK1/cw2/W4eF2dEF0jNfAmSrewDr5yktWbxpCz6SKma+e8JfMEQDk6dj8uuqes919pBmFPY3ZLw4fCxRdPXt8vB/LNFFnWBf3gBNL2iztRbSEt7vR4t/c5HNoHhk4KCCNXcB/zPW8wm3XHm2HyqacPzgPOTKGHXvT/b72cB+J+loFCElx8qHi9ppF3Cyz12ZDWr/A1RhOqYJzaU1Lw4eKS0c7OMvM/B3pI+WdhkUT9AnyKlRhsqCQntBvhfrkUb+uO+S8/nEOv8W69aJyHs9wRALumOURN18TWSoHBc5teW9gHYKbV0PrHGwqve8IuIdBpmZM6alxOJnTtSySa7EgBAnWak4cr78zWwj+FmlGeWmwj=","webUmidToken":"T2gAa9-9McNIEvOIQqM6VhclPto4T5FzaQ9hxMquxP5lUU-W6COosdjaoMF5mNgQrnsh_b5pMA11pRGQknK5y68r"}post請求對應的響應:
:status: 400
server: openresty
date: Thu, 16 Jul 2020 08:40:14 GMT
content-type: application/json;charset=utf-8
x-application-context: application:production
{"message":"用戶名或密碼錯誤","status":false,"code":"1039"}需要注意的點:
(1)這個請求與響應是CSDN的登錄頁面抓到的
(2)這個請求與響應的格式不太標准,可能是軟件問題或緩存問題
(3)總之,發送json請求時,請求頭需要有:【content-type: application/json;charset=UTF-8】;如果接收的也是json,也需要有類似的:【accept: application/json, text/plain, */*】;其中*/*表示任意格式的響應都可以接收。
(4)json格式的數據放在請求體中。
(5)響應頭中對應的有:【content-type: application/json;charset=utf-8】,json數據在響應體中。
5.post接收json響應:
post請求(無刪減):
POST /LcSolrSearch.go HTTP/1.1
Host: www.chinawealth.com.cn
Connection: keep-alive
Content-Length: 270
Accept: application/json, text/javascript, */*; q=0.01
Sec-Fetch-Dest: empty
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: https://www.chinawealth.com.cn
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Referer: https://www.chinawealth.com.cn/zzlc/jsp/lccp.jsp
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Cookie: JSESSIONID=0000HldREUD0UnwQC9kn6HuT8uH:-1; BIGipServerPool_licai_webapp=27596042.31011.0000; _pk_ses.3.8bc7=*; _pk_id.3.8bc7=1230638ca85c0022.1594887206.1.1594887233.1594887206.
cpjglb=&cpyzms=&cptzxz=&cpfxdj=&cpqx=&cpsylx=&cpzt=02&mjfsdm=01%2CNA&cpdjbm=&cpmc=&cpfxjg=%E4%B8%AD%E5%9B%BD%E5%BB%BA%E8%AE%BE%E9%93%B6%E8%A1%8C%E8%82%A1%E4%BB%BD%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8&mjqsrq=&mjjsrq=&areacode=&tzzlxdm=03%2C05%2CNA&pagenum=1&orderby=&code=json響應(有刪減):
HTTP/1.1 200 OK
Date: Thu, 16 Jul 2020 08:12:16 GMT
Server: WebSphere Application Server/8.0
X-Powered-By: Servlet/3.0
Content-Type: text/javascript;charset=utf-8
Content-Language: zh-CN
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: no-cache="set-cookie, set-cookie2"
Set-Cookie: count=1; Expires=Thu, 16-Jul-20 08:12:46 GMT
Transfer-Encoding: chunked
Connection: keep-alive
{"Count":66,"List":[{"ljjz":"","yjkhzdnsyl":"3.5"}]}需要注意的點:
(1)這個樣例的請求是post鍵值對形式
(2)響應體中的數據是json格式的
(3)請求頭中有:【Accept: application/json】,因此可以接收json數據
(4)響應頭中使用的是【Content-Type: text/javascript】,不過由於請求頭已注明,因此也可以accept這類內容。
6.圖片的請求與響應
get請求圖片:
:method: GET
:authority: passport.csdn.net
:scheme: https
:path: /applogo.png
pragma: no-cache
cache-control: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36
sec-fetch-dest: image
accept: image/webp,image/apng,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
referer: https://passport.csdn.net/login?code=public
accept-encoding: gzip, deflate, br
accept-language: zh-CN,zh;q=0.9
cookie: uuid_tt_dd=10_17447173020-1594867082496-217710
cookie: dc_session_id=10_1594867082496.622646
cookie: c_first_ref=www.baidu.com
cookie: dc_sid=abd45ba3533ad29a18f8c13b46b24055
cookie: SESSION=5930c879-1751-4f70-b8cb-a01978691083
cookie: TY_SESSION_ID=8b5b3787-d244-42a8-9d71-cfe091810c8c
cookie: c_ref=https%3A//blog.csdn.net/lyhDream/article/details/90346590
cookie: c_page_id=https%3A//passport.csdn.net/login
cookie: dc_tos=qdk02l
cookie: Hm_lpvt_6bcd52f51e9b3dce32bec4a3997715ac=1594888798對應的響應:
:status: 200
server: openresty
date: Thu, 16 Jul 2020 08:50:25 GMT
content-type: image/png
content-length: 3700
last-modified: Tue, 14 Jul 2020 09:08:22 GMT
etag: "5f0d7606-e74"
accept-ranges: bytes
strict-transport-security: max-age=31536000
PNG
HDR需要注意的點:
(1)這個請求頭與請求體的格式也不太標准,可能是抓包軟件的原因。
(2)請求頭中有多個cookie鍵。
(3)請求頭中寫明accept的是image。
(4)響應頭中有:【content-type: image/png】,並且響應體中有圖片的字節流;由於是特殊符號,因此無法復制到代碼塊;以下是字節流截圖:
點擊抓包工具的Image標簽,可以看到圖片的樣子:
總結
以上便是HTTP常用請求頭與請求體的實例。
先記錄在這里,之后需要查找時就方便多了。