当前位置: 首页 > news >正文

Web Application Basics

Web Application Basics

URL

Scheme:often https
User(rare)
Host/Domain:website address

typosquatting:mimic a website to trick people into giving up sensitive info.

Port:usually 80-http,443-https
Path:file path
Query String:have ?—Modify-able
Fragment—Modify-able

HTTP Request:

start line(methods/url path/http version)
request headers
(host,
user-agent,- - - web browser
referer,- - -such as www.google.com,the web where the request comefrom
cookies,
content-type,
content-length

…)
Request Body- - 4kinds:

  1. Url encoded(application/x-www-form-urlencoded) ;key=value
  2. form-data表格数据(multipart/form-data) ;boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW(- - - 之后为生成的分割头部)
  3. json(application/json); { “username”=“” }
  4. xml(application/xml) ;just like html

HTTP Response

The first line

in every HTTP response is called the Status Line. It gives you three key pieces of info:

HTTP Version: This tells you which version of HTTP is being used.
Status Code: A three-digit number showing the outcome of your request.
Reason Phrase: A short message explaining the status code in human-readable terms.
Since we already covered HTTP Versions in Task 5, let’s focus on the Status Codes and Reason Phrases here.

Status Codes and Reason Phrases
The Status Code is the number that tells you if the request succeeded or failed, while the Reason Phrase explains what happened. These codes fall into five main categories:

Informational Responses (100-199)
These codes mean the server has received part of the request and is waiting for the rest. It’s a “keep going” signal.

Successful Responses (200-299)
These codes mean everything worked as expected. The server processed the request and sent back the requested data.

Redirection Messages (300-399)
These codes tell you that the resource you requested has moved to a different location, usually providing the new URL.

Client Error Responses (400-499)
These codes indicate a problem with the request. Maybe the URL is wrong, or you’re missing some required info, like authentication.

Server Error Responses (500-599)
These codes mean the server encountered an error while trying to fulfil the request. These are usually server-side issues and not the client’s fault.

Common Status Codes
Here are some of the most frequently seen status codes:

100 (Continue)
The server got the first part of the request and is ready for the rest.

200 (OK)
The request was successful, and the server is sending back the requested resource.

301 (Moved Permanently)
The resource you’re requesting has been permanently moved to a new URL. Use the new URL from now on.

404 (Not Found)
The server couldn’t find the resource at the given URL. Double-check that you’ve got the right address.

500 (Internal Server Error)
Something went wrong on the server’s end, and it couldn’t process your request.

Response Header

just headers

Security Headers

1.CSP
Content-Security-Policy: default-src ‘self’; script-src ‘self’ https://cdn.tryhackme.com; style-src ‘self’

2.HSTS
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload

3.X-Content-Type-Options
X-Content-Type-Options: nosniff

4.Referrer-Policy
This header controls the amount of information sent to the destination web server when a user is redirected from the source web server, such as when they click a hyperlink. The header is available to allow a web administrator to control what information is shared. Here are some examples of Referrer-Policy:

Referrer-Policy: no-referrer
Referrer-Policy: same-origin
Referrer-Policy: strict-origin
Referrer-Policy: strict-origin-when-cross-origin
Here’s a breakdown of the Referrer-Policy header by directives:

no-referrer

  • This completely disables any information being sent about the referrer

same-origin

  • This policy will only send referrer information when the destination is part of the same origin. This is helpful when you want referrer information passed when hyperlinks are within the same website but not outside to external websites.

strict-origin

  • This policy only sends the referrer as the origin when the protocol stays the same. So, a referrer is sent when an HTTPS connection goes to another HTTPS connection.

strict-origin-when-cross-origin

  • This is similar to strict-origin except for same-origin requests, where it sends the full URL path in the origin header.

THANKS FOR VIEWING!

http://www.cnnetsun.cn/news/3522817.html

相关文章:

  • SQL 数据库创建学生表+SQL 完整创建数据库代码(主文件+次文件+日志文件)
  • Ansible for Kubernetes多环境管理:从开发到生产的完整CI/CD流水线设计
  • 三类“核”底层差异拆解|全网独家复现传统滤波核、CNN可学习卷积核、SVM核函数、助力视觉预处理/特征提取/小样本分类精准涨点
  • HarmonyOS7 长按上下文菜单:用 bindContextMenu 做好快捷操作
  • Single主题社区贡献指南:如何参与开源项目开发
  • 自动设置 JAVA_HOME 和将 JDK 的 bin 目录添加到 PATH
  • Day5 哈希表part01
  • 3个关键功能让老旧Mac也能轻松制作Windows启动盘:WinDiskWriter深度解析
  • dynamic-struct版本演进:从v1.0到v1.4.0的重要变化指南
  • Jellium Desktop未来路线图:即将到来的5大令人兴奋的功能
  • 医疗机构 Hoxhunt 游戏化模拟钓鱼培训落地与人因风险治理研究
  • 有关线程池知识
  • 如何利用cpu_rec快速识别物联网设备固件中的CPU架构:10个实用技巧
  • 多维聚合实战:从GROUP BY到空间导航的数据分析跃迁
  • 90%开发者踩坑:MCP Resource注册≠模型能读取资源
  • 边缘推理引擎内建性能计数器设计:逐层延迟、内存峰值与功耗度量的采集和 Prometheus 导出方案
  • GimpPs终极指南:如何3步将GIMP界面秒变Photoshop专业风格
  • Windows Defender Remover终极指南:如何彻底移除系统自带杀毒软件
  • 3种方式解锁Windows终极权限:NSudo深度解析与实践指南
  • 硅基流动使用指南
  • 智谱清言GLM-4深度解析:6大核心能力对比实测(含推理速度、中文NLU得分、长文本吞吐量)
  • windows-terminal-quake安全与隐私:你需要知道的一切
  • 猫抓扩展:三分钟学会浏览器视频嗅探的终极免费方案
  • MPI-IS Mesh空间搜索:AABB树与最近点查询的实战应用
  • AI 模型输出异常的根因排查:幻觉、过时知识与推理断裂的区分诊断
  • 如何快速搭建ECS-Network-Racing-Sample:10分钟上手Unity DOTS多人游戏开发
  • ES6解构赋值的5个实用技巧:让JavaScript代码更简洁高效
  • 力扣-高频 SQL 50 题(基础版)-1484. 按日期分组销售产品
  • ## [特殊字符] 落地操作指南:从笨办法升级到聪明方法
  • 米家API深度解析:Python智能家居编程控制的架构设计与实战应用