Key Aspects of Web Development in Python

Theory: HTTP Protocol

pages.courses.lessons.theory_unit.sign_up_block_title

pages.courses.lessons.theory_unit.sign_up_block_description

What happens after we type a web address into the browser? It is a common interview question for web developers. You can find a detailed answer to this question on [GitHub] (https://github.com/alex/what-happens-when). The main thing the interviewer wants to know is your level of understanding of HTTP. In this lesson, we'll cover this topic in more detail.

What is HTTP

To better understand this term, let's remind ourselves what a protocol is. It's a set of conventions or rules by which different programs can exchange information. One of the most common web protocols is HTTP (Hypertext Transfer Protocol). It is a set of rules that both your computer and a computer located far away will know. These rules help the browser and the web server communicate with each other.

You already know that a web server is a program installed on a server and handles incoming connections. A web server works in two stages:

The server receives information from the browser about which page of which site we want to load
The server then returns the contents of this webpage to the browser

This request-response cycle is an HTTP session. Now, we will use the curl program to see what it looks like:

curl -v --head https://hexlet.io

* Trying 174.66.43.105:443...
* TCP_NODELAY set
* Connected to hexlet.io (174.66.43.105) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: C=US; ST=California; L=San Francisco; O=Cloudflare, Inc.; CN=sni.cloudflaressl.com
*  start date: Dec 21 00:00:00 2021 GMT
*  expire date: Dec 20 23:59:59 2022 GMT
*  issuer: C=US; O=Cloudflare, Inc.; CN=Cloudflare Inc ECC CA-3
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x560728425e30)
> HEAD / HTTP/2
> Host: ru.hexlet.io
> user-agent: curl/7.68.0
> accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Connection state changed (MAX_CONCURRENT_STREAMS == 256)!
< HTTP/2 200
HTTP/2 200
< date: Wed, 09 Feb 2022 07:13:32 GMT
date: Wed, 09 Feb 2022 07:13:32 GMT
< content-type: text/html; charset=utf-8
content-type: text/html; charset=utf-8
...

<
* Connection #0 to host ru.hexlet.io left intact

Now we know HTTP technology, but that is not enough. Also, we should learn how to make raw HTTP requests not through the browser but independently, emulating the browser's behavior. This task involves using the telnet program. There's a Hexlet course on this topic. You can learn everything there.

Why do we use HTTP?

Programmers use the HTTP protocol for many different tasks:

When working with forms, when uploading files, and when redirecting
For authentication, since it depends entirely on HTTP
Obtain request details (for example, you can see from which browser we sent a request)
To increase performance and caching

The HTTPS protocol

In addition to HTTP, the more secure protocol HTTPS is widespread on the web. If the site runs under the HTTP protocol, you shouldn't perform any actions related to sensitive data, such as credit cards. Anyone who maintains the site or the equipment between you and the server can read your data.

Note that popular sites always give payment pages via HTTPS. In turn, the ability to work with HTTPS gives you access to new concepts straight away:

Encryption, asymmetric encryption
Certificates
Digital signatures

TCP/IP

Only using the HTTP and HTTPS protocols isn't enough. The fact is that HTTP doesn't exist by itself but on top of the TCP/IP protocol stack. A basic knowledge of networks is essential for the following reasons:

Security. Without basic knowledge, it's easy to make a mistake and get hacked
Debugging. Even minor problems with sites are difficult to troubleshoot without basic networking knowledge. It is because many problems with starting and configuring sites are related to network sockets

DNS

Another pillar of the web is the domain name service. Imagine typing an address into a browser. At that point, the browser makes DNS queries to the appropriate servers and tries to find out what IP address belongs to the site. The connection to the server is over TCP/IP, not HTTP. The HTTP protocol starts working after establishing the TCP connection.

Knowing DNS will help:

Bind a domain to the server
Configure mail for a domain
Verify your project with various services
Provide faster and more efficient debugging because often booting problems are related to the DNS

How to study

Many books on operating systems discuss networks in great detail. There's at least one source on the subject on Hexlet's list of [recommended books] (https://hexlet.io/pages/recommended-books).

Navigation

Theory

Tests