ArcLibrary
L1入门L2进阶L3生态

HTTP Basics

The language of the web — how browsers talk to servers.

HTTPRequestResponse
核心 · Key Idea

In one line: HTTP is the request/response protocol between browser and server. The client sends a request (method + URL + headers + body); the server returns a response (status + headers + body).

What it is#

A barebones HTTP/1.1 request:

GET /index.html HTTP/1.1
Host: example.com
User-Agent: curl/8.0
Accept: */*

Server responds:

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 1234
 
<html>...

A plain-text protocol you can read with your eyes — that's why HTTP became universal.

Analogy#

打个比方 · Analogy

HTTP is like ordering food:

  • Client: "GET the index page over HTTP 1.1; I'm curl" = waiter, I want this;
  • Server: "200 OK, here's the HTML, 1234 bytes" = your dish, sir.

Every exchange is one question, one answer, and the server doesn't remember you by default (stateless).

Key concepts#

MethodsMethod
GET reads / POST creates / PUT replaces / PATCH partial / DELETE removes / HEAD headers only / OPTIONS capability.
Status codesStatus Code
1xx info / 2xx success / 3xx redirect / 4xx client error / 5xx server error.
HeadersHeaders
Key/value metadata: Host, Accept, Content-Type, Authorization.
BodyBody
Payload for POST/PUT. GET has no body.
StatelessStateless
HTTP itself remembers nothing. Sessions via Cookie / token resent on every request.
IdempotentIdempotent
Same result regardless of repeats: GET / PUT / DELETE; POST often not.

How it works#

Opening one page typically fires dozens of HTTP requests — every static asset, every API call.

Practical notes#

  • Memorise key status codes: 200 OK, 301/302 redirect, 304 not modified, 400 bad request, 401 unauthenticated, 403 forbidden, 404 not found, 500 server error, 502/504 gateway / upstream.
  • curl -i URL shows headers; curl -v URL shows full traffic.
  • Don't abuse POST. If GET works (cacheable, bookmarkable, replayable), use it.
  • Content-Type drives parsing: application/json / application/x-www-form-urlencoded / multipart/form-data.
  • CORS is browser-side, not HTTP-spec. It's a browser security policy; the backend sets Access-Control-Allow-Origin to permit.

Easy confusions#

HTTP/1.1
Text protocol; one request per TCP connection at a time.
Concurrency via multiple connections.
HTTP/2
Binary + multiplexing; many parallel requests on one connection.
Header compression.

Further reading#