Hypertext Transfer Protocol - Vev

Hypertext Transfer Protocol

Un article de Vev.

(Différences entre les versions)
Jump to: navigation, search
Version du 19 décembre 2007 à 17:47
212.208.63.9 (Discuter)
(HTTPS)
← Différence précédente		 Version actuelle
4.20.98.115 (Discuter)

Ligne 1: Ligne 1:
-Le '''''Hypertext Transfer Protocol''''', plus connu sous l'[[abréviation]] '''HTTP''', littéralement le « protocole de transfert [[hypertexte]] », est un [[protocole de communication]] [[client-serveur]] développé pour le [[World Wide Web]]. '''HTTPS''' (avec S pour ''secured'', soit « sécurisé ») est la variante du HTTP ''sécurisée'' par l'usage des [[Protocole de communication|protocoles]] [[Transport Layer Security|SSL]] ou [[Transport Layer Security|TLS]].+{{Template:IPstack}}
 +'''Hypertext Transfer Protocol''' ('''HTTP''') is a [[communications protocol]] used to transfer or convey information on [[intranets]] and the [[World Wide Web]]. Its original purpose was to provide a way to publish and retrieve [[hypertext]] pages.
 +Development of HTTP was coordinated by the W3C ([[World Wide Web Consortium]]) and the IETF ([[Internet Engineering Task Force]]), culminating in the publication of a series of [[Request for Comments|RFCs]], most notably RFC 2616 ([[June 1999]]), which defines HTTP/1.1, the version of HTTP in common use.
-Le protocole HTTP peut fonctionner sur n'importe quelle connexion fiable, dans les faits on utilise le protocole [[Transmission Control Protocol|TCP]] comme couche de transport. Un serveur HTTP utilise alors par défaut le [[port (logiciel)|port]] 80 (443 pour HTTPS).+HTTP is a request/response protocol between a client and a server. The client making an HTTP request—such as a [[web browser]], [[Web crawler|spider]], or other end-user tool—is referred to as the ''[[user agent]]''. The responding [[Web server|server]]—which stores or creates ''resources'' such as [[HTML]] files and images—is called the ''origin server''. In between the user agent and origin server may be several intermediaries, such as [[proxy server|proxies]], [[gateway (computer networking)|gateways]], and [[Tunneling protocol|tunnels]]. HTTP is not constrained to using [[Internet protocol suite|TCP/IP]] and its supporting layers, although this is its most popular application on the Internet. Indeed HTTP can be "implemented on top of any other protocol on the Internet, or on other networks. HTTP only presumes a reliable transport; any protocol that provides such guarantees can be used."
-Les [[client HTTP|clients HTTP]] les plus connus sont les [[navigateur Web|navigateurs Web]] permettant à un utilisateur d'accéder à un serveur contenant les données. Il existe aussi des systèmes pour récupérer automatiquement le contenu d'un site tel que les [[aspirateur de site|aspirateurs de site]] ou les [[robot d'indexation|robots d'indexation]].+Typically, an <strong>HTTP client</strong> initiates a request by establishing a [[Transmission Control Protocol]] (TCP) connection to a particular [[TCP and UDP port|port]] on a host (port 80 by default; see [[List of TCP and UDP port numbers]]). An HTTP server listening on that port waits for the client to send a request message.
-Ces clients se connectent à des [[serveur HTTP|serveurs HTTP]] tels qu'[[Apache HTTP Server]], [[Internet Information Services]] ou le [[serveur Web Zeus]].+Upon receiving the request, the server sends back a status line, such as "HTTP/1.1 200 OK", and a message of its own, the body of which is perhaps the requested file, an error message, or some other information.
-==Historique==+[[Resource (Web)|Resources]] to be accessed by [[HTTP]] are identified using [[Uniform Resource Identifier]]s (URIs) (or, more specifically, [[Uniform Resource Locator]]s (URLs)) using the <tt>http:</tt> or [[https]] [[URI scheme]]s.
-{{article détaillé|World_Wide_Web#Historique}}+
-HTTP a été inventé par [[Tim Berners-Lee]] avec les [[adresses Web]] et le langage [[HTML]] pour créer le [[World Wide Web]]. À cette époque le ''[[File Transfer Protocol]]'' (FTP) était déjà disponible pour transférer des fichiers, mais il ne supportait pas la notion de [[format de données]] telle qu'introduite par [[Multipurpose Internet Mail Extensions]] (MIME). La première version de HTTP était très basique, mais prévoyait déjà le support d'entêtes MIME pour décrire les données transmises. Cette première version reste encore partiellement utilisable [[en 2007]], connue sous le nom de HTTP/0.9.+==Request Message==
 +The request message consists of the following:
-En {{Date||mai|1996}}, HTTP/1.0 devient finalement standard de l'[[IETF]] et est décrit dans la RFC 1945. Cette version supporte les serveurs HTTP virtuels, la gestion de cache et l'identification.+* Request line, such as <tt>GET /images/logo.gif HTTP/1.1</tt>, which requests the file <tt>logo.gif</tt> from the <tt>/images</tt> directory
 +* [[List of HTTP headers|Headers]], such as <tt>Accept-Language: en</tt>
 +* An empty line
 +* An optional message body
-En {{Date||janvier|1997}} HTTP/1.1 est décrit dans la RFC 2068 de l'IETF, puis dans la RFC 2616 en {{Date||juin|1999}}. Cette version ajoute le support du transfert en ''pipeline'' et la négociation de type de contenu (format de données, langue).+The request line and headers must all end with <CR><LF> (that is, a [[carriage return]] followed by a [[line feed]]). The empty line must consist of only <CR><LF> and no other [[Whitespace (computer science)|whitespace]]. In the HTTP/1.1 protocol, all headers except Host are optional.
-==Du client au serveur==+==Request Methods==
 +HTTP defines eight methods (sometimes referred to as "verbs") indicating the desired action to be performed on the identified '''resource'''.
-La liaison entre le client et le serveur n'est pas toujours directe, il peut exister des machines intermédiaires servant de relais :+; HEAD
-*Un [[serveur mandataire]] (ou ''proxy'') peut modifier les réponses et requêtes qu'il reçoit et peut gérer un cache des ressources demandées.+: Asks for the response identical to the one that would correspond to a GET request, but without the response body. This is useful for retrieving meta-information written in response headers, without having to transport the entire content.
-*Une [[passerelle (informatique)|passerelle]] (ou ''gateway'') est un intermédiaire modifiant le protocole utilisé.+; GET
-*Un [[tunnel (réseau informatique)|tunnel]] transmet les requêtes et les réponses sans aucune modification, ni mise en cache.+: Requests a representation of the specified resource. By far the most common method used on the Web today. Should not be used for operations that cause side-effects (using it for actions in [[web application]]s is a common misuse). See 'safe methods' below.
 +; POST
 +: Submits data to be processed (e.g. from an [[HTML form]]) to the identified resource. The data is included in the body of the request. This may result in the creation of a new resource or the updates of existing resources or both.
 +; PUT
 +: Uploads a representation of the specified resource.
 +; DELETE
 +: Deletes the specified resource.
 +; TRACE
 +: Echoes back the received request, so that a client can see what intermediate servers are adding or changing in the request.
 +; OPTIONS
 +: Returns the HTTP methods that the server supports. This can be used to check the functionality of a web server.
 +; CONNECT
 +: Converts the request connection to a transparent [[tunneling protocol|TCP/IP tunnel]], usually to facilitate [[Transport Layer Security|SSL]]-encrypted communication (HTTPS) through an unencrypted HTTP [[proxy server|proxy]].<ref>{{cite web|url=http://www.kb.cert.org/vuls/id/150227|accessdate=2007-05-10|date=2002-05-17|title=Vulnerability Note VU#150227: HTTP proxy default configurations allow arbitrary TCP connections|publisher=US-CERT}}</ref>
-==Méthodes==+HTTP servers are supposed to implement at least the GET and HEAD methods and, whenever possible, also the OPTIONS method.
-Dans le protocole HTTP, une méthode est une '''Commande''' spécifiant un type de requête, c'est-à-dire qu'elle demande au serveur d'effectuer une action. En général l'action concerne une ressource identifiée par l'[[URL]] qui suit le nom de la méthode.+===Safe Methods===
-;<code>GET</code>:C'est la méthode la plus courante pour demander une ressource. Une requête GET est sans effet sur la ressource, il doit être possible de répéter la requête sans effet.+Some methods (e.g. HEAD, GET, OPTIONS, and TRACE) are defined as ''safe'', which means they are intended only for information retrieval and should not change the state of the server (in other words, they should not have [[side effect (computer science)|side effects]]). Unsafe methods (such as POST, PUT and DELETE) should be displayed to the user in a special way, typically as buttons rather than links, thus making the user aware of possible obligations (such as a button that causes a financial transaction).
-;<code>HEAD</code>:Cette méthode ne demande que des informations sur la ressource, sans demander la ressource elle-même.+
-;<code>POST</code>:Cette méthode doit être utilisée pour ajouter une nouvelle ressource (un message sur un forum ou un article dans un site). L'URI fournie est l'URI d'une ressource liée à la nouvelle ressource (comme l'URI du forum ou site) et non l'URI de la ressource nouvellement crée. +
-;<code>OPTIONS</code>:Cette méthode permet d'obtenir les options de communication d'une ressource ou du serveur en général. +
-;<code>CONNECT</code>:Cette méthode permet d'utiliser un proxy comme un tunnel de communication. +
-;<code>TRACE</code>:Cette méthode demande au serveur de retourner ce qu'il a reçu, dans le but de tester et effectuer un diagnostic sur la connexion. +
-;<code>PUT</code>:Cette méthode permet de remplacer ou d'ajouter une ressource sur le serveur. L'URI fourni est celui de la ressource en question. +
-;<code>DELETE</code>:Cette méthode permet de supprimer une ressource du serveur. +
-Ces 2 dernières méthodes nécessitent généralement un accès privilégié.+
-Certains serveurs autorisent d'autres méthodes de gestion des ressources du serveur (par exemple [[WebDAV]]).+Despite the required safety of ''GET'' requests, in practice they can cause changes on the server. For example, a Web server may use the retrieval through a simple [[hyperlink]] to initiate deletion of a domain database record, thus causing a change of the server's state as a side-effect of a GET request. This is discouraged, because it can cause problems for [[Web caching]], [[search engines]] and other automated agents, which can make unintended changes on the server. Another case is that a GET request may cause the server to create a cache space.
-<!-- à compléter -->+
-==Identification==+===Idempotent Methods and Web Applications===
 +Methods PUT and DELETE are defined to be [[idempotent]], meaning that multiple identical requests should have the same effect as a single request. Methods GET, HEAD, OPTIONS and TRACE, being safe, are inherently idempotent.
-HTTP permet l'identification du visiteur par transmission d'un nom et d'un [[mot de passe]].+The RFC allows a user-agent, such as a browser to assume that any idempotent request can be retried without informing the user. This is done to improve the user experience when connecting to unresponsive or heavily-loaded web servers.
-Il existe 2 modes d'[[HTTP Authentification|identification]] : ''Basic'' et ''Digest'' (RFC 2617). Le premier mode transmet le [[mot de passe]] en clair, et ne doit donc être utilisé qu'avec le protocole HTTPS. Le deuxième mode permet une identification sans transmettre le mot de passe en clair.+
-L'identification est cependant souvent effectuée par une couche applicative supérieure à HTTP.+
-==HTTP 0.9==+However, note that the idempotence is not assured by the protocol or web server. It is perfectly possible to write a web application in which (e.g.) a database insert or update is triggered by a GET request - this would be a very normal example of what the spec refers to as "a change in server state."
-Au début du [[World Wide Web]], il était prévu d'ajouter au protocole HTTP des capacités de négociation de contenu, en s'inspirant notamment de [[MIME]]. En attendant, le protocole HTTP 0.9 était extrêmement simple.+
-#connexion du [[client HTTP]]+
-#envoi d'une requête de méthode <code>GET</code>+
-#réponse du [[serveur HTTP]]+
-#le serveur ferme la connexion pour signaler la fin de la réponse.+
-Requête :+
- GET <nowiki>/page.html</nowiki>+
-La méthode <tt>GET<tt> est la seule possible. Le serveur reconnaît qu'il a affaire à une requête HTTP 0.9 au fait que la version n'est pas précisée suite à l'URI.+
-Réponse :+This misuse of GET can combine with the retry behavior above to produce erroneous transactions - and for this reason GET should be avoided for anything transactional - and used, as intended, for document retrieval only.
- &lt;HTML&gt;+
- &lt;HEAD&gt;+
- &lt;TITLE&gt;Example&lt;/TITLE&gt;+
- &lt;/HEAD&gt;+
- &lt;BODY&gt;+
- &lt;P&gt;Ceci est une page d'exemple.&lt;/P&gt;+
- &lt;/BODY&gt;+
- &lt;/HTML&gt;+
-Pour répondre à une requête HTTP 0.9, le serveur envoie directement le contenu de la réponse, sans méta-données. Il ne doit jamais se comporter ainsi pour les requêtes HTTP de version supérieure.+
-Inutile de chercher les versions inférieures à 0.9 du protocole HTTP : elles n'existent pas, car HTTP 0.9 n'avait initialement pas de numéro de version. Il a fallu lui en attribuer un quand HTTP 1.0 est arrivé.+==HTTP Versions==
 +HTTP has evolved into multiple, mostly backwards-compatible protocol versions. RFC 2145 describes the use of HTTP version numbers. The client tells in the beginning of the request the version it uses, and the server uses the same or earlier version in the response.
-==HTTP 1.0==+; 0.9
-Le protocole HTTP 1.0, décrit dans le RFC 1945, prévoit l'utilisation d'en-têtes inspirés de [[MIME]]. La gestion de la connexion reste identique à HTTP 0.9 : le client établit la connexion, envoie une requête, le serveur répond et ferme immédiatement la connexion.+: Deprecated. Supports only one command, GET, which does not specify the HTTP version. Does not support headers. Since this version does not support POST, the client can't pass much information to the server.
 +; HTTP/1.0 (May 1996)
 +: This is the first protocol revision to specify its version in communications and is still in wide use, especially by proxy servers.
 +; HTTP/1.1 (June 1999)<ref>
 +First release of HTTP/1.1 specification is dated January 1997 {{Inet-note-ref|type=rfc|id=2068|text=RFC 2068}}</ref><ref>
 +Latest release of HTTP/1.1 specification is dated June 1999 {{Inet-note-ref|type=rfc|id=2616|text=RFC 2616}}</ref>
 +: Current version; persistent connections enabled by default and works well with proxies. Also supports [[HTTP pipelining|request pipelining]], allowing multiple requests to be sent at the same time, allowing the server to prepare for the workload and potentially transfer the requested resources more quickly to the client.
 +; HTTP/1.2
 +: The initial 1995 working drafts of the document ''PEP — an Extension Mechanism for HTTP'' (which proposed the [[Protocol Extension Protocol]], abbreviated PEP) were prepared by the [[World Wide Web Consortium]] and submitted to the [[Internet Engineering Task Force]]. PEP was originally intended to become a distinguishing feature of HTTP/1.2.<ref>[http://www.w3.org/TR/WD-http-pep-951122.html] ''PEP: An Extension Mechanism for HTTP''. Quote: "For experimental purposes, PEP-compatibility is equated with HTTP/1.2."</ref> In later [http://www.w3.org/TR/WD-http-pep PEP working drafts], however, the reference to HTTP/1.2 was removed. The experimental RFC 2774, ''HTTP Extension Framework'', largely subsumed PEP. It was published in February 2000.
-Une requête HTTP présente le format suivant :+==Status Codes==
- +{{See also|List of HTTP status codes}}
- Ligne de commande (Commande, URL, Version de protocole)+In HTTP/1.0 and since, the first line of the HTTP response is called the ''status line'' and includes a numeric ''status code'' (such as "[[HTTP 404|404]]") and a textual ''reason phrase'' (such as "Not Found"). The way the [[user agent]] handles the response primarily depends on the code and secondarily on the response headers. Custom status codes can be used since, if the user agent encounters a code it does not recognize, it can use the first digit of the code to determine the general class of the response.<ref>[http://www.w3.org/Protocols/rfc2616/rfc2616-sec6.html#sec6.1 6.1 Status-Line]</ref>
- En-tête de requête+
- [Ligne vide]+
- Corps de requête+
-Les réponses HTTP présentent le format suivant :+Also, the standard reason phrases are only recommendations and can be replaced with "local equivalents" at the [[web developer]]'s discretion. If the status code indicated a problem, the user agent might display the reason phrase to the user to provide further information about the nature of the problem. The standard also allows the user agent to attempt to interpret the reason phrase, though this might be unwise since the standard explicitly specifies that status codes are machine-readable and reason phrases are human-readable.
- Ligne de statut (Version, Code-réponse, Texte-réponse)+==Persistent Connections==
- En-tête de réponse+{{main|HTTP persistent connections}}
- [Ligne vide]+In HTTP/0.9 and 1.0, the connection is closed after a single request/response pair. In HTTP/1.1 a keep-alive-mechanism was introduced, where a connection could be reused for more than one request.
- Corps de réponse+
-Requête :+Such ''persistent connections'' reduce [[lag]] perceptibly, because the client does not need to re-negotiate the TCP connection after the first request has been sent.
- GET /page.html HTTP/1.0+
- Host: example.com+
- Referer: <nowiki>http://example.com/</nowiki>+
- User-Agent: CERN-LineMode/2.15 libwww/2.17b3+
- +
-La version du protocole HTTP est précisée suite à l'URI. La requête doit être terminée par un double retour à la ligne (CRLFCRLF). HTTP 1.0 supporte aussi les méthodes HEAD et POST.+
-On constate l'usage d'en-têtes inspirés de [[MIME]] pour transférer les méta-données :+
-;<code>Host</code>:Permet de préciser le [[site Web]] concerné par la requête, ce qui est nécessaire pour un serveur hébergeant plusieurs sites à la même [[adresse IP]] (''name based virtual host'', hôte virtuel basé sur le nom). C'est le seul en-tête réellement important.+
-;<code>Referer</code>:Indique l'[[URI]] du document qui a donné un lien sur la ressource demandée. Cet en-tête permet aux [[webmaster]]s d'observer d'où viennent les visiteurs.+
-;<code>User-Agent</code>:Indique le logiciel utilisé pour se connecter. Il s'agit généralement d'un [[navigateur Web]] ou d'un [[robot d'indexation]].+
-Réponse :+Version 1.1 of the protocol made bandwidth optimization improvements to HTTP/1.0. For example, HTTP/1.1 introduced [[chunked transfer encoding]] to allow content on persistent connections to be streamed, rather than buffered. [[HTTP pipelining]] further reduces lag time, allowing clients to send multiple requests before a previous response has been received to the first one. Another improvement to the protocol was [[byte serving]], which is when a server transmits just the portion of a resource explicitly requested by a client.
- HTTP/1.0 200 OK+
- Date: Fri, 31 Dec 1999 23:59:59 GMT+
- Server: Apache/0.8.4+
- Content-Type: text/html+
- Content-Length: 59+
- Expires: Sat, 01 Jan 2000 00:59:59 GMT+
- Last-modified: Fri, 09 Aug 1996 14:21:40 GMT+
- +
- &lt;TITLE>Example&lt;/TITLE>+
- &lt;P>Ceci est une page d'exemple.&lt;/P>+
-La première ligne donne le [[code de statut HTTP]] (200 dans ce cas).+==HTTP session state==
-;<code>Date</code>:Moment auquel le message est généré.+HTTP is a [[stateless server|stateless]] protocol. The advantage of a stateless protocol is that hosts do not need to retain information about users between requests, but this forces [[web developer|web developers]] to use alternative methods for maintaining users' states. For example, when a host would like to customize content for a user while visiting a [[website]], the [[web application]] must be written to track the user's progress from page to page. A common method for solving this problem involves sending and requesting [[HTTP cookie|cookies]]. Other methods include server side sessions, hidden variables (when current page is a [[Form (web)|form]]), and [[Uniform Resource Locator|URL]] encoded parameters (such as <code>/index.php?userid=3</code>).
-;<code>Server</code>:Indique quel modèle de [[serveur HTTP]] répond à la requête.+
-;<code>Content-Length</code>:Indique la taille en [[octet]]s de la ressource.+
-;<code>Content-Type</code>:Indique le type [[MIME]] de la ressource.+
-;<code>Expires</code>:Indique le moment après lequel la ressource devrait être considérée obsolète ; permet aux navigateurs Web de déterminer jusqu'à quand garder la ressource en [[mémoire cache]].+
-;<code>Last-Modified</code>:Indique la date de dernière modification de la ressource demandée.+
-==HTTP 1.1==+==Secure HTTP==
 +There are currently two methods of establishing a secure HTTP connection: the [[https]] [[Uniform Resource Identifier|URI]] scheme and the HTTP 1.1 <tt>Upgrade</tt> header, introduced by RFC 2817. Browser support for the <tt>Upgrade</tt> header is, however, nearly non-existent, hence the [[https]] [[Uniform Resource Identifier|URI]] scheme is still the dominant method of establishing a secure HTTP connection.
-Le protocole HTTP 1.1 est décrit par le RFC 2616 qui rend le RFC 2068 obsolète. +===HTTPS URI Scheme===
-La différence avec HTTP 1.0 est une meilleure gestion du cache. L'en-tête '''Host''' devient obligatoire dans les requêtes.+{{main|HTTPS}}
 +<tt>HTTPS:</tt> is a URI scheme syntactically identical to the <tt>http:</tt> scheme used for normal HTTP connections, but which signals the browser to use an added encryption layer of [[Secure Sockets Layer|SSL]]/[[Transport Layer Security|TLS]] to protect the traffic. SSL is especially suited for HTTP since it can provide some protection even if only one side of the communication is authenticated. In the case of HTTP transactions over the Internet, typically, only the server side is authenticated.
-Les soucis majeurs des deux premières versions du protocole HTTP sont d'une part le nombre important de connexions lors du chargement d'une page complexe (contenant beaucoup d'images ou d'animations) et d'autre part le temps d'ouverture d'une connexion entre client et serveur (l'[[Transmission_Control_Protocol#Établissement d'une connexion|établissement d'une connexion TCP]] prend un temps triple de la latence entre client et serveur). Des expérimentations de connexions persistantes ont cependant été effectuées avec HTTP 1.0 (notamment par l'emploi de l'en-tête '''Connection: Keep-Alive'''), mais cela n'a été définitivement mis au point qu'avec HTTP 1.1.+===HTTP 1.1 Upgrade header===
 +HTTP 1.1 introduced support for the <tt>Upgrade</tt> header. In the exchange, the client begins by making a clear-text request, which is later upgraded to [[Transport Layer Security|TLS]]. Either the client or the server may request (or demand) that the connection be upgraded. The most common usage is a clear-text request by the client followed by a server demand to upgrade the connection, which looks like this:
-Par défaut, HTTP 1.1 utilise des connexions persistantes, autrement dit la connexion n'est pas immédiatement fermée après une requête, mais reste disponible pour une nouvelle requête. On appelle souvent cette fonctionnalité ''keep-alive''. Il est aussi permis à un client HTTP d'envoyer plusieurs requêtes sur la même connexion sans attendre les réponses. On appelle cette fonctionnalité ''[[Pipelining HTTP|pipelining]]''. La persistance des connexions permet d'accélérer le chargement de pages contenant plusieurs ressources, tout en diminuant la charge du réseau.+Client:
 +<pre>
 +GET /encrypted-area HTTP/1.1
 +Host: www.example.com
 +</pre>
-La gestion de la persistance d'une connexion est gérée par l'en-tête '''Connection'''.+Server:
 +<pre>
 +HTTP/1.1 426 Upgrade Required
 +Upgrade: TLS/1.0, HTTP/1.1
 +Connection: Upgrade
 +</pre>
-HTTP 1.1 supporte la négociation de contenu. Un client HTTP 1.1 peut accompagner la requête pour une ressource d'en-têtes indiquant quels sont les [[langue]]s et [[formats de données]] préférés.+The server returns a 426 status-code because 400 level codes indicate a client failure (see [[List of HTTP status codes]]), which correctly alerts legacy clients that the failure was client-related.
-Il s'agit des en-têtes dont le nom commence par '''Accept-'''.+
-Les en-têtes supplémentaires supportés par HTTP 1.1 sont :+The benefits of using this method for establishing a secure connection are:
-;<code>Connection</code>:Cet en-tête peut être envoyé par le client ou le serveur et contient une liste de nom spécifiant les options à utiliser avec la connexion actuelle. Si une option possède des paramètres ceux-ci sont spécifiés par l'en-tête portant le même nom que l'option ('''Keep-Alive''' par exemple, pour spécifier le nombre maximum de requêtes par connexion). Le nom '''close''' est reservé pour spécifier que la connexion doit être fermée après traitement de la requête en cours.+
-;<code>Accept</code>:Cet en-tête liste les types MIME de contenu acceptés par le client. Le caractère étoile * peut servir à spécifier tous les types / sous-types.+
-;<code>Accept-Charset</code>:Spécifie les encodages de caractères acceptés.+
-;<code>Accept-Language</code>:Spécifie les langages acceptés.+
-L'ordre de préférence de chaque option (type, encodage ou langage) est spécifié par le paramètre optionnel '''q''' contenant une valeur décimale entre 0 (''inacceptable'') et 1 (''acceptable'') inclus (3 décimales maximum après la virgule), valant 1 par défaut.+*that it removes messy and problematic redirection and URL rewriting on the server side,
 +*it allows virtual hosting (single IP, multiple domain-names) of secured websites, and
 +*it reduces user confusion by providing a single way to access a particular resource.
-Le support des connexions persistantes doit également fonctionner dans les cas où la taille de la ressource n'est pas connue d'avance (ressource générée dynamiquement par le serveur, flux externe au serveur, ...).+A weakness with this method is that the requirement for secure HTTP cannot be specified in the URI. In practice, the (untrusted) server will thus be responsible for enabling secure HTTP, not the (trusted) client.
-Pour cela, l'encodage de transfert nommé '''chunked''' permet de transmettre la ressource par morceaux consécutifs en précédant chacun par une ligne de texte donnant la taille de celui-ci en hexadécimal.+==Sample==
-Le transfert se termine alors par un morceau de taille nulle, où des en-têtes finaux peuvent être envoyés.+Below is a sample conversation between an HTTP client and an HTTP server running on [[example.com|www.example.com]], port 80.
-Les en-têtes supplémentaires liés à cet encodage de transfert sont :+'''Client request''' (followed by a blank line, so that request ends with a double [[newline]], each in the form of a [[carriage return]] followed by a [[line feed]]):
-;<code>Transfer-Encoding</code>:Spécifie l'encodage de transfert. La seule valeur définie par la spécification RFC 2616 est '''chunked'''.+<pre>
 + GET /index.html HTTP/1.1
 + Host: www.example.com
 +</pre>
-;<code>Trailer</code>:Liste tous les en-têtes figurant après le dernier morceau transféré.+The "Host" header distinguishes between various [[Domain Name System|DNS]] names sharing a single [[IP address]], allowing name-based [[virtual hosting]]. While optional in HTTP/1.0, it is mandatory in HTTP/1.1.
-;<code>TE</code>:Envoyé par le client pour spécifier les encodages de contenu supportés ('''Content-Encoding''', ne pas confondre avec '''Transfer-Encoding''' car '''chunked''' est obligatoirement supporté par les clients et serveurs implémentant le standard HTTP/1.1), et spécifie si le client supporte l'en-tête '''Trailer''' en ajoutant '''trailers''' à la liste.+
-==HTTPS==+'''Server response''' (followed by a blank line and text of the requested page):
 +<pre>
 + HTTP/1.1 200 OK
 + Date: Mon, 23&nbsp;May 2005&nbsp;22:38:34 GMT
 + Server: Apache/1.3.27 (Unix) (Red-Hat/Linux)
 + Last-Modified: Wed, 08 Jan 2003 23:11:55 GMT
 + Etag: "3f80f-1b6-3e1cb03b"
 + Accept-Ranges: bytes
 + Content-Length: 438
 + Connection: close
 + Content-Type: text/html; charset=UTF-8
 +</pre>
-HTTPS (avec S pour ''secured'', soit « sécurisé ») est la simple combinaison de HTTP avec [[Transport Layer Security|SSL]] ou [[Transport Layer Security|TLS]].+The [[HTTP ETag|ETag]] (entity tag) header is used to determine if the [[URI]] cached is identical to the requested URI on the server. '''Content-Type''' specifies the [[Internet media type]] of the data conveyed by the http message, while '''Content-Length''' indicates its length in bytes. The HTTP/1.1 [[webserver]] publishes its ability to respond to requests for certain byte ranges of the document by setting the header '''Accept-Ranges: bytes'''. This is useful if the client needs to have only certain portions<ref>http://tools.ietf.org/html/draft-ietf-http-range-retrieval-00</ref> of a file sent by the server, which is called [[byte serving]]. When '''Connection: close''' is sent in a header, it means that the [[web server]] will close the [[Transmission Control Protocol|TCP]] connection immediately after the transfer of this package.
-Il permet au visiteur de vérifier l'identité du site auquel il accède grâce à un ''[[certificat numérique|certificat]] d'[[authentification]]''. Il garantit la confidentialité et l'intégrité des données envoyées par l'utilisateur (notamment des informations entrées dans les formulaires) et reçu du serveur.+==See also==
 +* [[Basic access authentication]]
 +* [[Content negotiation]]
 +* [[Digest access authentication]]
 +* [[HTTP compression]]
 +* [[List of file transfer protocols]]
 +* [[List of HTTP status codes|HTTP status codes]]
 +* [[List of HTTP headers|HTTP headers]]
 +* [[WebDAV]]
 +* [[Web cache]]
-Il est généralement utilisé pour les transactions financières en ligne : [[commerce électronique]], banque en ligne, courtage en ligne, etc. Il est aussi utilisé pour la consultation de données privées, comme les courriers électroniques par exemple.+==References==
 +{{reflist}}
-Le [[Port (logiciel)|port]] par défaut de HTTPS est 443.+[[Category:HTTP]]
- +[[Category:Internet]]
-==Références==+[[Category:Network protocols]]
-<references/>+[[Category:Web browsers]]
- +[[Category:Internet protocols]]
-==Voir aussi==+[[Category:Acronyms]]
-===Liens internes===+[[Category:Application layer protocols]]
-*[[Serveur HTTP]]+[[Category:World Wide Web]]
-*[[Navigateur Web]]+[[Category:Open formats]]
-*[[World Wide Web]]+[[Category:W3C standards]]
-*[[Protocole de communication]]+
-*[[Pipelining HTTP]]+
-*[[Liste des codes HTTP]]+
-*[[format ouvert]]+
-*[[interopérabilité]]+
- +
-===Liens externes===+
-*{{en}} RFC 2616, ''Hypertext Transfer Protocol -- HTTP/1.1'', juin [[1999]]+
-*{{en}} ''[http://www.w3.org/Protocols/ Hypertext Transfer Protocol Overview]'', W3C+
-*{{fr}} [http://www.iprelax.fr/http/ Présentation de HTTP sur un site de vulgarisation]+
-*{{fr}} [http://www.themanualpage.org/http/ Autre bonne présentation de HTTP]+
-*{{en}} [http://livehttpheaders.mozdev.org/ Extension LiveHTTPheaders pour Firefox]+
-*{{en}} RFC 2617, ''HTTP Authentification: Basic and Digest Access Authentification'', juin [[1999]]+
-*{{en}} [http://httptea.sourceforge.net/ HttpTea - Freeware Protocol Logger]+
-*{{fr}} [http://stielec.ac-aix-marseille.fr/cours/caleca/http/index.html Le protocole HTTP]+
-*{{en}} [http://web-sniffer.net/ View Online HTTP Request and Response Header]+
-*{{fr}} [http://www.cases.public.lu/publications/dossiers/https/index.html cases.lu Dossier thématique sur le HTTPS]+
- +
-{{Portail informatique}}+
- +
-[[Catégorie:HTTP|*]]+
-[[Catégorie:Format ouvert]]+
[[ar:HTTP]] [[ar:HTTP]]
[[az:HTTP]] [[az:HTTP]]
-[[bg:HTTP]] 
[[bn:হাইপার টেক্সট ট্রান্সফার প্রোটোকল]] [[bn:হাইপার টেক্সট ট্রান্সফার প্রোটোকল]]
[[bs:Hypertext Transfer Protocol]] [[bs:Hypertext Transfer Protocol]]
 +[[bg:HTTP]]
[[ca:Protocol de transferència d'hipertext]] [[ca:Protocol de transferència d'hipertext]]
[[cs:Hyper Text Transfer Protocol]] [[cs:Hyper Text Transfer Protocol]]
Ligne 201: Ligne 182:
[[da:HTTP]] [[da:HTTP]]
[[de:Hypertext Transfer Protocol]] [[de:Hypertext Transfer Protocol]]
 +[[et:Hypertext Transfer Protocol]]
[[el:Πρωτόκολλο Μεταφοράς Υπερκειμένου]] [[el:Πρωτόκολλο Μεταφοράς Υπερκειμένου]]
-[[en:Hypertext Transfer Protocol]]+[[es:Hypertext Transfer Protocol]]
[[eo:Hiperteksto-Transiga Protokolo]] [[eo:Hiperteksto-Transiga Protokolo]]
-[[es:Hypertext Transfer Protocol]] 
-[[et:Hypertext Transfer Protocol]] 
[[eu:HTTP]] [[eu:HTTP]]
[[fa:HTTP]] [[fa:HTTP]]
-[[fi:HTTP]]+[[fr:Hypertext Transfer Protocol]]
[[ga:Prótacal Aistrithe Hipirtéacs]] [[ga:Prótacal Aistrithe Hipirtéacs]]
[[gl:HTTP]] [[gl:HTTP]]
-[[he:HyperText Transfer Protocol]]+[[ko:HTTP]]
[[hr:HTTP]] [[hr:HTTP]]
-[[hu:HTTP]] 
[[id:HTTP]] [[id:HTTP]]
[[is:HTTP]] [[is:HTTP]]
[[it:HTTP]] [[it:HTTP]]
-[[ja:Hypertext Transfer Protocol]]+[[he:HyperText Transfer Protocol]]
-[[ko:HTTP]]+[[lv:HTTP]]
[[lb:Hypertext Transfer Protocol]] [[lb:Hypertext Transfer Protocol]]
[[lt:HTTP]] [[lt:HTTP]]
-[[lv:HTTP]]+[[hu:HTTP]]
-[[ml:എച്ച്‌.‌ടി.ടി.പി]]+[[ml:എച്ച്‌.ടി.ടി.പി.]]
[[nl:Hypertext Transfer Protocol]] [[nl:Hypertext Transfer Protocol]]
 +[[ja:Hypertext Transfer Protocol]]
 +[[no:HTTP]]
[[nn:Hypertext Transfer Protocol]] [[nn:Hypertext Transfer Protocol]]
-[[no:HTTP]] 
[[pl:Hypertext Transfer Protocol]] [[pl:Hypertext Transfer Protocol]]
[[pt:HTTP]] [[pt:HTTP]]
[[ro:HTTP]] [[ro:HTTP]]
[[ru:HTTP]] [[ru:HTTP]]
-[[sh:HTTP]]+[[sq:HTTP]]
[[simple:Hypertext Transfer Protocol]] [[simple:Hypertext Transfer Protocol]]
[[sk:Hypertext Transfer Protocol]] [[sk:Hypertext Transfer Protocol]]
[[sl:HTTP]] [[sl:HTTP]]
-[[sq:HTTP]] 
[[sr:HTTP]] [[sr:HTTP]]
 +[[sh:HTTP]]
 +[[fi:HTTP]]
[[sv:HTTP]] [[sv:HTTP]]
-[[th:HyperText Transfer Protocol]] 
[[tl:HTTP]] [[tl:HTTP]]
 +[[th:HyperText Transfer Protocol]]
 +[[vi:Hypertext Transfer Protocol]]
[[tr:HTTP]] [[tr:HTTP]]
[[uk:HTTP]] [[uk:HTTP]]
-[[vi:Hypertext Transfer Protocol]] 
[[zh:超文本传输协议]] [[zh:超文本传输协议]]

Version actuelle

Modèle:IPstack Hypertext Transfer Protocol (HTTP) is a communications protocol used to transfer or convey information on intranets and the World Wide Web. Its original purpose was to provide a way to publish and retrieve hypertext pages. Development of HTTP was coordinated by the W3C (World Wide Web Consortium) and the IETF (Internet Engineering Task Force), culminating in the publication of a series of RFCs, most notably RFC 2616 (June 1999), which defines HTTP/1.1, the version of HTTP in common use.

HTTP is a request/response protocol between a client and a server. The client making an HTTP request—such as a web browser, spider, or other end-user tool—is referred to as the user agent. The responding server—which stores or creates resources such as HTML files and images—is called the origin server. In between the user agent and origin server may be several intermediaries, such as proxies, gateways, and tunnels. HTTP is not constrained to using TCP/IP and its supporting layers, although this is its most popular application on the Internet. Indeed HTTP can be "implemented on top of any other protocol on the Internet, or on other networks. HTTP only presumes a reliable transport; any protocol that provides such guarantees can be used."

Typically, an HTTP client initiates a request by establishing a Transmission Control Protocol (TCP) connection to a particular port on a host (port 80 by default; see List of TCP and UDP port numbers). An HTTP server listening on that port waits for the client to send a request message.

Upon receiving the request, the server sends back a status line, such as "HTTP/1.1 200 OK", and a message of its own, the body of which is perhaps the requested file, an error message, or some other information.

Resources to be accessed by HTTP are identified using Uniform Resource Identifiers (URIs) (or, more specifically, Uniform Resource Locators (URLs)) using the http: or https URI schemes.

Sommaire

[modifier]

Request Message

The request message consists of the following:

  • Request line, such as GET /images/logo.gif HTTP/1.1, which requests the file logo.gif from the /images directory
  • Headers, such as Accept-Language: en
  • An empty line
  • An optional message body

The request line and headers must all end with <CR><LF> (that is, a carriage return followed by a line feed). The empty line must consist of only <CR><LF> and no other whitespace. In the HTTP/1.1 protocol, all headers except Host are optional.

[modifier]

Request Methods

HTTP defines eight methods (sometimes referred to as "verbs") indicating the desired action to be performed on the identified resource.

HEAD
Asks for the response identical to the one that would correspond to a GET request, but without the response body. This is useful for retrieving meta-information written in response headers, without having to transport the entire content.
GET
Requests a representation of the specified resource. By far the most common method used on the Web today. Should not be used for operations that cause side-effects (using it for actions in web applications is a common misuse). See 'safe methods' below.
POST
Submits data to be processed (e.g. from an HTML form) to the identified resource. The data is included in the body of the request. This may result in the creation of a new resource or the updates of existing resources or both.
PUT
Uploads a representation of the specified resource.
DELETE
Deletes the specified resource.
TRACE
Echoes back the received request, so that a client can see what intermediate servers are adding or changing in the request.
OPTIONS
Returns the HTTP methods that the server supports. This can be used to check the functionality of a web server.
CONNECT
Converts the request connection to a transparent TCP/IP tunnel, usually to facilitate SSL-encrypted communication (HTTPS) through an unencrypted HTTP proxy.<ref> Vulnerability Note VU#150227: HTTP proxy default configurations allow arbitrary TCP connections 
. US-CERT 
 
 (2002-05-17)

. Retrieved on 2007-05-10. </ref>

HTTP servers are supposed to implement at least the GET and HEAD methods and, whenever possible, also the OPTIONS method.

[modifier]

Safe Methods

Some methods (e.g. HEAD, GET, OPTIONS, and TRACE) are defined as safe, which means they are intended only for information retrieval and should not change the state of the server (in other words, they should not have side effects). Unsafe methods (such as POST, PUT and DELETE) should be displayed to the user in a special way, typically as buttons rather than links, thus making the user aware of possible obligations (such as a button that causes a financial transaction).

Despite the required safety of GET requests, in practice they can cause changes on the server. For example, a Web server may use the retrieval through a simple hyperlink to initiate deletion of a domain database record, thus causing a change of the server's state as a side-effect of a GET request. This is discouraged, because it can cause problems for Web caching, search engines and other automated agents, which can make unintended changes on the server. Another case is that a GET request may cause the server to create a cache space.

[modifier]

Idempotent Methods and Web Applications

Methods PUT and DELETE are defined to be idempotent, meaning that multiple identical requests should have the same effect as a single request. Methods GET, HEAD, OPTIONS and TRACE, being safe, are inherently idempotent.

The RFC allows a user-agent, such as a browser to assume that any idempotent request can be retried without informing the user. This is done to improve the user experience when connecting to unresponsive or heavily-loaded web servers.

However, note that the idempotence is not assured by the protocol or web server. It is perfectly possible to write a web application in which (e.g.) a database insert or update is triggered by a GET request - this would be a very normal example of what the spec refers to as "a change in server state."

This misuse of GET can combine with the retry behavior above to produce erroneous transactions - and for this reason GET should be avoided for anything transactional - and used, as intended, for document retrieval only.

[modifier]

HTTP Versions

HTTP has evolved into multiple, mostly backwards-compatible protocol versions. RFC 2145 describes the use of HTTP version numbers. The client tells in the beginning of the request the version it uses, and the server uses the same or earlier version in the response.

0.9
Deprecated. Supports only one command, GET, which does not specify the HTTP version. Does not support headers. Since this version does not support POST, the client can't pass much information to the server.
HTTP/1.0 (May 1996)
This is the first protocol revision to specify its version in communications and is still in wide use, especially by proxy servers.
HTTP/1.1 (June 1999)<ref>

First release of HTTP/1.1 specification is dated January 1997 Modèle:Inet-note-ref</ref><ref> Latest release of HTTP/1.1 specification is dated June 1999 Modèle:Inet-note-ref</ref>

Current version; persistent connections enabled by default and works well with proxies. Also supports request pipelining, allowing multiple requests to be sent at the same time, allowing the server to prepare for the workload and potentially transfer the requested resources more quickly to the client.
HTTP/1.2
The initial 1995 working drafts of the document PEP — an Extension Mechanism for HTTP (which proposed the Protocol Extension Protocol, abbreviated PEP) were prepared by the World Wide Web Consortium and submitted to the Internet Engineering Task Force. PEP was originally intended to become a distinguishing feature of HTTP/1.2.<ref>[1] PEP: An Extension Mechanism for HTTP. Quote: "For experimental purposes, PEP-compatibility is equated with HTTP/1.2."</ref> In later PEP working drafts, however, the reference to HTTP/1.2 was removed. The experimental RFC 2774, HTTP Extension Framework, largely subsumed PEP. It was published in February 2000.
[modifier]

Status Codes

Modèle:See also In HTTP/1.0 and since, the first line of the HTTP response is called the status line and includes a numeric status code (such as "404") and a textual reason phrase (such as "Not Found"). The way the user agent handles the response primarily depends on the code and secondarily on the response headers. Custom status codes can be used since, if the user agent encounters a code it does not recognize, it can use the first digit of the code to determine the general class of the response.<ref>6.1 Status-Line</ref>

Also, the standard reason phrases are only recommendations and can be replaced with "local equivalents" at the web developer's discretion. If the status code indicated a problem, the user agent might display the reason phrase to the user to provide further information about the nature of the problem. The standard also allows the user agent to attempt to interpret the reason phrase, though this might be unwise since the standard explicitly specifies that status codes are machine-readable and reason phrases are human-readable.

[modifier]

Persistent Connections

Main article: HTTP persistent connections

In HTTP/0.9 and 1.0, the connection is closed after a single request/response pair. In HTTP/1.1 a keep-alive-mechanism was introduced, where a connection could be reused for more than one request.

Such persistent connections reduce lag perceptibly, because the client does not need to re-negotiate the TCP connection after the first request has been sent.

Version 1.1 of the protocol made bandwidth optimization improvements to HTTP/1.0. For example, HTTP/1.1 introduced chunked transfer encoding to allow content on persistent connections to be streamed, rather than buffered. HTTP pipelining further reduces lag time, allowing clients to send multiple requests before a previous response has been received to the first one. Another improvement to the protocol was byte serving, which is when a server transmits just the portion of a resource explicitly requested by a client.

[modifier]

HTTP session state

HTTP is a stateless protocol. The advantage of a stateless protocol is that hosts do not need to retain information about users between requests, but this forces web developers to use alternative methods for maintaining users' states. For example, when a host would like to customize content for a user while visiting a website, the web application must be written to track the user's progress from page to page. A common method for solving this problem involves sending and requesting cookies. Other methods include server side sessions, hidden variables (when current page is a form), and URL encoded parameters (such as /index.php?userid=3).

[modifier]

Secure HTTP

There are currently two methods of establishing a secure HTTP connection: the https URI scheme and the HTTP 1.1 Upgrade header, introduced by RFC 2817. Browser support for the Upgrade header is, however, nearly non-existent, hence the https URI scheme is still the dominant method of establishing a secure HTTP connection.

[modifier]

HTTPS URI Scheme

Main article: HTTPS

HTTPS: is a URI scheme syntactically identical to the http: scheme used for normal HTTP connections, but which signals the browser to use an added encryption layer of SSL/TLS to protect the traffic. SSL is especially suited for HTTP since it can provide some protection even if only one side of the communication is authenticated. In the case of HTTP transactions over the Internet, typically, only the server side is authenticated.

[modifier]

HTTP 1.1 Upgrade header

HTTP 1.1 introduced support for the Upgrade header. In the exchange, the client begins by making a clear-text request, which is later upgraded to TLS. Either the client or the server may request (or demand) that the connection be upgraded. The most common usage is a clear-text request by the client followed by a server demand to upgrade the connection, which looks like this:

Client: 

GET /encrypted-area HTTP/1.1
Host: www.example.com

Server: 

HTTP/1.1 426 Upgrade Required
Upgrade: TLS/1.0, HTTP/1.1
Connection: Upgrade

The server returns a 426 status-code because 400 level codes indicate a client failure (see List of HTTP status codes), which correctly alerts legacy clients that the failure was client-related.

The benefits of using this method for establishing a secure connection are:

  • that it removes messy and problematic redirection and URL rewriting on the server side,
  • it allows virtual hosting (single IP, multiple domain-names) of secured websites, and
  • it reduces user confusion by providing a single way to access a particular resource.

A weakness with this method is that the requirement for secure HTTP cannot be specified in the URI. In practice, the (untrusted) server will thus be responsible for enabling secure HTTP, not the (trusted) client.

[modifier]

Sample

Below is a sample conversation between an HTTP client and an HTTP server running on www.example.com, port 80.

Client request (followed by a blank line, so that request ends with a double newline, each in the form of a carriage return followed by a line feed): 

 GET /index.html HTTP/1.1
 Host: www.example.com

The "Host" header distinguishes between various DNS names sharing a single IP address, allowing name-based virtual hosting. While optional in HTTP/1.0, it is mandatory in HTTP/1.1.

Server response (followed by a blank line and text of the requested page): 

 HTTP/1.1 200 OK
 Date: Mon, 23 May 2005 22:38:34 GMT
 Server: Apache/1.3.27 (Unix)  (Red-Hat/Linux)
 Last-Modified: Wed, 08 Jan 2003 23:11:55 GMT
 Etag: "3f80f-1b6-3e1cb03b"
 Accept-Ranges: bytes
 Content-Length: 438
 Connection: close
 Content-Type: text/html; charset=UTF-8

The ETag (entity tag) header is used to determine if the URI cached is identical to the requested URI on the server. Content-Type specifies the Internet media type of the data conveyed by the http message, while Content-Length indicates its length in bytes. The HTTP/1.1 webserver publishes its ability to respond to requests for certain byte ranges of the document by setting the header Accept-Ranges: bytes. This is useful if the client needs to have only certain portions<ref>http://tools.ietf.org/html/draft-ietf-http-range-retrieval-00</ref> of a file sent by the server, which is called byte serving. When Connection: close is sent in a header, it means that the web server will close the TCP connection immediately after the transfer of this package.

[modifier]

See also

[modifier]

References

<references />
ar:HTTP

az:HTTP bn:হাইপার টেক্সট ট্রান্সফার প্রোটোকল bs:Hypertext Transfer Protocol bg:HTTP ca:Protocol de transferència d'hipertext cs:Hyper Text Transfer Protocol cy:HTTP da:HTTP de:Hypertext Transfer Protocol et:Hypertext Transfer Protocol el:Πρωτόκολλο Μεταφοράς Υπερκειμένου es:Hypertext Transfer Protocol eo:Hiperteksto-Transiga Protokolo eu:HTTP fa:HTTP fr:Hypertext Transfer Protocol ga:Prótacal Aistrithe Hipirtéacs gl:HTTP ko:HTTP hr:HTTP id:HTTP is:HTTP it:HTTP he:HyperText Transfer Protocol lv:HTTP lb:Hypertext Transfer Protocol lt:HTTP hu:HTTP ml:എച്ച്‌.ടി.ടി.പി. nl:Hypertext Transfer Protocol ja:Hypertext Transfer Protocol no:HTTP nn:Hypertext Transfer Protocol pl:Hypertext Transfer Protocol pt:HTTP ro:HTTP ru:HTTP sq:HTTP simple:Hypertext Transfer Protocol sk:Hypertext Transfer Protocol sl:HTTP sr:HTTP sh:HTTP fi:HTTP sv:HTTP tl:HTTP th:HyperText Transfer Protocol vi:Hypertext Transfer Protocol tr:HTTP uk:HTTP zh:超文本传输协议

Récupérée de « http://herveleblouch.free.fr/vev/index.php/Hypertext_Transfer_Protocol »