124 posts tagged “http”
2008
HTTP Cache Channels (via) Interesting extension to the HTTP caching model by Mark Nottingham: caches can be told to subscribe to an Atom feed which alerts them to cached data that has gone stale. Group invalidation is also supported.
2007
The backdooring of SquirrelMail. A SquirrelMail developer’s account was compromised and used to insert a backdoor: the other developers initially missed the hole because it used $_SERVER[’HTTP_BASE_PATH’], which can be set with a Base-Path: HTTP header.
Techniques for safely consuming external HTTP on demand? I asked this question on programming.reddit.com yesterday and got some really insightful answers, including Joe Stump from Digg describing how Digg Images uses Danga’s Gearman worker queue.
Two HTTP Caching Extensions. stale-while-revalidate serves cached content even while a refresh has been triggered and is currently being pulled in to the cache; stale-if-error serves cached content if a service has gone down.
A Taxonomy of Event- and REST-based Comet. Kris Zyp describes a conceptual model for Comet messages based on REST semantics (so you can send a PUT referencing a specific URI down to a client to represent an idempotent state change).
I think it is well established that HTTP Authentication needs a major kick in the ass and OpenID and OAuth may get us most of the way there. However, until I see RFC#s attached to both I'm hardly going to consider them to be complete. I propose the creation of an IETF WG on Identity and Authentication. The WG would be chartered to produce two RFCs covering each of the two areas. OpenID and OAuth could be used to seed the WG effort.
Orbited: The Orbit Event Daemon. HTTP daemon designed for long-lasting comet connections, written in Python using pyevent on top of libevent.
Django may be built for the Web, but CouchDB is built of the Web. I've never seen software that so completely embraces the philosophies behind HTTP. CouchDB makes Django look old-school in the same way that Django makes ASP look outdated.
Http-https transitions and relative URLs. Finally, a reason to use those weird protocol-relative URLs (//example.com/path and the like).
ETags, ETags, ETags. They’re no magic bullet.
Inline images are stored as data URI:s in the intermediate format (and usually also in the source documents), but since not all browsers support this format, the renderer replaces the data URI:s with HTTP pointers to an image cache directory.
YSlow. New extension for Firebug (yes, an extension on top of another extension) from the Yahoo! performance team which provides improved performance measurement tools and optimisation advice.
Does the idea of redefining the role of the Internet browser appeal to you? Do the terms HTTP, RSS, Microformats, and OpenID, excite you? If so, then this just might be the opportunity for you.
Return of the HTTP overhead delay. Christian proposes a neat way of improving page performance, by delaying non-essential images such as avatars until after the rest of the page has loaded.
The State of Proxy Caching. If you’ve always wondered exactly what intermediate proxies are going to do to your carefully constructed Web application, here’s your answer.
Reducing HTTP requests using make. Nice simple recipe for concatenating JavaScript in to one file using make—doesn’t do anything for cache-busting though.
Avoid IE Brokenness When using Vary and Attachments (via) Django middleware that works around a bug in IE where external applications fail to load content that was served with a Vary header.
The RADAR Architecture: RESTful Application, Dumb-Ass Recipient (via) Dave Thomas points out that REST expects smart clients, but browsers are dumb (only really support POST and GET). His suggested fix is to build a pure REST service and then drop in a server-side application proxy that sits between the browser and the REST backend.
The upshot is that HTTP does not have everything that REST indicates should be present, and there is the additional problem that while HTTP is the first, and best, implementation of REST, the two are not the same and yet are often confused.
Content delivery system design mistakes. Collection of tips for optimising Web server performance. Mentions lighttpd/nginx, Keep-Alive, expires headers, noatime and more.
2006
Don’t serve JSON as text/html. Another sneaky XSS trick.
2005
URIs, Addressability, and the use of HTTP GET and POST. A comprehensive, if slightly dry, overview of the issue.
Fighting RFCs with RFCs
Google’s recently released Web Accelerator apparently has some scary side-effects. It’s been spotted pre-loading links in password-protected applications, which can amount to clicking on every “delete this” link — bypassing even the JavaScript prompt you carefully added to give people the chance to think twice.
[... 353 words]2004
RFC 3229: Delta encoding in HTTP (via) A solution to the RSS bandwidth problem?
An Introduction to HTTP Fingerprinting (via) Identifying an HTTP server by probing its HTTP protocol support.
HTTP Caching & Cache-Busting for Content Publishers (via) I learnt a lot from this—especially the no-cookie domain stuff.
Curiosity is bliss: Video streaming over HTTP. VLC + DivX can jump to points in a file as well.
HTTP 101. What everyone should know about HTTP.
non-consensual http user tracking using caches. Interesting security issue involving HTTP caching headers
2003
The difference between POST and GET
How important is the ability to tell the difference between data sent by POST and data sent by GET (i.e in the query string) when developing web applications? Some web frameworks (such as PHP) provide separate mechanisms for accessing POST and GET data. Others (such as Python’s cgi module) provide a single interface to form information that doesn’t distinguish between the two. I already have a strong opinion on this but I’m going to leave it open for discussion here for a bit before weighing in.