auto commit

2018-02-28 15:50:25 +08:00
parent d5dda714db
commit db5a16d39d
17 changed files with 4686 additions and 4669 deletions
--- a/notes/HTTP.md
+++ b/notes/HTTP.md
@ -1,84 +1,85 @@
 <!-- GFM-TOC -->
-* [<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>](#<23><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>)
-    * [Web <EFBFBD><EFBFBD><EFBFBD><EFBFBD>](#web-<EFBFBD><EFBFBD><EFBFBD><EFBFBD>)
+* [基础概念](#基础概念)
+    * [Web 基础](#web-基础)
    * [URL](#url)
-    * [<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ӧ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>](#<23><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ӧ<EFBFBD><D3A6><EFBFBD><EFBFBD>)
-* [HTTP <EFBFBD><EFBFBD><EFBFBD><EFBFBD>](#http-<EFBFBD><EFBFBD><EFBFBD><EFBFBD>)
-    * [GET<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ȡ<EFBFBD><EFBFBD>Դ](#get<EFBFBD><EFBFBD>ȡ<EFBFBD><EFBFBD>Դ)
-    * [POST<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʵ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>](#post<73><74><EFBFBD><EFBFBD>ʵ<EFBFBD><CAB5><EFBFBD><EFBFBD><EFBFBD><EFBFBD>)
-    * [HEAD<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ȡ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ײ<EFBFBD>](#head<61><64>ȡ<EFBFBD><C8A1><EFBFBD><EFBFBD><EFBFBD>ײ<EFBFBD>)
-    * [PUT<EFBFBD><EFBFBD><EFBFBD>ϴ<EFBFBD><EFBFBD>ļ<EFBFBD>](#put<EFBFBD>ϴ<EFBFBD><EFBFBD>ļ<EFBFBD>)
-    * [DELETE<EFBFBD><EFBFBD>ɾ<EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD>](#deleteɾ<EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD>)
-    * [OPTIONS<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ѯ֧<EFBFBD>ֵķ<EFBFBD><EFBFBD><EFBFBD>](#options<EFBFBD><EFBFBD>ѯ֧<EFBFBD>ֵķ<EFBFBD><EFBFBD><EFBFBD>)
-    * [TRACE<EFBFBD><EFBFBD>׷<EFBFBD><EFBFBD>·<EFBFBD><EFBFBD>](#trace׷<EFBFBD><EFBFBD>·<EFBFBD><EFBFBD>)
-    * [CONNECT<EFBFBD><EFBFBD>Ҫ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Э<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ӵ<EFBFBD><EFBFBD><EFBFBD>](#connectҪ<74><D2AA><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Э<EFBFBD><D0AD><EFBFBD><EFBFBD><EFBFBD>Ӵ<EFBFBD><D3B4><EFBFBD>)
-* [HTTP ״̬<EFBFBD><EFBFBD>](#http-״̬<EFBFBD><EFBFBD>)
-    * [2XX <EFBFBD>ɹ<EFBFBD>](#2xx-<EFBFBD>ɹ<EFBFBD>)
-    * [3XX <EFBFBD>ض<EFBFBD><EFBFBD><EFBFBD>](#3xx-<EFBFBD>ض<EFBFBD><EFBFBD><EFBFBD>)
-    * [4XX <EFBFBD>ͻ<EFBFBD><EFBFBD>˴<EFBFBD><EFBFBD><EFBFBD>](#4xx-<EFBFBD>ͻ<EFBFBD><EFBFBD>˴<EFBFBD><EFBFBD><EFBFBD>)
-    * [5XX <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>](#5xx-<2D><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>)
-* [HTTP <EFBFBD>ײ<EFBFBD>](#http-<EFBFBD>ײ<EFBFBD>)
-    * [ͨ<EFBFBD><EFBFBD><EFBFBD>ײ<EFBFBD><EFBFBD>ֶ<EFBFBD>](#ͨ<><CDA8><EFBFBD>ײ<EFBFBD><D7B2>ֶ<EFBFBD>)
-    * [<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ײ<EFBFBD><EFBFBD>ֶ<EFBFBD>](#<23><><EFBFBD><EFBFBD><EFBFBD>ײ<EFBFBD><D7B2>ֶ<EFBFBD>)
-    * [<EFBFBD><EFBFBD>Ӧ<EFBFBD>ײ<EFBFBD><EFBFBD>ֶ<EFBFBD>](#<23><>Ӧ<EFBFBD>ײ<EFBFBD><D7B2>ֶ<EFBFBD>)
-    * [ʵ<EFBFBD><EFBFBD><EFBFBD>ײ<EFBFBD><EFBFBD>ֶ<EFBFBD>](#ʵ<><CAB5><EFBFBD>ײ<EFBFBD><D7B2>ֶ<EFBFBD>)
-* [<EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ӧ<EFBFBD><EFBFBD>](#<23><><EFBFBD><EFBFBD>Ӧ<EFBFBD><D3A6>)
+    * [请求和响应报文](#请求和响应报文)
+* [HTTP 方法](#http-方法)
+    * [GET：获取资源](#get获取资源)
+    * [POST：传输实体主体](#post传输实体主体)
+    * [HEAD：获取报文首部](#head获取报文首部)
+    * [PUT：上传文件](#put上传文件)
+    * [DELETE：删除文件](#delete删除文件)
+    * [OPTIONS：查询支持的方法](#options查询支持的方法)
+    * [TRACE：追踪路径](#trace追踪路径)
+    * [CONNECT：要求用隧道协议连接代理](#connect要求用隧道协议连接代理)
+* [HTTP 状态码](#http-状态码)
+    * [2XX 成功](#2xx-成功)
+    * [3XX 重定向](#3xx-重定向)
+    * [4XX 客户端错误](#4xx-客户端错误)
+    * [5XX 服务器错误](#5xx-服务器错误)
+* [HTTP 首部](#http-首部)
+    * [通用首部字段](#通用首部字段)
+    * [请求首部字段](#请求首部字段)
+    * [响应首部字段](#响应首部字段)
+    * [实体首部字段](#实体首部字段)
+* [具体应用](#具体应用)
    * [Cookie](#cookie)
-    * [<EFBFBD><EFBFBD><EFBFBD><EFBFBD>](#<EFBFBD><EFBFBD><EFBFBD><EFBFBD>)
-    * [<EFBFBD>־<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>](#<23>־<EFBFBD><D6BE><EFBFBD><EFBFBD><EFBFBD>)
-    * [<EFBFBD><EFBFBD><EFBFBD><EFBFBD>](#<EFBFBD><EFBFBD><EFBFBD><EFBFBD>)
-    * [<EFBFBD>ֿ鴫<EFBFBD><EFBFBD>](#<23>ֿ鴫<D6BF><E9B4AB>)
-    * [<EFBFBD>ಿ<EFBFBD>ֶ<EFBFBD><EFBFBD>󼯺<EFBFBD>](#<23>ಿ<EFBFBD>ֶ<EFBFBD><D6B6>󼯺<EFBFBD>)
-    * [<EFBFBD><EFBFBD>Χ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>](#<23><>Χ<EFBFBD><CEA7><EFBFBD><EFBFBD>)
-    * [<EFBFBD><EFBFBD><EFBFBD><EFBFBD>Э<EFBFBD><EFBFBD>](#<23><><EFBFBD><EFBFBD>Э<EFBFBD><D0AD>)
-    * [<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>](#<23><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>)
-    * [ͨ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ת<EFBFBD><EFBFBD>](#ͨ<><CDA8><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ת<EFBFBD><D7AA>)
+    * [缓存](#缓存)
+    * [持久连接](#持久连接)
+    * [编码](#编码)
+    * [分块传输](#分块传输)
+    * [多部分对象集合](#多部分对象集合)
+    * [范围请求](#范围请求)
+    * [内容协商](#内容协商)
+    * [虚拟主机](#虚拟主机)
+    * [通信数据转发](#通信数据转发)
 * [HTTPs](#https)
-    * [<EFBFBD><EFBFBD><EFBFBD><EFBFBD>](#<EFBFBD><EFBFBD><EFBFBD><EFBFBD>)
-    * [<EFBFBD><EFBFBD>֤](#<EFBFBD><EFBFBD>֤)
-    * [<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>](#<23><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>)
-* [HTTP/1.0 <EFBFBD><EFBFBD> HTTP/1.1 <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>](#http10-<EFBFBD><EFBFBD>-http11-<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>)
+    * [加密](#加密)
+    * [认证](#认证)
+    * [完整性](#完整性)
+* [HTTP/1.0 与 HTTP/1.1 的区别](#http10-与-http11-的区别)
 <!-- GFM-TOC -->

-# <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>

-## Web <20><><EFBFBD><EFBFBD>
+# 基础概念

- HTTP<54><50>HyperText Transfer Protocol<6F><6C><EFBFBD><EFBFBD>Ϊ<EFBFBD><CEAA><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Э<EFBFBD>飩<EFBFBD><E9A3A9>
- WWW<57><57>Word Wide Web<65><62><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ּ<EFBFBD><D6BC><EFBFBD><EFBFBD><EFBFBD>HTML<4D><4C>HTTP<54><50>URL<52><4C>
- RFC<EFBFBD><EFBFBD>Request for Comments<74><73><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>飩<EFBFBD><E9A3A9><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ĵ<EFBFBD><C4B5><EFBFBD>
+## Web 基础
+
+- HTTP（HyperText Transfer Protocol，超为本传输协议）。
+- WWW（Word Wide Web）的三种技术：HTML、HTTP、URL。
+- RFC（Request for Comments，征求修正意见书），互联网的设计文档。

 ## URL

- URI<EFBFBD><EFBFBD>Uniform Resource Indentifier<EFBFBD><EFBFBD>ͳһ<EFBFBD><EFBFBD>Դ<EFBFBD><EFBFBD>ʶ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>
- URL<EFBFBD><EFBFBD>Uniform Resource Locator<EFBFBD><EFBFBD>ͳһ<EFBFBD><EFBFBD>Դ<EFBFBD><EFBFBD>λ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>
- URN<EFBFBD><EFBFBD>Uniform Resource Name<EFBFBD><EFBFBD>ͳһ<EFBFBD><EFBFBD>Դ<EFBFBD><EFBFBD><EFBFBD>ƣ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> urn:isbn:0-486-27557-4 <EFBFBD><EFBFBD>
+- URI（Uniform Resource Indentifier，统一资源标识符）
+- URL（Uniform Resource Locator，统一资源定位符）
+- URN（Uniform Resource Name，统一资源名称），例如 urn:isbn:0-486-27557-4 。

-URI <EFBFBD><EFBFBD><EFBFBD><EFBFBD> URL <EFBFBD><EFBFBD> URN<EFBFBD><EFBFBD>Ŀǰ WEB ֻ<EFBFBD><EFBFBD> URL <EFBFBD>Ƚ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>У<EFBFBD><EFBFBD><EFBFBD><EFBFBD>Լ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ļ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> URL<EFBFBD><EFBFBD>
+URI 包含 URL 和 URN，目前 WEB 只有 URL 比较流行，所以见到的基本都是 URL。

-![](https://github.com/CyC2018/InterviewNotes/blob/master/pics/4102b7d0-39b9-48d8-82ae-ac4addb7ebfb.jpg)
+![](https://github.com/CyC2018/InterviewNotes/blob/master/pics//4102b7d0-39b9-48d8-82ae-ac4addb7ebfb.jpg)

-## <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ӧ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>
+## 请求和响应报文

-**<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>**
+**请求报文**

-![](https://github.com/CyC2018/InterviewNotes/blob/master/pics/9dbb5fc2-936b-4c6d-b3a7-9617aae45080.jpg)
+![](https://github.com/CyC2018/InterviewNotes/blob/master/pics//9dbb5fc2-936b-4c6d-b3a7-9617aae45080.jpg)

-**<EFBFBD><EFBFBD>Ӧ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>**
+**响应报文**

-![](https://github.com/CyC2018/InterviewNotes/blob/master/pics/c634b5ed-a14b-4302-b40e-3ee387dd3c8a.jpg)
+![](https://github.com/CyC2018/InterviewNotes/blob/master/pics//c634b5ed-a14b-4302-b40e-3ee387dd3c8a.jpg)

-# HTTP <EFBFBD><EFBFBD><EFBFBD><EFBFBD>
+# HTTP 方法

-<EFBFBD>ͻ<EFBFBD><EFBFBD>˷<EFBFBD><EFBFBD>͵<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ĵ<EFBFBD>һ<EFBFBD><EFBFBD>Ϊ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>У<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>˷<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ֶΡ<EFBFBD>
+客户端发送的请求报文第一行为请求行，包含了方法字段。

-## GET<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ȡ<EFBFBD><EFBFBD>Դ
+## GET：获取资源

-## POST<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʵ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
+## POST：传输实体主体

-POST <EFBFBD><EFBFBD>ҪĿ<EFBFBD>Ĳ<EFBFBD><EFBFBD>ǻ<EFBFBD>ȡ<EFBFBD><EFBFBD>Դ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ǵ<EFBFBD><EFBFBD><EFBFBD>ʵ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݡ<EFBFBD>
+POST 主要目的不是获取资源，而是传输实体主体数据。

-GET <EFBFBD><EFBFBD> POST <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʹ<EFBFBD>ö<EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ĳ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> GET <20>Ĳ<EFBFBD><C4B2><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Բ<EFBFBD>ѯ<EFBFBD>ַ<EFBFBD><D6B7><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> URL<52>У<EFBFBD><D0A3><EFBFBD> POST <20>Ĳ<EFBFBD><C4B2><EFBFBD><EFBFBD>洢<EFBFBD><E6B4A2>ʵ<EFBFBD><CAB5><EFBFBD><EFBFBD><EFBFBD>岿<EFBFBD>֡<EFBFBD>
+GET 和 POST 的请求都能使用额外的参数，但是 GET 的参数是以查询字符串出现在 URL中，而 POST 的参数存储在实体主体部分。

 ```
 GET /test/demo_form.asp?name1=value1&name2=value2 HTTP/1.1
@ -89,318 +90,318 @@ Host: w3schools.com
 name1=value1&name2=value2
 ```

-GET <EFBFBD>Ĵ<EFBFBD><EFBFBD>η<EFBFBD>ʽ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> POST <20><>ȫ<EFBFBD>Խϲ<CFB2><EEA3AC>Ϊ GET <20><><EFBFBD>Ĳ<EFBFBD><C4B2><EFBFBD><EFBFBD><EFBFBD> URL <20>ǿɼ<C7BF><C9BC>ģ<EFBFBD><C4A3><EFBFBD><EFBFBD>ܻ<EFBFBD>й¶˽<C2B6><CBBD><EFBFBD><EFBFBD>Ϣ<EFBFBD><CFA2><EFBFBD><EFBFBD><EFBFBD><EFBFBD> GET ֻ֧<EFBFBD><EFBFBD> ASCII <EFBFBD>ַ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϊ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ܻ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>룬<EFBFBD><EFBFBD> POST ֧<>ֱ<EFBFBD>׼<EFBFBD>ַ<EFBFBD><D6B7><EFBFBD><EFBFBD><EFBFBD>
+GET 的传参方式相比于 POST 安全性较差，因为 GET 传的参数在 URL 是可见的，可能会泄露私密信息。并且 GET 只支持 ASCII 字符，如果参数为中文则可能会出现乱码，而 POST 支持标准字符集。

-## HEAD<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ȡ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ײ<EFBFBD>
+## HEAD：获取报文首部

-<EFBFBD><EFBFBD> GET <EFBFBD><EFBFBD><EFBFBD><EFBFBD>һ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ǲ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ر<EFBFBD><EFBFBD><EFBFBD>ʵ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>岿<EFBFBD>֡<EFBFBD>
+和 GET 方法一样，但是不返回报文实体主体部分。

-<EFBFBD><EFBFBD>Ҫ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ȷ<EFBFBD><EFBFBD> URL <20><><EFBFBD><EFBFBD>Ч<EFBFBD><D0A7><EFBFBD>Լ<EFBFBD><D4BC><EFBFBD>Դ<EFBFBD><D4B4><EFBFBD>µ<EFBFBD><C2B5><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1><EFBFBD>ȡ<EFBFBD>
+主要用于确认 URL 的有效性以及资源更新的日期时间等。

-## PUT<EFBFBD><EFBFBD><EFBFBD>ϴ<EFBFBD><EFBFBD>ļ<EFBFBD>
+## PUT：上传文件

-<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>֤<EFBFBD><EFBFBD><EFBFBD>ƣ<EFBFBD><EFBFBD>κ<EFBFBD><EFBFBD>˶<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ϴ<EFBFBD><EFBFBD>ļ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>˴<EFBFBD><EFBFBD>ڰ<EFBFBD>ȫ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>⣬һ<EFBFBD><EFBFBD> WEB <20><>վ<EFBFBD><D5BE>ʹ<EFBFBD>ø÷<C3B8><C3B7><EFBFBD><EFBFBD><EFBFBD>
+由于自身不带验证机制，任何人都可以上传文件，因此存在安全性问题，一般 WEB 网站不使用该方法。

-## DELETE<EFBFBD><EFBFBD>ɾ<EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD>
+## DELETE：删除文件

-<EFBFBD><EFBFBD> PUT <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>෴<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ͬ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>֤<EFBFBD><EFBFBD><EFBFBD>ơ<EFBFBD>
+与 PUT 功能相反，并且同样不带验证机制。

-## OPTIONS<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ѯ֧<EFBFBD>ֵķ<EFBFBD><EFBFBD><EFBFBD>
+## OPTIONS：查询支持的方法

-<EFBFBD><EFBFBD>ѯָ<EFBFBD><EFBFBD><EFBFBD><EFBFBD> URL <20>ܹ<EFBFBD>֧<EFBFBD>ֵķ<D6B5><C4B7><EFBFBD><EFBFBD><EFBFBD>
+查询指定的 URL 能够支持的方法。

-<EFBFBD>᷵<EFBFBD><EFBFBD> Allow: GET, POST, HEAD, OPTIONS <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݡ<EFBFBD>
+会返回 Allow: GET, POST, HEAD, OPTIONS 这样的内容。

-## TRACE<EFBFBD><EFBFBD>׷<EFBFBD><EFBFBD>·<EFBFBD><EFBFBD>
+## TRACE：追踪路径

-<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ὣͨ<EFBFBD><EFBFBD>·<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ظ<EFBFBD><EFBFBD>ͻ<EFBFBD><EFBFBD>ˡ<EFBFBD>
+服务器会将通信路径返回给客户端。

-<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><EFBFBD><EFBFBD><EFBFBD> Max-Forwards <EFBFBD>ײ<EFBFBD><EFBFBD>ֶ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ֵ<EFBFBD><EFBFBD>ÿ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>һ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ͻ<EFBFBD><EFBFBD><EFBFBD> 1<><31><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ֵΪ 0 ʱ<><CAB1>ֹͣ<CDA3><D6B9><EFBFBD>䡣
+发送请求时，在 Max-Forwards 首部字段中填入数值，每经过一个服务器就会减 1，当数值为 0 时就停止传输。

-TRACE һ<EFBFBD>㲻<EFBFBD><EFBFBD>ʹ<EFBFBD>ã<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ܵ<EFBFBD> XST <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Cross-Site Tracing<6E><67><EFBFBD><EFBFBD>վ׷<D5BE>٣<EFBFBD><D9A3><EFBFBD><EFBFBD><EFBFBD><EFBFBD>˸<EFBFBD><CBB8><EFBFBD><EFBFBD><EFBFBD>ȥʹ<C8A5><CAB9><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
+TRACE 一般不会使用，并且它容易受到 XST 攻击（Cross-Site Tracing，跨站追踪），因此更不会去使用它。

-![](https://github.com/CyC2018/InterviewNotes/blob/master/pics/ca711108-e937-4d7d-99aa-61b325c61f1a.jpg)
+![](https://github.com/CyC2018/InterviewNotes/blob/master/pics//ca711108-e937-4d7d-99aa-61b325c61f1a.jpg)

-## CONNECT<EFBFBD><EFBFBD>Ҫ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Э<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ӵ<EFBFBD><EFBFBD><EFBFBD>
+## CONNECT：要求用隧道协议连接代理

-<EFBFBD><EFBFBD>Ҫʹ<EFBFBD><EFBFBD> SSL<EFBFBD><EFBFBD>Secure Sokets Layer<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ȫ<EFBFBD>׽<EFBFBD><EFBFBD>֣<EFBFBD><EFBFBD><EFBFBD> TLS<EFBFBD><EFBFBD>Transport Layer Security<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>㰲ȫ<EFBFBD><EFBFBD>Э<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ͨ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݼ<EFBFBD><EFBFBD>ܺ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>䡣
+主要使用 SSL（Secure Sokets Layer，安全套接字）和 TLS（Transport Layer Security，传输层安全）协议把通信内容加密后经网络隧道传输。

-![](https://github.com/CyC2018/InterviewNotes/blob/master/pics/d8355d56-aa2b-4452-8001-8475cc095af1.jpg)
+![](https://github.com/CyC2018/InterviewNotes/blob/master/pics//d8355d56-aa2b-4452-8001-8475cc095af1.jpg)

-# HTTP ״̬<EFBFBD><EFBFBD>
+# HTTP 状态码

-<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ص<EFBFBD><EFBFBD><EFBFBD>Ӧ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>е<EFBFBD>һ<EFBFBD><EFBFBD>Ϊ״̬<EFBFBD>У<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>״̬<EFBFBD><EFBFBD><EFBFBD>Լ<EFBFBD>ԭ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>֪<EFBFBD>ͻ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ľ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
+服务器返回的响应报文中第一行为状态行，包含了状态码以及原因短语，来告知客户端请求的结果。

-| ״̬<EFBFBD><EFBFBD> | <20><><EFBFBD><EFBFBD> | ԭ<><D4AD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> |
+| 状态码 | 类别 | 原因短语 |
 | --- | --- | --- |
-| 1XX | Informational<EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ<EFBFBD><EFBFBD>״̬<EFBFBD>룩 | <20><><EFBFBD>յ<EFBFBD><D5B5><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ڴ<EFBFBD><DAB4><EFBFBD> |
-| 2XX | Success<EFBFBD><EFBFBD><EFBFBD>ɹ<EFBFBD>״̬<EFBFBD>룩 | <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> |
-| 3XX | Redirection<EFBFBD><EFBFBD><EFBFBD>ض<EFBFBD><EFBFBD><EFBFBD>״̬<EFBFBD>룩 | <20><>Ҫ<EFBFBD><D2AA><EFBFBD>и<EFBFBD><D0B8>Ӳ<EFBFBD><D3B2><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> |
-| 4XX | Client Error<EFBFBD><EFBFBD><EFBFBD>ͻ<EFBFBD><EFBFBD>˴<EFBFBD><EFBFBD><EFBFBD>״̬<EFBFBD>룩 | <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>޷<EFBFBD><DEB7><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> |
-| 5XX | Server Error<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>״̬<EFBFBD>룩 | <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> |
+| 1XX | Informational（信息性状态码） | 接收的请求正在处理 |
+| 2XX | Success（成功状态码） | 请求正常处理完毕 |
+| 3XX | Redirection（重定向状态码） | 需要进行附加操作以完成请求 |
+| 4XX | Client Error（客户端错误状态码） | 服务器无法处理请求 |
+| 5XX | Server Error（服务器错误状态码） | 服务器处理请求出错 |

-## 2XX <EFBFBD>ɹ<EFBFBD>
+## 2XX 成功

 - **200 OK**

- **204 No Content**<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ѿ<EFBFBD><EFBFBD>ɹ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ƿ<EFBFBD><EFBFBD>ص<EFBFBD><EFBFBD><EFBFBD>Ӧ<EFBFBD><EFBFBD><EFBFBD>Ĳ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʵ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>岿<EFBFBD>֡<EFBFBD>һ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ֻ<EFBFBD><EFBFBD>Ҫ<EFBFBD>ӿͻ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ҫ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱʹ<EFBFBD>á<EFBFBD>
+- **204 No Content**：请求已经成功处理，但是返回的响应报文不包含实体的主体部分。一般在只需要从客户端往服务器发送信息，而不需要返回数据时使用。

 - **206 Partial Content**

-## 3XX <EFBFBD>ض<EFBFBD><EFBFBD><EFBFBD>
+## 3XX 重定向

- **301 Moved Permanently**<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ض<EFBFBD><EFBFBD><EFBFBD>
+- **301 Moved Permanently**：永久性重定向

- **302 Found**<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><EFBFBD><EFBFBD>ض<EFBFBD><EFBFBD><EFBFBD>
+- **302 Found**：临时性重定向

 - **303 See Other**

- ע<EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ȼ HTTP Э<EFBFBD><EFBFBD><EFBFBD>涨 301<EFBFBD><EFBFBD>302 ״̬<EFBFBD><EFBFBD><EFBFBD>ض<EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> POST <20><><EFBFBD><EFBFBD><EFBFBD>ĳ<EFBFBD> GET <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ǵ<EFBFBD><C7B4><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> 301<EFBFBD><EFBFBD>302 <EFBFBD><EFBFBD> 303 ״̬<EFBFBD>µ<EFBFBD><EFBFBD>ض<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> POST <20><><EFBFBD><EFBFBD><EFBFBD>ĳ<EFBFBD> GET <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
+- 注：虽然 HTTP 协议规定 301、302 状态下重定向时不允许把 POST 方法改成 GET 方法，但是大多数浏览器都会 在 301、302 和 303 状态下的重定向把 POST 方法改成 GET 方法。

- **304 Not Modified**<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ײ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>һЩ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>磺If-Match<EFBFBD><EFBFBD>If-ModifiedSince<EFBFBD><EFBFBD>If-None-Match<EFBFBD><EFBFBD>If-Range<EFBFBD><EFBFBD>If-Unmodified-Since<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ǲ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>᷵<EFBFBD><EFBFBD> 304 ״̬<EFBFBD>롣
+- **304 Not Modified**：如果请求报文首部包含一些条件，例如：If-Match，If-ModifiedSince，If-None-Match，If-Range，If-Unmodified-Since，但是不满足条件，则服务器会返回 304 状态码。

- **307 Temporary Redirect**<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD>ض<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 302 <20>ĺ<EFBFBD><C4BA><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ƣ<EFBFBD><C6A3><EFBFBD><EFBFBD><EFBFBD> 307 Ҫ<><D2AA><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ض<EFBFBD><D8B6><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> POST <20><><EFBFBD><EFBFBD><EFBFBD>ĳ<EFBFBD> GET <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
+- **307 Temporary Redirect**：临时重定向，与 302 的含义类似，但是 307 要求浏览器不会把重定向请求的 POST 方法改成 GET 方法。

-## 4XX <EFBFBD>ͻ<EFBFBD><EFBFBD>˴<EFBFBD><EFBFBD><EFBFBD>
+## 4XX 客户端错误

- **400 Bad Request**<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>д<EFBFBD><EFBFBD><EFBFBD><EFBFBD>﷨<EFBFBD><EFBFBD><EFBFBD><EFBFBD>
+- **400 Bad Request**：请求报文中存在语法错误

- **401 Unauthorized**<EFBFBD><EFBFBD><EFBFBD><EFBFBD>״̬<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʾ<EFBFBD><EFBFBD><EFBFBD>͵<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ҫ<EFBFBD><EFBFBD>ͨ<EFBFBD><EFBFBD> HTTP <EFBFBD><EFBFBD>֤<EFBFBD><EFBFBD>BASIC <EFBFBD><EFBFBD>֤<EFBFBD><EFBFBD>DIGEST <EFBFBD><EFBFBD>֤<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>֤<EFBFBD><EFBFBD>Ϣ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>֮ǰ<EFBFBD>ѽ<EFBFBD><EFBFBD>й<EFBFBD>һ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʾ<EFBFBD>û<EFBFBD><EFBFBD><EFBFBD>֤ʧ<EFBFBD>ܡ<EFBFBD>
+- **401 Unauthorized**：该状态码表示发送的请求需要有通过 HTTP 认证（BASIC 认证、DIGEST 认证）的认证信息。如果之前已进行过一次请求，则表示用户认证失败。

-![](https://github.com/CyC2018/InterviewNotes/blob/master/pics/b1b4cf7d-c54a-4ff1-9741-cd2eea331123.jpg)
+![](https://github.com/CyC2018/InterviewNotes/blob/master/pics//b1b4cf7d-c54a-4ff1-9741-cd2eea331123.jpg)

- **403 Forbidden**<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>󱻾ܾ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>û<EFBFBD>б<EFBFBD>Ҫ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ܾ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ϸ<EFBFBD><EFBFBD><EFBFBD>ɡ<EFBFBD>
+- **403 Forbidden**：请求被拒绝，服务器端没有必要给出拒绝的详细理由。

 - **404 Not Found**

-## 5XX <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
+## 5XX 服务器错误

- **500 Internal Server Error**<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ִ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
+- **500 Internal Server Error**：服务器正在执行请求时发生错误

- **503 Service Unavilable**<EFBFBD><EFBFBD><EFBFBD><EFBFBD>״̬<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><EFBFBD><EFBFBD>ڳ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ػ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ڽ<EFBFBD><EFBFBD><EFBFBD>ͣ<EFBFBD><EFBFBD>ά<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>޷<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
+- **503 Service Unavilable**：该状态码表明服务器暂时处于超负载或正在进行停机维护，现在无法处理请求。

-# HTTP <EFBFBD>ײ<EFBFBD>
+# HTTP 首部

-<EFBFBD><EFBFBD> 4 <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>͵<EFBFBD><EFBFBD>ײ<EFBFBD><EFBFBD>ֶΣ<EFBFBD>ͨ<EFBFBD><EFBFBD><EFBFBD>ײ<EFBFBD><EFBFBD>ֶΡ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ײ<EFBFBD><EFBFBD>ֶΡ<EFBFBD><EFBFBD><EFBFBD>Ӧ<EFBFBD>ײ<EFBFBD><EFBFBD>ֶκ<EFBFBD>ʵ<EFBFBD><EFBFBD><EFBFBD>ײ<EFBFBD><EFBFBD>ֶΡ<EFBFBD>
+有 4 种类型的首部字段：通用首部字段、请求首部字段、响应首部字段和实体首部字段。

-<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ײ<EFBFBD><EFBFBD>ֶμ<EFBFBD><EFBFBD>京<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>£<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ҫȫ<EFBFBD>ǣ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ģ<EFBFBD><EFBFBD><EFBFBD>
+各种首部字段及其含义如下（不需要全记，仅供查阅）：

-## ͨ<EFBFBD><EFBFBD><EFBFBD>ײ<EFBFBD><EFBFBD>ֶ<EFBFBD>
+## 通用首部字段

-| <EFBFBD>ײ<EFBFBD><EFBFBD>ֶ<EFBFBD><EFBFBD><EFBFBD> | ˵<><CBB5> |
+| 首部字段名 | 说明 |
 | -- | -- |
-| Cache-Control | <EFBFBD><EFBFBD><EFBFBD>ƻ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϊ |
-| Connection | <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ײ<EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD>ӵĹ<D3B5><C4B9><EFBFBD> |
-| Date | <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ĵ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><EFBFBD> |
-| Pragma | <EFBFBD><EFBFBD><EFBFBD><EFBFBD>ָ<EFBFBD><EFBFBD> |
-| Trailer | <EFBFBD><EFBFBD><EFBFBD><EFBFBD>ĩ<EFBFBD>˵<EFBFBD><EFBFBD>ײ<EFBFBD>һ<EFBFBD><EFBFBD> |
-| Transfer-Encoding | ָ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ĵ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>뷽ʽ |
-| Upgrade | <EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϊ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>Э<EFBFBD><EFBFBD> |
-| Via | <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ |
-| Warning | <EFBFBD><EFBFBD><EFBFBD><EFBFBD>֪ͨ |
+| Cache-Control | 控制缓存的行为 |
+| Connection | 逐跳首部、 连接的管理 |
+| Date | 创建报文的日期时间 |
+| Pragma | 报文指令 |
+| Trailer | 报文末端的首部一览 |
+| Transfer-Encoding | 指定报文主体的传输编码方式 |
+| Upgrade | 升级为其他协议 |
+| Via | 代理服务器的相关信息 |
+| Warning | 错误通知 |

-## <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ײ<EFBFBD><EFBFBD>ֶ<EFBFBD>
+## 请求首部字段

-| <EFBFBD>ײ<EFBFBD><EFBFBD>ֶ<EFBFBD><EFBFBD><EFBFBD> | ˵<><CBB5> |
+| 首部字段名 | 说明 |
 | -- | -- |
-| Accept | <EFBFBD>û<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɴ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ý<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> |
-| Accept-Charset | <EFBFBD><EFBFBD><EFBFBD>ȵ<EFBFBD><EFBFBD>ַ<EFBFBD><EFBFBD><EFBFBD> |
-| Accept-Encoding | <EFBFBD><EFBFBD><EFBFBD>ȵ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݱ<EFBFBD><EFBFBD><EFBFBD> |
-| Accept-Language | <EFBFBD><EFBFBD><EFBFBD>ȵ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ԣ<EFBFBD><EFBFBD><EFBFBD>Ȼ<EFBFBD><EFBFBD><EFBFBD>ԣ<EFBFBD> |
-| Authorization | Web<EFBFBD><EFBFBD>֤<EFBFBD><EFBFBD>Ϣ |
-| Expect | <EFBFBD>ڴ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ض<EFBFBD><EFBFBD><EFBFBD>Ϊ |
-| From | <EFBFBD>û<EFBFBD><EFBFBD>ĵ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ַ |
-| Host | <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Դ<EFBFBD><EFBFBD><EFBFBD>ڷ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> |
-| If-Match | <EFBFBD>Ƚ<EFBFBD>ʵ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ǣ<EFBFBD>ETag<EFBFBD><EFBFBD> |
-| If-Modified-Since | <EFBFBD>Ƚ<EFBFBD><EFBFBD><EFBFBD>Դ<EFBFBD>ĸ<EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><EFBFBD> |
-| If-None-Match | <EFBFBD>Ƚ<EFBFBD>ʵ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ǣ<EFBFBD><EFBFBD><EFBFBD> If-Match <EFBFBD>෴<EFBFBD><EFBFBD> |
-| If-Range | <EFBFBD><EFBFBD>Դδ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʵ<EFBFBD><EFBFBD> Byte <20>ķ<EFBFBD>Χ<EFBFBD><CEA7><EFBFBD><EFBFBD> |
-| If-Unmodified-Since | <EFBFBD>Ƚ<EFBFBD><EFBFBD><EFBFBD>Դ<EFBFBD>ĸ<EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD>䣨<EFBFBD><EFBFBD>If-Modified-Since<EFBFBD>෴<EFBFBD><EFBFBD> |
-| Max-Forwards | <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> |
-| Proxy-Authorization | <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ҫ<EFBFBD><EFBFBD><EFBFBD>ͻ<EFBFBD><EFBFBD>˵<EFBFBD><EFBFBD><EFBFBD>֤<EFBFBD><EFBFBD>Ϣ |
-| Range | ʵ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ֽڷ<EFBFBD>Χ<EFBFBD><EFBFBD><EFBFBD><EFBFBD> |
-| Referer | <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> URI <20><>ԭʼ<D4AD><CABC>ȡ<EFBFBD><C8A1> |
-| TE | <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ȼ<EFBFBD> |
-| User-Agent | HTTP <EFBFBD>ͻ<EFBFBD><EFBFBD>˳<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ |
+| Accept | 用户代理可处理的媒体类型 |
+| Accept-Charset | 优先的字符集 |
+| Accept-Encoding | 优先的内容编码 |
+| Accept-Language | 优先的语言（自然语言） |
+| Authorization | Web认证信息 |
+| Expect | 期待服务器的特定行为 |
+| From | 用户的电子邮箱地址 |
+| Host | 请求资源所在服务器 |
+| If-Match | 比较实体标记（ETag） |
+| If-Modified-Since | 比较资源的更新时间 |
+| If-None-Match | 比较实体标记（与 If-Match 相反） |
+| If-Range | 资源未更新时发送实体 Byte 的范围请求 |
+| If-Unmodified-Since | 比较资源的更新时间（与If-Modified-Since相反） |
+| Max-Forwards | 最大传输逐跳数 |
+| Proxy-Authorization | 代理服务器要求客户端的认证信息 |
+| Range | 实体的字节范围请求 |
+| Referer | 对请求中 URI 的原始获取方 |
+| TE | 传输编码的优先级 |
+| User-Agent | HTTP 客户端程序的信息 |

-## <EFBFBD><EFBFBD>Ӧ<EFBFBD>ײ<EFBFBD><EFBFBD>ֶ<EFBFBD>
+## 响应首部字段

-| <EFBFBD>ײ<EFBFBD><EFBFBD>ֶ<EFBFBD><EFBFBD><EFBFBD> | ˵<><CBB5> |
+| 首部字段名 | 说明 |
 | -- | -- |
-| Accept-Ranges | <EFBFBD>Ƿ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ֽڷ<EFBFBD>Χ<EFBFBD><EFBFBD><EFBFBD><EFBFBD> |
-| Age | <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Դ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><EFBFBD> |
-| ETag | <EFBFBD><EFBFBD>Դ<EFBFBD><EFBFBD>ƥ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ |
-| Location | <EFBFBD><EFBFBD><EFBFBD>ͻ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ض<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ָ<EFBFBD><EFBFBD>URI |
-| Proxy-Authenticate | <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Կͻ<EFBFBD><EFBFBD>˵<EFBFBD><EFBFBD><EFBFBD>֤<EFBFBD><EFBFBD>Ϣ |
-| Retry-After | <EFBFBD><EFBFBD><EFBFBD>ٴη<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><EFBFBD>Ҫ<EFBFBD><EFBFBD> |
-| Server | HTTP<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>İ<EFBFBD>װ<EFBFBD><EFBFBD>Ϣ |
-| Vary | <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ĺ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ |
-| WWW-Authenticate | <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Կͻ<EFBFBD><EFBFBD>˵<EFBFBD><EFBFBD><EFBFBD>֤<EFBFBD><EFBFBD>Ϣ |
+| Accept-Ranges | 是否接受字节范围请求 |
+| Age | 推算资源创建经过时间 |
+| ETag | 资源的匹配信息 |
+| Location | 令客户端重定向至指定URI |
+| Proxy-Authenticate | 代理服务器对客户端的认证信息 |
+| Retry-After | 对再次发起请求的时机要求 |
+| Server | HTTP服务器的安装信息 |
+| Vary | 代理服务器缓存的管理信息 |
+| WWW-Authenticate | 服务器对客户端的认证信息 |

-## ʵ<EFBFBD><EFBFBD><EFBFBD>ײ<EFBFBD><EFBFBD>ֶ<EFBFBD>
+## 实体首部字段

-| <EFBFBD>ײ<EFBFBD><EFBFBD>ֶ<EFBFBD><EFBFBD><EFBFBD> | ˵<><CBB5> |
+| 首部字段名 | 说明 |
 | -- | -- |
-| Allow | <EFBFBD><EFBFBD>Դ<EFBFBD><EFBFBD>֧<EFBFBD>ֵ<EFBFBD>HTTP<EFBFBD><EFBFBD><EFBFBD><EFBFBD> |
-| Content-Encoding | ʵ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>õı<EFBFBD><EFBFBD>뷽ʽ |
-| Content-Language | ʵ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ȼ<EFBFBD><EFBFBD><EFBFBD><EFBFBD> |
-| Content-Length | ʵ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ĵ<EFBFBD>С<EFBFBD><EFBFBD><EFBFBD><EFBFBD>λ<EFBFBD><EFBFBD> <20>ֽڣ<D6BD> |
-| Content-Location | <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ӧ<EFBFBD><EFBFBD>Դ<EFBFBD><EFBFBD>URI |
-| Content-MD5 | ʵ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ı<EFBFBD><EFBFBD><EFBFBD>ժҪ |
-| Content-Range | ʵ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>λ<EFBFBD>÷<EFBFBD>Χ |
-| Content-Type | ʵ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ý<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> |
-| Expires | ʵ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ڵ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><EFBFBD> |
-| Last-Modified | <EFBFBD><EFBFBD>Դ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>޸<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><EFBFBD> |
+| Allow | 资源可支持的HTTP方法 |
+| Content-Encoding | 实体主体适用的编码方式 |
+| Content-Language | 实体主体的自然语言 |
+| Content-Length | 实体主体的大小（单位： 字节） |
+| Content-Location | 替代对应资源的URI |
+| Content-MD5 | 实体主体的报文摘要 |
+| Content-Range | 实体主体的位置范围 |
+| Content-Type | 实体主体的媒体类型 |
+| Expires | 实体主体过期的日期时间 |
+| Last-Modified | 资源的最后修改日期时间 |

-# <EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ӧ<EFBFBD><EFBFBD>
+# 具体应用

 ## Cookie

-HTTP Э<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>״̬<EFBFBD>ģ<EFBFBD><EFBFBD><EFBFBD>Ҫ<EFBFBD><EFBFBD>Ϊ<EFBFBD><EFBFBD><EFBFBD><EFBFBD> HTTP Э<>龡<EFBFBD><E9BEA1><EFBFBD>ܼ򵥣<DCBC>ʹ<EFBFBD><CAB9><EFBFBD><EFBFBD><EFBFBD>ܹ<EFBFBD><DCB9><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>HTTP/1.1 <EFBFBD><EFBFBD><EFBFBD><EFBFBD> Cookie <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>״̬<EFBFBD><EFBFBD>Ϣ<EFBFBD><EFBFBD>
+HTTP 协议是无状态的，主要是为了让 HTTP 协议尽可能简单，使得它能够处理大量事务。HTTP/1.1 引入 Cookie 来保存状态信息。

-<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>͵<EFBFBD><EFBFBD><EFBFBD>Ӧ<EFBFBD><EFBFBD><EFBFBD>İ<EFBFBD><EFBFBD><EFBFBD> Set-Cookie <20>ֶΣ<D6B6><CEA3>ͻ<EFBFBD><CDBB>˵õ<CBB5><C3B5><EFBFBD>Ӧ<EFBFBD><D3A6><EFBFBD>ĺ<EFBFBD><C4BA><EFBFBD> Cookie <20><><EFBFBD>ݱ<EFBFBD><DDB1>浽<EFBFBD><E6B5BD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>С<EFBFBD><D0A1>´<EFBFBD><C2B4>ٷ<EFBFBD><D9B7><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ж<EFBFBD><D0B6><EFBFBD> Cookie ֵ<><D6B5><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>а<EFBFBD><D0B0><EFBFBD> Cookie <20>ֶΣ<D6B6><CEA3><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>֪<EFBFBD><D6AA><EFBFBD>ͻ<EFBFBD><CDBB>˵<EFBFBD>״̬<D7B4><CCAC>Ϣ<EFBFBD>ˡ<EFBFBD>Cookie ״̬<D7B4><CCAC>Ϣ<EFBFBD><CFA2><EFBFBD><EFBFBD><EFBFBD>ڿͻ<DABF><CDBB><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>У<EFBFBD><D0A3><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ƿ<EFBFBD><C7B7><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ϡ<EFBFBD>
+服务器发送的响应报文包含 Set-Cookie 字段，客户端得到响应报文后把 Cookie 内容保存到浏览器中。下次再发送请求时，从浏览器中读出 Cookie 值，在请求报文中包含 Cookie 字段，这样服务器就知道客户端的状态信息了。Cookie 状态信息保存在客户端浏览器中，而不是服务器上。

-![](https://github.com/CyC2018/InterviewNotes/blob/master/pics/ff17c103-750a-4bb8-9afa-576327023af9.png)
+![](https://github.com/CyC2018/InterviewNotes/blob/master/pics//ff17c103-750a-4bb8-9afa-576327023af9.png)

-Set-Cookie <EFBFBD>ֶ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ԣ<EFBFBD>
+Set-Cookie 字段有以下属性：

-| <EFBFBD><EFBFBD><EFBFBD><EFBFBD> | ˵<><CBB5> |
+| 属性 | 说明 |
 | -- | -- |
-| NAME=VALUE | <EFBFBD><EFBFBD><EFBFBD><EFBFBD> Cookie <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ƺ<EFBFBD><EFBFBD><EFBFBD>ֵ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> |
-| expires=DATE | Cookie <EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ч<EFBFBD>ڣ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ȷָ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ĭ<EFBFBD><EFBFBD>Ϊ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ر<EFBFBD>ǰΪֹ<EFBFBD><EFBFBD> |
-| path=PATH | <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ϵ<EFBFBD><EFBFBD>ļ<EFBFBD>Ŀ¼<EFBFBD><EFBFBD>Ϊ Cookie <20><><EFBFBD><EFBFBD><EFBFBD>ö<EFBFBD><C3B6><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ָ<EFBFBD><D6B8><EFBFBD><EFBFBD>Ĭ<EFBFBD><C4AC>Ϊ<EFBFBD>ĵ<EFBFBD><C4B5><EFBFBD><EFBFBD>ڵ<EFBFBD><DAB5>ļ<EFBFBD>Ŀ¼<C4BF><C2BC> |
-| domain=<EFBFBD><EFBFBD><EFBFBD><EFBFBD> | <20><>Ϊ Cookie <20><><EFBFBD>ö<EFBFBD><C3B6><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ָ<EFBFBD><D6B8><EFBFBD><EFBFBD>Ĭ<EFBFBD><C4AC>Ϊ<EFBFBD><CEAA><EFBFBD><EFBFBD> Cookie <20>ķ<EFBFBD><C4B7><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> |
-| Secure | <EFBFBD><EFBFBD><EFBFBD><EFBFBD> HTTPS <EFBFBD><EFBFBD>ȫͨ<EFBFBD><EFBFBD>ʱ<EFBFBD>Żᷢ<EFBFBD><EFBFBD> Cookie |
-| HttpOnly | <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ƣ<EFBFBD>ʹ Cookie <EFBFBD><EFBFBD><EFBFBD>ܱ<EFBFBD> JavaScript <EFBFBD>ű<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> |
+| NAME=VALUE | 赋予 Cookie 的名称和其值（必需项） |
+| expires=DATE | Cookie 的有效期（若不明确指定则默认为浏览器关闭前为止） |
+| path=PATH | 将服务器上的文件目录作为 Cookie 的适用对象（若不指定则默认为文档所在的文件目录） |
+| domain=域名 | 作为 Cookie 适用对象的域名（若不指定则默认为创建 Cookie 的服务器的域名） |
+| Secure | 仅在 HTTPS 安全通信时才会发送 Cookie |
+| HttpOnly | 加以限制，使 Cookie 不能被 JavaScript 脚本访问 |

-**Session <EFBFBD><EFBFBD> Cookie <EFBFBD><EFBFBD><EFBFBD><EFBFBD>**
+**Session 和 Cookie 区别**

-Session <EFBFBD>Ƿ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>û<EFBFBD><EFBFBD><EFBFBD>һ<EFBFBD><EFBFBD><EFBFBD>ֶΣ<EFBFBD>ÿ<EFBFBD><EFBFBD> Session <20><><EFBFBD><EFBFBD>һ<EFBFBD><D2BB>Ψһ<CEA8><D2BB>ʶ<EFBFBD><CAB6>Session ID<49><44><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>һ<EFBFBD><D2BB> Session ʱ<><CAB1><EFBFBD><EFBFBD><EFBFBD>ͻ<EFBFBD><CDBB>˷<EFBFBD><CBB7>͵<EFBFBD><CDB5><EFBFBD>Ӧ<EFBFBD><D3A6><EFBFBD>ľͰ<C4BE><CDB0><EFBFBD><EFBFBD><EFBFBD> Set-Cookie <20>ֶΣ<D6B6><CEA3><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>һ<EFBFBD><D2BB><EFBFBD><EFBFBD>Ϊ sid <20>ļ<EFBFBD>ֵ<EFBFBD>ԣ<EFBFBD><D4A3><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ֵ<EFBFBD>Ծ<EFBFBD><D4BE><EFBFBD> Session ID<49><44><EFBFBD>ͻ<EFBFBD><CDBB><EFBFBD><EFBFBD>յ<EFBFBD><D5B5><EFBFBD><EFBFBD>Ͱ<EFBFBD> Cookie <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>У<EFBFBD><D0A3><EFBFBD><EFBFBD><EFBFBD>֮<EFBFBD><D6AE><EFBFBD><EFBFBD><EFBFBD>͵<EFBFBD><CDB5><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ķ<EFBFBD><C4B6><EFBFBD><EFBFBD><EFBFBD> Session ID<EFBFBD><EFBFBD>HTTP <EFBFBD><EFBFBD><EFBFBD><EFBFBD>ͨ<EFBFBD><EFBFBD> Session <EFBFBD><EFBFBD> Cookie <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ַ<EFBFBD>ʽһ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʵ<EFBFBD>ָ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>û<EFBFBD>״̬<EFBFBD>ģ<EFBFBD>Session <20><><EFBFBD>ڷ<EFBFBD><DAB7><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ˣ<EFBFBD>Cookie <20><><EFBFBD>ڿͻ<DABF><CDBB>ˡ<EFBFBD>
+Session 是服务器用来跟踪用户的一种手段，每个 Session 都有一个唯一标识：Session ID。当服务器创建了一个 Session 时，给客户端发送的响应报文就包含了 Set-Cookie 字段，其中有一个名为 sid 的键值对，这个键值对就是 Session ID。客户端收到后就把 Cookie 保存在浏览器中，并且之后发送的请求报文都包含 Session ID。HTTP 就是通过 Session 和 Cookie 这两种方式一起合作来实现跟踪用户状态的，Session 用于服务器端，Cookie 用于客户端。

-**<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> Cookie <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>**
+**浏览器禁用 Cookie 的情况**

-<EFBFBD><EFBFBD>ʹ<EFBFBD><EFBFBD> URL <20><>д<EFBFBD><D0B4><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> URL <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> sid=xxx <EFBFBD><EFBFBD>
+会使用 URL 重写技术，在 URL 后面加上 sid=xxx 。

-**ʹ<EFBFBD><EFBFBD> Cookie ʵ<EFBFBD><EFBFBD><EFBFBD>û<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Զ<EFBFBD><EFBFBD><EFBFBD>д**
+**使用 Cookie 实现用户名和密码的自动填写**

-<EFBFBD><EFBFBD>վ<EFBFBD>ű<EFBFBD><EFBFBD><EFBFBD><EFBFBD>Զ<EFBFBD><EFBFBD><EFBFBD> Cookie <20>ж<EFBFBD>ȡ<EFBFBD>û<EFBFBD><C3BB><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>룬<EFBFBD>Ӷ<EFBFBD>ʵ<EFBFBD><CAB5><EFBFBD>Զ<EFBFBD><D4B6><EFBFBD>д<EFBFBD><D0B4>
+网站脚本会自动从 Cookie 中读取用户名和密码，从而实现自动填写。

-## <EFBFBD><EFBFBD><EFBFBD><EFBFBD>
+## 缓存

-<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ֻ<EFBFBD><EFBFBD>淽<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ô<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>л<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ÿͻ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>л<EFBFBD><EFBFBD>档
+有两种缓存方法：让代理服务器进行缓存和让客户端浏览器进行缓存。

-Cache-Control <EFBFBD><EFBFBD><EFBFBD>ڿ<EFBFBD><EFBFBD>ƻ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϊ<EFBFBD><EFBFBD>
+Cache-Control 用于控制缓存的行为。

-Cache-Control: no-cache <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ֺ<EFBFBD><EFBFBD>壬<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ǿͻ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>򻺴<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>͵<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>к<EFBFBD><EFBFBD>и<EFBFBD>ָ<EFBFBD><EFBFBD><EFBFBD>ʾ<EFBFBD>ͻ<EFBFBD><EFBFBD>˲<EFBFBD><EFBFBD><EFBFBD>Ҫ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Դ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Դ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>򻺴<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>͵<EFBFBD><EFBFBD><EFBFBD>Ӧ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>к<EFBFBD><EFBFBD>и<EFBFBD>ָ<EFBFBD><EFBFBD><EFBFBD>ʾ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ܶ<EFBFBD><EFBFBD><EFBFBD>Դ<EFBFBD><EFBFBD><EFBFBD>л<EFBFBD><EFBFBD>档
+Cache-Control: no-cache 有两种含义，如果是客户端向缓存服务器发送的请求报文中含有该指令，表示客户端不想要缓存的资源；如果是源服务器向缓存服务器发送的响应报文中含有该指令，表示缓存服务器不能对资源进行缓存。

-Expires <EFBFBD>ֶο<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ڸ<EFBFBD>֪<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Դʲôʱ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ڡ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ײ<EFBFBD><EFBFBD>ֶ<EFBFBD> Cache-Control <EFBFBD><EFBFBD>ָ<EFBFBD><EFBFBD> max-age ָ<EFBFBD><EFBFBD>ʱ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ײ<EFBFBD><EFBFBD>ֶ<EFBFBD> Expires<65><73><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ȴ<EFBFBD><C8B4><EFBFBD> max-age ָ<EFBFBD>
+Expires 字段可以用于告知缓存服务器该资源什么时候会过期。当首部字段 Cache-Control 有指定 max-age 指令时，比起首部字段 Expires，会优先处理 max-age 指令。

-## <EFBFBD>־<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
+## 持久连接

-<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>һ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ͼƬ<EFBFBD><EFBFBD> HTML ҳ<><D2B3>ʱ<EFBFBD><CAB1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> HTML ҳ<><D2B3><EFBFBD><EFBFBD>Դ<EFBFBD><D4B4><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ͼƬ<CDBC><C6AC>Դ<EFBFBD><D4B4><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ÿ<EFBFBD><C3BF><EFBFBD><EFBFBD>һ<EFBFBD><D2BB> HTTP ͨ<>ž<EFBFBD>Ҫ<EFBFBD>Ͽ<EFBFBD>һ<EFBFBD><D2BB> TCP <20><><EFBFBD>ӣ<EFBFBD><D3A3><EFBFBD><EFBFBD>ӽ<EFBFBD><D3BD><EFBFBD><EFBFBD>ͶϿ<CDB6><CFBF>Ŀ<EFBFBD><C4BF><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ܴ<EFBFBD><DCB4><EFBFBD>**<2A>־<EFBFBD><D6BE><EFBFBD><EFBFBD><EFBFBD>** ֻ<><D6BB>Ҫ<EFBFBD><D2AA><EFBFBD><EFBFBD>һ<EFBFBD><D2BB> TCP <20><><EFBFBD>Ӿ<EFBFBD><D3BE>ܽ<EFBFBD><DCBD>ж<EFBFBD><D0B6><EFBFBD> HTTP ͨ<EFBFBD>š<EFBFBD>HTTP/1.1 <EFBFBD><EFBFBD>ʼ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>е<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ĭ<EFBFBD>϶<EFBFBD><EFBFBD>ǳ־<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ӡ<EFBFBD>
+当浏览器访问一个包含多张图片的 HTML 页面时，除了请求访问 HTML 页面资源，还会请求图片资源，如果每进行一次 HTTP 通信就要断开一次 TCP 连接，连接建立和断开的开销会很大。**持久连接** 只需要进行一次 TCP 连接就能进行多次 HTTP 通信。HTTP/1.1 开始，所有的连接默认都是持久连接。

-![](https://github.com/CyC2018/InterviewNotes/blob/master/pics/c73a0b78-5f46-4d2d-a009-dab2a999b5d8.jpg)
+![](https://github.com/CyC2018/InterviewNotes/blob/master/pics//c73a0b78-5f46-4d2d-a009-dab2a999b5d8.jpg)

-<EFBFBD>־<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ҫʹ<EFBFBD><EFBFBD> Connection <20>ײ<EFBFBD><D7B2>ֶν<D6B6><CEBD>й<EFBFBD><D0B9><EFBFBD><EFBFBD><EFBFBD>HTTP/1.1 <EFBFBD><EFBFBD>ʼ HTTP Ĭ<EFBFBD><EFBFBD><EFBFBD>ǳ־û<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ӵģ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ҫ<EFBFBD>Ͽ<EFBFBD> TCP <20><><EFBFBD>ӣ<EFBFBD><D3A3><EFBFBD>Ҫ<EFBFBD>ɿͻ<C9BF><CDBB>˻<EFBFBD><CBBB>߷<EFBFBD><DFB7><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ͽ<EFBFBD><CFBF><EFBFBD>ʹ<EFBFBD><CAB9> Connection: close<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> HTTP/1.1 ֮ǰĬ<EFBFBD><EFBFBD><EFBFBD>Ƿǳ־û<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ӵģ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ҫά<EFBFBD>ֳ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ӣ<EFBFBD><EFBFBD><EFBFBD>Ҫʹ<EFBFBD><EFBFBD> Keep-Alive<EFBFBD><EFBFBD>
+持久连接需要使用 Connection 首部字段进行管理。HTTP/1.1 开始 HTTP 默认是持久化连接的，如果要断开 TCP 连接，需要由客户端或者服务器端提出断开，使用 Connection: close；而在 HTTP/1.1 之前默认是非持久化连接的，如果要维持持续连接，需要使用 Keep-Alive。

-<EFBFBD><EFBFBD><EFBFBD>߻<EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ͬʱ<EFBFBD><EFBFBD><EFBFBD>Ͷ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ӧ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ҫ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>һ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ȼ<EFBFBD><EFBFBD><EFBFBD>ȴ<EFBFBD><EFBFBD><EFBFBD>Ӧ֮<EFBFBD><EFBFBD><EFBFBD>ٷ<EFBFBD><EFBFBD><EFBFBD>һ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
+管线化方式可以同时发送多个请求和响应，而不需要发送一个请求然后等待响应之后再发下一个请求。

-![](https://github.com/CyC2018/InterviewNotes/blob/master/pics/6943e2af-5a70-4004-8bee-b33d60f39da3.jpg)
+![](https://github.com/CyC2018/InterviewNotes/blob/master/pics//6943e2af-5a70-4004-8bee-b33d60f39da3.jpg)

-## <EFBFBD><EFBFBD><EFBFBD><EFBFBD>
+## 编码

-<EFBFBD><EFBFBD><EFBFBD>루Encoding<EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ҫ<EFBFBD><EFBFBD>Ϊ<EFBFBD>˶<EFBFBD>ʵ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ѹ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>õı<EFBFBD><EFBFBD><EFBFBD><EFBFBD>У<EFBFBD>gzip<EFBFBD><EFBFBD>compress<EFBFBD><EFBFBD>deflate<EFBFBD><EFBFBD>identity<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> identity <EFBFBD><EFBFBD>ʾ<EFBFBD><EFBFBD>ִ<EFBFBD><EFBFBD>ѹ<EFBFBD><EFBFBD><EFBFBD>ı<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><EFBFBD>
+编码（Encoding）主要是为了对实体进行压缩。常用的编码有：gzip、compress、deflate、identity，其中 identity 表示不执行压缩的编码格式。

-## <EFBFBD>ֿ鴫<EFBFBD><EFBFBD>
+## 分块传输

-<EFBFBD>ֿ鴫<EFBFBD>䣨Chunked Transfer Coding<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>԰<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݷָ<EFBFBD><EFBFBD>ɶ<EFBFBD><EFBFBD>飬<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʾҳ<EFBFBD>档
+分块传输（Chunked Transfer Coding）可以把数据分割成多块，让浏览器逐步显示页面。

-## <EFBFBD>ಿ<EFBFBD>ֶ<EFBFBD><EFBFBD>󼯺<EFBFBD>
+## 多部分对象集合

-һ<EFBFBD>ݱ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ڿɺ<EFBFBD><EFBFBD>ж<EFBFBD><EFBFBD><EFBFBD><EFBFBD>͵<EFBFBD>ʵ<EFBFBD><EFBFBD>ͬʱ<EFBFBD><EFBFBD><EFBFBD>ͣ<EFBFBD>ÿ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>֮<EFBFBD><EFBFBD><EFBFBD><EFBFBD> boundary <20>ֶζ<D6B6><CEB6><EFBFBD><EFBFBD>ķָ<C4B7><D6B8><EFBFBD><EFBFBD><EFBFBD><EFBFBD>зָ<D0B7><D6B8><EFBFBD>ÿ<EFBFBD><C3BF><EFBFBD><EFBFBD><EFBFBD>ֶ<EFBFBD><D6B6><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ײ<EFBFBD><D7B2>ֶΡ<D6B6>
+一份报文主体内可含有多类型的实体同时发送，每个部分之间用 boundary 字段定义的分隔符进行分隔；每个部分都可以有首部字段。

-<EFBFBD><EFBFBD><EFBFBD>磬<EFBFBD>ϴ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʹ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>·<EFBFBD>ʽ<EFBFBD><EFBFBD>
+例如，上传多个表单时可以使用如下方式：

-![](https://github.com/CyC2018/InterviewNotes/blob/master/pics/decb0936-e83c-4a55-840a-fe8aa101ac61.png)
+![](https://github.com/CyC2018/InterviewNotes/blob/master/pics//decb0936-e83c-4a55-840a-fe8aa101ac61.png)

-## <EFBFBD><EFBFBD>Χ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>
+## 范围请求

-<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>жϣ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ֻ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>һ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݣ<EFBFBD><EFBFBD><EFBFBD>Χ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʹ<EFBFBD>ÿͻ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ܹ<EFBFBD>ֻ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>δ<EFBFBD><EFBFBD><EFBFBD>͵<EFBFBD><EFBFBD>ǲ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݣ<EFBFBD><EFBFBD>Ӷ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>·<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݡ<EFBFBD>
+如果网络出现中断，服务器只发送了一部分数据，范围请求使得客户端能够只请求未发送的那部分数据，从而避免服务器端重新发送所有数据。

-<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ײ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> Range <20>ֶΣ<D6B6>Ȼ<EFBFBD><C8BB>ָ<EFBFBD><D6B8><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ķ<EFBFBD>Χ<EFBFBD><CEA7><EFBFBD><EFBFBD><EFBFBD><EFBFBD> Range : bytes = 5001-10000<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɹ<EFBFBD><EFBFBD>Ļ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 206 Partial Content ״̬<EFBFBD><EFBFBD>
+在请求报文首部中添加 Range 字段，然后指定请求的范围，例如 Range : bytes = 5001-10000。请求成功的话服务器发送 206 Partial Content 状态。

-## <EFBFBD><EFBFBD><EFBFBD><EFBFBD>Э<EFBFBD><EFBFBD>
+## 内容协商

-ͨ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Э<EFBFBD>̷<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʵ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݣ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ĭ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ѡ<EFBFBD>񷵻<EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ľ<EFBFBD><EFBFBD>滹<EFBFBD><EFBFBD>Ӣ<EFBFBD>Ľ<EFBFBD><EFBFBD>档
+通过内容协商返回最合适的内容，例如根据浏览器的默认语言选择返回中文界面还是英文界面。

-<EFBFBD>漰<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ײ<EFBFBD><EFBFBD>ֶΣ<EFBFBD>Accept<EFBFBD><EFBFBD>Accept-Charset<EFBFBD><EFBFBD>Accept-Encoding<EFBFBD><EFBFBD>Accept-Language<EFBFBD><EFBFBD>Content-Language<EFBFBD><EFBFBD>
+涉及以下首部字段：Accept、Accept-Charset、Accept-Encoding、Accept-Language、Content-Language。

-## <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
+## 虚拟主机

-ʹ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʹ<EFBFBD><EFBFBD>һ̨<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ӵ<EFBFBD>ж<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>߼<EFBFBD><EFBFBD>Ͽ<EFBFBD><EFBFBD>Կ<EFBFBD><EFBFBD>ɶ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
+使用虚拟主机技术，使得一台服务器拥有多个域名，并且在逻辑上可以看成多个服务器。

-## ͨ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ת<EFBFBD><EFBFBD>
+## 通信数据转发

-**<EFBFBD><EFBFBD><EFBFBD><EFBFBD>**
+**代理**

-<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ܿͻ<EFBFBD><EFBFBD>˵<EFBFBD><EFBFBD><EFBFBD><EFBFBD>󣬲<EFBFBD><EFBFBD><EFBFBD>ת<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>һ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>͸<EFBFBD><EFBFBD><EFBFBD>ģ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ı<EFBFBD> URL<EFBFBD><EFBFBD>
+代理服务器接受客户端的请求，并且转发给其它服务器。代理服务器一般是透明的，不会改变 URL。

-ʹ<EFBFBD>ô<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ҪĿ<EFBFBD><EFBFBD><EFBFBD>ǣ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>桢<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʿ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>Լ<EFBFBD><EFBFBD><EFBFBD>¼<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>־<EFBFBD><EFBFBD>
+使用代理的主要目的是：缓存、网络访问控制以及记录访问日志。

-![](https://github.com/CyC2018/InterviewNotes/blob/master/pics/c07035c3-a9ba-4508-8e3c-d8ae4c6ee9ee.jpg)
+![](https://github.com/CyC2018/InterviewNotes/blob/master/pics//c07035c3-a9ba-4508-8e3c-d8ae4c6ee9ee.jpg)

-**<EFBFBD><EFBFBD><EFBFBD><EFBFBD>**
+**网关**

-<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ͬ<EFBFBD><EFBFBD><EFBFBD>ǣ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ط<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ὣ HTTP ת<><D7AA>Ϊ<EFBFBD><CEAA><EFBFBD><EFBFBD>Э<EFBFBD><D0AD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ͨ<EFBFBD>ţ<EFBFBD><C5A3>Ӷ<EFBFBD><D3B6><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> HTTP <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ķ<EFBFBD><C4B7><EFBFBD><EFBFBD><EFBFBD>
+与代理服务器不同的是，网关服务器会将 HTTP 转化为其它协议进行通信，从而请求其它非 HTTP 服务器的服务。

-![](https://github.com/CyC2018/InterviewNotes/blob/master/pics/81375888-6be1-476f-9521-42eea3e3154f.jpg)
+![](https://github.com/CyC2018/InterviewNotes/blob/master/pics//81375888-6be1-476f-9521-42eea3e3154f.jpg)

-**<EFBFBD><EFBFBD><EFBFBD><EFBFBD>**
+**隧道**

-ʹ<EFBFBD><EFBFBD> SSL <EFBFBD>ȼ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ֶΣ<EFBFBD>Ϊ<EFBFBD>ͻ<EFBFBD><EFBFBD>˺ͷ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>֮<EFBFBD>佨<EFBFBD><EFBFBD>һ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ȫ<EFBFBD><EFBFBD>ͨ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>·<EFBFBD><EFBFBD>
+使用 SSL 等加密手段，为客户端和服务器之间建立一条安全的通信线路。

-![](https://github.com/CyC2018/InterviewNotes/blob/master/pics/64b95403-d976-421a-8b45-bac89c0b5185.jpg)
+![](https://github.com/CyC2018/InterviewNotes/blob/master/pics//64b95403-d976-421a-8b45-bac89c0b5185.jpg)

 # HTTPs

-HTTP <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>°<EFBFBD>ȫ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>⣺
+HTTP 有以下安全性问题：

-1. ͨ<EFBFBD><EFBFBD>ʹ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ģ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݿ<EFBFBD><EFBFBD>ܻᱻ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
-2. <EFBFBD><EFBFBD><EFBFBD><EFBFBD>֤ͨ<EFBFBD>ŷ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݣ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>п<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>αװ<EFBFBD><EFBFBD>
-3. <EFBFBD>޷<EFBFBD>֤<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ĵ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ԣ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>п<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>۸ġ<EFBFBD>
+1. 通信使用明文，内容可能会被窃听；
+2. 不验证通信方的身份，因此有可能遭遇伪装；
+3. 无法证明报文的完整性，所以有可能已遭篡改。

-HTTPs <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Э<EFBFBD>飬<EFBFBD><EFBFBD><EFBFBD><EFBFBD> HTTP <EFBFBD>Ⱥ<EFBFBD> SSL<EFBFBD><EFBFBD>Secure Socket Layer<EFBFBD><EFBFBD>ͨ<EFBFBD>ţ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> SSL <EFBFBD><EFBFBD> TCP ͨ<EFBFBD>š<EFBFBD>ͨ<EFBFBD><EFBFBD>ʹ<EFBFBD><EFBFBD> SSL<EFBFBD><EFBFBD>HTTPs <EFBFBD>ṩ<EFBFBD>˼<EFBFBD><EFBFBD>ܡ<EFBFBD><EFBFBD><EFBFBD>֤<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ա<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
+HTTPs 并不是新协议，而是 HTTP 先和 SSL（Secure Socket Layer）通信，再由 SSL 和 TCP 通信。通过使用 SSL，HTTPs 提供了加密、认证和完整性保护。

-## <EFBFBD><EFBFBD><EFBFBD><EFBFBD>
+## 加密

-<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ּ<EFBFBD><EFBFBD>ܷ<EFBFBD>ʽ<EFBFBD><EFBFBD><EFBFBD>Գ<EFBFBD><EFBFBD><EFBFBD>Կ<EFBFBD><EFBFBD><EFBFBD>ܺ͹<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Կ<EFBFBD><EFBFBD><EFBFBD>ܡ<EFBFBD><EFBFBD>Գ<EFBFBD><EFBFBD><EFBFBD>Կ<EFBFBD><EFBFBD><EFBFBD>ܵļ<EFBFBD><EFBFBD>ܺͽ<EFBFBD><EFBFBD><EFBFBD>ʹ<EFBFBD><EFBFBD>ͬһ<EFBFBD><EFBFBD>Կ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Կ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʹ<EFBFBD><EFBFBD>һ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>Կ<EFBFBD><EFBFBD><EFBFBD>ڼ<EFBFBD><EFBFBD>ܺͽ<EFBFBD><EFBFBD>ܣ<EFBFBD><EFBFBD>ֱ<EFBFBD>Ϊ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Կ<EFBFBD><EFBFBD>˽<EFBFBD><EFBFBD><EFBFBD><EFBFBD>Կ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Կ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>˶<EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ի<EFBFBD><EFBFBD>ã<EFBFBD>ͨ<EFBFBD>ŷ<EFBFBD><EFBFBD>ͷ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ý<EFBFBD><EFBFBD>շ<EFBFBD><EFBFBD>Ĺ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Կ֮<EFBFBD>󣬾Ϳ<EFBFBD><EFBFBD><EFBFBD>ʹ<EFBFBD>ù<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Կ<EFBFBD><EFBFBD><EFBFBD>м<EFBFBD><EFBFBD>ܣ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>շ<EFBFBD><EFBFBD>յ<EFBFBD>ͨ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݺ<EFBFBD>ʹ<EFBFBD><EFBFBD>˽<EFBFBD><EFBFBD><EFBFBD><EFBFBD>Կ<EFBFBD><EFBFBD><EFBFBD>ܡ<EFBFBD>
+有两种加密方式：对称密钥加密和公开密钥加密。对称密钥加密的加密和解密使用同一密钥，而公开密钥加密使用一对密钥用于加密和解密，分别为公开密钥和私有密钥。公开密钥所有人都可以获得，通信发送方获得接收方的公开密钥之后，就可以使用公开密钥进行加密，接收方收到通信内容后使用私有密钥解密。

-<EFBFBD>Գ<EFBFBD><EFBFBD><EFBFBD>Կ<EFBFBD><EFBFBD><EFBFBD>ܵ<EFBFBD>ȱ<EFBFBD>㣺<EFBFBD>޷<EFBFBD><EFBFBD><EFBFBD>ȫ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Կ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Կ<EFBFBD><EFBFBD><EFBFBD>ܵ<EFBFBD>ȱ<EFBFBD>㣺<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>˵<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><EFBFBD>
+对称密钥加密的缺点：无法安全传输密钥；公开密钥加密的缺点：相对来说更耗时。

-HTTPs <EFBFBD><EFBFBD><EFBFBD><EFBFBD> **<EFBFBD><EFBFBD><EFBFBD>ϵļ<EFBFBD><EFBFBD>ܻ<EFBFBD><EFBFBD><EFBFBD>**<2A><>ʹ<EFBFBD>ù<EFBFBD><C3B9><EFBFBD><EFBFBD><EFBFBD>Կ<EFBFBD><D4BF><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ڴ<EFBFBD><DAB4><EFBFBD><EFBFBD>Գ<EFBFBD><D4B3><EFBFBD>Կ<EFBFBD><D4BF>֮<EFBFBD><D6AE>ʹ<EFBFBD>öԳ<C3B6><D4B3><EFBFBD>Կ<EFBFBD><D4BF><EFBFBD>ܽ<EFBFBD><DCBD><EFBFBD>ͨ<EFBFBD>š<EFBFBD><C5A1><EFBFBD><EFBFBD><EFBFBD>ͼ<EFBFBD>У<EFBFBD><D0A3><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Կ<EFBFBD><D4BF><EFBFBD>Գ<EFBFBD><D4B3><EFBFBD>Կ<EFBFBD><D4BF>
+HTTPs 采用 **混合的加密机制**，使用公开密钥加密用于传输对称密钥，之后使用对称密钥加密进行通信。（下图中，共享密钥即对称密钥）

-![](https://github.com/CyC2018/InterviewNotes/blob/master/pics/110b1a9b-87cd-45c3-a21d-824623715b33.jpg)
+![](https://github.com/CyC2018/InterviewNotes/blob/master/pics//110b1a9b-87cd-45c3-a21d-824623715b33.jpg)

-## <EFBFBD><EFBFBD>֤
+## 认证

-ͨ<EFBFBD><EFBFBD>ʹ<EFBFBD><EFBFBD> **֤<EFBFBD><EFBFBD>** <EFBFBD><EFBFBD><EFBFBD><EFBFBD>ͨ<EFBFBD>ŷ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>֤<EFBFBD><EFBFBD>֤<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>й<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Կ<EFBFBD><EFBFBD><EFBFBD>ݣ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>֤<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Կ<EFBFBD><EFBFBD>ȷ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ͨ<EFBFBD>ŷ<EFBFBD><EFBFBD>ģ<EFBFBD><EFBFBD><EFBFBD>ô<EFBFBD>Ϳ<EFBFBD><EFBFBD><EFBFBD>ȷ<EFBFBD><EFBFBD>ͨ<EFBFBD>ŷ<EFBFBD><EFBFBD>ǿɿ<EFBFBD><EFBFBD>ġ<EFBFBD>
+通过使用 **证书** 来对通信方进行认证。证书中有公开密钥数据，如果可以验证公开密钥的确属于通信方的，那么就可以确定通信方是可靠的。

-<EFBFBD><EFBFBD><EFBFBD><EFBFBD>֤<EFBFBD><EFBFBD><EFBFBD><EFBFBD>֤<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>CA<EFBFBD><EFBFBD>Certificate Authority<EFBFBD><EFBFBD><EFBFBD>䷢<EFBFBD>Ĺ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Կ֤<EFBFBD>飬<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ͨ<EFBFBD><EFBFBD> CA <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>֤<EFBFBD><D6A4>
+数字证书认证机构（CA，Certificate Authority）颁发的公开密钥证书，可以通过 CA 对其进行验证。

-<EFBFBD><EFBFBD><EFBFBD><EFBFBD> HTTPs ͨ<EFBFBD><EFBFBD>ʱ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>֤<EFBFBD>鷢<EFBFBD>͸<EFBFBD><EFBFBD>ͻ<EFBFBD><EFBFBD>ˣ<EFBFBD><EFBFBD>ͻ<EFBFBD><EFBFBD><EFBFBD>ȡ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>еĹ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Կ֮<EFBFBD>󣬾Ϳ<EFBFBD><EFBFBD>Կ<EFBFBD>ʼ<EFBFBD><EFBFBD><EFBFBD>ܹ<EFBFBD><EFBFBD>̡<EFBFBD>
+进行 HTTPs 通信时，服务器会把证书发送给客户端，客户端取得其中的公开密钥之后，就可以开始加密过程。

-ʹ<EFBFBD><EFBFBD> OpenSSL <EFBFBD><EFBFBD><EFBFBD>׿<EFBFBD>Դ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ÿ<EFBFBD><EFBFBD><EFBFBD>˶<EFBFBD><EFBFBD><EFBFBD><EFBFBD>Թ<EFBFBD><EFBFBD><EFBFBD>һ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Լ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>֤<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ӷ<EFBFBD><EFBFBD>Լ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>Լ<EFBFBD><EFBFBD>䷢<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>֤<EFBFBD>顣<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ڷ<EFBFBD><EFBFBD>ʸ÷<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʾ<EFBFBD><EFBFBD><EFBFBD>޷<EFBFBD>ȷ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ӱ<EFBFBD>ȫ<EFBFBD>ԡ<EFBFBD><EFBFBD>򡰸<EFBFBD><EFBFBD><EFBFBD>վ<EFBFBD>İ<EFBFBD>ȫ֤<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>⡱<EFBFBD>Ⱦ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ<EFBFBD><EFBFBD>
+使用 OpenSSL 这套开源程序，每个人都可以构建一套属于自己的认证机构，从而自己给自己颁发服务器证书。浏览器在访问该服务器时，会显示“无法确认连接安全性”或“该网站的安全证书存在问题”等警告消息。

-<EFBFBD>ͻ<EFBFBD><EFBFBD><EFBFBD>֤<EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ҫ<EFBFBD>û<EFBFBD><EFBFBD><EFBFBD><EFBFBD>а<EFBFBD>װ<EFBFBD><EFBFBD>ֻ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ҵ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ҫ<EFBFBD>ǳ<EFBFBD><EFBFBD>ߵİ<EFBFBD>ȫ<EFBFBD><EFBFBD>ʱ<EFBFBD><EFBFBD>ʹ<EFBFBD>ÿͻ<EFBFBD><EFBFBD><EFBFBD>֤<EFBFBD>飬<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>С<EFBFBD>
+客户端证书需要用户自行安装，只有在业务需要非常高的安全性时才使用客户端证书，例如网上银行。

-## <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
+## 完整性

-SSL <EFBFBD>ṩժҪ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>֤<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ԡ<EFBFBD>
+SSL 提供摘要功能来验证完整性。

-# HTTP/1.0 <EFBFBD><EFBFBD> HTTP/1.1 <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
+# HTTP/1.0 与 HTTP/1.1 的区别

- HTTP/1.1 Ĭ<EFBFBD><EFBFBD><EFBFBD>ǳ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ӣ<EFBFBD>
- HTTP/1.1 <EFBFBD>ṩ<EFBFBD>˷<EFBFBD>Χ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ܣ<EFBFBD>
- HTTP/1.1 <EFBFBD>ṩ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ĺ<EFBFBD><EFBFBD>ܣ<EFBFBD>
- HTTP/1.1 <EFBFBD><EFBFBD><EFBFBD><EFBFBD>һЩ<EFBFBD><EFBFBD><EFBFBD>洦<EFBFBD><EFBFBD><EFBFBD>ֶΣ<EFBFBD>
- HTTP/1.1 <EFBFBD><EFBFBD><EFBFBD><EFBFBD>һЩ״̬<EFBFBD>룻
+- HTTP/1.1 默认是长连接；
+- HTTP/1.1 提供了范围请求功能；
+- HTTP/1.1 提供了虚拟主机的功能；
+- HTTP/1.1 多了一些缓存处理字段；
+- HTTP/1.1 多了一些状态码；