CS6320:  SW Engineering of Web Based Systems

 

HTTP Response Headers
(for HTTP 1.1)


An HTTResponse from a web-server consists of:
 
  • Status Line
  • Response Headers
  • Blank Line
  • Data/Document
    EXAMPLE (from Core Servlets book)
    HTTP/1.1  200 OK
    Content-Type:  text/plain

    Hello Class

    Meaning of example above: 
      • HTTP/1.1 tells the protocol and version
      • Status code is given as 200.
      • A short meassage follows corresponding to the status code, here it is 200.
      • Next follows the HTTP Response Header, here there is only one listed, Content-Type.  Specifies MIME type
      • Next is the blank line
      • Then the document follows, here it is simply a single line "Hello Class".

      •  
       
HTTP Response STATUS CODES:
 
  • Servlet can create a status line to return in its HTTP response by invoking
    • HttpServletResponse.setStatus(int) 
    • This only specifies the status code, as the protocol and version are determine by the server and created automatically in the response
    • method takes an int for the code.  Can use constants defined in HttpServletResponse.
    • MUST do before sending any headers and the data itself !!!!!
  • ALSO, there are two special methods you can use for status codes dealing with errors (e.g. 404) and redirection (303):
    • HttpServletResponse.sendError(int, String message);
    • HttpServletResponse.sendRedirect(String url);
  • NOTE: You may never create a status line in your Servlet's fabricated response!!!  This is because there is a default status code (200) that is sent by a Servlet automatically....which says everything was successful!!!!
  • General groupings of codes
    • 100-199:   informational, client shour respond with some other action
    • 200-299:  request was successful
    • 300-399:  requested files have moved, often will respond with a Location header following that tells where the new location is.
    • 400-499:  Error by client
    • 500-599:  Error by server


    HttpServletResponse Status Code Variables and Meaning
    see reading and  www.rfc-editor.org (look for RFC 2616) for more codes
    100 (SC_CONTINUE)
    • Server Responds with this code when it has recieved a request from client with Request header Except and value 100-Continue
    • This means that the client has requested to send a follow-up request.
    • 100 server status code response tells client to go ahead are send the follow-up request.
    417(Expectation Failed)
    • Server Responds with this code when it has recieved a request from client with Request header Except and value 100-Continuee
    • This means that the client has requested to send a follow-up request.
    • 417 server status code response tells client it will not accept any further follow-up requests.
    101 (SC_SWITCHING_PROTOCOLS)
    • server will comply with a HTTP request header Upgrade, that asks it to change to a different protocol to communicate with client.
    200 (SC_OK)
    • server responds with this to tell client that the request was successful.  Usually following a GET, POST request.
    • this is the default. for Servlet.  So, you do not have to set in Servlet.
    201 (SC_CREATED)
    • Server has created new document and the location is given by the HTTP response header LOCATION to follow.
    202 (SC_ACCEPTED)
    • Server tells client that they are processing the request but, are not finished yet.
    204 (SC_NO_CONTENT)
    • Server tells client browser to continue to display previous document as no new document is being sent.
    205 (SC_RESET_CONTENT)
    • Server tells client that no new document comming, but, please refresh current document.
    • Usefull to get HTML forms to clear,etc.
    206 (SC_PARTIAL_CONTENT)
    • Server says the following data is only part of the data to come.
    300 (SC_MULTIPLE_CHOICES)
    • Server says the requested document can be found in several places, which will be returned in the data the server is sending
    • If there is a following HTTP response LOCATION header, this will specified the preferred choice
    301 (SC_MOVED_PERMANENTLY)
    • Server tells client that the document requested has permanetly moved.  Must send an HTTP response header LOCATION that gives the new location.
    302 (SC_MOVED_TEMPORARILY)
    • same as 301 but, location in LOCATION response header is a temporary location, not a premanent position.
    304 (SC_NOT_MODIFIED)
    • Response to give to say that the document has not change.
    • A response to a client request which has the HTTP Request Header IF-MODIFIED-SINCE in it....which means the client is asking to send the requested document only if it is newer that the specified time in this header.
    305 (SC_USE_PROXY)
    • Server is telling client that the requested document can only be retrieved using the proxy listed in the HTTP Response Header LOCATION.
    401 (SC_UNAUTHORIZED)
    • Server telling client thehy are trying to access a password-protected page without proper id info in the HTTP request AUTHORIZATION header.  You must also send an HTTP response header of WWW_Authenticate
    403 (SC_FORBIDDEN)
    • Server refuses to fulfill the request.  Often used  because bad file permissions.
    404 (SC_NOT_FOUND)
    • Server can not find the resource reqeusted.
    500 (SC_INTERNAL_SERVER_ERROR)
    • Means servlet or CGI program, etc. has failed.

HTTP Response HEADERS
 
  • Can appear in any order, but, must follow directly the Servlet's creation of a status code.
  • To set call:
    • HttpServletResponse.setHeader("header", "value");
    • There are a few additional special methods as short-cuts you can use (see reading and below, and API)
  • See reading or  www.rfc-editor.org  (RFC 2616) for more headers.
  • NOTE:  Some of these are identical to  HTTP Request headers.
Header Meaning
Allow Specifies the request methods (GET, POST, etc) that the server supports
Cache-Control Tells clients under what circumstances the response document can be SAFELY cached. VALUES
  • public = allways cacheable
  • no-cache = never should be cached.
  • no-store = never cached, nor storedin temporary location on disk....used to prevent copies of sensitive info.
  • must-revalidate:  client must renew document with original server each time is used.
  • max-age = XXX:  document considered stale after xxx seconds.
Connection Values:
  • close = tells client not to use persistent HTTP connections
Content-Encoding Tells client the encoding scheme used to encode the data being sent by server.
Content-Language Tells client the language used in the data being sent
Content-Length Indicates number of bytes of response data being sent.
Content-Type Tells client the MIME type of the data being sent.
Date Gives the date.
  • can use HttpServletResponse.setDateHeader()
Expires gives time when data being sent is considered out of date
Last-Modified gives date when the document being sent was last modified.
Location indicates the location of the data/document (either a change,etc).
Refresh gives number of seconds in which the client browser should update the page.
Set-Cookie specifies a cookie associated with the page.
  • To set use:  HttpServletResponse.addCookie(..)
  • Can not use setHeader method.

Exercise

© Lynne Grewe