ch02_03.htm

用perl编写CGI的好书。本书从解释CGI和底层HTTP协议如何工作开始

<?label 2.3. Browser Requests?><html><head><title>Browser Requests (CGI Programming with Perl)</title><link href="../style/style1.css" type="text/css" rel="stylesheet" />

<meta name="DC.Creator" content="Scott Guelich, Gunther Birznieks and Shishir Gundavaram" /><meta scheme="MIME" content="text/xml" name="DC.Format" /><meta content="en-US" name="DC.Language" /><meta content="O'Reilly & Associates, Inc." name="DC.Publisher" /><meta scheme="ISBN" name="DC.Source" content="1565924193L" /><meta name="DC.Subject.Keyword" content="stuff" /><meta name="DC.Title" content="CGI Programming with Perl" /><meta content="Text.Monograph" name="DC.Type" />

</head><body bgcolor="#ffffff">

<img src="gifs/smbanner.gif" alt="Book Home" usemap="#banner-map" border="0" /><map name="banner-map"><area alt="CGI Programming with Perl" href="index.htm" coords="0,0,466,65" shape="rect" /><area alt="Search this book" href="jobjects/fsearch.htm" coords="467,0,514,18" shape="rect" /></map>

<div class="navbar"><table border="0" width="515"><tr><td width="172" valign="top" align="left"><a href="ch02_02.htm"><img src="../gifs/txtpreva.gif" alt="Previous" border="0" /></a></td><td width="171" valign="top" align="center"><a href="index.htm">CGI Programming with Perl</a></td><td width="172" valign="top" align="right"><a href="ch02_04.htm"><img src="../gifs/txtnexta.gif" alt="Next" border="0" /></a></td></tr></table></div>
<hr align="left" width="515" />


<h2 class="sect1">2.3. Browser Requests</h2>



<p>Every HTTP interaction starts with a request from a client, typically
a web <a name="INDEX-291" /> <a name="INDEX-292" />browser. A user provides a URL to the
browser by typing it in, clicking on a hyperlink, or selecting a
bookmark, and the browser fetches the corresponding document. To do
that, it must create an HTTP request (see <a href="ch02_03.htm#ch02-98871">Figure 2-4</a>).</p>



<a name="ch02-98871" /><div class="figure"><img width="260" src="figs/cgi2.0204.gif" height="45" alt="Figure 2-4" /></div><h4 class="objtitle">Figure 2-4. The structure of HTTP request headers</h4>

<p>Recall that in our previous example, a web browser generated the
following request when it was asked to fetch the URL <em class="emphasis">http://localhost/index.html </em>:</p>



<blockquote><pre class="code">GET /index.html HTTP/1.1
Host: localhost
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/xbm, */*
Accept-Language: en
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 4.5; Mac_PowerPC)
.
.
.</pre></blockquote>



<p>From our discussion of URLs, you know that the URL can be broken down
into multiple elements. The browser creates a network connection by
using the hostname and the port number (<tt class="literal">80</tt> by
default). The scheme (<tt class="literal">http</tt>) tells our web browser
that it is using the HTTP protocol, so once the connection is
established, it sends an HTTP request for the resource. The first
line of an HTTP request is the <a name="INDEX-293" /> <a name="INDEX-294" />request line, which includes a
full virtual path and query string (if present); see <a href="ch02_03.htm#ch02-76971">Figure 2-5</a>.</p>



<a name="ch02-76971" /><div class="figure"><img width="199" src="figs/cgi2.0205.gif" height="46" alt="Figure 2-5" /></div><h4 class="objtitle">Figure 2-5. The request line</h4>

<a name="ch02-6-fm2xml" /><div class="sect2">
<h3 class="sect2">2.3.1. The Request Line</h3>



<p>The first line of an HTTP <a name="INDEX-295" />
<a name="INDEX-296" /> <a name="INDEX-297" />request includes the request method, a URL
to the resource being requested, and the <a name="INDEX-298" />version string of the protocol.
<a name="INDEX-299" /> <a name="INDEX-300" /> <a name="INDEX-301" /> <a name="INDEX-302" />Request methods are
case-sensitive and uppercase. There are several request methods
defined by HTTP although a web server may not make all of them
available for each resource (see <a href="ch02_03.htm#ch02-57144">Table 2-1</a>). The
version string is the name and version of the protocol separated by a
slash. HTTP 1.0 and HTTP 1.1 are represented as
<tt class="literal">HTTP/1.0</tt> and <tt class="literal">HTTP/1.1</tt>. Note
that <tt class="literal">https</tt> requests also produce one of these two
HTTP protocol strings.</p>



<a name="ch02-57144" /><h4 class="objtitle">Table 2-1. HTTP Request Methods</h4><table border="1">



<tr>
<th>
<p>Method</p></th>
<th>
<p>Description</p></th>
</tr>






<tr>
<td>
<p>GET</p></td>
<td>
<p>Asks the server for the given resource</p></td>
</tr>


<tr>
<td>
<p>HEAD</p></td>
<td>
<p>Used in the same cases that a GET is used but it only returns HTTP
headers and no content</p></td>
</tr>


<tr>
<td>
<p>POST</p></td>
<td>
<p>Asks the server to modify information stored on the server</p></td>
</tr>


<tr>
<td>
<p>PUT</p></td>
<td>
<p>Asks the server to create or replace a resource on the server</p></td>
</tr>


<tr>
<td>
<p>DELETE</p></td>
<td>
<p>Asks the server to delete a resource on the server</p></td>
</tr>


<tr>
<td>
<p>CONNECT</p></td>
<td>
<p>Used to allow secure SSL connections to tunnel through HTTP
connections</p></td>
</tr>


<tr>
<td>
<p>OPTIONS</p></td>
<td>
<p>Asks the server to list the request methods available for the given
resource</p></td>
</tr>


<tr>
<td>
<p>TRACE</p></td>
<td>
<p>Asks the server to echo back the request headers as it received them</p></td>
</tr>



</table>



<p>Of the request methods listed in <a href="ch02_03.htm#ch02-57144">Table 2-1</a>, the
three you will encounter most often when writing CGI scripts are GET,
HEAD, and POST. However, let's first take a look at why the PUT
and DELETE methods are not used with CGI.</p>



<a name="ch02-7-fm2xml" /><div class="sect3">
<h3 class="sect3">2.3.1.1. PUT and DELETE</h3>



<p>The Web was originally conceived as a medium where users could both
read and write content. However, the Web took off initially as a
read-only medium and it is only through Web Distributed Authoring and
Versioning (WebDAV) that interest is returning to the ability to
write content to the Web. The <a name="INDEX-303" /> <a name="INDEX-304" /> <a name="INDEX-305" />
<a name="INDEX-306" />
<a name="INDEX-307" />PUT and DELETE methods tell the server
to create, replace, or remove the resource they are directed at. Note
that this means that if one of these requests is targeted at a CGI
script (assuming the request is valid), the CGI script will be
replaced or removed, but not executed. Thus, you do not need to worry
about these request methods within your CGI scripts. While it might
be possible to remap a PUT or DELETE request directed at a particular
URL so that a different CGI script handles it, such a discussion of
WebDAV implementation is beyond the scope of this book.</p>
</div>





<a name="ch02-8-fm2xml" /><div class="sect3">
<h3 class="sect3">2.3.1.2. GET</h3>



<p><em class="firstterm">GET</em>
<a name="INDEX-308" />
<a name="INDEX-309" />
<a name="INDEX-310" /> is the standard request method for
retrieving a document via HTTP on the Web. When you click on a
hyperlink, type a location into your browser, or click on a bookmark,
the browser generally creates a GET request for the URL you
requested. GET requests are intended only to retrieve resources and
should not have side effects. They should not alter information
maintained on the web server; POST is intended for that purpose. GET
requests do not have a content body.</p>



<p>In practice, some CGI developers do not understand nor follow the
policy that GET requests should not have side effects, even though it
is a good idea to do so. Because web browsers assume that GET
requests have no side effects, they may be carefree about making
multiple requests for the same document. For instance, if the user
presses the browser's "back" button to return to a
page that was originally requested via GET and is no longer in the
browser's cache, the browser may GET a new copy. If the
original request was via POST, however, the user would instead
receive a message that the document is no longer available in the
cache. If the user then decides to reload the request, he or she will
generally receive a dialog confirming that they wish to resend the
POST request. These features help the user avoid mistakenly sending a
request multiple times when the request would modify information
stored on the server.</p>
</div>





<a name="ch02-9-fm2xml" /><div class="sect3">
<h3 class="sect3">2.3.1.3. HEAD</h3>



<p>You <a name="INDEX-311" />
<a name="INDEX-312" />
<a name="INDEX-313" />may have
noticed that we said that your web browser
<em class="emphasis">generally</em> creates a GET request to fetch
resources you have requested. If your browser has previously
retrieved a resource, it may be stored within the browser's
cache. In order for the browser to know whether to display the cached
copy or whether to request a fresh copy, the browser can send a
<em class="firstterm">HEAD</em> request. HEAD requests are formatted
exactly like GET requests, and the server responds to it exactly like
a GET request with one exception: it sends only the HTTP headers, it
doesn't send the content. The browser can then check the
meta-information contained in the headers, such as the modification
date of the resource, to see if it has changed and whether it should
replace the cached version with the newer version. HEAD requests do
not have a content body either.</p>



<p>In practice, you can treat HEAD requests the same as GET requests in
your CGI scripts, and the web server will truncate the content of
your responses and return only headers. For this reason, we will
rarely discuss to the HEAD request method in this book. If you are
concerned about performance, you may wish to check the request method
yourself and conserve resources by not generating content for HEAD
requests. We will see how your script can determine the request
method in the next chapter.</p>
</div>





<a name="ch02-10-fm2xml" /><div class="sect3">
<h3 class="sect3">2.3.1.4. POST</h3>



<p><em class="firstterm">POST</em>
<a name="INDEX-314" /> <a name="INDEX-315" />
<a name="INDEX-316" /> is used
with HTML forms to submit information that alters data stored on the
web server. POST requests always include a body containing the
submitted information formatted like a query string. POST requests
thus require additional headers specifying the length of the content
and its format. These headers are described in the following section.</p>



<p>Although POST requests should only be used to modify data on the
server, CGI developers commonly use POST requests for CGI scripts
that simply return information, but do not modify data. This practice
is more common and less dangerous than the reverse
situation -- using GET to modify data on the server. Developers
use POST for any number of reasons:</p>



<ul><li><p>Some developers believe that forms submitted via POST offer greater
security over those submitted via GET because a user cannot modify
the values within the URL in the browser as they can with GET. This
reasoning is flawed. Knowledgeable users, as we will see in our
security discussion in <a href="ch08_01.htm">Chapter 8, "Security"</a>, can easily find
ways around this.</p></li><li><p>The responses to resources received via POST cannot be bookmarked or
hyperlinked (at least without using a bookmarklet; see <a href="ch07_01.htm">Chapter 7, "JavaScript"</a>). Although this is generally inconvenient for
the user, sometimes this is the preferred behavior.</p></li></ul>
<p>Note that users may encounter browser warnings about expired pages if
they attempt to revisit cached pages obtained <a name="INDEX-317" /> <a name="INDEX-318" /> <a name="INDEX-319" />via POST.</p>
</div>
</div>








<a name="ch02-11-fm2xml" /><div class="sect2">
<h3 class="sect2">2.3.2. Request Header Field Lines</h3>



<p>The client generally sends several <a name="INDEX-320" />
<a name="INDEX-321" />
<a name="INDEX-322" />header fields with its request. As
mentioned earlier, these consist of a field name, a colon, some
combination of spaces or tabs (although one space is most common),
and a value (see <a href="ch02_03.htm#ch02-60820">Figure 2-6</a>). These fields are used
to pass additional information about the request or about the client,
or to add conditions to the request. We'll discuss the common
browser headers here; they are listed in <a href="ch02_03.htm#ch02-38477">Table 2-2</a>. Those connected with content negotiation and
caching are discussed later in this chapter.</p>



<a name="ch02-60820" /><div class="figure"><img width="177" src="figs/cgi2.0206.gif" height="45" alt="Figure 2-6" /></div><h4 class="objtitle">Figure 2-6. A header field line</h4>


<a name="ch02-38477" /><h4 class="objtitle">Table 2-2. Common HTTP Request Headers</h4><table border="1">



<tr>
<th>
<p>Header</p></th>
<th>
<p>Description</p></th>
</tr>






<tr>
<td>
<p>Host</p></td>
<td>
<p>Specifies the target hostname</p></td>