shiny new http shit
TRANSCRIPT
Shiny new* HTTP shit.Mark Nottingham
* or coming sometime soon. Or old shit that you probably don’t know about.
New Specs.
HTTPbis
• IETF Working Group to clean up the mess.
• One 176 page spec -> Seven modular specs
• Mere mortals SHOULD now be able to understand.
header i18n
• HTTP/1.1 makes headers Latin-1
• Can encode using RFC2231, but that’s freaking MIME!
• Asia, rest of world: “pls fix this kthxbye.”
• draft-reschke-rfc2231-in-http
HTTPstate
• Netscape Specification - NOT COMPLETE
• RFC2109 - WRONG
• RFC2965 - FAIL
• IETF Working Group to document reality.
Stale Controls
• Two Cache-Control extensions:
• Hide latency by serving stale content while doing an async refresh.
• Serve stale content if there’s a problem.
• RFC5861
Prefer
• Allow clients to ask for an empty response
• E.g., on a POST / PUT API
• draft-snell-http-prefer-02
Link
• HTTP header to express typed links
• Coordination between Atom, HTML5, W3C TAG, RDF, IETF, IESG...
• Registry of link relation types
• Build protocols -- e.g., discovery
• draft-nottingham-http-link-header-10
PATCH
• Send a diff to a resource to update it
• Think of it as a partial PUT
• Requires client support
• RFC5789
CORS
• “Cross-Origin Resource Sharing”
• Protocol to enable cross-site requests
• e.g., in XmlHttpRequest
Misc. Security Headers
• X-Content-Security-Policy
• X-Content-Type-Options
• X-Download-Options
• X-Frame-Options
• X-XSS-Protection
Shit that Might Happen.
Optimised Long Poll
• (a.k.a. Comet)
• Intermediary fan-out
• Connection hinting
Signed Responses
• Intermediaries should look but not touch.
• Signing the response bytes + some headers
• Allows caches to work without worrying about integrity / modification.
• SINE
SPDY
• HTTP header compression
• Connection multiplexing
• Semi-binary encoding
• Two-way?
New Implementations.
Apache Traffic Server
• 4 Core HT box = 75,000 req/sec
• 16ms latency at that load
node.js
• Just really cool.
Other Shit.
Back-End Caching
• Memcache vs. [ Squid | Traffic Server ]
Browsers
• BrowserScope
Browser APIs
• Cache-Control
• Connection hinting
• Invalidation
Edge Processing
• ESI
REDbot
• Check your HTTP resources for common problems, cacheability and more:http://redbot.org/