The RFC index ( https://tools.ietf.org/rfc/index ) suggests that HTTP Version 2 (RFC7540) and HTTP 1.1 (RFC2068) both have a standard of PROPOSED STANDARD but are pretty well industry standard for HTTP. Does the IETF explicitly or implicitly track RFCs which have been widely accepted, or have a formalized acceptance process?
Related
RTSP 1.0's RFC2326 uses RFC2617 for WWW Authentication, which is the same used for HTTP authentication. This 2617 is old and only covers MD5. I know that RTSP 2.0 is out but I'm working on 1.0. Lots of IP cameras still implement 1.0 only.
I guess some cameras might use SHA1. SHA2 might be too new, I don't know if they use but it's possible.
Which RFC should I read to bring SHA1 and possibly SHA2 to RTSP 1.0? Should I just use the latest WWW Authentication RFC, if such exists?
Actually, RFC 2326 predates RFC 2617, so pedantically speaking, it used an even older version of HTTP auth.
It appears you are interested in "Digest" authentication. The relevant spec for that nowadays is RFC 7616. It's supposed to be backwards-compatible, so I would recommend it as the definitive source.
Just be aware of the changes compared to older specs, which the devices you want to talk to might not implement: https://www.rfc-editor.org/rfc/rfc7616#appendix-A
I'm thinking to start a side project to learn how HTTP servers are built.
I started searching for it and came to know that the specifications are mentioned in RFC documents.
But there are over 8200 RFCs as of August 2017.
Further searching about it got me specific RFC to use for HTTP i.e., RFC2616 on software engineering stackexchange here. There is a comment that says "In 2014, RFC2616 was replaced by multiple RFCs (7230-7237)."
So, do we need to abandon RFC2616 completely and read RFCs(7230-7237)?
We can clearly see on RFC2616 that Obsoleted by RFC 7230, RFC 7231, RFC 7232, RFC 7233, RFC 7234, RFC 7235.
So, what are the RFCs for building HTTP server? Should I only read the documents mentioned as Obsoleted by?
Yes, you just need RFCs 7230..7236 (for HTTP/1.1) and RFC 7540+7541 (for HTTP/2).
I have found that Qt doesn't support status code 308. I was wondering why that is. I'm also aware that not all subtasks of the "Implement HTTP 2" Qt task are completed. So, if 308 was introduced in HTTP 2, I will beware that doing a custom implementation of 308 in my Qt app might be near-impossible.
I have checked the HTTP 1.1 spec and it seems 308 is absent there.
Am I right in deducing 308 was introduced in HTTP 2?
1) RFC 2616 isn't "the" HTTP spec anymore. It has been obsoleted a few years ago by RFCs 7230 etc.
2) Status codes do not need to be defined in the base specs; 308 is defined in RFC 7538. The list of assigned status codes is at https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml
3) And no, there's no direct relation to HTTP/2. In general, status codes are independent of the protocol version.
Nowadays, I'm reading Front-End Developer Handbook. Because I want to be successfull front-end developer. I've read Coderbyte's guide. There is also an HTTP suggestion in the article.
I researched for HTTP resources. i've found these links:
https://developer.mozilla.org/en-US/docs/Web/HTTP
http://httpwg.org/specs/
https://httpstatuses.com/
http://chimera.labs.oreilly.com/books/1230000000545/index.html
https://code.tutsplus.com/tutorials/http-the-protocol-every-web-developer-must-know-part-1--net-31177
https://code.tutsplus.com/tutorials/http-the-protocol-every-web-developer-must-know-part-2--net-31155
So, I'm looking for different resources to learn HTTP, DNS, Browsers. What are your suggestions to learn HTTP, DNS and Browsers?
Disclaimer: Don't be surprised if this question gets closed. Asking for this kind of resources is off topic here. I would post it a comment, but the content wouldn't fit well, hence I'm posting it as an answer.
RFCs
The RFC's 7230-35 are the official references for the HTTP/1.1 protocol and these document define how HTTP is supposed to work:
RFC 7230: Message Syntax and Routing
RFC 7231: Semantics and Content
RFC 7232: Conditional Requests
RFC 7233: Range Requests
RFC 7234: Caching
RFC 7235: Authentication
For the HTTP/2 protocol, consider the following RFCs:
RFC 7540: Hypertext Transfer Protocol Version 2 (HTTP/2)
RFC 7541: HPACK: Header Compression for HTTP/2
It is worthwhile to mention that documents such as RFC 1945, RFC 2068, RFC 2616 and RFC 2617 are obsoleted and must not be used as reference anymore.
In fact, RFCs are official references and are not meant to be tutorials. RFCs are like legal contracts. If you are looking for something close to a tutorial, I recommend the next resource below.
Mozilla Developer Network web docs
The MDN web docs about HTTP is also a credible source.
I found chapter one of the O'Reilly book "Designing Evolvable Web APIs with ASP.NET" to be a really good summary of HTTP. The book in general is aimed at .NET but the initial chapter is not.
You can read it online free: http://chimera.labs.oreilly.com/books/1234000001708/ch01.html
The most fundamental work from what I have read is The TPC/IP Guite
http://www.tcpipguide.com/free/t_TCPIPHypertextTransferProtocolHTTP.htm
you can call the book 'How the Internet works'
btw it's free
I'd suggest the free book: HTTP Succintly as a great starting point before deep diving into the RFCs.
Currently I'm implementing a HTTP server targeted at extremely constraint environments (I'd loved to use something readily available, but there was nothing matching my needs).
The HTTP/1.1 protocol is a tricky beast with lots of caveats (the RFC is one thing, but the actual specification is "HTTP is whatever Apache accepts" ;) )
I'd like my HTTP server to be as conformant as possible and for that I must test it of course. So I'm looking for a tool that can reliably and reproducible craft HTTP queries, most importantly also the uncommon cases, like Chunked Transfer + Multipart POST in a single query (my attempts at making curl, wget, Firefox, Chromium or Opera creating such a query were fruitless).
TL;DR: I need a tool for testing HTTP/1.1 protocol server implementations.