HTTP常用请求头与请求体实例

HTTP概要

HTTP协议(HyperText Transfer Protocol,超文本传输协议)是因特网上应用最为广泛的一种网络传输协议,所有的WWW文件都必须遵守这个标准。

HTTP基于TCP/IP通信协议来传递数据。

HTTP默认端口号为80。

(HTTPS默认端口号为443。)

HTTP请求与响应 

1.get无参请求与响应:

get无参请求(cookie有删减):

GET / HTTP/1.1
Host: www.baidu.com
Connection: keep-alive
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36
Sec-Fetch-Dest: document
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Cookie: BIDUPSID=ABC012398147;ZD_ENTRY=baidu

get无参请求对应的响应报文(响应体有删减):

HTTP/1.1 200 OK
Bdpagetype: 1
Bdqid: 0xe584e1b8000e5952
Cache-Control: private
Content-Encoding: gzip
Content-Type: text/html;charset=utf-8
Date: Thu, 16 Jul 2020 06:37:20 GMT
Expires: Thu, 16 Jul 2020 06:37:20 GMT
Server: BWS/1.1
Set-Cookie: BDSVRTM=1; path=/
Set-Cookie: BD_HOME=1; path=/
Set-Cookie: H_PS_PSSID=1447_32140_31253_32046_32230_31321_32259_32261; path=/; domain=.baidu.com
Strict-Transport-Security: max-age=172800
Traceid: 1594881440070543540216538591912002476370
X-Ua-Compatible: IE=Edge,chrome=1
Transfer-Encoding: chunked
Connection: keep-alive

<!DOCTYPE html><!--STATUS OK-->

    <html><head><meta http-equiv="Content-Type" content="text/html;charset=utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"><meta content="always" name="referrer"><meta name="theme-color" content="#2932e1"><meta name="description" content="全球最大的中文搜索引擎、致力于让网民更便捷地获取信息,找到所求。百度超过千亿的中文网页数据库,可以瞬间找到相关的搜索结果。">
    </script>

2.get有参请求与响应:

get有参请求(有删减):

GET /s?ie=utf-8&wd=get&rsv_sug7=100 HTTP/1.1
Host: www.baidu.com
Connection: keep-alive
Accept: */*
Sec-Fetch-Dest: empty
is_xhr: 1
X-Requested-With: XMLHttpRequest
is_referer: https://www.baidu.com/s?ie=utf-8&f=3&rsv_bp=1&rsv_sug4=6997
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Referer: https://www.baidu.com/s?ie=utf-8&f=8&rsv_bp=1&rsv_sug7=000&bs=get%E8%AF%B7%E6%B1%82%E6%9C%89%E8%AF%B7%E6%B1%82%E4%BD%93%E5%90%97
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Cookie: BIDUPSID=8C6D6577D7C; WWW_ST=1594881925661

get有参请求对应的响应(无删减):

HTTP/1.1 200 OK
Bdpagetype: 3
Bdqid: 0xe551123c00109c39
Content-Encoding: gzip
Content-Type: text/html
Date: Thu, 16 Jul 2020 06:45:26 GMT
Is_status: 1
Server: BWS/1.1
Set-Cookie: delPer=0; path=/; domain=.baidu.com
Set-Cookie: BD_CK_SAM=1;path=/
Set-Cookie: PSINO=2; domain=.baidu.com; path=/
Set-Cookie: BDSVRTM=197; path=/
Set-Cookie: H_PS_PSSID=1447_32140_31253_32046_32230_31321_32259_32261; path=/; domain=.baidu.com
Strict-Transport-Security: max-age=172800
Traceid: 1594881926039656500216524008556707486777
Vary: Accept-Encoding
X-Ua-Compatible: IE=Edge,chrome=1
Content-Length: 78
Connection: keep-alive

<div><div id="__status">0</div><div id="__redirect">0</div><div id="__switchtime">0</div></div>

需要注意的点:

(1)get请求传递参数在url中,"?"后,例如【/s?ie=utf-8&wd=get&rsv_sug7=100】

(2)此时实际访问的url为:【https://www.baidu.com/s?ie=utf-8&wd=get&rsv_sug7=100】,是get后的参数与host拼接成的。

(3)严格来说,get是可以带请求体的,不过大部分服务器会忽略(丢弃)get中的请求体;以及违背了安全性原则,会导致缓存机制失效(不安全的数据不会缓存)。详情可见https://my.oschina.net/airship/blog/3081424

(4)服务器在解析有参get与post时,都可以使用getParameter()的方法拿出来(java方法),区别不大。

(5)目前的代码样例是规范的,get没有请求体。

 

3.post有参请求与响应(键值对)

post有参请求(无删减):

POST /Login/index HTTP/1.1
Host: www.everyonepiano.cn
Connection: keep-alive
Content-Length: 207
Cache-Control: max-age=0
Origin: https://www.everyonepiano.cn
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36
Sec-Fetch-Dest: document
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Referer: https://www.everyonepiano.cn/Login?page=login
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=e8b11f164555704a82cfae9619da9fb9; think_language=zh-CN

username=alsdkfjla%3Bdskfj&password=alsda%3Bfkjka%3Bs&submit=1&care_url=https%3A%2F%2Fwww.everyonepiano.cn%2F&backsure=&backurl=&go=&__hash__=2ca285a02068d544d718761d69e912cf_4786a46c6dcdcc3c12aff75bb80955aa

post有参请求对应的响应(有删减):

HTTP/1.1 200 OK
Cache-Control: private
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Server: WWW Server/1.1
Set-Cookie: username=deleted; expires=Wed, 17-Jul-2019 08:00:57 GMT; path=/; domain=everyonepiano.cn
Set-Cookie: password=deleted; expires=Wed, 17-Jul-2019 08:00:57 GMT; path=/; domain=everyonepiano.cn
Set-Cookie: remember=deleted; expires=Wed, 17-Jul-2019 08:00:57 GMT; path=/; domain=everyonepiano.cn
Set-Cookie: menunew=6-6-6-6; expires=Sun, 19-Jul-2020 08:00:58 GMT; path=/
Set-Cookie: menunew=6-6-6-6; expires=Sun, 19-Jul-2020 08:00:58 GMT; path=/
Set-Cookie: menunew=6-6-6-6; expires=Sun, 19-Jul-2020 08:00:58 GMT; path=/
Set-Cookie: menunew=6-6-6-6; expires=Sun, 19-Jul-2020 08:00:58 GMT; path=/
Set-Cookie: menunew=6-6-6-6; expires=Sun, 19-Jul-2020 08:00:58 GMT; path=/
Set-Cookie: menunew=6-6-6-6; expires=Sun, 19-Jul-2020 08:00:58 GMT; path=/
X-Powered-By: ThinkPHP
X-Safe-Firewall: zhuji.360.cn 1.0.8.6 F1W1
Date: Thu, 16 Jul 2020 08:00:58 GMT
Content-Length: 24357
Connection: close

<!doctype html>
<html>
<head>
<meta charset="utf-8">

需要注意的点:

(1)此时post实际访问的网址为【https://www.everyonepiano.cn/Login/index】,是post后的url与host拼接成的;

(2)post的请求参数在body中,也是键值对的形式。

(3)post发送键值对时,一般请求头有:【Content-Type: application/x-www-form-urlencoded;charset=UTF-8】

4.post发送json请求:

post有参请求(json):

:method: POST
:authority: passport.csdn.net
:scheme: https
:path: /v1/register/pc/login/doLogin
content-length: 1747
accept: application/json, text/plain, */*
sec-fetch-dest: empty
x-requested-with: XMLHttpRequest
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36
x-tingyun-id: im-pGljNfnc;r=888813786
content-type: application/json;charset=UTF-8
origin: https://passport.csdn.net
sec-fetch-site: same-origin
sec-fetch-mode: cors
referer: https://passport.csdn.net/login?code=public
accept-encoding: gzip, deflate, br
accept-language: zh-CN,zh;q=0.9
cookie: uuid_tt_dd=10_17447173020-1594867082496-217710
cookie: dc_session_id=10_1594867082496.622646
cookie: c_first_ref=www.baidu.com
cookie: dc_sid=abd45ba3533ad29a18f8c13b46b24055
cookie: Hm_up_6bcd52f51e9b3dce32bec4a3997715ac=%7B%22islogin%22%3A%7B%22value%22%3A%220%22%2C%22scope%22%3A1%7D%2C%22isonline%22%3A%7B%22value%22%3A%220%22%2C%22scope%22%3A1%7D%2C%22isvip%22%3A%7B%22value%22%3A%220%22%2C%22scope%22%3A1%7D%7D
cookie: Hm_ct_6bcd52f51e9b3dce32bec4a3997715ac=6525*1*10_17447173020-1594867082496-217710
cookie: __gads=ID=2903463479c099dd:T=1594867088:S=ALNI_MbOss36SzV25SCDEGlhe-4KZIMd0g
cookie: c-toolbar-writeguide=1
cookie: c_first_page=https%3A//blog.csdn.net/u010361662/article/details/54645470/
cookie: Hm_lvt_6bcd52f51e9b3dce32bec4a3997715ac=1594869642,1594885025,1594885092,1594885632
cookie: c-login-auto=9
cookie: announcement=%257B%2522isLogin%2522%253Afalse%252C%2522announcementUrl%2522%253A%2522https%253A%252F%252Flive.csdn.net%252Froom%252FPayPal_pp%252F59oaV3tv%253Futm_source%253Dan_1594008357%2522%252C%2522announcementCount%2522%253A0%252C%2522announcementExpire%2522%253A3600000%257D
cookie: SESSION=5930c879-1751-4f70-b8cb-a01978691083
cookie: TY_SESSION_ID=8b5b3787-d244-42a8-9d71-cfe091810c8c
cookie: c_ref=https%3A//blog.csdn.net/lyhDream/article/details/90346590
cookie: c_page_id=https%3A//passport.csdn.net/login
cookie: dc_tos=qdk02l
cookie: Hm_lpvt_6bcd52f51e9b3dce32bec4a3997715ac=1594888798

{"loginType":"1","pwdOrVerifyCode":"123123123","userIdentification":"123213123","uaToken":"125#aW1canOCcW04J5rIggfKFHTVjION3ytfLw/It235Bpp98gY6Q80hvOz2QwjSU1MuLtvHo7gdstI1ycJFOrvB9xtk0zT/LPdtuo6LHD4DCsmDZNDjansZFwe0uNZZZGQmHECfnYM6TtyiNJNhYoFGZFPqxXIK1GT0z12jTxItyr1fydRzdbIIiXhXhDDk77JjpgE/lEJ/+aLnMPeohBkzSnrc5AcuPRI971BHaV+7R7pa0dDagZbS/fiarVPwQdNCnTnA2dalxHQj0C4OUC11Gil+FAWFi6yeKGPKhPWDgoDkX+adf2nFq0d+JqKiD6uanMyt76alM1/lmuDtKfIAy4fQLMhuYYnyF010pX9RVyKomQuT5mLqyaEiMe/Wg9VI/oB7A2I5TMNzJOo/wbSyKpjYSp0vPSAY0Xd87D7FOENBVIRbiuFZppocvLXUKxjlg1esDARJHcqpCAWKEJt1oPxoT23vvBeaSuPSrORINzbRvA8dTQel61vJ1JUoYJcSd2jlxj6uQKXaIZrr1+Xz7yAIMwWklKBQ3bwYPj0VAJ9fIdZM3v+vsPr1DlE464a67hrhGUI+rDAOpjuyWoVehQUGqEpBz/nXlmim/IfAf5jfJrhmEh2twE+Z/fKtc6k/DaYjgxS24Fjx7kJBA3txV+KAWjLvDobgv9YdgbhuRRbReMq4u1JvJ8P8apW3deh1AKBbbgGesqC3Ciz2n6VNUjcScvsOcgDbUgsLbhf4YbEpfp0p/Bo4gXi4cCcm5NyBiR5SkK2fT/e2eNhW/vsPsb4GcL12TGk2UjcSKX5fm5SNaKXDtbuVS37tRSO2Oy+3Le1XCMmv+7zHvBxp4fXHda5aoQ9+2ebl566dV5jmAWangUZDeidaLO8RCNmrXGCuUJYbtvY057MlciHcJa3dmxhqf2wTQlddWn5PNXJKT9D+1bca+OtdFIf9EwmyqmGV9AfjWsBSIUDkkFarnZ27kOzg/uJciGm4zJihCwAoGZbSqoagTgbHZV0OUfOxbrBNQTOWmNIe1mwmAEiQHtveIKeMRbxjq9lAk9eyJsBaCmLAA6Qb1UkTgWT2xs2vkeUNTQ2dTrBILK4pg+Fy6TEMsUvmcCg2ew929DffuVR4wkpjkZ3K6zXvV8EVQD4uYHZ9YJ/H1Ot9/yDnmO9CrVZS+WpwlbK1/cw2/W4eF2dEF0jNfAmSrewDr5yktWbxpCz6SKma+e8JfMEQDk6dj8uuqes919pBmFPY3ZLw4fCxRdPXt8vB/LNFFnWBf3gBNL2iztRbSEt7vR4t/c5HNoHhk4KCCNXcB/zPW8wm3XHm2HyqacPzgPOTKGHXvT/b72cB+J+loFCElx8qHi9ppF3Cyz12ZDWr/A1RhOqYJzaU1Lw4eKS0c7OMvM/B3pI+WdhkUT9AnyKlRhsqCQntBvhfrkUb+uO+S8/nEOv8W69aJyHs9wRALumOURN18TWSoHBc5teW9gHYKbV0PrHGwqve8IuIdBpmZM6alxOJnTtSySa7EgBAnWak4cr78zWwj+FmlGeWmwj=","webUmidToken":"T2gAa9-9McNIEvOIQqM6VhclPto4T5FzaQ9hxMquxP5lUU-W6COosdjaoMF5mNgQrnsh_b5pMA11pRGQknK5y68r"}

post请求对应的响应:

:status: 400
server: openresty
date: Thu, 16 Jul 2020 08:40:14 GMT
content-type: application/json;charset=utf-8
x-application-context: application:production

{"message":"用户名或密码错误","status":false,"code":"1039"}

需要注意的点:

(1)这个请求与响应是CSDN的登录页面抓到的

(2)这个请求与响应的格式不太标准,可能是软件问题或缓存问题

(3)总之,发送json请求时,请求头需要有:【content-type: application/json;charset=UTF-8】;如果接收的也是json,也需要有类似的:【accept: application/json, text/plain, */*】;其中*/*表示任意格式的响应都可以接收。

(4)json格式的数据放在请求体中。

(5)响应头中对应的有:【content-type: application/json;charset=utf-8】,json数据在响应体中。

 

5.post接收json响应:

post请求(无删减):

POST /LcSolrSearch.go HTTP/1.1
Host: www.chinawealth.com.cn
Connection: keep-alive
Content-Length: 270
Accept: application/json, text/javascript, */*; q=0.01
Sec-Fetch-Dest: empty
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: https://www.chinawealth.com.cn
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Referer: https://www.chinawealth.com.cn/zzlc/jsp/lccp.jsp
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Cookie: JSESSIONID=0000HldREUD0UnwQC9kn6HuT8uH:-1; BIGipServerPool_licai_webapp=27596042.31011.0000; _pk_ses.3.8bc7=*; _pk_id.3.8bc7=1230638ca85c0022.1594887206.1.1594887233.1594887206.

cpjglb=&cpyzms=&cptzxz=&cpfxdj=&cpqx=&cpsylx=&cpzt=02&mjfsdm=01%2CNA&cpdjbm=&cpmc=&cpfxjg=%E4%B8%AD%E5%9B%BD%E5%BB%BA%E8%AE%BE%E9%93%B6%E8%A1%8C%E8%82%A1%E4%BB%BD%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8&mjqsrq=&mjjsrq=&areacode=&tzzlxdm=03%2C05%2CNA&pagenum=1&orderby=&code=

json响应(有删减):

HTTP/1.1 200 OK
Date: Thu, 16 Jul 2020 08:12:16 GMT
Server: WebSphere Application Server/8.0
X-Powered-By: Servlet/3.0
Content-Type: text/javascript;charset=utf-8
Content-Language: zh-CN
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: no-cache="set-cookie, set-cookie2"
Set-Cookie: count=1; Expires=Thu, 16-Jul-20 08:12:46 GMT
Transfer-Encoding: chunked
Connection: keep-alive

{"Count":66,"List":[{"ljjz":"","yjkhzdnsyl":"3.5"}]}

需要注意的点:

(1)这个样例的请求是post键值对形式

(2)响应体中的数据是json格式的

(3)请求头中有:【Accept: application/json】,因此可以接收json数据

(4)响应头中使用的是【Content-Type: text/javascript】,不过由于请求头已注明,因此也可以accept这类内容。

 

6.图片的请求与响应

get请求图片:

:method: GET
:authority: passport.csdn.net
:scheme: https
:path: /applogo.png
pragma: no-cache
cache-control: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36
sec-fetch-dest: image
accept: image/webp,image/apng,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
referer: https://passport.csdn.net/login?code=public
accept-encoding: gzip, deflate, br
accept-language: zh-CN,zh;q=0.9
cookie: uuid_tt_dd=10_17447173020-1594867082496-217710
cookie: dc_session_id=10_1594867082496.622646
cookie: c_first_ref=www.baidu.com
cookie: dc_sid=abd45ba3533ad29a18f8c13b46b24055
cookie: SESSION=5930c879-1751-4f70-b8cb-a01978691083
cookie: TY_SESSION_ID=8b5b3787-d244-42a8-9d71-cfe091810c8c
cookie: c_ref=https%3A//blog.csdn.net/lyhDream/article/details/90346590
cookie: c_page_id=https%3A//passport.csdn.net/login
cookie: dc_tos=qdk02l
cookie: Hm_lpvt_6bcd52f51e9b3dce32bec4a3997715ac=1594888798

对应的响应:

:status: 200
server: openresty
date: Thu, 16 Jul 2020 08:50:25 GMT
content-type: image/png
content-length: 3700
last-modified: Tue, 14 Jul 2020 09:08:22 GMT
etag: "5f0d7606-e74"
accept-ranges: bytes
strict-transport-security: max-age=31536000

PNG

HDR

需要注意的点:

(1)这个请求头与请求体的格式也不太标准,可能是抓包软件的原因。

(2)请求头中有多个cookie键。

(3)请求头中写明accept的是image。

(4)响应头中有:【content-type: image/png】,并且响应体中有图片的字节流;由于是特殊符号,因此无法复制到代码块;以下是字节流截图:

 

点击抓包工具的Image标签,可以看到图片的样子:

 

总结

以上便是HTTP常用请求头与请求体的实例。

先记录在这里,之后需要查找时就方便多了。

posted @ 2020-07-16 16:58  codeToSuccess  阅读(3209)  评论(0编辑  收藏  举报