recentpopularlog in

mcherm : http   23

RFC 7231 - Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content
Instead of telling people that certain HTTP methods are supposed to be idempotent, I should give out this link to the spec definitions of "safe" and "idempotent" which are clearly specified and explained.
standards  web  http  REST  reference  via:HackerNews 
february 2019 by mcherm
Google's QUIC protocol: moving the web from TCP to UDP
Google has an experimental (but in use in the real world) protocol for sending HTTP traffic (encrypted) over UDP instead of TCP with 10% of bandwidth reserved for filling in for missing packets. It's designed to be faster than TCP, especially when loading multiple resources in the same stream (like web pages).
networking  http  web  google  via:HackerNews 
august 2016 by mcherm
The HTTP 451 Error Code for Censorship Is Now an Internet Standard | Motherboard
Yes, there is now an OFFICIAL http error code for use when you have been legally required to censor some material.
http  standards  censorship  internet  via:boingboing 
december 2015 by mcherm
Choosing an HTTP Status Code — Stop Making It Hard | Racksburg
This article recommends a certain policy on the use of http response codes, and I think it actually has really good advice.
REST  http  internet  webdevelopment  via:HackerNews 
december 2015 by mcherm
"The Tussle": Why HTTP/2 Does Not Require Encryption
It's actually an insightful comment on the role that standards can and should play.
standards  security  via:reddit  http 
february 2015 by mcherm
The Several Million Dollar Bug - Jacques Mattheij
He says a server can send the HTTP response BEFORE receiving the request.
http  internet 
june 2014 by mcherm
Lunatech Blog: What every web developer must know about URL encoding
Some details about how to encode URLs. Encoding can be done with %xx replacement, but other things are allowed in different parts of the URL and so technically decoding requires a syntax-aware parser.
programming  html  http  webdevelopment  webdev  via:HackerNews 
june 2013 by mcherm
Cripple the Google CDN's caching with a single character » Encosia
You can specify NO protocol in a URL in order to use the protocol of the page. Use this for embedding assets in a page that can be served up over HTTP or HTTPS.
webdevelopment  webdesign  http  https  internet 
july 2012 by mcherm
Google+ Gets a “+1″ for Browser Security | The Barracuda Labs Internet Security Blog
The HTTP headers and other such HTTP policies that Google uses for secutity on Google Plus and why they are good.
via:HackerNews  security  http  webdevelopment  google 
august 2011 by mcherm
Life beyond HTTP 1.1: Google’s SPDY - igvita.com
Google's "SPDY" protocol, which is intended as an advance on HTTP that provides better compression, multiplexing requests simultaneously in a single stream, and server push, is now actively used between Chrome and Google's servers.
via:HackerNews  google  internet  http  webdevelopment 
april 2011 by mcherm
Abusing HTTP Status Codes to Expose Private Information | Mike Cardwell, Online
A HTTP protocol security flaw! You can find the error code for a site and that leaks information, like whether the user is logged in.
via:slashdot  security  http 
january 2011 by mcherm
lcamtuf's blog: HTTP cookies, or how not to design protocols
How the standard for cookies was poorly designed and as a result cookies have been a mess (particularly with regard to security) ever since.
security  web  cookie  http  via:HackerNews 
october 2010 by mcherm
SPDY: Google wants to speed up the web by ditching HTTP - Ars Technica
Google proposes a new alternative to HTTP that reduces overheads by as much as 50%.
personal_net  networking  http  google  internet 
november 2009 by mcherm
URIs, Addressability, and the use of HTTP GET and POST
Important analysis of the difference between HTTP verbs "GET" and "POST", and when each should be used.
webdevelopment  w3c  http  refs 
october 2008 by mcherm
Http-https transitions and relative URLs
Clever use of relative URLs to make a page work under both HTTP and HTTPS.
programming  webdevelopment  http 
october 2007 by mcherm
Cross-site request forgery
A brief description of tricking a web application from another web page.
articles/web_programming  html  http  security  cross_site_scripting 
may 2005 by mcherm
Fighting RFCs with RFCs - Cross Site Scripting
A blog from which I first learned about cross site request forgery
articles/web_programming  html  http  security  cross_site_scripting 
may 2005 by mcherm

Copy this bookmark:





to read