1.2. HTTP Request Methods

 

Introduction and Types of Requests

The functioning of web applications is built on a simple principle: request and response. The server won't send you anything until you request the specific resource you need. Moreover, requests can take various forms:

  • Fetch certain information, resource, or file from the server.
  • Modify a specific resource on the server.
  • Delete a specific resource on the server.
  • Create a certain resource on the server.

To cater to these types of requests, the HTTP standard includes corresponding methods:

  • GET – Retrieve a resource.
  • POST – Create and update data about a resource.
  • PUT – Create and update data about a resource.
  • DELETE – Remove a resource.
  • TRACE – Trace the route for diagnostics.
  • HEAD – Similar to GET, used to retrieve object data.
  • OPTIONS – Exchange certain service data prior to an immediate request.

 

GET

GET is the most common method. It's primarily used to retrieve various resources from the server. This could be a regular HTML page, a file, or an API request. You often see GET requests in your browser's address bar:

URL with parameters in search bar of browser

GET requests can also include specific parameters to refine their query. The image below illustrates a GET request with parameters:

Description of HTTP GET method

 

At the beginning, the method itself is specified, which in our case is GET.

Following that is the relative URL with parameters. Parameters begin after the question mark (?) and have a simple structure: parameter=value. All parameters are separated by the ampersand symbol (&).

Finally, the protocol version is indicated. Next come the HTTP headers, which we will discuss in one of the upcoming lessons.

In theory, you can perform almost all actions using GET, which includes retrieving data, creating, updating, and deleting. To achieve this, you just need to input the appropriate parameters and to program the application accordingly. However, in practice, some parameters might contain data that needs to be kept hidden from outsiders. Moreover, certain attacks can be easier to execute using GET requests. Due to these reasons, GET is primarily used for fetching data from the server. In some cases, it's also used to remove resources from the server.

 

HEAD

The HEAD method is similar to GET, but unlike GET, the server does not include the response body in its answer. The response only contains headers and nothing more:

Description of HTTP HEAD method

HEAD is used for the following purposes:

  • Checking if the requested resource is present on the server without retrieving its contents.
  • Verifying whether the requested resource has changed since the last access. This check is performed through analyzing headers.

 

POST/PUT

Both methods are used for sending data to the server. They can be used to create and modify objects on the server. Usually, data is sent through a form on a web page:

Description of HTTP POST method

 

All data is sent in the request body. Unlike GET, you won't see data and parameters in the browser's address bar. When using an SSL connection, all data is fully encrypted, preventing theft.

Before sending data to the server, the client sets the Content-Type header in the request to specify the type of data being transmitted. This can be plain text, XML, JSON, or binary data.

The difference between PUT and POST is that re-executing a PUT request doesn't have any side effects, unlike POST.

POST is often used for user authentication on the server.

 

DELETE

As the name implies, DELETE removes the requested resource from the server:

Description of HTTP DELETE method

 

TRACE

The distinctive feature of the TRACE method is that it must return the received request back to the sender. In other words, if the connection with the server is operational and the method is allowed on the server, it always sends the received request back to the sender without any modifications. Due to this characteristic, TRACE is used for connection diagnostics and tracking intermediate nodes, such as proxy servers.

Some proxy servers insert their headers, and this fact can be determined using TRACE:

Description of HTTP TRACE method

The TRACE method helps in understanding the path a request takes through various intermediaries, allowing for troubleshooting and analysis of potential issues in the network.

TRACE doesn't transmit any data to the server.

 

OPTIONS

The OPTIONS method is used by the client to inquire with the server about which methods and headers it supports:

Description of HTTP OPTIONS method

By sending an OPTIONS request to a server, the client can gather information about the available methods (GET, POST, etc.) and headers (such as Accept, Authorization, etc.) for a particular resource. This enables the client to understand what actions are permissible on the resource and how it can interact with the server.

The server responds with a list of supported methods and headers, allowing the client to make informed decisions regarding the subsequent requests it may send.