====== HTTP、HTML ====== * [[http://httpwg.org/|httpwg.org]] HTTP 各种协议文档,比 tools.ietf.org 格式更丰富,阅读体验更好 * 使用 http://www.rfcreader.com 阅读 RFC 文档更方便直观 * [[http://wp.joak.org/archives/140/http%e5%8d%8f%e8%ae%aerfc2616%e4%b8%ad%e6%96%87%e7%89%88|HTTP协议(RFC2616)中文版]] * [MDN http 教程,比较齐全](https://developer.mozilla.org/zh-CN/docs/Web/HTTP) * http1.1 [RFC2616](http://tools.ietf.org/html/rfc2616) * [SSL/TLS协议运行机制的概述by阮一峰](http://www.ruanyifeng.com/blog/2014/02/ssl_tls.html) * [一步步生成TLS](https://0x00.cl/blog/2024/exploring-tls-certs/) * https [RFC2818](http://tools.ietf.org/html/rfc2818) * https [通俗的解释](https://baida.dev/articles/https-explained-with-carrier-pigeons) * cookies [RFC6265](http://tools.ietf.org/html/rfc6265) * windows implemention [HTTP Server API Reference](http://msdn.microsoft.com/en-us/library/windows/desktop/aa364622%28v=vs.85%29.aspx) * [web 缓存](http://www.cnblogs.com/xyjsw/archive/2010/01/27/1657825.html) * url格式(uri):RFC3986 * [[https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP|网页安全政策CSP(Content Security Policy)]] [[http://www.ruanyifeng.com/blog/2016/09/csp.html|Content Security Policy 入门教程]] * [[https://quic.xargs.org/|HTTP/3 QUIC 图解]] [[https://cangsdarm.github.io/illustrate/quic|中文版翻译]] * websocket [[http://tools.ietf.org/html/rfc6455|RFC6455]], [[http://www.w3.org/TR/websockets/|W3C web socket api]] ===== JWT ===== * Json Web Token [[https://tools.ietf.org/html/rfc7519|rfc7519]] * [[http://zhuanlan.zhihu.com/FrontendMagazine/19920223|使用 AngularJS & NodeJS 实现基于 token 的认证应用]] ===== Tips ===== * Nginx,Apache等代理默认会忽略带下划线的 header: [[https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/#missing-disappearing-http-headers|Nginx Doc]] * If you do not explicitly set ''underscores_in_headers on;'', NGINX will silently drop HTTP headers with underscores (which are perfectly valid according to the HTTP standard). This is done in order to prevent ambiguities when mapping headers to CGI variables as both dashes and underscores are mapped to underscores during that process * 使用 XMLHttpRequest 时,部分 header 是禁止自行添加更改的:[[https://developer.mozilla.org/en-US/docs/Glossary/Forbidden_header_name|MDN]], [[https://xhr.spec.whatwg.org/#the-setrequestheader()-method|XMLHttpRequest标准]],[[https://fetch.spec.whatwg.org/#forbidden-header-name|forbidden-header-name]]