Header names are not case sensitive. From RFC 2616 – “Hypertext Transfer Protocol — HTTP/1.1”, Section 4.2, “Message Headers”: Each header field consists of a name followed by a colon (“:”) and the field value. Field names are case-insensitive. The updating RFC 7230 does not list any changes from RFC 2616 at this part.
I tested it thoroughly before publishing. Of all the browsers available to test against on Browsershots, I could only find one that did not handle the protocol relative URL correctly: an obscure *nix browser called Dillo. There are two drawbacks I’ve received feedback about: Protocol-less URLs may not work as expected when you “open” a … Read more
Let’s take a look at what happens when you select a file and submit your form (I’ve truncated the headers for brevity): POST /upload?upload_progress_id=12344 HTTP/1.1 Host: localhost:3000 Content-Length: 1325 Origin: http://localhost:3000 … other headers … Content-Type: multipart/form-data; boundary=—-WebKitFormBoundaryePkpFF7tjBAqx29L ——WebKitFormBoundaryePkpFF7tjBAqx29L Content-Disposition: form-data; name=”MAX_FILE_SIZE” 100000 ——WebKitFormBoundaryePkpFF7tjBAqx29L Content-Disposition: form-data; name=”uploadedfile”; filename=”hello.o” Content-Type: application/x-object … contents of file goes … Read more
edit 2018-09-13: added some precisions about this pre-flight request and how to avoid it at the end of this reponse. OPTIONS requests are what we call pre-flight requests in Cross-origin resource sharing (CORS). They are necessary when you’re making requests across different origins in specific situations. This pre-flight request is made by some browsers as … Read more
The spec does not explicitly forbid or discourage it, so I would tend to say it is allowed. Microsoft sees it the same way (I can hear murmuring in the audience), they state in the MSDN article about the DELETE Method of ADO.NET Data Services Framework: If a DELETE request includes an entity body, the … Read more
If you set a cookie like this: Set-Cookie: name=value then the cookie will only apply to the request domain, and will only be sent for requests to the exact same domain, not any other subdomains. (See What is a host only cookie?) Two different domains (e.g. mydomain.com and subdomain.mydomain.com, or sub1.mydomain.com and sub2.mydomain.com) can only … Read more
The values are sent in the request body, in the format that the content type specifies. Usually the content type is application/x-www-form-urlencoded, so the request body uses the same format as the query string: parameter=value&also=another When you use a file upload in the form, you use the multipart/form-data encoding instead, which has a different format. … Read more
No. The HTML 5 spec mentions: The method and formmethod content attributes are enumerated attributes with the following keywords and states: The keyword get, mapping to the state GET, indicating the HTTP GET method. The GET method should only request and retrieve data and should have no other effect. The keyword post, mapping to the … Read more
TL;DR Summary; if you have binary (non-alphanumeric) data (or a significantly sized payload) to transmit, use multipart/form-data. Otherwise, use application/x-www-form-urlencoded. The MIME types you mention are the two Content-Type headers for HTTP POST requests that user-agents (browsers) must support. The purpose of both of those types of requests is to send a list of name/value … Read more
GET and POST are two different types of HTTP requests. According to Wikipedia: GET requests a representation of the specified resource. Note that GET should not be used for operations that cause side-effects, such as using it for taking actions in web applications. One reason for this is that GET may be used arbitrarily by … Read more