Skip to main content

HTTP

Well Known

  • /.well-known/acme-challenge
    • 自动证书管理环境(ACME)的域名验证
  • /.well-known/caldav
  • /.well-known/carddav
  • /.well-known/oauth-authorization-server
    • OAuth Authorization Server Metadata
  • /.well-known/openid-configuration
    • OpenID Connect Privder Discovery
    • /.well-known/jwks.json
  • /.well-known/ai-plugin.json
    • Manifest for a ChatGPT plugin
  • /.well-known/change-password
    • 提供一个直接更改当前网站密码的链接
  • /.well-known/security.txt
    • 公布网站的安全策略和联系方式
  • /.well-known/webauthn
  • /.well-known/wasm-pkg/registry.json
    • WebAssembly registry
  • /.well-known/appspecific/com.chrome.devtools.json
  • /.well-known/assetlinks.json
    • 关联网站和 Android 应用 (App Links)

Web Protocols & Fediverse

  • /.well-known/webfinger
    • 通过一个地址(如 email 或用户句柄)发现关于该用户的更多信息
  • /.well-known/host-meta
    • 发现关于主机本身的服务和元数据
    • 配合 webfinger
  • /.well-known/nodeinfo
    • 描述服务器软件及其能力统计信息
    • ActivityPub、Mastodon、Pleroma

OPTIONS

HTTP2

QUIC

Digest

  • Digest access authentication
  • 现在使用 digest 场景比较少 - 因为需要存储明文
  • SIP 使用 digest
  • 一般使用 Basic over HTTPS
  • 算法
    • MD5
    • MD5-sess - HA1 = MD5(MD5(username:realm:password):nonce:cnonce)
    • SHA-256
    • SHA-256-sess
    • SHA-512
    • SHA-512-sess
  • qop - quality of protection
    • auth
      • HA2 = MD5(method:digestURI)
      • response = MD5(HA1:nonce:nonceCount:cnonce:qop:HA2)
    • auth-int
      • HA2 = MD5(method:digestURI:MD5(entityBody))
      • response = MD5(HA1:nonce:nonceCount:cnonce:qop:HA2)
    • 无 - response = MD5(HA1:nonce:HA2)
HA1 = MD5(username:realm:password)
HA2 = MD5(method:digestURI)
response = MD5(HA1:nonce:HA2)

服务端返回 challange

HTTP/1.0 401 Unauthorized
Server: HTTPd/0.9
Date: Sun, 10 Apr 2014 20:26:47 GMT
WWW-Authenticate: Digest realm="[email protected]",
qop="auth,auth-int",
nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",
opaque="5ccc069c403ebaf9f0171e9517f40e41"

带 Auth 请求

GET /dir/index.html HTTP/1.0
Host: localhost
Authorization: Digest username="Mufasa",
realm="[email protected]",
nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",
uri="/dir/index.html",
qop=auth,
nc=00000001,
cnonce="0a4f113b",
response="6629fae49393a05397450978507c4ef1",
opaque="5ccc069c403ebaf9f0171e9517f40e41"

Forwarded

  • X-Forwarded-For
    • X-ProxyUser-Ip
X-Real-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Forwarded-Host: example.com
X-Forwarded-Port: 443
X-Forwarded-Proto: https
X-Forwarded-Scheme: https
X-Scheme: https
X-Request-ID: -

# Proxy 自身信息
Via:

# 新的标准
Forwarded: by=<identifier>;for=<identifier>;host=<host>;proto=<http|https>

X-Content-Type-Options

  • nosniff
    • 要求使用头中的 mime 类型,避免探测 mime 类型
  • X-Content-Type-Options
  • since Microsoft IE 8

Strict-Transport-Security

  • STS

Encoding

  • Transfer-Encoding
    • chunked
    • 也可以指定压缩
  • Content-Encoding
    • deflate - zlib
    • gzip - LZ77
    • br - brotli
    • identity
    • compress - LZW - Lempel-Ziv-Welc - 不再使用
    • sdch - Shared Dictionary Compression for HTTP - Chrome v59 (2017-06-05)移除
  • Content-Length=Transfer-Length=Entity-Length
    • 当不同时不应该设置
    • 如果有压缩,则为压缩后的大小