Today on Silly Decisions That Were Made a Long Time Ago That We Still Have to Live With…
Just got reminded that submitting an HTML form with checkboxes via POST only submits checkBoxName='on' for checkboxes that are checked and… checks notesnothing at all for checkboxes that are not.
Because I've been using it quite a bit lately and think it might be useful for some of you, here's a list of #HTTP status codes and descriptions in man page format:
🆕 blog! “I made a mistake in verifying HTTP Message Signatures”
It's never great to find out you're wrong, but that's how learning and personal growth happens. HTTP Message Signatures are hard1. There are lots of complex parts and getting any aspect wrong means certain death2. In a previous post, I wrote A simple(ish) guide to verifying …
I have never really liked that with the #HTTP protocol, that if you give it a different "Accept" HTTP request header, that it is idiomatic to get back a different response in a different format.
I'm very grumpy about #HTTP response status code 429 AKA "Too many requests".
It tells you absolutely nothing except that you've been sending too many requests. Sure, but how many are too many? Trial-and-error only gets you so far, and if things change down the line you're back to square one.
I wish we had a way to ask for throttling limits - or even better - if the server-side would respond slowly instead, until you're back below the limit.
New PC who this! Gave the @reactphp#HTTP Hello World a quick benchmark, clocks in at nearly 70K requests per second with 100 concurrent keep alive connections on a single #PHP process:
I'm trying to get my head round HTTP Signatures as they're used extensively in the Fediverse. Conceptually, they're relatively straightforward. You send me a normal HTTP request. For example, you want to POST something to https://example.com/data You send me these headers: POST /data Host: example.com Date: Sa…
It’s bloody 2024, think we can agree on either wget or curl being installed by default on every freaking operating system by now so shell scripts can have a guaranteed way of carrying out http requests?
I mean it’s been about 35 years. I think it’s about time.
Privacy matters! But what if the tools meant to protect us are being misused? Our latest study (to appear ARES '24) reveals surprising facts about HTTP Client Hints (HTTP CHs) on the Web. [THREAD]
Maybe I'm an old grumpy #tech guy, but I really don't like massive complicated frameworks that abstract away well known protocols like #HTTP, #GRPC, etc.
I already know those, I can easily write code that does those, why do I have to learn the convoluted #framework way of doing things that would be 10 seconds work if I could just access the basic http library underneath?
“This document describes a mechanism for creating, encoding, and verifying digital signatures or message authentication codes over components of an #HTTP message”
#HTTP content negotiation has some unwritten rules for images. Accept: image/png, */* technically allows image/avif, but that’s not a wise interpretation.
Except what a caching proxy is supposed to do when the origin only sends AVIF?