httoop 0.1.1

object oriented HTTP protocol library

httoop

An object oriented HTTP/1.1 library. (HTTP/2 will probably follow in the future).

Httoop can be used to parse, compose and work with HTTP-Request- and Response-Messages.

It is an generic library for implementing HTTP servers, clients, caches and proxies.

Httoop provides an powerful interface using the vocabularity used in RFC 7230 - 7235 and focuses on implementing HTTP "compliant" as defined in RFC 7230 Section 2.5.

"An implementation is not compliant if it fails to satisfy one or more of the MUST or REQUIRED level requirements for the protocols it implements." RFC 2616 Section 1.2

On top of the object oriented abstraction of HTTP httoop provides an easy way to support WSGI.

HTTP and extensions are defined in the following RFC's:

• HTTP/1.1 RFC 7230 Message Syntax and Routing

• HTTP/1.1 RFC 7231 Semantics and Content

• HTTP/1.1 RFC 7232 Conditional Requests

• HTTP/1.1 RFC 7233 Range Requests

• HTTP/1.1 RFC 7234 Caching

• HTTP/1.1 RFC 7235 Authentication

• Hypertext Transfer Protocol -- HTTP/1.1 (RFC 2616)

• HTTP/2 RFC 7540 Hypertext Transfer Protocol Version 2

• HTTP/2 RFC 7541 HPACK: Header Compression for HTTP/2

• IANA HTTP Status Codes

• IANA HTTP Methods

• IANA Message Headers

• IANA URI Schemes

• IANA HTTP Authentication Schemes

• IANA HTTP Cache Directives

• RFC 5987 Character Set and Language Encoding for Hypertext Transfer Protocol (HTTP) Header Field Parameters

• Uniform Resource Identifier (URI) (RFC 3986)

• Internet Message Format (RFC 822, 2822, 5322)

• HTTP Authentication: Basic and Digest Access Authentication (RFC 2617)

• HTTP Authentication-Info and Proxy-Authentication-Info Response Header Fields (RFC 7615)

• HTTP Digest Access Authentication (RFC 7616)

• The 'Basic' HTTP Authentication Scheme (RFC 7617)

• Additional HTTP Status Codes (RFC 6585)

• Forwarded HTTP Extension RFC 7239

• Prefer Header for HTTP RFC 7240

• PATCH Method for HTTP (RFC 5789)

• JavaScript Object Notation (JSON) Patch (RFC 6902)

• Use of the Content-Disposition Header Field in the Hypertext Transfer Protocol (HTTP) (RFC 6266)

• Upgrading to TLS Within HTTP/1.1 (RFC 2817)

• Transparent Content Negotiation in HTTP (RFC 2295)

• HTTP Remote Variant Selection Algorithm -- RVSA/1.0 (RFC 2296)

• HTTP State Management Mechanism (RFC 6265)

• Same-site Cookies (Draft 7)

• HTTP Extensions for Web Distributed Authoring and Versioning (WebDAV) (RFC 4918)

• Hyper Text Coffee Pot Control Protocol (HTCPCP/1.0) (RFC 2324)

Extended information about hypermedia, WWW and how HTTP is meant to be used:

• Web Linking (RFC 5988)

• Representational State Transfer REST

  • REST APIs must be hypertext-driven

  • Specialization

  • No REST in CMIS

  • On software architecture

  • It is okay to use POST

  • Paper tigers and hidden dragons

  • Economies of scale

• Richardson Maturity Model

• Test Cases for HTTP Content-Disposition header field

• Cross-Origin Resource Sharing

• HTTP (HTML) Leaks

OAuth 2.0:

• OAuth Working Group Specifications
• OAuth 2.0 Security Best Current Practice
• The OAuth 2.0 Authorization Framework
• Bearer Token Usage
• JSON Web Token (JWT)
• JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens
• Resource Indicators for OAuth 2.0