10个基本的Web开发面试问题 *
Toptal sourced essential questions that the best web developers can answer. 在我们社区的推动下,我们鼓励专家提交问题并提供反馈.
现在就雇佣一名顶级网络开发人员面试问题
跨域资源共享(CORS) 是否有一种机制允许多种资源(例如.g.,字体,JavaScript等.),以便从资源来源的域之外的另一个域请求网页. 这是HTML5支持的一种管理机制 XMLHttpRequest
访问不同的域.
CORS adds new HTTP headers that provide access to permitted origin domains. For HTTP methods other than GET (or POST with certain MIME types), 该规范要求浏览器首先使用HTTP OPTIONS请求头从服务器请求支持(和可用)方法的列表. 然后可以提交实际的请求. 服务器还可以通知客户端是否应该随请求一起发送“凭据”(包括cookie和HTTP身份验证数据).
当与RESTful web服务一起使用时,每种HTTP请求类型的目的如下:
- GET: 从服务器检索数据(应该只检索数据,不应该有其他效果).
- POST: 为新实体向服务器发送数据. It is often used when uploading a file or submitting a completed web form.
- PUT: 类似于POST,但用于替换现有实体.
- PATCH: Similar to PUT, but used to update only certain fields within an existing entity.
- DELETE: 从服务器中删除数据.
- TRACE: 提供一种方法来测试在发出请求时网络路径上的机器接收到的内容. 因此,它只是返回发送的内容.
- OPTIONS: 允许客户端请求有关服务支持的请求方法的信息. The relevant response header is Allow and it simply lists the supported methods. (还可以通过在URI中使用*通配符来请求有关服务所在服务器所支持的请求方法的信息.)
- HEAD: Same as the GET method for a resource, but returns only the response headers (i.e.(没有实体).
- CONNECT: 主要用于建立到资源的网络连接(通常通过一些代理,可以请求将HTTP请求转发为TCP并维护连接)。. 一旦建立,响应发送一个200状态码和一条“Connection established”消息.
HTTP/2 provides decreased latency to improve page load speed by supporting:
- HTTP头数据压缩
- 服务器推送技术
- Loading of page elements in parallel over a single TCP connection
- 请求的优先级
An important operational benefit of HTTP/2 is that it avoids the head-of-line阻塞 HTTP 1中的问题.
A simple example of a MIME multipart message is as follows:
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary=frontier
这是一条包含多个MIME格式部分的消息.
--frontier
内容类型:文本/平原
这是消息的主体.
--frontier
内容类型:应用程序/八进制
Content-Transfer-Encoding: base64
PGh0bWw+CiAgPGhlYWQ+CiAgPC9oZWFkPgogIDxib2R5PgogICAgPHA+VGhpcyBpcyB0aGUg
Ym9keSBvZiB0aGUgbWVzc2FnZS48L3A+CiAgPC9ib2R5Pgo8L2h0bWw+Cg==
--frontier--
每个MIME消息都以消息头开始. This header contains information about the message content and boundary. In this case Content-Type: multipart/mixed; boundary=frontier
表示消息包含多个部分,其中每个部分具有不同的内容类型,它们由。分隔 --frontier
作为它们的边界.
Each part consists of its own content header (zero or more Content-
头字段)和正文. 可以嵌套多部分内容. The content-transfer-encoding
多部分类型的必须总是 7bit
, 8bit
, or binary
to avoid the complications that would be posed by multiple levels of decoding. The multipart block as a whole does not have a charset; non-ASCII characters in the part headers are handled by the Encoded-Word
system, and the part bodies can have charsets specified if appropriate for their content-type
.
What is Long polling它是如何工作的,以及为什么要使用它? 考虑到服务器和客户端资源,使用长轮询的主要缺点是什么? Which HTML5 feature is the best alternative to long polling?
HTTP协议基于请求/响应模式,这意味着服务器不能 push 提供给客户端的任何数据(例如.e., the server can only provide data to the client in response to a client request). Long polling web应用程序开发模式是用来 emulate 将数据从服务器推送到客户端. When the long polling pattern is used, the client submits a request to the server and 然后连接保持活动状态,直到服务器准备好向客户端发送数据. 只有在将数据发送回客户端或发生连接超时后,连接才会关闭. 然后,客户端在连接关闭时创建一个新请求,从而重新启动循环.
在使用长轮询时,需要考虑两个重要的缺点:
-
长轮询请求与任何其他HTTP请求没有什么不同,web服务器以相同的方式处理它们. This means that every long poll connection will reserve server resources, potentially maxing out the number of connections the server can handle. 这可能导致HTTP连接超时.
-
每个浏览器都会限制web应用程序的最大连接数. This means that your application load time and performance may be degraded.
In HTML5, a useful alternative to long polling is using a WebSocket. WebSocket是一个在单个TCP连接上提供全双工通信通道的协议. WebSocket协议使浏览器和网站之间的交互成为可能, facilitating live content and eliminates the need for the long polling paradigm.
另一个可能的答案是 服务器发送的DOM事件. Which is method of continuously sending data from a server to the browser, 而不是反复要求. However, this HTML5 feature is not supported by Microsoft Internet Explorer, 因此使它不那么有吸引力的解决方案.
Consider the following JavaScript code that is executed in a browser:
函数startAjaxQueue () {
for (var i = 0; i < 50; i++){
executeAjaxCallAsync ();
}
};
Assuming that executeAjaxCallAsync ()
uses a standard XmlHttpRequest
从服务器异步检索数据,有多少 concurrent HTTP requests would you expect to be created by this loop?
并发HTTP请求数和 XmlHttpRequest
在所有浏览器中都受限制. Specific limitations are different depending on browser type and version.
例如,根据 Mozilla开发者网络 Firefox 3将每台服务器的XMLHttpRequest连接数限制为6(以前的版本将其限制为每台服务器2个).
有这样的想法, 在此循环中创建的并发HTTP请求的数量永远不会(默认情况下)大于6, and the browser would therefore execute this loop in chunks.
ETag是一个不透明的标识符,由web服务器分配给在URL中找到的资源的特定版本. 如果该URL上的资源内容发生了变化,则会分配一个新的不同的ETag.
在典型用法中, 当一个URL被检索时,web服务器将返回该资源及其相应的ETag值, 它被放置在HTTP“ETag”字段中:
ETag:“unique_id_of_resource_version”
The client may then decide to cache the resource, along with its ETag
. Later, 如果客户端想再次检索相同的URL, it will send its previously saved copy of the ETag along with the request in a “具有”
field.
具有:“unique_id_of_resource_version”
On this subsequent request, the server may now compare the client’s ETag
with the ETag
资源的当前版本. If the ETag
values match, 这意味着资源没有改变, then the server may send back a very short response with a HTTP 304未修改
status. 304状态告诉客户端它的缓存版本仍然是好的,它应该使用它.
However, if the ETag
值不匹配, 这意味着资源可能发生了变化, then a full response including the resource’s content is returned, just as if ETag
我们没有被利用. 在这种情况下,客户端可能决定用新返回的资源和新版本替换其先前缓存的版本 ETag
.
Explain the difference between stateless and stateful protocols. HTTP是哪种类型的协议? 解释你的答案.
A stateless communications protocol treats each request as an independent transaction. It therefore does not require the server to retain any session, identity, or status information spanning multiple requests from the same source. 类似地,请求者不能依赖于响应者保留的任何此类信息.
In contrast, a stateful 通信协议是响应者维护“状态”信息(会话数据)的协议, identity, status, etc.)跨来自同一来源的多个请求.
HTTP是一种无状态协议. HTTP不要求服务器在多个请求期间保留每个用户的信息或状态.
Some web servers implement states using different methods (using cookies, custom headers, 隐藏表单字段等.). However, 在每个web应用程序的核心,一切都依赖于HTTP,它仍然是一个基于简单请求/响应范式的无状态协议.
MIME是 Multi-purpose Internet Mail Extensions. It is used as a standard way of classifying file types over the Internet.
Web servers and browsers have a defined list of MIME types, 哪种方式便于传送已知类型的文件, 无论操作系统或浏览器.
MIME类型实际上有两个部分:A type and a subtype 用斜杠(/)分隔. 例如,Microsoft Word文件的MIME类型为 应用程序/ msword
(i.e., type is application
亚型是 msword
).
两者都是HTTP请求中使用的方法. Generally it is said that GET is to download data and PUT is to upload data. But we can do both downloading as well as uploading either by GET/POST.
GET:
- If we are sending parameters in a GET request to the server, 那么这些参数将在URL中可见, because in GET, 参数被追加到URL. So there’s a lack of security while uploading to the server.
- We can only send a limited amount of data in a GET request, because the URL has its max limit and we can not append a long data string to the URL.
POST:
- If we are using POST then we are sending parameters in the body section of a request. 如果我们在http请求正文中使用加密后发送数据,则会更加安全.
- 我们可以使用POST发送更多的数据.
注意:在不需要传递任何参数的情况下,如果只使用静态API调用获取数据,GET会更快.
There is more to interviewing than tricky technical questions, 所以这些只是作为一个指南. Not every “A” candidate worth hiring will be able to answer them all, 回答所有问题也不能保证成为A级考生. 一天结束的时候, 招聘仍然是一门艺术,一门科学,需要大量的工作.
Why Toptal
提出面试问题
Submitted questions and answers are subject to review and editing, 并可能会或可能不会选择张贴, 由Toptal全权决定, LLC.
寻找Web开发人员?
Looking for Web Developers? 看看Toptal的网页开发人员.
Carlson Lau
Carlson是一名在开发前端、后端和CI/CD管道方面经验丰富的全栈开发人员. He has experience working in big tech companies such as Amazon, Okta, and IBM, 以及人工智能创业公司. Carlson擅长全栈web开发,但也有可扩展数据库设计和DevOps自动化方面的专业知识.
Show More泰勒Hicks-Wright
Tyler is an innovative problem solver experienced in full-stack web development, 桌面应用程序, 移动应用开发. 他创造了教育游戏, 视频内容分发平台, 和用户管理系统为一个客户端, 在不到12个月的时间里,游戏便拥有了超过200万的用户,并覆盖了100多个国家. Tyler's insight has expanded and greatly enhanced many programs and processes, enabling clients to further their reach and increase revenue.
Show More理查德·奈特·哈里森
Richard拥有15年的web开发经验,专注于全栈web应用程序. He specializes in front-end development using React, Angular, Vue.js and Node.js、PHP、Django、Ruby on Rails和 .. NET后端, with expertise deploying to the server and serverless environments on AWS, Azure, and GCP. He also works with relational and non-relational databases and large datasets.
Show MoreToptal连接 Top 3% 世界各地的自由职业人才.
加入Toptal社区.