10个基本的Web开发面试问题 *

跨域资源共享(CORS) 是否有一种机制允许多种资源(例如.g.，字体，JavaScript等.)，以便从资源来源的域之外的另一个域请求网页. 这是HTML5支持的一种管理机制 XMLHttpRequest 访问不同的域.

CORS adds new HTTP headers that provide access to permitted origin domains. For HTTP methods other than GET (or POST with certain MIME types), 该规范要求浏览器首先使用HTTP OPTIONS请求头从服务器请求支持(和可用)方法的列表. 然后可以提交实际的请求. 服务器还可以通知客户端是否应该随请求一起发送“凭据”(包括cookie和HTTP身份验证数据).

当与RESTful web服务一起使用时，每种HTTP请求类型的目的如下:

1. GET: 从服务器检索数据(应该只检索数据，不应该有其他效果).
2. POST: 为新实体向服务器发送数据. It is often used when uploading a file or submitting a completed web form.
3. PUT: 类似于POST，但用于替换现有实体.
4. PATCH: Similar to PUT, but used to update only certain fields within an existing entity.
5. DELETE: 从服务器中删除数据.
6. TRACE: 提供一种方法来测试在发出请求时网络路径上的机器接收到的内容. 因此，它只是返回发送的内容.
7. OPTIONS: 允许客户端请求有关服务支持的请求方法的信息. The relevant response header is Allow and it simply lists the supported methods. (还可以通过在URI中使用*通配符来请求有关服务所在服务器所支持的请求方法的信息.)
8. HEAD: Same as the GET method for a resource, but returns only the response headers (i.e.(没有实体).
9. CONNECT: 主要用于建立到资源的网络连接(通常通过一些代理，可以请求将HTTP请求转发为TCP并维护连接)。. 一旦建立，响应发送一个200状态码和一条“Connection established”消息.

HTTP/2 provides decreased latency to improve page load speed by supporting:

• HTTP头数据压缩
• 服务器推送技术
• Loading of page elements in parallel over a single TCP connection
• 请求的优先级

An important operational benefit of HTTP/2 is that it avoids the head-of-line阻塞 HTTP 1中的问题.

A simple example of a MIME multipart message is as follows:

MIME-Version: 1.0
Content-Type: multipart/mixed; boundary=frontier

这是一条包含多个MIME格式部分的消息.
--frontier
内容类型:文本/平原

这是消息的主体.
--frontier
内容类型:应用程序/八进制
Content-Transfer-Encoding: base64

PGh0bWw+CiAgPGhlYWQ+CiAgPC9oZWFkPgogIDxib2R5PgogICAgPHA+VGhpcyBpcyB0aGUg
Ym9keSBvZiB0aGUgbWVzc2FnZS48L3A+CiAgPC9ib2R5Pgo8L2h0bWw+Cg==
--frontier--

每个MIME消息都以消息头开始. This header contains information about the message content and boundary. In this case Content-Type: multipart/mixed; boundary=frontier 表示消息包含多个部分，其中每个部分具有不同的内容类型，它们由。分隔 --frontier 作为它们的边界.

Each part consists of its own content header (zero or more Content- 头字段)和正文. 可以嵌套多部分内容. The content-transfer-encoding 多部分类型的必须总是 7bit, 8bit, or binary to avoid the complications that would be posed by multiple levels of decoding. The multipart block as a whole does not have a charset; non-ASCII characters in the part headers are handled by the Encoded-Word system, and the part bodies can have charsets specified if appropriate for their content-type.

HTTP协议基于请求/响应模式，这意味着服务器不能 push 提供给客户端的任何数据(例如.e., the server can only provide data to the client in response to a client request). Long polling web应用程序开发模式是用来 emulate 将数据从服务器推送到客户端. When the long polling pattern is used, the client submits a request to the server and 然后连接保持活动状态，直到服务器准备好向客户端发送数据. 只有在将数据发送回客户端或发生连接超时后，连接才会关闭. 然后，客户端在连接关闭时创建一个新请求，从而重新启动循环.

在使用长轮询时，需要考虑两个重要的缺点:

1. 长轮询请求与任何其他HTTP请求没有什么不同，web服务器以相同的方式处理它们. This means that every long poll connection will reserve server resources, potentially maxing out the number of connections the server can handle. 这可能导致HTTP连接超时.

2. 每个浏览器都会限制web应用程序的最大连接数. This means that your application load time and performance may be degraded.

In HTML5, a useful alternative to long polling is using a WebSocket. WebSocket是一个在单个TCP连接上提供全双工通信通道的协议. WebSocket协议使浏览器和网站之间的交互成为可能, facilitating live content and eliminates the need for the long polling paradigm.

另一个可能的答案是 服务器发送的DOM事件. Which is method of continuously sending data from a server to the browser, 而不是反复要求. However, this HTML5 feature is not supported by Microsoft Internet Explorer, 因此使它不那么有吸引力的解决方案.

并发HTTP请求数和 XmlHttpRequest 在所有浏览器中都受限制. Specific limitations are different depending on browser type and version.

例如，根据 Mozilla开发者网络 Firefox 3将每台服务器的XMLHttpRequest连接数限制为6(以前的版本将其限制为每台服务器2个).

有这样的想法, 在此循环中创建的并发HTTP请求的数量永远不会(默认情况下)大于6, and the browser would therefore execute this loop in chunks.

ETag是一个不透明的标识符，由web服务器分配给在URL中找到的资源的特定版本. 如果该URL上的资源内容发生了变化，则会分配一个新的不同的ETag.

在典型用法中, 当一个URL被检索时，web服务器将返回该资源及其相应的ETag值, 它被放置在HTTP“ETag”字段中:

ETag:“unique_id_of_resource_version”

The client may then decide to cache the resource, along with its ETag. Later, 如果客户端想再次检索相同的URL, it will send its previously saved copy of the ETag along with the request in a “具有” field.

具有:“unique_id_of_resource_version”

On this subsequent request, the server may now compare the client’s ETag with the ETag 资源的当前版本. If the ETag values match, 这意味着资源没有改变, then the server may send back a very short response with a HTTP 304未修改 status. 304状态告诉客户端它的缓存版本仍然是好的，它应该使用它.

However, if the ETag 值不匹配, 这意味着资源可能发生了变化, then a full response including the resource’s content is returned, just as if ETag 我们没有被利用. 在这种情况下，客户端可能决定用新返回的资源和新版本替换其先前缓存的版本 ETag.

A stateless communications protocol treats each request as an independent transaction. It therefore does not require the server to retain any session, identity, or status information spanning multiple requests from the same source. 类似地，请求者不能依赖于响应者保留的任何此类信息.

In contrast, a stateful 通信协议是响应者维护“状态”信息(会话数据)的协议, identity, status, etc.)跨来自同一来源的多个请求.

HTTP是一种无状态协议. HTTP不要求服务器在多个请求期间保留每个用户的信息或状态.

Some web servers implement states using different methods (using cookies, custom headers, 隐藏表单字段等.). However, 在每个web应用程序的核心，一切都依赖于HTTP，它仍然是一个基于简单请求/响应范式的无状态协议.

MIME是 Multi-purpose Internet Mail Extensions. It is used as a standard way of classifying file types over the Internet.

Web servers and browsers have a defined list of MIME types, 哪种方式便于传送已知类型的文件, 无论操作系统或浏览器.

MIME类型实际上有两个部分:A type and a subtype 用斜杠(/)分隔. 例如，Microsoft Word文件的MIME类型为 应用程序/ msword (i.e., type is application 亚型是 msword).

两者都是HTTP请求中使用的方法. Generally it is said that GET is to download data and PUT is to upload data. But we can do both downloading as well as uploading either by GET/POST.

GET:

1. If we are sending parameters in a GET request to the server, 那么这些参数将在URL中可见, because in GET, 参数被追加到URL. So there’s a lack of security while uploading to the server.
2. We can only send a limited amount of data in a GET request, because the URL has its max limit and we can not append a long data string to the URL.

POST:

1. If we are using POST then we are sending parameters in the body section of a request. 如果我们在http请求正文中使用加密后发送数据，则会更加安全.
2. 我们可以使用POST发送更多的数据.

注意:在不需要传递任何参数的情况下，如果只使用静态API调用获取数据，GET会更快.