HTTP Headers

In simplest form, an HTTP request is a URL to which a message is sent. The URL identifies a particular resource and the message consists of a number of headers that describe the body of the message, followed by the message body. A response has the same structure.

HTTP headers are used to transfer HTTP protocol information between the HTTP client and the HTTP server. The headers are sent as part of each HTTP request and response, and contain HTTP protocol information about the user agent, the request, and the response.

An HTTP request may be for a resource (such as an HTML page or a file) or an instruction to perform some type of action. The response will contain the requested resource and status information about the request.

Each request message consists of a request line, a number of headers, and an optional message body. Similarly, each response consists of a status line, a number of headers, and an optional message body.

Uniface provides Proc functions to read and write HTTP headers. You can read the HTTP request headers using $webinfo("httprequestheaders"). You can set the HTTP response header using $webinfo("httpresponseheaders").

Request Headers

HTTP request headers can be used to tailor the user experience. Typical request headers include:

  • host

  • connection

  • upgrade-insecure-requests

  • user-agent

  • accept

  • accept-encoding

  • accept-language

Using Request Headers for Conditional Processing

HTTP request headers contain a user-agent header that identifies the client browser or application. Uniface mobile apps automatically add a string to this header, for example UnifaceMobile/0.

This header can be read and parsed to provide conditional processing, perhaps to add different authentication routines or server-side processing. For example:

 variables
   string vUserAgents
 endvariables
 
  vUserAgents = $replace($item("user-agent", $webinfo("HTTPREQUESTHEADERS")), 1, " ", "", -1)
    if ($scan(vUserAgents,"UnifaceMobile") > 0)
       webmessage "Client is a Uniface mobile App"
    else
      webmessage "Client is a DSP"
    endif

Response Headers

You can set the HTTP response header using $webinfo("httpresponseheaders").

When Uniface sends a response page to the browser, it puts all formatted HTTP headers from the HTTPRESPONSEHEADERS in front of the response page, and puts the status code and reason ($webinfo("status") and $webinfo("statusreason")) in the first line of the response page.

By default, the following HTTP headers are sent:

  • Mimetype=text/html

  • Expires=0

  • Cache-Control=no-cache

By controlling HTTP headers you can influence the behavior of web pages in a client browser. For example, you can use HTTP headers to do the following:

  • Target a window instead of a frame

  • Influence the way a document is cached on the Web browser or proxy server

  • Set individual expiration times for documents (specific cache-control)

  • Redirect pages using ProcScript instead of static HTTP (equivalent tags)

  • Define a logon dialog.

Using Response Headers for Authentication

The following example shows code for a static server page (USP) that creates a dynamic pop-up logon box in the browser using a HTTP response header.

  1. Define a component variable vLogonAttempts with a numeric data type. It records how many times the user tries to log on. If the user tries to logon 3 times with the wrong logon information, an HTTP error page is displayed.
  2. Set the State Managed by property as Cookie on the Server Page properties. This is for keeping the state of the component variable TRIES.
  3. Add code in the execution trigger of the server page, for example:
    webget
if($user !="correct-user" | $password != "password-for-the-correct-user")
   $vLogonAttempts$=$vLogonAttempts$+1
   ; pop-up a logon box, 
   $webinfo("httpresponseheaders")="%\
      WWW-Authenticate: basic realm=%%"Administrator log-in(%%$vLogonAttempts$%%%)%%"·;%\
      Expires=0·;Cache-Control=no-cache"
   $webinfo("status")="401"
   $webinfo("statusreason")="Unauthorized"
   $webinfo("output")="<html><title>401 - Unauthorized</title>%\
      <body><h1>401- Unauthorized to view this page</h1></body></html>"
else
   $vLogonAttempts$=0
   webgen
endif

Note: The correct-user and the password-for-the-correct-user are only for demonstration purposes.

Related Topics