Exam (elaborations)
D385_ FINAL FINAL CORRECTED - NO CODING WITH 100- SURE ANSWERS.
- Course
- Institution
D385_ FINAL FINAL CORRECTED - NO CODING WITH 100- SURE ANSWERS.
[Show more]
Seller
Follow
Content preview
EUNICED385: FINAL FINAL CORRECTED - NO CODING WITH
100% SURE ANSWERS
Terms in this set (86)
Output from <Response [200]>
requests.get("https://randomuser.me/api/")
- Created
Status Code: 201
- Your request was accepted and the resource was created
- Bad Request
Status Code: 400
- Your request is either wrong or missing some information
- Unauthorized
Status Code: 401 - Your request requires some additional permissions
- Usually means you lack authentication, not authorization
- Not Found
Status Code: 404
- The requested resource does not exist
- Method Not Allowed
Status Code: 405
- The endpoint does not allow for that specific HTTP method
- Internal Server Error
Status Code: 500
- Your request wasn't expected and probably broke something on the server side
- What type of content the CLIENT can accept
HTTP Header: Accept
Example value: application/json, text/html;q=0.9, /;q=0.8
- What type of content the SERVER with responds with (GET, POST, etc)
HTTP Header: Content-Type
- What type of content the CLIENT is sending (POST, PUT, PATCH)
HTTP Header: User-Agent - What SOFTWARE the CLIENT is using to communicate with the server
- What SOFTWARE the SERVER is using to communicate with the client
HTTP Header: Server
- This is usually omitted for security reasons
HTTP Header: Authentication - Who is calling the API and what credentials they have
How to inspect the Response Headers? - response.headers
How to inspect the Request Headers? - response.request.headers
- start with 'x'
Example of Custom Headers?
- headers = {"X-Request-Id" : " <my-request-id>"}
1/6
, What is the default Content-Type most APIs - JSON
use?
How do you inspect the Content-Type - response.headers.get("Content-Type")
Header? - Example: 'application/json; charset=utf-8'
What is the difference between - respone.text returns unicode
response.text and response.content? - response.content returns bytes
1. Cipher Suite Negotiation
TLS Handshake Steps 2. Key Exchange
3. Server Authentication
- Key-Value pairs
What are Directives? - Used to parameterize HTTP headers
- Tell the server and client what constraints exist for the request/response
Example of Max-Age Directive? Strict-Transport-Security: max-age=3600
What is used to tell a browser that it should - HSTS (HTTP Strict-Transport-Security)
only be accessed via HTTPS?
What Directive redirects HTTP requests to - SECURE_SSL_REDIRECT set to True
HTTPS? - This is configured on the server
- SECURE_REDIRECT_EXEMPT
What setting is used to exempt HTTPS
- List of regex URLs (strings)
redirects for some URLs?
- This is configured on the server
What setting will override the hostname for - SECURE_SSL_HOST
HTTPS redirects?
What setting, when set to FALSE, no longer - verify
authenticates the server? - this disables certificate verification, not user authentication
How is the Session ID communicated - Via a cookie
between websites and browsers? - Set-Cookie : sessionid=<cookie-value>
- Resists MITM attacks
Set-Cookie Directive: Secure - Example: Set-Cookie: sessionid=<session-id-value>; Secure
- Restricts cookie to only HTTPS connections
- SESSION_COOKIE_SECURE
What setting adds or removes the Secure
- Adds/removes the Secure directive to the session ID Set-Cookie header
directive?
- This setting is FALSE by default
- Controls which hosts (domains) the browser should send and process receiving the
session ID
Set-Cookie Directive: Domain
Set-Cookie: sessionid=<session-id-value>; Domain=alice.com
- None is default setting
What happens when the Domain directive - The browser will now echo back the cookie to both 'alice.com' and 'sub.alice.com'
is set to 'alice.com'?
- Declares an expiration time for the cookie
Set-Cookie Directive: Max-Age
- Example: Set-Cookie: sessionid=<session-id-value>; Max-Age=1209600
- Keyed hashing (ex: password hashing)
What does Django use SECRET_KEY setting
- CSRF protection (ex: generating CSRF tokens)
for?
- If it involves hashing or generating a token, SECRET_KEY can be involved
2/6
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller mbitheeunice2015. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $9.49. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
83637 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now