Client-Server Communication

HTTP/1 to HTTP/2 and all things Security


大约 5 个星期

6小时每周 (自主学习)




大约 5 个星期

6小时每周 (自主学习)



We use websites all the time, but how does clicking a link in your browser or typing in a URL in the address bar get you to a website? How does the server know what information you're looking for or how to send you that information once it's figured that out? How can you protect your users from attackers? Dig into this course and you'll be able to answer these questions!

This course will guide you through how a client communicates with a server. You'll learn about HTTP's request and response cycle, dig into HTTP headers and verbs, distinguish HTTP/1 from HTTP/2 capabilities, all while experiencing the importance of security by digging into the details of HTTPS. Throughout the course, you'll learn both security best practices, as well as ways to improve the performance of your web apps. We'll provide you with handcrafted servers where you'll diagnose problematic server setups, issues with SSL certificates, and even have a chance to hack an example bank website to transfer funds.


Typically, web developers do not work directly with underlying platform of HTTP. But knowing how information is transferred across the wire is vital to creating efficient and professional apps. This course will dig into the ins and outs of application performance as well as cover common security pitfalls and how to prevent them.


We expect that you are comfortable reading and writing HTML, CSS and JavaScript. Knowledge of JavaScript's Fetch API is not required but will be beneficial. Check out our JavaScript Promises course to learn about Fetch.

\n\n<p>Other Requirements:</p>\n\n<ul>\n<li>comfort with command line tools</li>\n</ul>\n\n




Project 5: Capstone Project

In this capstone project, students will build their own application using signature native application features such as device sensor access, offline-first, and more.


Lesson 1: HTTP’s Request Response Cycle

Learn about HTTP's request and response cycle. We'll look at the pieces that make up both requests and responses, who originates these requests, and how these messages relate to each other.

Lesson 2: HTTP/1

Find out how HTTP/1 is used in practice by mapping the requests types from lesson 1 into specific HTTP verbs and the response types into response codes & headers.

Lesson 3: HTTPS

Discover what the "S" in HTTPS is all about. We'll look at TLS (the successor to SSL), cryptography, Certificate Authorities, and HTTP Mixed Content issues.

Lesson 4: HTTP/2

Look at the areas where HTTP/2 improves on and extends HTTP/1. We'll also look at different optimizations that were created to handle limitations with HTTP/1 but are now anti-patterns in HTTP/2.

Lesson 5: Security

Security is the undercurrent throughout this course, but it's so important it also needs its own lesson. We'll look at and resolve common security problems like CORS, CSRF, XSS, and more!




Surma is an engineer working with the Chrome team. He likes to cut himself on the bleeding edge, goes full-stack every once in a while and prefers good code over functional one.

Richard Kalehoff

Richard Kalehoff

作为一名劲头十足的程序员和求知者,Richard Kalehoff 在教师行业找到了自己的激情和抱负。在优达学城担任课程开发人员的过程中,他对开发和教学都无比的喜爱。在获得计算机科学领域学位后,他做出了明智的决策,进入了 HTML、CSS 和 JavaScript 领域。在超过 7 年的时间内,他都一直在一家国际非营利组织工作,负责多项工作,包括前端网络开发、后端编程和数据库及服务器管理。在从弗罗里达大学的网络设计和在线通信硕士课程中毕业并获得大众通信学位前,他就受到弗罗里达大学的邀请,成为该校的一名教职工。即使要规划、构建和开发课程,他还是会抽出时间去加州的乡下走走,欣赏原野风光。