Communicating with servers in SPAs:AJAX, XHR, CORS, and Web sockets (Week 8) Flashcards

Question 1

Q

What is AJAX?

✨✨✨

Answer

A

Asynchronous Javascript and XML.

A set of techniques for accessing web servers from a web page.

Makes it possible to update parts of the web page without reloading the page (update data behind the scene asynchronously).

Question 2

Q

How do you get data from the server without refreshing the page?

Answer

A

AJAX and XHR.

Fires requests to get data and executes http methods programatically using javascript

Question 3

Q

What are the problems of events?(6)

Answer

A

❌ reactive (waiting before act)

❌ asynchronous (don’t know when)

❌ dependencies (between assets on page)

❌ system & user (system can initiate event AJAX)

❌ volume (# of events handled)

❌ changeability (SPA events change)

Question 4

Q

What are some solutions to problems with events?(6)

Answer

A

✔️ handlers

✔️ callbacks

✔️ promises

✔️ reactive programming

✔️ async functions

✔️ generators

Question 5

Q

Why has REST replaced SOAP?

✨✨✨

Answer

A

✔️ Easier to use

✔️ Accepted through firewalls

SOAP has a very heavy infrastructure

✔️ REST works well with AJAX

Question 6

Q

What is the difference between AJAX and $.ajax()

Answer

A

AJAX is a library

$.ajax() is a call to the library

Question 7

Q

20

$(document).ready(function(){

21 $.ajax({

22 type: “GET”,

23 url: “http://results.com/api/xml/competitions.php”,

24 data: “competitor=1195&season=2016”,

25 dataType: “xml”,

26 success: function(xml) {…}

27 });

28 });

What is happening at 20, 22-24, 25, 26

Answer

A

20 - when document is fully loaded

22 - GET -request type

23 - this url

24 - data being sent

25 - data type being sent

26 - if successful get, do this

Question 8

Q

What is the purpose of I/O thread and Main thread?

Answer

A

Allow for simultaneous processes that don’t block

Question 9

Q

Comment on the architecture of diagram of under the hood of the Chrome browser - See diagram doc - #8

Answer

A

multi process architectures

Question 10

Q

What do SPAs separate?

Answer

A

data (both client and server) from content and presentation

Question 11

Q

In terms of getting data from server into SPA, what is the problem/requirement that is needed?

Answer

A

Need some way of performing HTTP requests concurrently to, and independently of, the user interacting with the application on the browser –> Security, usability, etc

Question 12

Q

What type of threading does JS have?

Answer

A

JS is single threaded

Question 13

Q

Summarize XHR / AJAX (5)

✨✨✨

Answer

A

1) Execute HTTP methods programmatically, and in the ‘background’ -> But remember that JavaScript is single threaded.
2) Use JavaScript to issue HTTP requests e.g. HTTP GET, HTTP POST etc.

3) Use XMLHttpRequest
(XHR) JavaScript API

–> Raw JavaScript XHR; or

–> Abstraction of XHR e.g. jQuery’s $.ajax() method, Vue.js’ vue-resource (v2, not v3), axios etc.

4) Setup XHR request
5) Execute the request

Question 14

Q

In terms of XHR/AJAX, when setting up XHR request, what things do you specify?

Answer

A

1) HTTP request

–> Method e.g. GET, etc. including ? query parameters

–> Body e.g. what’s in the HTTP body you’re sending (of anything)

2) Expected HTTP responses: what data you want back from the server e.g. JSON, XML etc
3) Callbacks for handling the range of HTTP response/s

–> e.g. successful | unsuccessful response

Question 15

Q

Explain the example of raw XHR - see image doc - #9

Answer

A

1) onreadystatechange –> when we receive response, execute anonymous function
2) this.readyState == 4 –> 4 = done

Other magic numbers:

0 = unsent –> open() but not send()

1 = opened –> opened() and send()

3 = loading

3) xhttp.open() and xhttp.send() –> open connection and send

Question 16

Q

Explain the model in image #10

Answer

A

FINISH EXPLANATION

1) request event from application goes to the demultiplexer

Demultiplexer stores event in non-blocking way

2) Once demultiplexer done, handling pushes out to Event Queue
3) If some event present, Event Queue passes to event loop

4)

Question 17

Q

Benefits of concurrency (5)

Answer

A

decreasing waiting time.
decreasing response time.
increases resource utilzation.
increases efficiency.
Allows for non-blocking behaviour

Question 18

Q

Compare concurrency and parallelism

Answer

A

concurrency is the composition of independently executing processes, while parallelism is the simultaneous execution of (possibly related) computations.

🧠 Concurrency is about dealing with lots of things at once.

🤹‍♀️ Parallelism is about doing lots of things at once.

Question 19

Q

Why is the term ‘XMLHttpRequest (XHR)’ now misleading?

Answer

A

1) Can retrieve data other than XML e.g. JSON
2) Works with other protocols, not just HTTP
3) Doesn’t have to be asynchronous… but should be asynchronous and NOT synchronous

Question 20

Q

Why is it best use an abstraction rather than raw XHR e.g. jQuery’s $.ajax() or a library such as axios for Vue , or fetch API?

Answer

A

Internet Explorer variants do things differently.

e.g. XDomainRequest in Internet Explore 8 and 9

Question 21

Q

What are the events (and therefore event handlers) for XHR? (8)

Answer

A

1) onloadstart
2) onprogress
3) onabort
4) onerror
5) onload
6) ontimeout
7) onloadend
8) onreadystatechange –> Legacy; deprecated

Question 22

Q

What is the fetch API?

Answer

A

Modern interface that allows you to make HTTP requests to servers from web browsers.

It uses the Promise to deliver more flexible features to make these requests.

1) ES6 style JS
2) syntactic sugar for promises
3) Native Javascript API introduced in 2017

Question 23

Q

Give the fetch API pattern for a basic fetch.

Answer

A

See diagrams doc - #11

Question 24

Q

Give the fetch API pattern for a basic fetch that uses an async function

Answer

A

See diagrams doc - #12

Question 25

Q

What does CORS stand for?

Answer

A

Cross Origin Resource Sharing

Question 26

Q

What is the main purpose of CORS?

✨✨✨

Answer

A

🦀 Request resources from different domains/servers.

🦀 Defines a way in which a browser and server can interact to determine if it is safe to allow cross origin requests.

🦀 Uses Http headers and relies on the browser to honour the restrictions.

🦀 Prevents people from drawing lots of info from resources they that aren’t allowed to

Question 27

Q

Explain the everyday and legitimate cross-origin resource request diagram –> See diagram #13

Answer

A

TODO

1) Browser sends an HTTP request to first.com to retrieve Resource A’s HTML
2) The server retrieves Resource A and delivers it to the browser in an HTTP response
3) The browser then sends another HTTP request to another address second.com to get Resource B’s image
4) The server retrieves this resource and delivers it to the browser in an HTTP response

Question 28

Q

What is a common practice for many web pages (web applications) to do in terms of loading resources?

Answer

A

Load resources from separate domains –> CSS stylesheets, images, frames, video

Question 29

Q

Explain the cross-origin requests with diagram –> See diagram #14

✨✨✨

Answer

A

If a script wants to get image, gets CORS error as can only make request to originating origin that originally contact i.e. first.com

For security reasons, browsers restrict [scripts]s in the way they make cross-origin resource requests. By default, an XHR request can be made only to the originating origin (the same origin)

Question 30

Q

What is a common practice for many web pages (web applications) to do in terms of loading resources?

Answer

A

Load resources from separate domains  CSS stylesheets, images, frames, video

Question 31

Q

What sorts of “cross-domain” requests are forbidden by the same-origin security policy? Why?

✨✨✨

Answer

A

AJAX/ XHR requests

AJAX requests are JavaScript and [script]s can’t by default make cross-origin requests

Question 32

Q

What does CORS define?

✨✨✨

Answer

A

a way in which a browser and a server can work together to determine whether or not it is safe to allow a client-side app to make a cross-origin request

Question 33

Q

What enforces CORS?

Question 34

Q

What does the CORS standard describe?

✨✨✨

Answer

A

HTTP headers (how to access URLs e.g. permissions) which provide browsers and servers a way to request remote URLs only when they have permission

The app can’t access (some of) these headers

Question 35

Q

In terms of CORS, who has to perform some validation and authorisation?

Question 36

Q

In terms of CORS, who is generally responsible for supporting the headers and honouring the restrictions they impose?

Answer

A

Browser

Note: not the application’s responsibility; the browser’s responsibility e.g. to prevent the application doing something

Question 37

Q

In terms of CORS, what defines origin?

Answer

A

Origin is defined in terms of:

1) Protocol
2) Domain
3) Port

Question 38

Q

If two addresses have the identical { protocol, domain, port}, is it same-origin or cross-origin?

Answer

A

Same origin

Question 39

Q

If two addresses have the different { protocol, domain, port}, is it same-origin or cross-origin?

Answer

A

Cross-origin

Question 40

Q

Which of the following are same-origin and cross-origin?

1) http:example.com:80
2) https:example.com:80
3) http:exemple.com:80
4) http:example.com:463

Answer

A

All are cross-origin as have different {protocol, domain, port}

Question 41

Q

What are HTTP forbidden headers? Give examples.

Answer

A

1) Some headers are managed by the browser and/or the server, and these headers can’t be manipulated by the client-side application
2) “A forbidden header name is an HTTP header name that cannot be modified programmatically; specifically, an HTTP request header name.”

3)	Examples of forbidden headers ( browser should prevent you from modifying these): 
<strong>
Access-Control-*
Access-Control-Origin
Access-Control-Headers
Origin
</strong>

Question 42

Q

What does ‘Access-Control-Allow-Origin: *’ allow?

Answer

A

Allow the request from any origin

Question 43

Q

What does ‘Access-Control-Allow-Origin: https://foo.bar’ allow?

Answer

A

Allow the request only from resources originating from HTTPS://foo.bar (remember what defines an origin)

Question 44

Q

What does ‘Access-Control-Allow- Methods: POST, GET, OPTIONS’ allow?

Answer

A

Allow only these HTTP methods

Question 45

Q

What does ‘Access-Control- Max-Age: 86400’ allow?

Answer

A

Access is allowed for up to 86400 milliseconds (86.4s)

Question 46

Q

When is ‘Access-Control- Credentials: true’ required?

Answer

A

Required if you want to send cookies etc
(and can’t use Access-Control-Allow-
Origin: *)

Question 47

Q

Explain the example diagram of ‘accept request from foo.com only’ - #15

Answer

A

1) make original request to foo.com
2) comes back as a script, has XHR in it
3) XHR executes something that requests origin: https://foo.com
NOTE: browser adds in origin as header
4) makes request
5) response returned

Works for single origin

Question 48

Q

Explain the example diagram of ‘accept request from anywhere (*)’ - #img 16

Answer

A

1) make original request to foo.com
2) comes back as a script, has XHR in it
3) XHR executes something that requests origin: https://foo.com
NOTE: browser adds in origin as header
4) makes request
5) response returned

Works for any origin e.g. local host

Question 49

Q

Explain the example diagram of ‘reject request’ - img #17

Answer

A

rejects request as access control origin is boo.com but request is foo.com

So, makes request but browser will not honour it

Browser implements rule i.e. blocks

Question 50

Q

Explain the example diagram of ‘fooling the server’ - img #18

Answer

A

Fool by writing browser that doesn’t support CORS

Harming user of browser

Question 51

Q

What does JSON-P refer to?

Answer

A

JSON with padding

Question 52

Q

Explain JSON-P?

Comment on age, usefulness and security.

Answer

A

A much older approach to get data, pre-CORS

So may still be useful for old/er browsers that don’t support CORS

Has security weakness so should use CORS instead

Question 53

Q

How does JSON-P work?

Answer

A

🦚 Request a [script] from another origin (this is legal)

🦚 Server wraps the data, that you want to get access to, inside the script

🦚 In the app on the client side, you call the function in the [script] and unpack the data

–> Server and app must know beforehand what the function name etc is

–> There is still cooperation needed with server

NOTE: [ = < and ] = >

Question 54

Q

Compare HTTP AJAX with Web sockets

✨✨✨

Answer

A

HTTP, AJAX:
🦧 Uni-directional communication: client makes request, server makes response
🦧 stateless
🦧 Relatively less efficient
🦧 Good for retrieving resources
🦧 Must implement polling to get updates from the server

Web Sockets
🐳 Persistent 2-way communication
🐳 Maintains state
🐳 Fast, lightweight and can maintain much higher load of connections
🐳 Good for real-time communication: chats, games, etc.
🐳 Server can push data to client

Question 55

Q

Compare polling and pushing in terms of HTTP AJAX and web sockets.

✨✨✨

Answer

A

HTTP AJAX uses polling

🦧client initiates and says that it wants an update (via a GET) from the server
🦧 poll server then get response from server

Web sockets use pushing.
🐳 establish web connection and then server can push data to the client

Question 56

Q

How are web socket connections made?

✨✨✨

Answer

A

Handshake mechanism

Client send initial HTTP GET request to the server.
Server responds with information on how to connect to socket server.
Client sends HTTP GET with header “Connection: Upgrade” and connection is upgraded to a socket connection.

Question 57

Q

Is it common for browsers to support web socket API?

Answer

A

Yes, web sockets are now supported in most browsers

Question 58

Q

How is the web socket API implemented in npm packages?

Answer

A

e.g. ws, socket-io, websocket, and express-ws (express integration with ws)

Some libraries implement fallback (emulates socket connection in http when not supported in browser)

Question 59

Q

Explain the sample client connection example - image doc #19

Question 60

Q

Explain the simple server example - image doc #20

Question 61

Q

In terms of the browser process section of the Chrome browser, what does the browser maintain?

See diagram doc - #8

Answer

A

browser maintains main and I/O thread

Question 62

Q

In terms of the browser process section of the Chrome browser, what does the browser process allow for?

See diagram doc - #8

Answer

A

allow for different things to run side by side without blocking each other

Question 63

Q

In terms of the browser process section of the Chrome browser, what does the main/UI thread do?

See diagram doc - #8

Answer

A

main/UI thread renders web pages onto screen

Question 64

Q

In terms of the browser process section of the Chrome browser, what does the I/O thread handle?

See diagram doc - #8

Answer

A

I/O thread handles inter-process communication and network connections (with other servers)

Answer 61

A

has render and main threads

Answer 62

A

RenderProcess is the main work, where it handles inter-process communication events

Answer 63

A

Render thread has the RenderView, WebKit and ResourceDispatcher pieces.

Answer 64

A

resources

Answer 65

A

request and response

Answer 66

A

WebKit is rendering engine inside Chrome (constructs DOM and draw web page pieces, V8 engine lives here)

Answer 67

A

Means that if one tab fails, others will keep working.

Brainscape's Knowledge GenomeTM

Communicating with servers in SPAs:AJAX, XHR, CORS, and Web sockets (Week 8) Flashcards

Brainscape's Knowledge Genome^TM