WEBVTT

00:00.350 --> 00:04.310
Hey, everyone, and welcome back to the Knowledge Portal Video series.

00:04.340 --> 00:11.870
Now, in the past few lectures we have been discussing about various Http methods like Get Post, Head

00:11.990 --> 00:14.000
trace and many others.

00:14.000 --> 00:18.140
So today we'll be speaking about the options method.

00:18.140 --> 00:24.830
So this options method is generally taught at the last of the Http methods.

00:24.830 --> 00:27.770
And the reason why is something that we will understand now.

00:27.770 --> 00:36.080
So let's go ahead and understand the options method with the use case which we have been taking since

00:36.080 --> 00:36.860
quite a while.

00:37.100 --> 00:45.020
So you have a client, this can be a web browser, Telnet Curl or other clients, and you have a server.

00:45.350 --> 00:50.090
Now here within the server you have three files.

00:50.210 --> 00:58.070
Now one is the documentary dot mp4, second is login dot PHP and third is the test dot txt file.

00:58.460 --> 01:03.780
Now a web server has these three files.

01:03.780 --> 01:11.430
Now a client can generally send a request to the web server asking for one of these specific files.

01:11.430 --> 01:18.060
So for example, for documentary MP4, a client may send a get request.

01:18.330 --> 01:26.550
However, when it comes to login dot php, both get and post will be required because client will be

01:26.550 --> 01:32.760
logging in and this is the reason why the username and password fields need to be posted back to the

01:32.760 --> 01:33.390
server.

01:33.390 --> 01:38.190
So for documentary dot mp4 get method is quite useful.

01:38.190 --> 01:40.920
You do not really need a post method.

01:41.100 --> 01:46.320
Similarly for login dot php get and post.

01:46.440 --> 01:52.710
Two methods are very much required when it comes to test dot txt.

01:52.920 --> 02:00.210
Then get method is sufficient enough so depending upon the file which is being served by the web server,

02:00.240 --> 02:05.940
the Http methods which needs to be supported differs a lot.

02:06.840 --> 02:14.460
So when a client sends a request and the server sends a response, the overall methods that will be

02:14.460 --> 02:18.150
supplied over here needs to be controlled.

02:18.900 --> 02:25.470
So as we discussed for documentary dot mp4 get and head is sufficient enough.

02:25.470 --> 02:33.060
Head is also very useful method for login dot php you need get head and post so all three are required

02:33.690 --> 02:36.150
among which get and post should be mandatory.

02:36.150 --> 02:41.070
And when it comes to test you have get in head which are important.

02:41.190 --> 02:49.110
So is there a way for a client to know that for a specific resource, what are the methods which are

02:49.110 --> 02:49.650
supported?

02:49.650 --> 02:57.680
So it might be possible that a web server is only supporting get method for documentary MP4.

02:57.690 --> 03:02.360
So is there any easy way in which we can actually determine this?

03:02.360 --> 03:06.260
And the answer is yes through the options method.

03:07.970 --> 03:15.500
So what really happens in the options method is that option method is used to describe the communication

03:15.500 --> 03:17.600
option for a target resource.

03:17.870 --> 03:25.700
For example, you have a very simple syntax where you have options slash index dot HTML http 1.1.

03:25.700 --> 03:32.930
So what this basically will do is that it will show on what are the methods Http methods which are supported

03:32.930 --> 03:35.660
for this index dot HTML file.

03:36.170 --> 03:39.930
Now this is something that we can send with Telnet as well.

03:39.950 --> 03:47.840
However, we know that the curl is quite simple and thus will be invoking curl where you have curl hyphen

03:47.840 --> 03:48.520
x.

03:48.530 --> 03:53.510
We'll be using the options header followed by the url and hyphen i.

03:53.600 --> 03:55.670
So this will only print the headers.

03:56.270 --> 03:57.110
Perfect.

03:57.110 --> 04:00.830
So let's do one thing.

04:00.830 --> 04:05.210
Let's try this out so that it will become much more simpler for us.

04:05.940 --> 04:14.160
Okay, so what we'll do, we'll run a curl command hyphen x will specify the header or the method,

04:14.160 --> 04:15.750
which will be options.

04:20.140 --> 04:23.770
Followed by the IP address.

04:23.770 --> 04:28.510
In my case, let me put one of the IP address followed by hyphen I.

04:31.390 --> 04:37.420
So now in the response you get, there is a header called allow.

04:37.420 --> 04:39.620
And within this there are the methods.

04:39.640 --> 04:46.350
These are the methods it is saying which is allowed, which is post options get head trace.

04:46.360 --> 04:47.590
So these are the.

04:49.060 --> 04:52.520
Http methods which the web server is allowing.

04:52.520 --> 04:55.610
So there are various other methods like port delete.

04:55.610 --> 05:00.470
So those methods are not allowed for this particular web server.

05:00.470 --> 05:06.260
And if you might want to know which is the web server, it is running, it is running Apache 2.4.6.

05:07.070 --> 05:17.390
So similarly, as a system administrator might actually decide to not allow the options header at all.

05:17.540 --> 05:21.170
So let me give you an example.

05:21.170 --> 05:28.160
When you talk about Nginx as a web server, Nginx does not allow this options header at all, so it

05:28.160 --> 05:30.380
will not accept it at all.

05:30.380 --> 05:31.760
So let me show you.

05:32.120 --> 05:43.670
I'll say Dexter dot Labs dot n hyphen I and now you see it is returning back saying it is not allowed.

05:43.670 --> 05:48.770
So options header is not allowed in nginx by default.

05:48.770 --> 05:52.490
The reason why is because of the security perspective.

05:52.490 --> 05:53.570
Ideally, this is why.

05:53.570 --> 05:58.940
Do you want an outsider to know what is allowed, what is not allowed in your web server?

05:58.940 --> 06:03.620
And this is the reason why Nginx does not support it by default.

06:04.610 --> 06:05.750
Apache does it.

06:05.750 --> 06:13.730
And this is the reason why I had a test server created so that we can check the options header in our

06:13.730 --> 06:15.860
Apache based web server.

06:15.860 --> 06:22.670
Now one important thing to remember is that even if you are using Apache, make sure that you do not

06:22.670 --> 06:29.600
really allow options for the world to know on what are the Http methods which are allowed in your web

06:29.600 --> 06:30.260
server.

06:30.410 --> 06:37.820
Along with that, you can control, let's say for example for login dot PHP, you can control on what

06:37.820 --> 06:44.600
are the Http methods which will be allowed Similarly for if it is a documentary MP4, you can control

06:44.600 --> 06:50.030
which Http methods which will be allowed in that specific resource.

06:50.030 --> 06:51.500
So this is it.

06:51.500 --> 06:52.730
About this lecture.

06:52.730 --> 06:59.420
I hope you understood the basics about the options method and I look forward to see you in the next

06:59.420 --> 07:00.110
lecture.