123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440 |
- ============================
- Request and response objects
- ============================
- .. module:: django.http
- :synopsis: Classes dealing with HTTP requests and responses.
- Quick overview
- ==============
- Django uses request and response objects to pass state through the system.
- When a page is requested, Django creates an :class:`HttpRequest` object that
- contains metadata about the request. Then Django loads the appropriate view,
- passing the :class:`HttpRequest` as the first argument to the view function.
- Each view is responsible for returning an :class:`HttpResponse` object.
- This document explains the APIs for :class:`HttpRequest` and
- :class:`HttpResponse` objects, which are defined in the :mod:`django.http`
- module.
- ``HttpRequest`` objects
- =======================
- .. class:: HttpRequest
- .. _httprequest-attributes:
- Attributes
- ----------
- All attributes should be considered read-only, unless stated otherwise.
- .. attribute:: HttpRequest.scheme
- A string representing the scheme of the request (``http`` or ``https``
- usually).
- .. attribute:: HttpRequest.body
- The raw HTTP request body as a bytestring. This is useful for processing
- data in different ways than conventional HTML forms: binary images,
- XML payload etc. For processing conventional form data, use
- :attr:`HttpRequest.POST`.
- You can also read from an ``HttpRequest`` using a file-like interface with
- :meth:`HttpRequest.read` or :meth:`HttpRequest.readline`. Accessing
- the ``body`` attribute *after* reading the request with either of these I/O
- stream methods will produce a ``RawPostDataException``.
- .. attribute:: HttpRequest.path
- A string representing the full path to the requested page, not including
- the scheme, domain, or query string.
- Example: ``"/music/bands/the_beatles/"``
- .. attribute:: HttpRequest.path_info
- Under some web server configurations, the portion of the URL after the
- host name is split up into a script prefix portion and a path info
- portion. The ``path_info`` attribute always contains the path info portion
- of the path, no matter what web server is being used. Using this instead
- of :attr:`~HttpRequest.path` can make your code easier to move between
- test and deployment servers.
- For example, if the ``WSGIScriptAlias`` for your application is set to
- ``"/minfo"``, then ``path`` might be ``"/minfo/music/bands/the_beatles/"``
- and ``path_info`` would be ``"/music/bands/the_beatles/"``.
- .. attribute:: HttpRequest.method
- A string representing the HTTP method used in the request. This is
- guaranteed to be uppercase. For example::
- if request.method == "GET":
- do_something()
- elif request.method == "POST":
- do_something_else()
- .. attribute:: HttpRequest.encoding
- A string representing the current encoding used to decode form submission
- data (or ``None``, which means the :setting:`DEFAULT_CHARSET` setting is
- used). You can write to this attribute to change the encoding used when
- accessing the form data. Any subsequent attribute accesses (such as reading
- from :attr:`GET` or :attr:`POST`) will use the new ``encoding`` value.
- Useful if you know the form data is not in the :setting:`DEFAULT_CHARSET`
- encoding.
- .. attribute:: HttpRequest.content_type
- A string representing the MIME type of the request, parsed from the
- ``CONTENT_TYPE`` header.
- .. attribute:: HttpRequest.content_params
- A dictionary of key/value parameters included in the ``CONTENT_TYPE``
- header.
- .. attribute:: HttpRequest.GET
- A dictionary-like object containing all given HTTP GET parameters. See the
- :class:`QueryDict` documentation below.
- .. attribute:: HttpRequest.POST
- A dictionary-like object containing all given HTTP POST parameters,
- providing that the request contains form data. See the
- :class:`QueryDict` documentation below. If you need to access raw or
- non-form data posted in the request, access this through the
- :attr:`HttpRequest.body` attribute instead.
- It's possible that a request can come in via POST with an empty ``POST``
- dictionary -- if, say, a form is requested via the POST HTTP method but
- does not include form data. Therefore, you shouldn't use ``if request.POST``
- to check for use of the POST method; instead, use ``if request.method ==
- "POST"`` (see :attr:`HttpRequest.method`).
- ``POST`` does *not* include file-upload information. See :attr:`FILES`.
- .. attribute:: HttpRequest.COOKIES
- A dictionary containing all cookies. Keys and values are strings.
- .. attribute:: HttpRequest.FILES
- A dictionary-like object containing all uploaded files. Each key in
- ``FILES`` is the ``name`` from the ``<input type="file" name="">``. Each
- value in ``FILES`` is an :class:`~django.core.files.uploadedfile.UploadedFile`.
- See :doc:`/topics/files` for more information.
- ``FILES`` will only contain data if the request method was POST and the
- ``<form>`` that posted to the request had ``enctype="multipart/form-data"``.
- Otherwise, ``FILES`` will be a blank dictionary-like object.
- .. attribute:: HttpRequest.META
- A dictionary containing all available HTTP headers. Available headers
- depend on the client and server, but here are some examples:
- * ``CONTENT_LENGTH`` -- The length of the request body (as a string).
- * ``CONTENT_TYPE`` -- The MIME type of the request body.
- * ``HTTP_ACCEPT`` -- Acceptable content types for the response.
- * ``HTTP_ACCEPT_ENCODING`` -- Acceptable encodings for the response.
- * ``HTTP_ACCEPT_LANGUAGE`` -- Acceptable languages for the response.
- * ``HTTP_HOST`` -- The HTTP Host header sent by the client.
- * ``HTTP_REFERER`` -- The referring page, if any.
- * ``HTTP_USER_AGENT`` -- The client's user-agent string.
- * ``QUERY_STRING`` -- The query string, as a single (unparsed) string.
- * ``REMOTE_ADDR`` -- The IP address of the client.
- * ``REMOTE_HOST`` -- The hostname of the client.
- * ``REMOTE_USER`` -- The user authenticated by the web server, if any.
- * ``REQUEST_METHOD`` -- A string such as ``"GET"`` or ``"POST"``.
- * ``SERVER_NAME`` -- The hostname of the server.
- * ``SERVER_PORT`` -- The port of the server (as a string).
- With the exception of ``CONTENT_LENGTH`` and ``CONTENT_TYPE``, as given
- above, any HTTP headers in the request are converted to ``META`` keys by
- converting all characters to uppercase, replacing any hyphens with
- underscores and adding an ``HTTP_`` prefix to the name. So, for example, a
- header called ``X-Bender`` would be mapped to the ``META`` key
- ``HTTP_X_BENDER``.
- Note that :djadmin:`runserver` strips all headers with underscores in the
- name, so you won't see them in ``META``. This prevents header-spoofing
- based on ambiguity between underscores and dashes both being normalizing to
- underscores in WSGI environment variables. It matches the behavior of
- web servers like Nginx and Apache 2.4+.
- :attr:`HttpRequest.headers` is a simpler way to access all HTTP-prefixed
- headers, plus ``CONTENT_LENGTH`` and ``CONTENT_TYPE``.
- .. attribute:: HttpRequest.headers
- A case insensitive, dict-like object that provides access to all
- HTTP-prefixed headers (plus ``Content-Length`` and ``Content-Type``) from
- the request.
- The name of each header is stylized with title-casing (e.g. ``User-Agent``)
- when it's displayed. You can access headers case-insensitively:
- .. code-block:: pycon
- >>> request.headers
- {'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6', ...}
- >>> "User-Agent" in request.headers
- True
- >>> "user-agent" in request.headers
- True
- >>> request.headers["User-Agent"]
- Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6)
- >>> request.headers["user-agent"]
- Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6)
- >>> request.headers.get("User-Agent")
- Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6)
- >>> request.headers.get("user-agent")
- Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6)
- For use in, for example, Django templates, headers can also be looked up
- using underscores in place of hyphens:
- .. code-block:: html+django
- {{ request.headers.user_agent }}
- .. attribute:: HttpRequest.resolver_match
- An instance of :class:`~django.urls.ResolverMatch` representing the
- resolved URL. This attribute is only set after URL resolving took place,
- which means it's available in all views but not in middleware which are
- executed before URL resolving takes place (you can use it in
- :meth:`process_view` though).
- Attributes set by application code
- ----------------------------------
- Django doesn't set these attributes itself but makes use of them if set by your
- application.
- .. attribute:: HttpRequest.current_app
- The :ttag:`url` template tag will use its value as the ``current_app``
- argument to :func:`~django.urls.reverse()`.
- .. attribute:: HttpRequest.urlconf
- This will be used as the root URLconf for the current request, overriding
- the :setting:`ROOT_URLCONF` setting. See
- :ref:`how-django-processes-a-request` for details.
- ``urlconf`` can be set to ``None`` to revert any changes made by previous
- middleware and return to using the :setting:`ROOT_URLCONF`.
- .. attribute:: HttpRequest.exception_reporter_filter
- This will be used instead of :setting:`DEFAULT_EXCEPTION_REPORTER_FILTER`
- for the current request. See :ref:`custom-error-reports` for details.
- .. attribute:: HttpRequest.exception_reporter_class
- This will be used instead of :setting:`DEFAULT_EXCEPTION_REPORTER` for the
- current request. See :ref:`custom-error-reports` for details.
- Attributes set by middleware
- ----------------------------
- Some of the middleware included in Django's contrib apps set attributes on the
- request. If you don't see the attribute on a request, be sure the appropriate
- middleware class is listed in :setting:`MIDDLEWARE`.
- .. attribute:: HttpRequest.session
- From the :class:`~django.contrib.sessions.middleware.SessionMiddleware`: A
- readable and writable, dictionary-like object that represents the current
- session.
- .. attribute:: HttpRequest.site
- From the :class:`~django.contrib.sites.middleware.CurrentSiteMiddleware`:
- An instance of :class:`~django.contrib.sites.models.Site` or
- :class:`~django.contrib.sites.requests.RequestSite` as returned by
- :func:`~django.contrib.sites.shortcuts.get_current_site()`
- representing the current site.
- .. attribute:: HttpRequest.user
- From the :class:`~django.contrib.auth.middleware.AuthenticationMiddleware`:
- An instance of :setting:`AUTH_USER_MODEL` representing the currently
- logged-in user. If the user isn't currently logged in, ``user`` will be set
- to an instance of :class:`~django.contrib.auth.models.AnonymousUser`. You
- can tell them apart with
- :attr:`~django.contrib.auth.models.User.is_authenticated`, like so::
- if request.user.is_authenticated:
- ... # Do something for logged-in users.
- else:
- ... # Do something for anonymous users.
- The :meth:`auser` method does the same thing but can be used from async
- contexts.
- Methods
- -------
- .. method:: HttpRequest.auser()
- From the :class:`~django.contrib.auth.middleware.AuthenticationMiddleware`:
- Coroutine. Returns an instance of :setting:`AUTH_USER_MODEL` representing
- the currently logged-in user. If the user isn't currently logged in,
- ``auser`` will return an instance of
- :class:`~django.contrib.auth.models.AnonymousUser`. This is similar to the
- :attr:`user` attribute but it works in async contexts.
- .. method:: HttpRequest.get_host()
- Returns the originating host of the request using information from the
- ``HTTP_X_FORWARDED_HOST`` (if :setting:`USE_X_FORWARDED_HOST` is enabled)
- and ``HTTP_HOST`` headers, in that order. If they don't provide a value,
- the method uses a combination of ``SERVER_NAME`` and ``SERVER_PORT`` as
- detailed in :pep:`3333`.
- Example: ``"127.0.0.1:8000"``
- Raises ``django.core.exceptions.DisallowedHost`` if the host is not in
- :setting:`ALLOWED_HOSTS` or the domain name is invalid according to
- :rfc:`1034`/:rfc:`1035 <1035>`.
- .. note:: The :meth:`~HttpRequest.get_host()` method fails when the host is
- behind multiple proxies. One solution is to use middleware to rewrite
- the proxy headers, as in the following example::
- class MultipleProxyMiddleware:
- FORWARDED_FOR_FIELDS = [
- "HTTP_X_FORWARDED_FOR",
- "HTTP_X_FORWARDED_HOST",
- "HTTP_X_FORWARDED_SERVER",
- ]
- def __init__(self, get_response):
- self.get_response = get_response
- def __call__(self, request):
- """
- Rewrites the proxy headers so that only the most
- recent proxy is used.
- """
- for field in self.FORWARDED_FOR_FIELDS:
- if field in request.META:
- if "," in request.META[field]:
- parts = request.META[field].split(",")
- request.META[field] = parts[-1].strip()
- return self.get_response(request)
- This middleware should be positioned before any other middleware that
- relies on the value of :meth:`~HttpRequest.get_host()` -- for instance,
- :class:`~django.middleware.common.CommonMiddleware` or
- :class:`~django.middleware.csrf.CsrfViewMiddleware`.
- .. method:: HttpRequest.get_port()
- Returns the originating port of the request using information from the
- ``HTTP_X_FORWARDED_PORT`` (if :setting:`USE_X_FORWARDED_PORT` is enabled)
- and ``SERVER_PORT`` ``META`` variables, in that order.
- .. method:: HttpRequest.get_full_path()
- Returns the ``path``, plus an appended query string, if applicable.
- Example: ``"/music/bands/the_beatles/?print=true"``
- .. method:: HttpRequest.get_full_path_info()
- Like :meth:`get_full_path`, but uses :attr:`path_info` instead of
- :attr:`path`.
- Example: ``"/minfo/music/bands/the_beatles/?print=true"``
- .. method:: HttpRequest.build_absolute_uri(location=None)
- Returns the absolute URI form of ``location``. If no location is provided,
- the location will be set to ``request.get_full_path()``.
- If the location is already an absolute URI, it will not be altered.
- Otherwise the absolute URI is built using the server variables available in
- this request. For example:
- .. code-block:: pycon
- >>> request.build_absolute_uri()
- 'https://example.com/music/bands/the_beatles/?print=true'
- >>> request.build_absolute_uri("/bands/")
- 'https://example.com/bands/'
- >>> request.build_absolute_uri("https://example2.com/bands/")
- 'https://example2.com/bands/'
- .. note::
- Mixing HTTP and HTTPS on the same site is discouraged, therefore
- :meth:`~HttpRequest.build_absolute_uri()` will always generate an
- absolute URI with the same scheme the current request has. If you need
- to redirect users to HTTPS, it's best to let your web server redirect
- all HTTP traffic to HTTPS.
- .. method:: HttpRequest.get_signed_cookie(key, default=RAISE_ERROR, salt='', max_age=None)
- Returns a cookie value for a signed cookie, or raises a
- ``django.core.signing.BadSignature`` exception if the signature is
- no longer valid. If you provide the ``default`` argument the exception
- will be suppressed and that default value will be returned instead.
- The optional ``salt`` argument can be used to provide extra protection
- against brute force attacks on your secret key. If supplied, the
- ``max_age`` argument will be checked against the signed timestamp
- attached to the cookie value to ensure the cookie is not older than
- ``max_age`` seconds.
- For example:
- .. code-block:: pycon
- >>> request.get_signed_cookie("name")
- 'Tony'
- >>> request.get_signed_cookie("name", salt="name-salt")
- 'Tony' # assuming cookie was set using the same salt
- >>> request.get_signed_cookie("nonexistent-cookie")
- KeyError: 'nonexistent-cookie'
- >>> request.get_signed_cookie("nonexistent-cookie", False)
- False
- >>> request.get_signed_cookie("cookie-that-was-tampered-with")
- BadSignature: ...
- >>> request.get_signed_cookie("name", max_age=60)
- SignatureExpired: Signature age 1677.3839159 > 60 seconds
- >>> request.get_signed_cookie("name", False, max_age=60)
- False
- See :doc:`cryptographic signing </topics/signing>` for more information.
- .. method:: HttpRequest.is_secure()
- Returns ``True`` if the request is secure; that is, if it was made with
- HTTPS.
- .. method:: HttpRequest.get_preferred_type(media_types)
- .. versionadded:: 5.2
- Returns the preferred mime type from ``media_types``, based on the
- ``Accept`` header, or ``None`` if the client does not accept any of the
- provided types.
- Assuming the client sends an ``Accept`` header of
- ``text/html,application/json;q=0.8``:
- .. code-block:: pycon
- >>> request.get_preferred_type(["text/html", "application/json"])
- "text/html"
- >>> request.get_preferred_type(["application/json", "text/plain"])
- "application/json"
- >>> request.get_preferred_type(["application/xml", "text/plain"])
- None
- Most browsers send ``Accept: */*`` by default, meaning they don't have a
- preference, in which case the first item in ``media_types`` would be
- returned.
- Setting an explicit ``Accept`` header in API requests can be useful for
- returning a different content type for those consumers only. See
- :ref:`content-negotiation-example` for an example of returning
- different content based on the ``Accept`` header.
- .. note::
- If a response varies depending on the content of the ``Accept`` header
- and you are using some form of caching like Django's
- :mod:`cache middleware <django.middleware.cache>`, you should decorate
- the view with :func:`vary_on_headers('Accept')
- <django.views.decorators.vary.vary_on_headers>` so that the responses
- are properly cached.
- .. method:: HttpRequest.accepts(mime_type)
- Returns ``True`` if the request's ``Accept`` header matches the
- ``mime_type`` argument:
- .. code-block:: pycon
- >>> request.accepts("text/html")
- True
- Most browsers send ``Accept: */*`` by default, so this would return
- ``True`` for all content types.
- See :ref:`content-negotiation-example` for an example of using
- ``accepts()`` to return different content based on the ``Accept`` header.
- .. method:: HttpRequest.read(size=None)
- .. method:: HttpRequest.readline()
- .. method:: HttpRequest.readlines()
- .. method:: HttpRequest.__iter__()
- Methods implementing a file-like interface for reading from an
- ``HttpRequest`` instance. This makes it possible to consume an incoming
- request in a streaming fashion. A common use-case would be to process a
- big XML payload with an iterative parser without constructing a whole
- XML tree in memory.
- Given this standard interface, an ``HttpRequest`` instance can be
- passed directly to an XML parser such as
- :class:`~xml.etree.ElementTree.ElementTree`::
- import xml.etree.ElementTree as ET
- for element in ET.iterparse(request):
- process(element)
- ``QueryDict`` objects
- =====================
- .. class:: QueryDict
- In an :class:`HttpRequest` object, the :attr:`~HttpRequest.GET` and
- :attr:`~HttpRequest.POST` attributes are instances of ``django.http.QueryDict``,
- a dictionary-like class customized to deal with multiple values for the same
- key. This is necessary because some HTML form elements, notably
- ``<select multiple>``, pass multiple values for the same key.
- The ``QueryDict``\ s at ``request.POST`` and ``request.GET`` will be immutable
- when accessed in a normal request/response cycle. To get a mutable version you
- need to use :meth:`QueryDict.copy`.
- Methods
- -------
- :class:`QueryDict` implements all the standard dictionary methods because it's
- a subclass of dictionary. Exceptions are outlined here:
- .. method:: QueryDict.__init__(query_string=None, mutable=False, encoding=None)
- Instantiates a ``QueryDict`` object based on ``query_string``.
- .. code-block:: pycon
- >>> QueryDict("a=1&a=2&c=3")
- <QueryDict: {'a': ['1', '2'], 'c': ['3']}>
- If ``query_string`` is not passed in, the resulting ``QueryDict`` will be
- empty (it will have no keys or values).
- Most ``QueryDict``\ s you encounter, and in particular those at
- ``request.POST`` and ``request.GET``, will be immutable. If you are
- instantiating one yourself, you can make it mutable by passing
- ``mutable=True`` to its ``__init__()``.
- Strings for setting both keys and values will be converted from ``encoding``
- to ``str``. If ``encoding`` is not set, it defaults to
- :setting:`DEFAULT_CHARSET`.
- .. classmethod:: QueryDict.fromkeys(iterable, value='', mutable=False, encoding=None)
- Creates a new ``QueryDict`` with keys from ``iterable`` and each value
- equal to ``value``. For example:
- .. code-block:: pycon
- >>> QueryDict.fromkeys(["a", "a", "b"], value="val")
- <QueryDict: {'a': ['val', 'val'], 'b': ['val']}>
- .. method:: QueryDict.__getitem__(key)
- Returns the last value for the given key; or an empty list (``[]``) if the
- key exists but has no values. Raises
- ``django.utils.datastructures.MultiValueDictKeyError`` if the key does not
- exist. (This is a subclass of Python's standard :exc:`KeyError`, so you can
- stick to catching ``KeyError``.)
- .. code-block:: pycon
- >>> q = QueryDict("a=1&a=2&a=3", mutable=True)
- >>> q.__getitem__("a")
- '3'
- >>> q.__setitem__("b", [])
- >>> q.__getitem__("b")
- []
- .. method:: QueryDict.__setitem__(key, value)
- Sets the given key to ``[value]`` (a list whose single element is
- ``value``). Note that this, as other dictionary functions that have side
- effects, can only be called on a mutable ``QueryDict`` (such as one that
- was created via :meth:`QueryDict.copy`).
- .. method:: QueryDict.__contains__(key)
- Returns ``True`` if the given key is set. This lets you do, e.g., ``if "foo"
- in request.GET``.
- .. method:: QueryDict.get(key, default=None)
- Uses the same logic as :meth:`__getitem__`, with a hook for returning a
- default value if the key doesn't exist.
- .. method:: QueryDict.setdefault(key, default=None)
- Like :meth:`dict.setdefault`, except it uses :meth:`__setitem__` internally.
- .. method:: QueryDict.update(other_dict)
- Takes either a ``QueryDict`` or a dictionary. Like :meth:`dict.update`,
- except it *appends* to the current dictionary items rather than replacing
- them. For example:
- .. code-block:: pycon
- >>> q = QueryDict("a=1", mutable=True)
- >>> q.update({"a": "2"})
- >>> q.getlist("a")
- ['1', '2']
- >>> q["a"] # returns the last
- '2'
- .. method:: QueryDict.items()
- Like :meth:`dict.items`, except this uses the same last-value logic as
- :meth:`__getitem__` and returns an iterator object instead of a view object.
- For example:
- .. code-block:: pycon
- >>> q = QueryDict("a=1&a=2&a=3")
- >>> list(q.items())
- [('a', '3')]
- .. method:: QueryDict.values()
- Like :meth:`dict.values`, except this uses the same last-value logic as
- :meth:`__getitem__` and returns an iterator instead of a view object. For
- example:
- .. code-block:: pycon
- >>> q = QueryDict("a=1&a=2&a=3")
- >>> list(q.values())
- ['3']
- In addition, ``QueryDict`` has the following methods:
- .. method:: QueryDict.copy()
- Returns a copy of the object using :func:`copy.deepcopy`. This copy will
- be mutable even if the original was not.
- .. method:: QueryDict.getlist(key, default=None)
- Returns a list of the data with the requested key. Returns an empty list if
- the key doesn't exist and ``default`` is ``None``. It's guaranteed to
- return a list unless the default value provided isn't a list.
- .. method:: QueryDict.setlist(key, list_)
- Sets the given key to ``list_`` (unlike :meth:`__setitem__`).
- .. method:: QueryDict.appendlist(key, item)
- Appends an item to the internal list associated with key.
- .. method:: QueryDict.setlistdefault(key, default_list=None)
- Like :meth:`setdefault`, except it takes a list of values instead of a
- single value.
- .. method:: QueryDict.lists()
- Like :meth:`items()`, except it includes all values, as a list, for each
- member of the dictionary. For example:
- .. code-block:: pycon
- >>> q = QueryDict("a=1&a=2&a=3")
- >>> q.lists()
- [('a', ['1', '2', '3'])]
- .. method:: QueryDict.pop(key)
- Returns a list of values for the given key and removes them from the
- dictionary. Raises ``KeyError`` if the key does not exist. For example:
- .. code-block:: pycon
- >>> q = QueryDict("a=1&a=2&a=3", mutable=True)
- >>> q.pop("a")
- ['1', '2', '3']
- .. method:: QueryDict.popitem()
- Removes an arbitrary member of the dictionary (since there's no concept
- of ordering), and returns a two value tuple containing the key and a list
- of all values for the key. Raises ``KeyError`` when called on an empty
- dictionary. For example:
- .. code-block:: pycon
- >>> q = QueryDict("a=1&a=2&a=3", mutable=True)
- >>> q.popitem()
- ('a', ['1', '2', '3'])
- .. method:: QueryDict.dict()
- Returns a ``dict`` representation of ``QueryDict``. For every (key, list)
- pair in ``QueryDict``, ``dict`` will have (key, item), where item is one
- element of the list, using the same logic as :meth:`QueryDict.__getitem__`:
- .. code-block:: pycon
- >>> q = QueryDict("a=1&a=3&a=5")
- >>> q.dict()
- {'a': '5'}
- .. method:: QueryDict.urlencode(safe=None)
- Returns a string of the data in query string format. For example:
- .. code-block:: pycon
- >>> q = QueryDict("a=2&b=3&b=5")
- >>> q.urlencode()
- 'a=2&b=3&b=5'
- Use the ``safe`` parameter to pass characters which don't require encoding.
- For example:
- .. code-block:: pycon
- >>> q = QueryDict(mutable=True)
- >>> q["next"] = "/a&b/"
- >>> q.urlencode(safe="/")
- 'next=/a%26b/'
- ``HttpResponse`` objects
- ========================
- .. class:: HttpResponse
- In contrast to :class:`HttpRequest` objects, which are created automatically by
- Django, :class:`HttpResponse` objects are your responsibility. Each view you
- write is responsible for instantiating, populating, and returning an
- :class:`HttpResponse`.
- The :class:`HttpResponse` class lives in the :mod:`django.http` module.
- Usage
- -----
- Passing strings
- ~~~~~~~~~~~~~~~
- Typical usage is to pass the contents of the page, as a string, bytestring,
- or :class:`memoryview`, to the :class:`HttpResponse` constructor:
- .. code-block:: pycon
- >>> from django.http import HttpResponse
- >>> response = HttpResponse("Here's the text of the web page.")
- >>> response = HttpResponse("Text only, please.", content_type="text/plain")
- >>> response = HttpResponse(b"Bytestrings are also accepted.")
- >>> response = HttpResponse(memoryview(b"Memoryview as well."))
- But if you want to add content incrementally, you can use ``response`` as a
- file-like object:
- .. code-block:: pycon
- >>> response = HttpResponse()
- >>> response.write("<p>Here's the text of the web page.</p>")
- >>> response.write("<p>Here's another paragraph.</p>")
- Passing iterators
- ~~~~~~~~~~~~~~~~~
- Finally, you can pass ``HttpResponse`` an iterator rather than strings.
- ``HttpResponse`` will consume the iterator immediately, store its content as a
- string, and discard it. Objects with a ``close()`` method such as files and
- generators are immediately closed.
- If you need the response to be streamed from the iterator to the client, you
- must use the :class:`StreamingHttpResponse` class instead.
- .. _setting-header-fields:
- Setting header fields
- ~~~~~~~~~~~~~~~~~~~~~
- To set or remove a header field in your response, use
- :attr:`HttpResponse.headers`:
- .. code-block:: pycon
- >>> response = HttpResponse()
- >>> response.headers["Age"] = 120
- >>> del response.headers["Age"]
- You can also manipulate headers by treating your response like a dictionary:
- .. code-block:: pycon
- >>> response = HttpResponse()
- >>> response["Age"] = 120
- >>> del response["Age"]
- This proxies to ``HttpResponse.headers``, and is the original interface offered
- by ``HttpResponse``.
- When using this interface, unlike a dictionary, ``del`` doesn't raise
- ``KeyError`` if the header field doesn't exist.
- You can also set headers on instantiation:
- .. code-block:: pycon
- >>> response = HttpResponse(headers={"Age": 120})
- For setting the ``Cache-Control`` and ``Vary`` header fields, it is recommended
- to use the :func:`~django.utils.cache.patch_cache_control` and
- :func:`~django.utils.cache.patch_vary_headers` methods from
- :mod:`django.utils.cache`, since these fields can have multiple, comma-separated
- values. The "patch" methods ensure that other values, e.g. added by a
- middleware, are not removed.
- HTTP header fields cannot contain newlines. An attempt to set a header field
- containing a newline character (CR or LF) will raise ``BadHeaderError``
- Telling the browser to treat the response as a file attachment
- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- To tell the browser to treat the response as a file attachment, set the
- ``Content-Type`` and ``Content-Disposition`` headers. For example, this is how
- you might return a Microsoft Excel spreadsheet:
- .. code-block:: pycon
- >>> response = HttpResponse(
- ... my_data,
- ... headers={
- ... "Content-Type": "application/vnd.ms-excel",
- ... "Content-Disposition": 'attachment; filename="foo.xls"',
- ... },
- ... )
- There's nothing Django-specific about the ``Content-Disposition`` header, but
- it's easy to forget the syntax, so we've included it here.
- Attributes
- ----------
- .. attribute:: HttpResponse.content
- A bytestring representing the content, encoded from a string if necessary.
- .. attribute:: HttpResponse.text
- .. versionadded:: 5.2
- A string representation of :attr:`HttpResponse.content`, decoded using the
- response's :attr:`HttpResponse.charset` (defaulting to ``UTF-8`` if empty).
- .. attribute:: HttpResponse.cookies
- A :py:obj:`http.cookies.SimpleCookie` object holding the cookies included
- in the response.
- .. attribute:: HttpResponse.headers
- A case insensitive, dict-like object that provides an interface to all
- HTTP headers on the response, except a ``Set-Cookie`` header. See
- :ref:`setting-header-fields` and :attr:`HttpResponse.cookies`.
- .. attribute:: HttpResponse.charset
- A string denoting the charset in which the response will be encoded. If not
- given at ``HttpResponse`` instantiation time, it will be extracted from
- ``content_type`` and if that is unsuccessful, the
- :setting:`DEFAULT_CHARSET` setting will be used.
- .. attribute:: HttpResponse.status_code
- The :rfc:`HTTP status code <9110#section-15>` for the response.
- Unless :attr:`reason_phrase` is explicitly set, modifying the value of
- ``status_code`` outside the constructor will also modify the value of
- ``reason_phrase``.
- .. attribute:: HttpResponse.reason_phrase
- The HTTP reason phrase for the response. It uses the :rfc:`HTTP standard's
- <9110#section-15.1>` default reason phrases.
- Unless explicitly set, ``reason_phrase`` is determined by the value of
- :attr:`status_code`.
- .. attribute:: HttpResponse.streaming
- This is always ``False``.
- This attribute exists so middleware can treat streaming responses
- differently from regular responses.
- .. attribute:: HttpResponse.closed
- ``True`` if the response has been closed.
- Methods
- -------
- .. method:: HttpResponse.__init__(content=b'', content_type=None, status=200, reason=None, charset=None, headers=None)
- Instantiates an ``HttpResponse`` object with the given page content,
- content type, and headers.
- ``content`` is most commonly an iterator, bytestring, :class:`memoryview`,
- or string. Other types will be converted to a bytestring by encoding their
- string representation. Iterators should return strings or bytestrings and
- those will be joined together to form the content of the response.
- ``content_type`` is the MIME type optionally completed by a character set
- encoding and is used to fill the HTTP ``Content-Type`` header. If not
- specified, it is formed by ``'text/html'`` and the
- :setting:`DEFAULT_CHARSET` settings, by default:
- ``"text/html; charset=utf-8"``.
- ``status`` is the :rfc:`HTTP status code <9110#section-15>` for the
- response. You can use Python's :py:class:`http.HTTPStatus` for meaningful
- aliases, such as ``HTTPStatus.NO_CONTENT``.
- ``reason`` is the HTTP response phrase. If not provided, a default phrase
- will be used.
- ``charset`` is the charset in which the response will be encoded. If not
- given it will be extracted from ``content_type``, and if that
- is unsuccessful, the :setting:`DEFAULT_CHARSET` setting will be used.
- ``headers`` is a :class:`dict` of HTTP headers for the response.
- .. method:: HttpResponse.__setitem__(header, value)
- Sets the given header name to the given value. Both ``header`` and
- ``value`` should be strings.
- .. method:: HttpResponse.__delitem__(header)
- Deletes the header with the given name. Fails silently if the header
- doesn't exist. Case-insensitive.
- .. method:: HttpResponse.__getitem__(header)
- Returns the value for the given header name. Case-insensitive.
- .. method:: HttpResponse.get(header, alternate=None)
- Returns the value for the given header, or an ``alternate`` if the header
- doesn't exist.
- .. method:: HttpResponse.has_header(header)
- Returns ``True`` or ``False`` based on a case-insensitive check for a
- header with the given name.
- .. method:: HttpResponse.items()
- Acts like :meth:`dict.items` for HTTP headers on the response.
- .. method:: HttpResponse.setdefault(header, value)
- Sets a header unless it has already been set.
- .. method:: HttpResponse.set_cookie(key, value='', max_age=None, expires=None, path='/', domain=None, secure=False, httponly=False, samesite=None)
- Sets a cookie. The parameters are the same as in the
- :class:`~http.cookies.Morsel` cookie object in the Python standard library.
- * ``max_age`` should be a :class:`~datetime.timedelta` object, an integer
- number of seconds, or ``None`` (default) if the cookie should last only
- as long as the client's browser session. If ``expires`` is not specified,
- it will be calculated.
- * ``expires`` should either be a string in the format
- ``"Wdy, DD-Mon-YY HH:MM:SS GMT"`` or a ``datetime.datetime`` object
- in UTC. If ``expires`` is a ``datetime`` object, the ``max_age``
- will be calculated.
- * Use ``domain`` if you want to set a cross-domain cookie. For example,
- ``domain="example.com"`` will set a cookie that is readable by the
- domains www.example.com, blog.example.com, etc. Otherwise, a cookie will
- only be readable by the domain that set it.
- * Use ``secure=True`` if you want the cookie to be only sent to the server
- when a request is made with the ``https`` scheme.
- * Use ``httponly=True`` if you want to prevent client-side
- JavaScript from having access to the cookie.
- HttpOnly_ is a flag included in a Set-Cookie HTTP response header. It's
- part of the :rfc:`RFC 6265 <6265#section-4.1.2.6>` standard for cookies
- and can be a useful way to mitigate the risk of a client-side script
- accessing the protected cookie data.
- * Use ``samesite='Strict'`` or ``samesite='Lax'`` to tell the browser not
- to send this cookie when performing a cross-origin request. `SameSite`_
- isn't supported by all browsers, so it's not a replacement for Django's
- CSRF protection, but rather a defense in depth measure.
- Use ``samesite='None'`` (string) to explicitly state that this cookie is
- sent with all same-site and cross-site requests.
- .. _HttpOnly: https://owasp.org/www-community/HttpOnly
- .. _SameSite: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#samesitesamesite-value
- .. warning::
- :rfc:`RFC 6265 <6265#section-6.1>` states that user agents should
- support cookies of at least 4096 bytes. For many browsers this is also
- the maximum size. Django will not raise an exception if there's an
- attempt to store a cookie of more than 4096 bytes, but many browsers
- will not set the cookie correctly.
- .. method:: HttpResponse.set_signed_cookie(key, value, salt='', max_age=None, expires=None, path='/', domain=None, secure=False, httponly=False, samesite=None)
- Like :meth:`~HttpResponse.set_cookie()`, but
- :doc:`cryptographic signing </topics/signing>` the cookie before setting
- it. Use in conjunction with :meth:`HttpRequest.get_signed_cookie`.
- You can use the optional ``salt`` argument for added key strength, but
- you will need to remember to pass it to the corresponding
- :meth:`HttpRequest.get_signed_cookie` call.
- .. method:: HttpResponse.delete_cookie(key, path='/', domain=None, samesite=None)
- Deletes the cookie with the given key. Fails silently if the key doesn't
- exist.
- Due to the way cookies work, ``path`` and ``domain`` should be the same
- values you used in ``set_cookie()`` -- otherwise the cookie may not be
- deleted.
- .. method:: HttpResponse.close()
- This method is called at the end of the request directly by the WSGI
- server.
- .. method:: HttpResponse.write(content)
- This method makes an :class:`HttpResponse` instance a file-like object.
- .. method:: HttpResponse.flush()
- This method makes an :class:`HttpResponse` instance a file-like object.
- .. method:: HttpResponse.tell()
- This method makes an :class:`HttpResponse` instance a file-like object.
- .. method:: HttpResponse.getvalue()
- Returns the value of :attr:`HttpResponse.content`. This method makes
- an :class:`HttpResponse` instance a stream-like object.
- .. method:: HttpResponse.readable()
- Always ``False``. This method makes an :class:`HttpResponse` instance a
- stream-like object.
- .. method:: HttpResponse.seekable()
- Always ``False``. This method makes an :class:`HttpResponse` instance a
- stream-like object.
- .. method:: HttpResponse.writable()
- Always ``True``. This method makes an :class:`HttpResponse` instance a
- stream-like object.
- .. method:: HttpResponse.writelines(lines)
- Writes a list of lines to the response. Line separators are not added. This
- method makes an :class:`HttpResponse` instance a stream-like object.
- .. _ref-httpresponse-subclasses:
- ``HttpResponse`` subclasses
- ---------------------------
- Django includes a number of ``HttpResponse`` subclasses that handle different
- types of HTTP responses. Like ``HttpResponse``, these subclasses live in
- :mod:`django.http`.
- .. class:: HttpResponseRedirect
- The first argument to the constructor is required -- the path to redirect
- to. This can be a fully qualified URL
- (e.g. ``'https://www.yahoo.com/search/'``), an absolute path with no domain
- (e.g. ``'/search/'``), or even a relative path (e.g. ``'search/'``). In that
- last case, the client browser will reconstruct the full URL itself
- according to the current path.
- The constructor accepts an optional ``preserve_request`` keyword argument
- that defaults to ``False``, producing a response with a 302 status code. If
- ``preserve_request`` is ``True``, the status code will be 307 instead.
- See :class:`HttpResponse` for other optional constructor arguments.
- .. attribute:: HttpResponseRedirect.url
- This read-only attribute represents the URL the response will redirect
- to (equivalent to the ``Location`` response header).
- .. versionchanged:: 5.2
- The ``preserve_request`` argument was added.
- .. class:: HttpResponsePermanentRedirect
- Like :class:`HttpResponseRedirect`, but it returns a permanent redirect
- (HTTP status code 301) instead of a "found" redirect (status code 302).
- When ``preserve_request=True``, the response's status code is 308.
- .. versionchanged:: 5.2
- The ``preserve_request`` argument was added.
- .. class:: HttpResponseNotModified
- The constructor doesn't take any arguments and no content should be added
- to this response. Use this to designate that a page hasn't been modified
- since the user's last request (status code 304).
- .. class:: HttpResponseBadRequest
- Acts just like :class:`HttpResponse` but uses a 400 status code.
- .. class:: HttpResponseNotFound
- Acts just like :class:`HttpResponse` but uses a 404 status code.
- .. class:: HttpResponseForbidden
- Acts just like :class:`HttpResponse` but uses a 403 status code.
- .. class:: HttpResponseNotAllowed
- Like :class:`HttpResponse`, but uses a 405 status code. The first argument
- to the constructor is required: a list of permitted methods (e.g.
- ``['GET', 'POST']``).
- .. class:: HttpResponseGone
- Acts just like :class:`HttpResponse` but uses a 410 status code.
- .. class:: HttpResponseServerError
- Acts just like :class:`HttpResponse` but uses a 500 status code.
- .. note::
- If a custom subclass of :class:`HttpResponse` implements a ``render``
- method, Django will treat it as emulating a
- :class:`~django.template.response.SimpleTemplateResponse`, and the
- ``render`` method must itself return a valid response object.
- Custom response classes
- ~~~~~~~~~~~~~~~~~~~~~~~
- If you find yourself needing a response class that Django doesn't provide, you
- can create it with the help of :py:class:`http.HTTPStatus`. For example::
- from http import HTTPStatus
- from django.http import HttpResponse
- class HttpResponseNoContent(HttpResponse):
- status_code = HTTPStatus.NO_CONTENT
- ``JsonResponse`` objects
- ========================
- .. class:: JsonResponse(data, encoder=DjangoJSONEncoder, safe=True, json_dumps_params=None, **kwargs)
- An :class:`HttpResponse` subclass that helps to create a JSON-encoded
- response. It inherits most behavior from its superclass with a couple
- differences:
- Its default ``Content-Type`` header is set to :mimetype:`application/json`.
- The first parameter, ``data``, should be a ``dict`` instance. If the
- ``safe`` parameter is set to ``False`` (see below) it can be any
- JSON-serializable object.
- The ``encoder``, which defaults to
- :class:`django.core.serializers.json.DjangoJSONEncoder`, will be used to
- serialize the data. See :ref:`JSON serialization
- <serialization-formats-json>` for more details about this serializer.
- The ``safe`` boolean parameter defaults to ``True``. If it's set to
- ``False``, any object can be passed for serialization (otherwise only
- ``dict`` instances are allowed). If ``safe`` is ``True`` and a non-``dict``
- object is passed as the first argument, a :exc:`TypeError` will be raised.
- The ``json_dumps_params`` parameter is a dictionary of keyword arguments
- to pass to the ``json.dumps()`` call used to generate the response.
- Usage
- -----
- Typical usage could look like:
- .. code-block:: pycon
- >>> from django.http import JsonResponse
- >>> response = JsonResponse({"foo": "bar"})
- >>> response.content
- b'{"foo": "bar"}'
- Serializing non-dictionary objects
- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- In order to serialize objects other than ``dict`` you must set the ``safe``
- parameter to ``False``:
- .. code-block:: pycon
- >>> response = JsonResponse([1, 2, 3], safe=False)
- Without passing ``safe=False``, a :exc:`TypeError` will be raised.
- Note that an API based on ``dict`` objects is more extensible, flexible, and
- makes it easier to maintain forwards compatibility. Therefore, you should avoid
- using non-dict objects in JSON-encoded response.
- .. warning::
- Before the `5th edition of ECMAScript
- <https://262.ecma-international.org/5.1/#sec-11.1.4>`_ it was possible to
- poison the JavaScript ``Array`` constructor. For this reason, Django does
- not allow passing non-dict objects to the
- :class:`~django.http.JsonResponse` constructor by default. However, most
- modern browsers implement ECMAScript 5 which removes this attack vector.
- Therefore it is possible to disable this security precaution.
- Changing the default JSON encoder
- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- If you need to use a different JSON encoder class you can pass the ``encoder``
- parameter to the constructor method:
- .. code-block:: pycon
- >>> response = JsonResponse(data, encoder=MyJSONEncoder)
- .. _httpresponse-streaming:
- ``StreamingHttpResponse`` objects
- =================================
- .. class:: StreamingHttpResponse
- The :class:`StreamingHttpResponse` class is used to stream a response from
- Django to the browser.
- .. admonition:: Advanced usage
- :class:`StreamingHttpResponse` is somewhat advanced, in that it is
- important to know whether you'll be serving your application synchronously
- under WSGI or asynchronously under ASGI, and adjust your usage
- appropriately.
- Please read these notes with care.
- An example usage of :class:`StreamingHttpResponse` under WSGI is streaming
- content when generating the response would take too long or uses too much
- memory. For instance, it's useful for :ref:`generating large CSV files
- <streaming-csv-files>`.
- There are performance considerations when doing this, though. Django, under
- WSGI, is designed for short-lived requests. Streaming responses will tie a
- worker process for the entire duration of the response. This may result in poor
- performance.
- Generally speaking, you would perform expensive tasks outside of the
- request-response cycle, rather than resorting to a streamed response.
- When serving under ASGI, however, a :class:`StreamingHttpResponse` need not
- stop other requests from being served whilst waiting for I/O. This opens up
- the possibility of long-lived requests for streaming content and implementing
- patterns such as long-polling, and server-sent events.
- Even under ASGI note, :class:`StreamingHttpResponse` should only be used in
- situations where it is absolutely required that the whole content isn't
- iterated before transferring the data to the client. Because the content can't
- be accessed, many middleware can't function normally. For example the ``ETag``
- and ``Content-Length`` headers can't be generated for streaming responses.
- The :class:`StreamingHttpResponse` is not a subclass of :class:`HttpResponse`,
- because it features a slightly different API. However, it is almost identical,
- with the following notable differences:
- * It should be given an iterator that yields bytestrings, :class:`memoryview`,
- or strings as content. When serving under WSGI, this should be a sync
- iterator. When serving under ASGI, then it should be an async iterator.
- * You cannot access its content, except by iterating the response object
- itself. This should only occur when the response is returned to the client:
- you should not iterate the response yourself.
- Under WSGI the response will be iterated synchronously. Under ASGI the
- response will be iterated asynchronously. (This is why the iterator type must
- match the protocol you're using.)
- To avoid a crash, an incorrect iterator type will be mapped to the correct
- type during iteration, and a warning will be raised, but in order to do this
- the iterator must be fully-consumed, which defeats the purpose of using a
- :class:`StreamingHttpResponse` at all.
- * It has no ``content`` attribute. Instead, it has a
- :attr:`~StreamingHttpResponse.streaming_content` attribute. This can be used
- in middleware to wrap the response iterable, but should not be consumed.
- * It has no ``text`` attribute, as it would require iterating the response
- object.
- * You cannot use the file-like object ``tell()`` or ``write()`` methods.
- Doing so will raise an exception.
- The :class:`HttpResponseBase` base class is common between
- :class:`HttpResponse` and :class:`StreamingHttpResponse`.
- Attributes
- ----------
- .. attribute:: StreamingHttpResponse.streaming_content
- An iterator of the response content, bytestring encoded according to
- :attr:`HttpResponse.charset`.
- .. attribute:: StreamingHttpResponse.status_code
- The :rfc:`HTTP status code <9110#section-15>` for the response.
- Unless :attr:`reason_phrase` is explicitly set, modifying the value of
- ``status_code`` outside the constructor will also modify the value of
- ``reason_phrase``.
- .. attribute:: StreamingHttpResponse.reason_phrase
- The HTTP reason phrase for the response. It uses the :rfc:`HTTP standard's
- <9110#section-15.1>` default reason phrases.
- Unless explicitly set, ``reason_phrase`` is determined by the value of
- :attr:`status_code`.
- .. attribute:: StreamingHttpResponse.streaming
- This is always ``True``.
- .. attribute:: StreamingHttpResponse.is_async
- Boolean indicating whether :attr:`StreamingHttpResponse.streaming_content`
- is an asynchronous iterator or not.
- This is useful for middleware needing to wrap
- :attr:`StreamingHttpResponse.streaming_content`.
- .. _request-response-streaming-disconnect:
- Handling disconnects
- --------------------
- If the client disconnects during a streaming response, Django will cancel the
- coroutine that is handling the response. If you want to clean up resources
- manually, you can do so by catching the ``asyncio.CancelledError``::
- async def streaming_response():
- try:
- # Do some work here
- async for chunk in my_streaming_iterator():
- yield chunk
- except asyncio.CancelledError:
- # Handle disconnect
- ...
- raise
- async def my_streaming_view(request):
- return StreamingHttpResponse(streaming_response())
- This example only shows how to handle client disconnection while the response
- is streaming. If you perform long-running operations in your view before
- returning the ``StreamingHttpResponse`` object, then you may also want to
- :ref:`handle disconnections in the view <async-handling-disconnect>` itself.
- ``FileResponse`` objects
- ========================
- .. class:: FileResponse(open_file, as_attachment=False, filename='', **kwargs)
- :class:`FileResponse` is a subclass of :class:`StreamingHttpResponse`
- optimized for binary files. It uses :pep:`wsgi.file_wrapper
- <3333#optional-platform-specific-file-handling>` if provided by the wsgi
- server, otherwise it streams the file out in small chunks.
- If ``as_attachment=True``, the ``Content-Disposition`` header is set to
- ``attachment``, which asks the browser to offer the file to the user as a
- download. Otherwise, a ``Content-Disposition`` header with a value of
- ``inline`` (the browser default) will be set only if a filename is
- available.
- If ``open_file`` doesn't have a name or if the name of ``open_file`` isn't
- appropriate, provide a custom file name using the ``filename`` parameter.
- Note that if you pass a file-like object like ``io.BytesIO``, it's your
- task to ``seek()`` it before passing it to ``FileResponse``.
- The ``Content-Length`` header is automatically set when it can be guessed
- from the content of ``open_file``.
- The ``Content-Type`` header is automatically set when it can be guessed
- from the ``filename``, or the name of ``open_file``.
- ``FileResponse`` accepts any file-like object with binary content, for example
- a file open in binary mode like so:
- .. code-block:: pycon
- >>> from django.http import FileResponse
- >>> response = FileResponse(open("myfile.png", "rb"))
- The file will be closed automatically, so don't open it with a context manager.
- .. admonition:: Use under ASGI
- Python's file API is synchronous. This means that the file must be fully
- consumed in order to be served under ASGI.
- In order to stream a file asynchronously you need to use a third-party
- package that provides an asynchronous file API, such as `aiofiles
- <https://github.com/Tinche/aiofiles>`_.
- Methods
- -------
- .. method:: FileResponse.set_headers(open_file)
- This method is automatically called during the response initialization and
- set various headers (``Content-Length``, ``Content-Type``, and
- ``Content-Disposition``) depending on ``open_file``.
- ``HttpResponseBase`` class
- ==========================
- .. class:: HttpResponseBase
- The :class:`HttpResponseBase` class is common to all Django responses.
- It should not be used to create responses directly, but it can be
- useful for type-checking.
|