django / docs / request_response.txt

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
============================
Request and response objects
============================

Quick overview
==============

Django uses request and response objects to pass state through the system.

When a page is requested, Django creates an ``HttpRequest`` object that
contains metadata about the request. Then Django loads the appropriate view,
passing the ``HttpRequest`` as the first argument to the view function. Each
view is responsible for returning an ``HttpResponse`` object.

This document explains the APIs for ``HttpRequest`` and ``HttpResponse``
objects.

HttpRequest objects
===================

Attributes
----------

All attributes except ``session`` should be considered read-only.

``path``
    A string representing the full path to the requested page, not including
    the domain.

    Example: ``"/music/bands/the_beatles/"``

``method``
    A string representing the HTTP method used in the request. This is
    guaranteed to be uppercase. Example::

        if request.method == 'GET':
            do_something()
        elif request.method == 'POST':
            do_something_else()

``GET``
    A dictionary-like object containing all given HTTP GET parameters. See the
    ``QueryDict`` documentation below.

``POST``
    A dictionary-like object containing all given HTTP POST parameters. See the
    ``QueryDict`` documentation below.

    It's possible that a request can come in via POST with an empty ``POST``
    dictionary -- if, say, a form is requested via the POST HTTP method but
    does not include form data. Therefore, you shouldn't use ``if request.POST``
    to check for use of the POST method; instead, use ``if request.method ==
    "POST"`` (see above).

    Note: ``POST`` does *not* include file-upload information. See ``FILES``.

``REQUEST``
    For convenience, a dictionary-like object that searches ``POST`` first,
    then ``GET``. Inspired by PHP's ``$_REQUEST``.

    For example, if ``GET = {"name": "john"}`` and ``POST = {"age": '34'}``,
    ``REQUEST["name"]`` would be ``"john"``, and ``REQUEST["age"]`` would be
    ``"34"``.

    It's strongly suggested that you use ``GET`` and ``POST`` instead of
    ``REQUEST``, because the former are more explicit.

``COOKIES``
    A standard Python dictionary containing all cookies. Keys and values are
    strings.

``FILES``
    A dictionary-like object containing all uploaded files. Each key in
    ``FILES`` is the ``name`` from the ``<input type="file" name="" />``. Each
    value in ``FILES`` is a standard Python dictionary with the following three
    keys:

        * ``filename`` -- The name of the uploaded file, as a Python string.
        * ``content-type`` -- The content type of the uploaded file.
        * ``content`` -- The raw content of the uploaded file.

    Note that ``FILES`` will only contain data if the request method was POST
    and the ``<form>`` that posted to the request had
    ``enctype="multipart/form-data"``. Otherwise, ``FILES`` will be a blank
    dictionary-like object.

``META``
    A standard Python dictionary containing all available HTTP headers.
    Available headers depend on the client and server, but here are some
    examples:

        * ``CONTENT_LENGTH``
        * ``CONTENT_TYPE``
        * ``HTTP_ACCEPT_ENCODING``
        * ``HTTP_ACCEPT_LANGUAGE``
        * ``HTTP_HOST`` -- The HTTP Host header sent by the client.
        * ``HTTP_REFERER`` -- The referring page, if any.
        * ``HTTP_USER_AGENT`` -- The client's user-agent string.
        * ``QUERY_STRING`` -- The query string, as a single (unparsed) string.
        * ``REMOTE_ADDR`` -- The IP address of the client.
        * ``REMOTE_HOST`` -- The hostname of the client.
        * ``REQUEST_METHOD`` -- A string such as ``"GET"`` or ``"POST"``.
        * ``SERVER_NAME`` -- The hostname of the server.
        * ``SERVER_PORT`` -- The port of the server.

``user``
    A ``django.contrib.auth.models.User`` object representing the currently
    logged-in user. If the user isn't currently logged in, ``user`` will be set
    to an instance of ``django.contrib.auth.models.AnonymousUser``. You
    can tell them apart with ``is_authenticated()``, like so::

        if request.user.is_authenticated():
            # Do something for logged-in users.
        else:
            # Do something for anonymous users.

    ``user`` is only available if your Django installation has the
    ``AuthenticationMiddleware`` activated. For more, see
    `Authentication in Web requests`_.

    .. _Authentication in Web requests: ../authentication/#authentication-in-web-requests

``session``
    A readable-and-writable, dictionary-like object that represents the current
    session. This is only available if your Django installation has session
    support activated. See the `session documentation`_ for full details.

    .. _`session documentation`: ../sessions/

``raw_post_data``
    The raw HTTP POST data. This is only useful for advanced processing. Use
    ``POST`` instead.

Methods
-------

``__getitem__(key)``
   Returns the GET/POST value for the given key, checking POST first, then
   GET. Raises ``KeyError`` if the key doesn't exist.

   This lets you use dictionary-accessing syntax on an ``HttpRequest``
   instance. Example: ``request["foo"]`` would return ``True`` if either
   ``request.POST`` or ``request.GET`` had a ``"foo"`` key.

``has_key()``
   Returns ``True`` or ``False``, designating whether ``request.GET`` or
   ``request.POST`` has the given key.

``get_full_path()``
   Returns the ``path``, plus an appended query string, if applicable.

   Example: ``"/music/bands/the_beatles/?print=true"``

``is_secure()``
   Returns ``True`` if the request is secure; that is, if it was made with
   HTTPS.

QueryDict objects
-----------------

In an ``HttpRequest`` object, the ``GET`` and ``POST`` attributes are instances
of ``django.http.QueryDict``. ``QueryDict`` is a dictionary-like
class customized to deal with multiple values for the same key. This is
necessary because some HTML form elements, notably
``<select multiple="multiple">``, pass multiple values for the same key.

``QueryDict`` instances are immutable, unless you create a ``copy()`` of them.
That means you can't change attributes of ``request.POST`` and ``request.GET``
directly.

``QueryDict`` implements the all standard dictionary methods, because it's a
subclass of dictionary. Exceptions are outlined here:

    * ``__getitem__(key)`` -- Returns the value for the given key. If the key
      has more than one value, ``__getitem__()`` returns the last value.

    * ``__setitem__(key, value)`` -- Sets the given key to ``[value]``
      (a Python list whose single element is ``value``). Note that this, as
      other dictionary functions that have side effects, can only be called on
      a mutable ``QueryDict`` (one that was created via ``copy()``).

    * ``__contains__(key)`` -- Returns ``True`` if the given key is set. This
      lets you do, e.g., ``if "foo" in request.GET``.

    * ``get(key, default)`` -- Uses the same logic as ``__getitem__()`` above,
      with a hook for returning a default value if the key doesn't exist.

    * ``has_key(key)``

    * ``setdefault(key, default)`` -- Just like the standard dictionary
      ``setdefault()`` method, except it uses ``__setitem__`` internally.

    * ``update(other_dict)`` -- Takes either a ``QueryDict`` or standard
      dictionary. Just like the standard dictionary ``update()`` method, except
      it *appends* to the current dictionary items rather than replacing them.
      For example::

          >>> q = QueryDict('a=1')
          >>> q = q.copy() # to make it mutable
          >>> q.update({'a': '2'})
          >>> q.getlist('a')
          ['1', '2']
          >>> q['a'] # returns the last
          ['2']

    * ``items()`` -- Just like the standard dictionary ``items()`` method,
      except this uses the same last-value logic as ``__getitem()__``. For
      example::

           >>> q = QueryDict('a=1&a=2&a=3')
           >>> q.items()
           [('a', '3')]

    * ``values()`` -- Just like the standard dictionary ``values()`` method,
      except this uses the same last-value logic as ``__getitem()__``. For
      example::

           >>> q = QueryDict('a=1&a=2&a=3')
           >>> q.values()
           ['3']

In addition, ``QueryDict`` has the following methods:

    * ``copy()`` -- Returns a copy of the object, using ``copy.deepcopy()``
      from the Python standard library. The copy will be mutable -- that is,
      you can change its values.

    * ``getlist(key)`` -- Returns the data with the requested key, as a Python
      list. Returns an empty list if the key doesn't exist. It's guaranteed to
      return a list of some sort.

    * ``setlist(key, list_)`` -- Sets the given key to ``list_`` (unlike
      ``__setitem__()``).

    * ``appendlist(key, item)`` -- Appends an item to the internal list
      associated with key.

    * ``setlistdefault(key, default_list)`` -- Just like ``setdefault``, except
      it takes a list of values instead of a single value.

    * ``lists()`` -- Like ``items()``, except it includes all values, as a list,
      for each member of the dictionary. For example::

           >>> q = QueryDict('a=1&a=2&a=3')
           >>> q.lists()
           [('a', ['1', '2', '3'])]

    * ``urlencode()`` -- Returns a string of the data in query-string format.
      Example: ``"a=2&b=3&b=5"``.

Examples
--------

Here's an example HTML form and how Django would treat the input::

    <form action="/foo/bar/" method="post">
    <input type="text" name="your_name" />
    <select multiple="multiple" name="bands">
        <option value="beatles">The Beatles</option>
        <option value="who">The Who</option>
        <option value="zombies">The Zombies</option>
    </select>
    <input type="submit" />
    </form>

If the user enters ``"John Smith"`` in the ``your_name`` field and selects both
"The Beatles" and "The Zombies" in the multiple select box, here's what
Django's request object would have::

    >>> request.GET
    {}
    >>> request.POST
    {'your_name': ['John Smith'], 'bands': ['beatles', 'zombies']}
    >>> request.POST['your_name']
    'John Smith'
    >>> request.POST['bands']
    'zombies'
    >>> request.POST.getlist('bands')
    ['beatles', 'zombies']
    >>> request.POST.get('your_name', 'Adrian')
    'John Smith'
    >>> request.POST.get('nonexistent_field', 'Nowhere Man')
    'Nowhere Man'

Implementation notes
--------------------

The ``GET``, ``POST``, ``COOKIES``, ``FILES``, ``META``, ``REQUEST``,
``raw_post_data`` and ``user`` attributes are all lazily loaded. That means
Django doesn't spend resources calculating the values of those attributes until
your code requests them.

HttpResponse objects
====================

In contrast to ``HttpRequest`` objects, which are created automatically by
Django, ``HttpResponse`` objects are your responsibility. Each view you write
is responsible for instantiating, populating and returning an ``HttpResponse``.

The ``HttpResponse`` class lives in the ``django.http`` module.

Usage
-----

Passing strings
~~~~~~~~~~~~~~~

Typical usage is to pass the contents of the page, as a string, to the
``HttpResponse`` constructor::

    >>> response = HttpResponse("Here's the text of the Web page.")
    >>> response = HttpResponse("Text only, please.", mimetype="text/plain")

But if you want to add content incrementally, you can use ``response`` as a
file-like object::

    >>> response = HttpResponse()
    >>> response.write("<p>Here's the text of the Web page.</p>")
    >>> response.write("<p>Here's another paragraph.</p>")

You can add and delete headers using dictionary syntax::

    >>> response = HttpResponse()
    >>> response['X-DJANGO'] = "It's the best."
    >>> del response['X-PHP']
    >>> response['X-DJANGO']
    "It's the best."

Note that ``del`` doesn't raise ``KeyError`` if the header doesn't exist.

Passing iterators
~~~~~~~~~~~~~~~~~

Finally, you can pass ``HttpResponse`` an iterator rather than passing it
hard-coded strings. If you use this technique, follow these guidelines:

    * The iterator should return strings.
    * If an ``HttpResponse`` has been initialized with an iterator as its
      content, you can't use the ``HttpResponse`` instance as a file-like
      object. Doing so will raise ``Exception``.

Methods
-------

``__init__(content='', mimetype=DEFAULT_CONTENT_TYPE)``
    Instantiates an ``HttpResponse`` object with the given page content (a
    string) and MIME type. The ``DEFAULT_CONTENT_TYPE`` is ``'text/html'``.

    ``content`` can be an iterator or a string. If it's an iterator, it should
    return strings, and those strings will be joined together to form the
    content of the response.

``__setitem__(header, value)``
    Sets the given header name to the given value. Both ``header`` and
    ``value`` should be strings.

``__delitem__(header)``
    Deletes the header with the given name. Fails silently if the header
    doesn't exist. Case-sensitive.

``__getitem__(header)``
    Returns the value for the given header name. Case-sensitive.

``has_header(header)``
    Returns ``True`` or ``False`` based on a case-insensitive check for a
    header with the given name.

``set_cookie(key, value='', max_age=None, expires=None, path='/', domain=None, secure=None)``
    Sets a cookie. The parameters are the same as in the `cookie Morsel`_
    object in the Python standard library.

        * ``max_age`` should be a number of seconds, or ``None`` (default) if
          the cookie should last only as long as the client's browser session.
        * ``expires`` should be a string in the format
          ``"Wdy, DD-Mon-YY HH:MM:SS GMT"``.
        * Use ``domain`` if you want to set a cross-domain cookie. For example,
          ``domain=".lawrence.com"`` will set a cookie that is readable by
          the domains www.lawrence.com, blogs.lawrence.com and
          calendars.lawrence.com. Otherwise, a cookie will only be readable by
          the domain that set it.

    .. _`cookie Morsel`: http://www.python.org/doc/current/lib/morsel-objects.html

``delete_cookie(key, path='/', domain=None)``
    Deletes the cookie with the given key. Fails silently if the key doesn't
    exist.

    Due to the way cookies work, ``path`` and ``domain`` should be the same
    values you used in ``set_cookie()`` -- otherwise the cookie may not be deleted.

``content``
    Returns the content as a Python string, encoding it from a Unicode object
    if necessary. Note this is a property, not a method, so use ``r.content``
    instead of ``r.content()``.

``write(content)``, ``flush()`` and ``tell()``
    These methods make an ``HttpResponse`` instance a file-like object.

HttpResponse subclasses
-----------------------

Django includes a number of ``HttpResponse`` subclasses that handle different
types of HTTP responses. Like ``HttpResponse``, these subclasses live in
``django.http``.

``HttpResponseRedirect``
    The constructor takes a single argument -- the path to redirect to. This
    can be a fully qualified URL (e.g. ``'http://www.yahoo.com/search/'``) or an
    absolute URL with no domain (e.g. ``'/search/'``). Note that this returns
    an HTTP status code 302.

``HttpResponsePermanentRedirect``
    Like ``HttpResponseRedirect``, but it returns a permanent redirect (HTTP
    status code 301) instead of a "found" redirect (status code 302).

``HttpResponseNotModified``
    The constructor doesn't take any arguments. Use this to designate that a
    page hasn't been modified since the user's last request.

``HttpResponseBadRequest``
    **New in Django development version.**
    Acts just like ``HttpResponse`` but uses a 400 status code.

``HttpResponseNotFound``
    Acts just like ``HttpResponse`` but uses a 404 status code.

``HttpResponseForbidden``
    Acts just like ``HttpResponse`` but uses a 403 status code.

``HttpResponseNotAllowed``
    Like ``HttpResponse``, but uses a 405 status code. Takes a single,
    required argument: a list of permitted methods (e.g. ``['GET', 'POST']``).

``HttpResponseGone``
    Acts just like ``HttpResponse`` but uses a 410 status code.

``HttpResponseServerError``
    Acts just like ``HttpResponse`` but uses a 500 status code.

Returning errors
================

Returning HTTP error codes in Django is easy. We've already mentioned the
``HttpResponseNotFound``, ``HttpResponseForbidden``,
``HttpResponseServerError``, etc., subclasses; just return an instance of one
of those subclasses instead of a normal ``HttpResponse`` in order to signify
an error. For example::

    def my_view(request):
        # ...
        if foo:
            return HttpResponseNotFound('<h1>Page not found</h1>')
        else:
            return HttpResponse('<h1>Page was found</h1>')

Because 404 errors are by far the most common HTTP error, there's an easier way
to handle those errors.

The Http404 exception
---------------------

When you return an error such as ``HttpResponseNotFound``, you're responsible
for defining the HTML of the resulting error page::

    return HttpResponseNotFound('<h1>Page not found</h1>')

For convenience, and because it's a good idea to have a consistent 404 error page
across your site, Django provides an ``Http404`` exception. If you raise
``Http404`` at any point in a view function, Django will catch it and return the
standard error page for your application, along with an HTTP error code 404.

Example usage::

    from django.http import Http404

    def detail(request, poll_id):
        try:
            p = Poll.objects.get(pk=poll_id)
        except Poll.DoesNotExist:
            raise Http404
        return render_to_response('polls/detail.html', {'poll': p})

In order to use the ``Http404`` exception to its fullest, you should create a
template that is displayed when a 404 error is raised. This template should be
called ``404.html`` and located in the top level of your template tree.

Customizing error views
-----------------------

The 404 (page not found) view
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

When you raise an ``Http404`` exception, Django loads a special view devoted
to handling 404 errors. By default, it's the view
``django.views.defaults.page_not_found``, which loads and renders the template
``404.html``.

This means you need to define a ``404.html`` template in your root template
directory. This template will be used for all 404 errors.

This ``page_not_found`` view should suffice for 99% of Web applications, but if
you want to override the 404 view, you can specify ``handler404`` in your
URLconf, like so::

    handler404 = 'mysite.views.my_custom_404_view'

Behind the scenes, Django determines the 404 view by looking for ``handler404``.
By default, URLconfs contain the following line::

    from django.conf.urls.defaults import *

That takes care of setting ``handler404`` in the current module. As you can see
in ``django/conf/urls/defaults.py``, ``handler404`` is set to
``'django.views.defaults.page_not_found'`` by default.

Three things to note about 404 views:

    * The 404 view is also called if Django doesn't find a match after checking
      every regular expression in the URLconf.

    * If you don't define your own 404 view -- and simply use the default,
      which is recommended -- you still have one obligation: To create a
      ``404.html`` template in the root of your template directory. The default
      404 view will use that template for all 404 errors.

    * If ``DEBUG`` is set to ``True`` (in your settings module) then your 404
      view will never be used, and the traceback will be displayed instead.

The 500 (server error) view
~~~~~~~~~~~~~~~~~~~~~~~~~~~

Similarly, Django executes special-case behavior in the case of runtime errors
in view code. If a view results in an exception, Django will, by default, call
the view ``django.views.defaults.server_error``, which loads and renders the
template ``500.html``.

This means you need to define a ``500.html`` template in your root template
directory. This template will be used for all server errors.

This ``server_error`` view should suffice for 99% of Web applications, but if
you want to override the view, you can specify ``handler500`` in your
URLconf, like so::

    handler500 = 'mysite.views.my_custom_error_view'

Behind the scenes, Django determines the error view by looking for ``handler500``.
By default, URLconfs contain the following line::

    from django.conf.urls.defaults import *

That takes care of setting ``handler500`` in the current module. As you can see
in ``django/conf/urls/defaults.py``, ``handler500`` is set to
``'django.views.defaults.server_error'`` by default.
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.