HTTP Response ************* .[perex] Nette encapsulates the HTTP response into objects with an understandable API while providing a sanitization filter. An HTTP response is an [api:Nette\Http\Response] object, which you get by passing it using [dependency injection |dependency-injection:passing-dependencies]. In presenters simply call `$httpResponse = $this->getHttpResponse()`. → [Installation and requirements |@home#Installation] Nette\Http\Response =================== Unlike [Nette\Http\Request|request], this object is mutable, so you can use setters to change the state, ie to send headers. Remember that all setters **must be called before any actual output is sent.** The `isSent()` method tells if output have been sent. If it returns `true`, each attempt to send a header throws an `Nette\InvalidStateException` exception. setCode(int $code, string $reason=null) .[method] ------------------------------------------------- Changes a status [response code |https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10]. For better source code readability it is recommended to use [predefined constants |api:Nette\Http\IResponse] instead of actual numbers. ```php $httpResponse->setCode(Nette\Http\Response::S404_NOT_FOUND); ``` getCode(): int .[method] ------------------------ Returns the status code of the response. isSent(): bool .[method] ------------------------ Returns whether headers have already been sent from the server to the browser, so it is no longer possible to send headers or change the status code. setHeader(string $name, string $value) .[method] ------------------------------------------------ Sends an HTTP header and **overwrites** previously sent header of the same name. ```php $httpResponse->setHeader('Pragma', 'no-cache'); ``` addHeader(string $name, string $value) .[method] ------------------------------------------------ Sends an HTTP header and **doesn't overwrite** previously sent header of the same name. ```php $httpResponse->addHeader('Accept', 'application/json'); $httpResponse->addHeader('Accept', 'application/xml'); ``` deleteHeader(string $name) .[method] ------------------------------------ Deletes a previously sent HTTP header. getHeader(string $header): ?string .[method] -------------------------------------------- Returns the sent HTTP header, or `null` if it does not exist. The parameter is case-insensitive. ```php $pragma = $httpResponse->getHeader('Pragma'); ``` getHeaders(): array .[method] ----------------------------- Returns all sent HTTP headers as associative array. ```php $headers = $httpResponse->getHeaders(); echo $headers['Pragma']; ``` setContentType(string $type, string $charset=null) .[method] ------------------------------------------------------------ Sends the header `Content-Type`. ```php $httpResponse->setContentType('text/plain', 'UTF-8'); ``` redirect(string $url, int $code=self::S302_FOUND): void .[method] ----------------------------------------------------------------- Redirects to another URL. Don't forget to quit the script then. ```php $httpResponse->redirect('http://example.com'); exit; ``` setExpiration(?string $time) .[method] -------------------------------------- Sets the expiration of the HTTP document using the `Cache-Control` and `Expires` headers. The parameter is either a time interval (as text) or `null`, which disables caching. ```php // browser cache expires in one hour $httpResponse->setExpiration('1 hour'); ``` sendAsFile(string $fileName) .[method]{data-version:v3.1.1} ----------------------------------------------------------- Response should be downloaded with *Save as* dialog with specified name. It does not send any file itself to output. ```php $httpResponse->sendAsFile('invoice.pdf'); ``` setCookie(string $name, string $value, $time, string $path=null, string $domain=null, bool $secure=null, bool $httpOnly=null, string $sameSite=null) .[method] -------------------------------------------------------------------------------------------------------------------------------------------------------------- Sends a cookie. Default parameter values since version 3.1: | `$path` | `'/'` | with scope to all paths on (sub)domain *(configurable)* | `$domain` | `null` | with scope of the current (sub)domain, but not its subdomains *(configurable)* | `$secure` | `true` | if the site is running on HTTPS, otherwise `false` *(configurable)* | `$httpOnly` | `true` | cookie is inaccessible to JavaScript | `$sameSite` | `'Lax'` | cookie does not have to be sent when [accessed from another origin|nette:glossary#SameSite cookie] You can change the default values of the `$path`, `$domain` and `$secure` parameters in [configuration#HTTP cookie]. Default parameter values in version 3.0: | `$path` | `'/'` | with scope to all paths on (sub)domain | `$domain` | `null` | with scope of the current (sub)domain, but not its subdomains | `$secure` | | affected by the settings in [configuration |configuration#HTTP cookie] | `$httpOnly` | `true` | cookie is inaccessible to JavaScript | `$sameSite` | `null` | flag is not specified (see [SameSite cookie|nette:glossary#SameSite cookie]) The time can be specified as number of seconds or a string: ```php $httpResponse->setCookie('lang', 'en', '100 days'); ``` The `$domain` option determines which domains (origins) can accept cookies. If not specified, the cookie is accepted by the same (sub)domain as is set by it, excluding their subdomains. If `$domain` is specified, then subdomains are also included. Therefore, specifying `$domain` is less restrictive than omitting. For example, if `$domain = 'nette.org'`, cookie is also available on all subdomains like `doc.nette.org`. You can use the `Response::SAME_SITE_LAX`, `SAME_SITE_STRICT` and `SAME_SITE_NONE` constants for the `$sameSite` value. deleteCookie(string $name, string $path=null, string $domain=null, bool $secure=null): void .[method] ----------------------------------------------------------------------------------------------------- Deletes a cookie. The default values of the parameters are: - `$path` with scope to all directories (`'/'`) - `$domain` with scope of the current (sub)domain, but not its subdomains - `$secure` is affected by the settings in [configuration#HTTP cookie] ```php $httpResponse->deleteCookie('lang'); ```

HTTP Response

Nette encapsulates the HTTP response into objects with an understandable API while providing a sanitization filter.

An HTTP response is an Nette\Http\Response object, which you get by passing it using dependency injection. In presenters simply call $httpResponse = $this->getHttpResponse().

→ Installation and requirements

Nette\Http\Response

Unlike Nette\Http\Request, this object is mutable, so you can use setters to change the state, ie to send headers. Remember that all setters must be called before any actual output is sent. The isSent() method tells if output have been sent. If it returns true, each attempt to send a header throws an Nette\InvalidStateException exception.

setCode(int $code, string $reason=null)

Changes a status response code. For better source code readability it is recommended to use predefined constants instead of actual numbers.

$httpResponse->setCode(Nette\Http\Response::S404_NOT_FOUND);

getCode(): int

Returns the status code of the response.

isSent(): bool

Returns whether headers have already been sent from the server to the browser, so it is no longer possible to send headers or change the status code.

setHeader(string $name, string $value)

Sends an HTTP header and overwrites previously sent header of the same name.

$httpResponse->setHeader('Pragma', 'no-cache');

addHeader(string $name, string $value)

Sends an HTTP header and doesn't overwrite previously sent header of the same name.

$httpResponse->addHeader('Accept', 'application/json');
$httpResponse->addHeader('Accept', 'application/xml');

deleteHeader(string $name)

Deletes a previously sent HTTP header.

getHeader(string $header): ?string

Returns the sent HTTP header, or null if it does not exist. The parameter is case-insensitive.

$pragma = $httpResponse->getHeader('Pragma');

getHeaders(): array

Returns all sent HTTP headers as associative array.

$headers = $httpResponse->getHeaders();
echo $headers['Pragma'];

setContentType(string $type, string $charset=null)

Sends the header Content-Type.

$httpResponse->setContentType('text/plain', 'UTF-8');

redirect(string $url, int $code=self::S302_FOUND): void

Redirects to another URL. Don't forget to quit the script then.

$httpResponse->redirect('http://example.com');
exit;

setExpiration(?string $time)

Sets the expiration of the HTTP document using the Cache-Control and Expires headers. The parameter is either a time interval (as text) or null, which disables caching.

// browser cache expires in one hour
$httpResponse->setExpiration('1 hour');

sendAsFile(string $fileName)

Response should be downloaded with Save as dialog with specified name. It does not send any file itself to output.

$httpResponse->sendAsFile('invoice.pdf');

setCookie(string $name, string $value, $time, string $path=null, string $domain=null, bool $secure=null, bool $httpOnly=null, string $sameSite=null)

Sends a cookie.

Default parameter values since version 3.1:

`$path`	`'/'`	with scope to all paths on (sub)domain (configurable)
`$domain`	`null`	with scope of the current (sub)domain, but not its subdomains (configurable)
`$secure`	`true`	if the site is running on HTTPS, otherwise `false` (configurable)
`$httpOnly`	`true`	cookie is inaccessible to JavaScript
`$sameSite`	`'Lax'`	cookie does not have to be sent when accessed from another origin

You can change the default values of the $path, $domain and $secure parameters in configuration.

Default parameter values in version 3.0:

`$path`	`'/'`	with scope to all paths on (sub)domain
`$domain`	`null`	with scope of the current (sub)domain, but not its subdomains
`$secure`		affected by the settings in configuration
`$httpOnly`	`true`	cookie is inaccessible to JavaScript
`$sameSite`	`null`	flag is not specified (see SameSite cookie)

The time can be specified as number of seconds or a string:

$httpResponse->setCookie('lang', 'en', '100 days');

The $domain option determines which domains (origins) can accept cookies. If not specified, the cookie is accepted by the same (sub)domain as is set by it, excluding their subdomains. If $domain is specified, then subdomains are also included. Therefore, specifying $domain is less restrictive than omitting. For example, if $domain = 'nette.org', cookie is also available on all subdomains like doc.nette.org.

You can use the Response::SAME_SITE_LAX, SAME_SITE_STRICT and SAME_SITE_NONE constants for the $sameSite value.

deleteCookie(string $name, string $path=null, string $domain=null, bool $secure=null): void

Deletes a cookie. The default values of the parameters are:

$path with scope to all directories ('/')
$domain with scope of the current (sub)domain, but not its subdomains
$secure is affected by the settings in configuration

$httpResponse->deleteCookie('lang');

Nette Documentation Preview