HTTP Response
Nette encapsulates the HTTP response into objects with an understandable API while providing a sanitization filter.
Installation:
composer require nette/http
An HTTP response is an Nette\Http\Response object, which
you get by passing it using dependency injection. In presenters simply
call $httpResponse = $this->getHttpResponse()
.
Nette\Http\Response
Unlike Nette\Http\Request, this object is mutable, so you can use setters to change the state, ie to
send headers. Remember that all setters must be called before any actual output is sent. The isSent()
method
tells if output have been sent. If it returns true
, each attempt to send a header throws an
Nette\InvalidStateException
exception.
setCode(int $code, ?string $reason=null)
Changes a status response code. For better source code readability it is recommended to use predefined constants instead of actual numbers.
$httpResponse->setCode(Nette\Http\Response::S404_NOT_FOUND);
getCode(): int
Returns the status code of the response.
isSent(): bool
Returns whether headers have already been sent from the server to the browser, so it is no longer possible to send headers or change the status code.
setHeader(string $name, string $value)
Sends an HTTP header and overwrites previously sent header of the same name.
$httpResponse->setHeader('Pragma', 'no-cache');
addHeader(string $name, string $value)
Sends an HTTP header and doesn't overwrite previously sent header of the same name.
$httpResponse->addHeader('Accept', 'application/json');
$httpResponse->addHeader('Accept', 'application/xml');
deleteHeader(string $name)
Deletes a previously sent HTTP header.
getHeader(string $header): ?string
Returns the sent HTTP header, or null
if it does not exist. The parameter is case-insensitive.
$pragma = $httpResponse->getHeader('Pragma');
getHeaders(): array
Returns all sent HTTP headers as associative array.
$headers = $httpResponse->getHeaders();
echo $headers['Pragma'];
setContentType(string $type, ?string $charset=null)
Sends the header Content-Type
.
$httpResponse->setContentType('text/plain', 'UTF-8');
redirect(string $url, int $code=self::S302_FOUND): void
Redirects to another URL. Don't forget to quit the script then.
$httpResponse->redirect('http://example.com');
exit;
setExpiration(?string $time)
Sets the expiration of the HTTP document using the Cache-Control
and Expires
headers. The parameter
is either a time interval (as text or number of seconds) or null
, which disables caching.
// browser cache expires in one hour
$httpResponse->setExpiration('1 hour');
setCookie(string $name, string $value, $time, ?string $path=null, ?string $domain=null, ?bool $secure=null, ?bool $httpOnly=null, ?string $sameSite=null)
Sends a cookie. Default parameter values:
$path |
'/' |
with scope to all paths on (sub)domain |
$domain |
null |
with scope of the current (sub)domain, but not its subdomains |
$secure |
affected by the settings in configuration | |
$httpOnly |
true |
cookie is inaccessible to JavaScript |
$sameSite |
null |
flag is not specified (see SameSite cookie) |
The time can be specified as number of seconds or a string:
$httpResponse->setCookie('lang', 'en', '100 days');
The $domain
option determines which domains (origins) can accept cookies. If not specified, the cookie is accepted
by the same (sub)domain as is set by it, excluding their subdomains. If $domain
is specified, then subdomains are
also included. Therefore, specifying $domain
is less restrictive than omitting. For example, if
$domain = 'nette.org'
, cookie is also available on all subdomains like doc.nette.org
.
deleteCookie(string $name, ?string $path=null, ?string $domain=null, ?bool $secure=null): void
Deletes a cookie. The default values of the parameters are:
$path
with scope to all directories ('/'
)$domain
with scope of the current (sub)domain, but not its subdomains$secure
is affected by the settings in configuration
$httpResponse->deleteCookie('lang');