Nette Documentation Preview

syntax
HTTP Response
*************

.[perex]
Nette encapsulates the HTTP response into objects with an understandable API while providing a sanitization filter.

An HTTP response is an [api:Nette\Http\Response] object, which you get by passing it using [dependency injection |/dependency-injection/passing-dependencies]. In presenters simply call `$httpResponse = $this->getHttpResponse()`.

→ [Installation and requirements |@home#Installation]


Nette\Http\Response
===================

Unlike the [Nette\Http\Request|request], the object is mutable, so you can use setters to change the state, ie to send headers. Remember that all setters **must be called before any actual output is sent.**
The `isSent()` method tells if output have been sent. If it returns `true`, each attempt to send a header throws an `Nette\InvalidStateException` exception.


setCode(int $code, string $reason = null) .[method]
---------------------------------------------------
Changes a status [response code |https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10]. For better source code readability it is recommended to use [predefined constants |api:Nette\Http\IResponse] instead of actual numbers.

```php
$httpResponse->setCode(Nette\Http\Response::S404_NOT_FOUND);
```


getCode(): int .[method]
------------------------
Returns the status code of the response.


isSent(): bool .[method]
------------------------
Returns whether headers have already been sent from the server to the browser, so it is no longer possible to send headers or change the status code.


setHeader(string $name, string $value) .[method]
------------------------------------------------
Sends an HTTP header and **overwrites** previously sent header of the same name.

```php
$httpResponse->setHeader('Pragma', 'no-cache');
```


addHeader(string $name, string $value) .[method]
------------------------------------------------
Sends an HTTP header and **doesn't overwrite** previously sent header of the same name.

```php
$httpResponse->addHeader('Accept', 'application/json');
$httpResponse->addHeader('Accept', 'application/xml');
```


deleteHeader(string $name) .[method]
------------------------------------
Deletes a previously sent HTTP header.


getHeader(string $header): ?string .[method]
--------------------------------------------
Returns the sent HTTP header, or `null` if it does not exist. The parameter is case-insensitive.

```php
$pragma = $httpResponse->getHeader('Pragma');
```


getHeaders(): array .[method]
-----------------------------
Returns all sent HTTP headers as associative array.

```php
$headers = $httpResponse->getHeaders();
echo $headers['Pragma'];
```


setContentType(string $type, string $charset = null) .[method]
--------------------------------------------------------------
Sends the header `Content-Type`.

```php
$httpResponse->setContentType('text/plain', 'UTF-8');
```


redirect(string $url, int $code = self::S302_FOUND): void .[method]
-------------------------------------------------------------------
Redirects to another URL. Don't forget to quit the script then.

```php
$httpResponse->redirect('http://example.com');
exit;
```


setExpiration(?string $time) .[method]
--------------------------------------
Sets the expiration of the HTTP document using the `Cache-Control` and `Expires` headers. The parameter is either a time interval (as text) or `null`, which disables caching.

```php
// browser cache expires in one hour
$httpResponse->setExpiration('1 hour');
```


sendAsFile(string $fileName) .[method]
--------------------------------------
Response should be downloaded with *Save as* dialog with specified name. It does not send any file itself to output.

```php
$httpResponse->sendAsFile('invoice.pdf');
```


setCookie(string $name, string $value, $time, string $path = null, string $domain = null, bool $secure = null, bool $httpOnly = null, string $sameSite = null) .[method]
------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Sends a cookie. Default parameter values:

| `$path`     | `'/'`   | with scope to all paths on (sub)domain *(configurable)*
| `$domain`   | `null`  | with scope of the current (sub)domain, but not its subdomains *(configurable)*
| `$secure`   | `true`  | if the site is running on HTTPS, otherwise `false` *(configurable)*
| `$httpOnly` | `true`  | cookie is inaccessible to JavaScript
| `$sameSite` | `'Lax'` | cookie does not have to be sent when [accessed from another origin|/vulnerability-protection#SameSite cookie]

You can change the default values of the `$path`, `$domain` and `$secure` parameters in [configuration#HTTP cookie].

The time can be specified as number of seconds or a string:

```php
$httpResponse->setCookie('lang', 'en', '100 days');
```

The `$domain` option determines which domains (origins) can accept cookies. If not specified, the cookie is accepted by the same (sub)domain as is set by it, excluding their subdomains. If `$domain` is specified, then subdomains are also included. Therefore, specifying `$domain` is less restrictive than omitting. For example, if `$domain = 'nette.org'`, cookie is also available on all subdomains like `doc.nette.org`.

You can use the `Response::SAME_SITE_LAX`, `SAME_SITE_STRICT` and `SAME_SITE_NONE` constants for the `$sameSite` value.


deleteCookie(string $name, string $path = null, string $domain = null, bool $secure = null): void .[method]
-----------------------------------------------------------------------------------------------------------
Deletes a cookie. The default values ​​of the parameters are:
- `$path` with scope to all directories (`'/'`)
- `$domain` with scope of the current (sub)domain, but not its subdomains
- `$secure` is affected by the settings in [configuration#HTTP cookie]

```php
$httpResponse->deleteCookie('lang');
```


{{composer: nette/http}}

HTTP Response

Nette encapsulates the HTTP response into objects with an understandable API while providing a sanitization filter.

An HTTP response is an Nette\Http\Response object, which you get by passing it using dependency injection. In presenters simply call $httpResponse = $this->getHttpResponse().

Installation and requirements

Nette\Http\Response

Unlike the Nette\Http\Request, the object is mutable, so you can use setters to change the state, ie to send headers. Remember that all setters must be called before any actual output is sent. The isSent() method tells if output have been sent. If it returns true, each attempt to send a header throws an Nette\InvalidStateException exception.

setCode(int $code, string $reason = null)

Changes a status response code. For better source code readability it is recommended to use predefined constants instead of actual numbers.

$httpResponse->setCode(Nette\Http\Response::S404_NOT_FOUND);

getCode(): int

Returns the status code of the response.

isSent(): bool

Returns whether headers have already been sent from the server to the browser, so it is no longer possible to send headers or change the status code.

setHeader(string $name, string $value)

Sends an HTTP header and overwrites previously sent header of the same name.

$httpResponse->setHeader('Pragma', 'no-cache');

addHeader(string $name, string $value)

Sends an HTTP header and doesn't overwrite previously sent header of the same name.

$httpResponse->addHeader('Accept', 'application/json');
$httpResponse->addHeader('Accept', 'application/xml');

deleteHeader(string $name)

Deletes a previously sent HTTP header.

getHeader(string $header): ?string

Returns the sent HTTP header, or null if it does not exist. The parameter is case-insensitive.

$pragma = $httpResponse->getHeader('Pragma');

getHeaders(): array

Returns all sent HTTP headers as associative array.

$headers = $httpResponse->getHeaders();
echo $headers['Pragma'];

setContentType(string $type, string $charset = null)

Sends the header Content-Type.

$httpResponse->setContentType('text/plain', 'UTF-8');

redirect(string $url, int $code = self::S302_FOUND)void

Redirects to another URL. Don't forget to quit the script then.

$httpResponse->redirect('http://example.com');
exit;

setExpiration(?string $time)

Sets the expiration of the HTTP document using the Cache-Control and Expires headers. The parameter is either a time interval (as text) or null, which disables caching.

// browser cache expires in one hour
$httpResponse->setExpiration('1 hour');

sendAsFile(string $fileName)

Response should be downloaded with Save as dialog with specified name. It does not send any file itself to output.

$httpResponse->sendAsFile('invoice.pdf');

setCookie(string $name, string $value, $time, string $path = null, string $domain = null, bool $secure = null, bool $httpOnly = null, string $sameSite = null)

Sends a cookie. Default parameter values:

$path '/' with scope to all paths on (sub)domain (configurable)
$domain null with scope of the current (sub)domain, but not its subdomains (configurable)
$secure true if the site is running on HTTPS, otherwise false (configurable)
$httpOnly true cookie is inaccessible to JavaScript
$sameSite 'Lax' cookie does not have to be sent when accessed from another origin

You can change the default values of the $path, $domain and $secure parameters in configuration.

The time can be specified as number of seconds or a string:

$httpResponse->setCookie('lang', 'en', '100 days');

The $domain option determines which domains (origins) can accept cookies. If not specified, the cookie is accepted by the same (sub)domain as is set by it, excluding their subdomains. If $domain is specified, then subdomains are also included. Therefore, specifying $domain is less restrictive than omitting. For example, if $domain = 'nette.org', cookie is also available on all subdomains like doc.nette.org.

You can use the Response::SAME_SITE_LAX, SAME_SITE_STRICT and SAME_SITE_NONE constants for the $sameSite value.

deleteCookie(string $name, string $path = null, string $domain = null, bool $secure = null)void

Deletes a cookie. The default values ​​of the parameters are:

  • $path with scope to all directories ('/')
  • $domain with scope of the current (sub)domain, but not its subdomains
  • $secure is affected by the settings in configuration
$httpResponse->deleteCookie('lang');