HTTP Response
Nette encapsulates the HTTP response into objects with an understandable API while providing a sanitization filter.
An HTTP response is an Nette\Http\Response object, which
you get by passing it using dependency injection. In presenters simply
call $httpResponse = $this->getHttpResponse()
.
→ Installation and requirements
Nette\Http\Response
Unlike Nette\Http\Request, this object is mutable, so you can use setters to change the state, ie to
send headers. Remember that all setters must be called before any actual output is sent. The isSent()
method
tells if output have been sent. If it returns true
, each attempt to send a header throws an
Nette\InvalidStateException
exception.
setCode(int $code, ?string $reason=null)
Changes a status response code. For better source code readability it is recommended to use predefined constants instead of actual numbers.
$httpResponse->setCode(Nette\Http\Response::S404_NotFound);
getCode(): int
Returns the status code of the response.
isSent(): bool
Returns whether headers have already been sent from the server to the browser, so it is no longer possible to send headers or change the status code.
setHeader(string $name, string $value)
Sends an HTTP header and overwrites previously sent header of the same name.
$httpResponse->setHeader('Pragma', 'no-cache');
addHeader(string $name, string $value)
Sends an HTTP header and doesn't overwrite previously sent header of the same name.
$httpResponse->addHeader('Accept', 'application/json');
$httpResponse->addHeader('Accept', 'application/xml');
deleteHeader(string $name)
Deletes a previously sent HTTP header.
getHeader(string $header): ?string
Returns the sent HTTP header, or null
if it does not exist. The parameter is case-insensitive.
$pragma = $httpResponse->getHeader('Pragma');
getHeaders(): array
Returns all sent HTTP headers as associative array.
$headers = $httpResponse->getHeaders();
echo $headers['Pragma'];
setContentType(string $type, ?string $charset=null)
Sends the header Content-Type
.
$httpResponse->setContentType('text/plain', 'UTF-8');
redirect(string $url, int $code=self::S302_Found): void
Redirects to another URL. Don't forget to quit the script then.
$httpResponse->redirect('http://example.com');
exit;
setExpiration(?string $time)
Sets the expiration of the HTTP document using the Cache-Control
and Expires
headers. The parameter
is either a time interval (as text) or null
, which disables caching.
// browser cache expires in one hour
$httpResponse->setExpiration('1 hour');
sendAsFile(string $fileName)
Response should be downloaded with Save as dialog with specified name. It does not send any file itself to output.
$httpResponse->sendAsFile('invoice.pdf');
setCookie(string $name, string $value, $time, ?string $path=null, ?string $domain=null, ?bool $secure=null, ?bool $httpOnly=null, ?string $sameSite=null)
Sends a cookie. Default parameter values:
$path |
'/' |
with scope to all paths on (sub)domain (configurable) |
$domain |
null |
with scope of the current (sub)domain, but not its subdomains (configurable) |
$secure |
true |
if the site is running on HTTPS, otherwise false (configurable) |
$httpOnly |
true |
cookie is inaccessible to JavaScript |
$sameSite |
'Lax' |
cookie does not have to be sent when accessed from another origin |
You can change the default values of the $path
, $domain
and $secure
parameters in configuration.
The time can be specified as number of seconds or a string:
$httpResponse->setCookie('lang', 'en', '100 days');
The $domain
option determines which domains (origins) can accept cookies. If not specified, the cookie is accepted
by the same (sub)domain as is set by it, excluding their subdomains. If $domain
is specified, then subdomains are
also included. Therefore, specifying $domain
is less restrictive than omitting. For example, if
$domain = 'nette.org'
, cookie is also available on all subdomains like doc.nette.org
.
You can use the Response::SameSiteLax
, SameSiteStrict
and SameSiteNone
constants for the
$sameSite
value.
deleteCookie(string $name, ?string $path=null, ?string $domain=null, ?bool $secure=null): void
Deletes a cookie. The default values of the parameters are:
$path
with scope to all directories ('/'
)$domain
with scope of the current (sub)domain, but not its subdomains$secure
is affected by the settings in configuration
$httpResponse->deleteCookie('lang');