Request / Response Objects
The request and response objects wrap the WSGI environment or the returnvalue from a WSGI application so that it is another WSGI application(wraps a whole application).
How they Work
Your WSGI application is always passed two arguments. The WSGI “environment”and the WSGI start_response function that is used to start the responsephase. The Request class wraps the environ for easier access torequest variables (form data, request headers etc.).
The Response on the other hand is a standard WSGI application thatyou can create. The simple hello world in Werkzeug looks like this:
from werkzeug.wrappers import Response
application = Response('Hello World!')
To make it more useful you can replace it with a function and do someprocessing:
from werkzeug.wrappers import Request, Response
def application(environ, start_response):
request = Request(environ)
response = Response("Hello %s!" % request.args.get('name', 'World!'))
return response(environ, start_response)
Because this is a very common task the Request object providesa helper for that. The above code can be rewritten like this:
from werkzeug.wrappers import Request, Response
@Request.application
def application(request):
return Response("Hello %s!" % request.args.get('name', 'World!'))
The application is still a valid WSGI application that accepts theenvironment and start_response callable.
Mutability and Reusability of Wrappers
The implementation of the Werkzeug request and response objects are tryingto guard you from common pitfalls by disallowing certain things as much aspossible. This serves two purposes: high performance and avoiding ofpitfalls.
For the request object the following rules apply:
- The request object is immutable. Modifications are not supported bydefault, you may however replace the immutable attributes with mutableattributes if you need to modify it.
- The request object may be shared in the same thread, but is not threadsafe itself. If you need to access it from multiple threads, uselocks around calls.
It’s not possible to pickle the request object.For the response object the following rules apply:
The response object is mutable
- The response object can be pickled or copied after freeze() wascalled.
- Since Werkzeug 0.6 it’s safe to use the same response object formultiple WSGI responses.
- It’s possible to create copies using copy.deepcopy.
Base Wrappers
These objects implement a common set of operations. They are missing fancyaddon functionality like user agent parsing or etag handling. These featuresare available by mixing in various mixin classes or using Request andResponse.
- class _werkzeug.wrappers.BaseRequest(_environ, populate_request=True, shallow=False)
- Very basic request object. This does not implement advanced stuff likeentity tag parsing or cache controls. The request object is created withthe WSGI environment as first argument and will add itself to the WSGIenvironment as 'werkzeug.request' unless it’s created withpopulate_request set to False.
There are a couple of mixins available that add additional functionalityto the request object, there is also a class called Request whichsubclasses BaseRequest and all the important mixins.
It’s a good idea to create a custom subclass of the BaseRequestand add missing functionality either via mixins or direct implementation.Here an example for such subclasses:
from werkzeug.wrappers import BaseRequest, ETagRequestMixin
class Request(BaseRequest, ETagRequestMixin):
pass
Request objects are read only. As of 0.5 modifications are notallowed in any place. Unlike the lower level parsing functions therequest object will use immutable objects everywhere possible.
Per default the request object will assume all the text data is _utf-8_encoded. Please refer to the unicode chapter for moredetails about customizing the behavior.
Per default the request object will be added to the WSGIenvironment as werkzeug.request to support the debugging system.If you don’t want that, set populate_request to False.
If shallow is True the environment is initialized as shallowobject around the environ. Every operation that would modify theenviron in any way (such as consuming form data) raises an exceptionunless the shallow attribute is explicitly set to False. Thisis useful for middlewares where you don’t want to consume the formdata by accident. A shallow request is not populated to the WSGIenvironment.
在 0.5 版更改: read-only mode was enforced by using immutables classes for alldata.
- environ
The WSGI environment that the request object uses for data retrival.
True if this request object is shallow (does not modify environ),False otherwise.
get_file_stream(_total_content_length, content_type, filename=None, content_length=None)
- Called to get a stream for the file upload.
This must provide a file-like class with read(), readline()_and _seek() methods that is both writeable and readable.
The default implementation returns a temporary file if the totalcontent length is higher than 500KB. Because many browsers do notprovide a content length for the files only the total contentlength matters.
参数:
- **total_content_length** – the total content length of all thedata in the request combined. This valueis guaranteed to be there.
- **content_type** – the mimetype of the uploaded file.
- **filename** – the filename of the uploaded file. May be _None_.
- **content_length** – the length of this file. This value is usuallynot provided because webbrowsers do not providethis value.
- access_route
If a forwarded header exists this is a list of all ip addressesfrom the client ip to the last proxy server.
- Decorate a function as responder that accepts the request as firstargument. This works like the responder() decorator but thefunction is passed the request object as first argument and therequest object will be closed automatically:
@Request.application
def my_wsgi_app(request):
return Response('Hello World!')
参数:f – the WSGI callable to decorate返回:a new WSGI callable
- args
The parsed URL parameters. By default anImmutableMultiDictis returned from this function. This can be changed by settingparameter_storage_class to a different type. This mightbe necessary if the order of the form data is important.
Like url but without the querystring
the charset for the request, defaults to utf-8
- Closes associated resources of this request object. Thiscloses all file handles explicitly. You can also use the requestobject in a with statement with will automatically close it.
0.9 新版功能.
- cookies
Read only access to the retrieved cookie values as dictionary.
- the type to be used for dict values from the incoming WSGI environment.By default anImmutableTypeConversionDict is used(for example for cookies).
0.6 新版功能.
ImmutableTypeConversionDict 的别名
- disabledata_descriptor = False_
- Indicates weather the data descriptor should be allowed to read andbuffer up the input stream. By default it’s enabled.
0.9 新版功能.
- encodingerrors = 'replace'_
the error handling procedure for errors, defaults to ‘replace’
- MultiDict object containingall uploaded files. Each key in files is the name from the
. Each value in files is aWerkzeug FileStorage object.
Note that files will only contain data if the request method wasPOST, PUT or PATCH and the
- class _werkzeug.wrappers.BaseResponse(_response=None, status=None, headers=None, mimetype=None, content_type=None, direct_passthrough=False)
- Base response class. The most important fact about a response objectis that it’s a regular WSGI application. It’s initialized with a coupleof response parameters (headers, body, status code etc.) and will start avalid WSGI response when called with the environ and start responsecallable.
Because it’s a WSGI application itself processing usually ends before theactual response is sent to the server. This helps debugging systemsbecause they can catch all the exceptions before responses are started.
Here a small example WSGI application that takes advantage of theresponse objects:
from werkzeug.wrappers import BaseResponse as Response
def index():
return Response('Index page')
def application(environ, start_response):
path = environ.get('PATH_INFO') or '/'
if path == '/':
response = index()
else:
response = Response('Not Found', status=404)
return response(environ, start_response)
Like BaseRequest which object is lacking a lot of functionalityimplemented in mixins. This gives you a better control about the actualAPI of your response objects, so you can create subclasses and add customfunctionality. A full featured response object is available asResponse which implements a couple of useful mixins.
To enforce a new type of already existing responses you can use theforce_type() method. This is useful if you’re working with differentsubclasses of response objects and you want to post process them with aknow interface.
Per default the request object will assume all the text data is _utf-8_encoded. Please refer to the unicode chapter for moredetails about customizing the behavior.
Response can be any kind of iterable or string. If it’s a string it’sconsidered being an iterable with one item which is the string passed.Headers can be a list of tuples or aHeaders object.
Special note for mimetype and content_type: For most mime typesmimetype and content_type work the same, the difference affectsonly ‘text’ mimetypes. If the mimetype passed with mimetype is amimetype starting with text/, the charset parameter of the responseobject is appended to it. In contrast the content_type parameter isalways added as header unmodified.
在 0.5 版更改: the direct_passthrough parameter was added.
参数:
- response – a string or response iterable.
- status – a string with a status or an integer with the status code.
- headers – a list of headers or aHeaders object.
- mimetype – the mimetype for the request. See notice above.
- content_type – the content type for the request. See notice above.
- direct_passthrough – if set to Trueiter_encoded() is notcalled before iteration which makes itpossible to pass special iterators thoughunchanged (see wrap_file() for moredetails.)
- response
The application iterator. If constructed from a string this will be alist, otherwise the object provided as application iterator. (The firstargument passed to BaseResponse)
A Headers object representing the response headers.
The response status as integer.
If directpassthrough=True was passed to the response object or ifthis attribute was set to _True before using the response object asWSGI application, the wrapped iterator is returned unchanged. Thismakes it possible to pass a special wsgi.file_wrapper to the responseobject. See wrap_file() for more details.
- Process this response as WSGI application.
参数:
- **environ** – the WSGI environment.
- **start_response** – the response callable provided by the WSGIserver.返回:
an application iterator
- ensure_sequence(_mutable=False)
- This method can be called by methods that need a sequence. Ifmutable is true, it will also ensure that the response sequenceis a standard Python list.
0.6 新版功能.
- autocorrectlocation_header = True_
- Should this response object correct the location header to be RFCconformant? This is true by default.
0.8 新版功能.
- automaticallyset_content_length = True_
- Should this response object automatically set the content-lengthheader if possible? This is true by default.
0.8 新版功能.
- calculate_content_length()
Returns the content length if available or None otherwise.
- Adds a function to the internal list of functions that shouldbe called as part of closing down the response. Since 0.7 thisfunction also returns the function that was passed so that thiscan be used as a decorator.
0.6 新版功能.
- charset = 'utf-8'
the charset of the response.
- Close the wrapped response if possible. You can also use the objectin a with statement which will automatically close it.
0.9 新版功能: Can now be used in a with statement.
- data
A descriptor that calls get_data() and set_data(). Thisshould not be used and will eventually get deprecated.
the default mimetype if none is provided.
the default status if none is provided.
- Delete a cookie. Fails silently if key doesn’t exist.
参数:
- **key** – the key (name) of the cookie to be deleted.
- **path** – if the cookie that should be deleted was limited to apath, the path has to be defined here.
- **domain** – if the cookie that should be deleted was limited to adomain, that domain has to be defined here.
- classmethod _force_type(_response, environ=None)
- Enforce that the WSGI response is a response object of the currenttype. Werkzeug will use the BaseResponse internally in manysituations like the exceptions. If you call get_response() on anexception you will get back a regular BaseResponse object, evenif you are using a custom subclass.
This method can enforce a given response type, and it will alsoconvert arbitrary WSGI callables into response objects if an environis provided:
# convert a Werkzeug response object into an instance of the
# MyResponseClass subclass.
response = MyResponseClass.force_type(response)
# convert any WSGI application into a response object
response = MyResponseClass.force_type(response, environ)
This is especially useful if you want to post-process responses inthe main dispatcher and use functionality provided by your subclass.
Keep in mind that this will modify response objects in place ifpossible!
参数:
- **response** – a response object or wsgi application.
- **environ** – a WSGI environment object.返回:
a response object.
- freeze()
- Call this method if you want to make your response object ready forbeing pickled. This buffers the generator if there is one. It willalso set the Content-Length header to the length of the body.
在 0.6 版更改: The Content-Length header is now set.
- classmethod _from_app(_app, environ, buffered=False)
- Create a new response object from an application output. Thisworks best if you pass it an application that returns a generator allthe time. Sometimes applications may use the write() callablereturned by the start_response function. This tries to resolve suchedge cases automatically. But if you don’t get the expected outputyou should set buffered to True which enforces buffering.
参数:
- **app** – the WSGI application to execute.
- **environ** – the WSGI environment to execute against.
- **buffered** – set to _True_ to enforce buffering.返回:
a response object.
- getapp_iter(_environ)
- Returns the application iterator for the given environ. Dependingon the request method and the current status code the return valuemight be an empty response rather than the one from the response.
If the request method is HEAD or the status code is in a rangewhere the HTTP specification requires an empty response, an emptyiterable is returned.
0.6 新版功能.
参数:environ – the WSGI environment of the request.返回:a response iterable.
- getdata(_as_text=False)
- The string representation of the request body. Whenever you callthis property the request iterable is encoded and flattened. Thiscan lead to unwanted behavior if you stream big data.
This behavior can be disabled by settingimplicit_sequence_conversion to False.
If as_text is set to True the return value will be a decodedunicode string.
0.9 新版功能.
- getwsgi_headers(_environ)
- This is automatically called right before the response is startedand returns headers modified for the given environment. It returns acopy of the headers from the response with some modifications appliedif necessary.
For example the location header (if present) is joined with the rootURL of the environment. Also the content length is automatically setto zero here for certain status codes.
在 0.6 版更改: Previously that function was called fix_headers and modifiedthe response object in place. Also since 0.6, IRIs in locationand content-location headers are handled properly.
Also starting with 0.6, Werkzeug will attempt to set the contentlength if it is able to figure it out on its own. This is thecase if all the strings in the response iterable are alreadyencoded and the iterable is buffered.
参数:environ – the WSGI environment of the request.返回:returns a new Headersobject.
- getwsgi_response(_environ)
- Returns the final WSGI response as tuple. The first item inthe tuple is the application iterator, the second the status andthe third the list of headers. The response returned is createdspecially for the given environment. For example if the requestmethod in the WSGI environment is 'HEAD' the response willbe empty and only the headers and status code will be present.
0.6 新版功能.
参数:environ – the WSGI environment of the request.返回:an (app_iter,status,headers) tuple.
- implicitsequence_conversion = True_
- if set to False accessing properties on the response object willnot try to consume the response iterator and convert it into a list.
0.6.2 新版功能: That attribute was previously called implicit_seqence_conversion.(Notice the typo). If you did use this feature, you have to adaptyour code to the name change.
- is_sequence
- If the iterator is buffered, this property will be True. Aresponse object will consider an iterator to be buffered if theresponse attribute is a list or tuple.
0.6 新版功能.
- is_streamed
- If the response is streamed (the response is not an iterable witha length information) this property is True. In this case streamedmeans that there is no information about the number of iterations.This is usually True if a generator is passed to the response object.
This is useful for checking before applying some sort of postfiltering that should not take place for streamed responses.
- iter_encoded()
Iter the response encoded with the encoding of the response.If the response object is invoked as WSGI application the returnvalue of this method is used as application iterator unlessdirect_passthrough was activated.
- Converts the response iterator in a list. By default this happensautomatically if required. If implicit_sequence_conversion isdisabled, this method is not automatically called and some propertiesmight raise exceptions. This also encodes all the items.
0.6 新版功能.
- setcookie(_key, value='', max_age=None, expires=None, path='/', domain=None, secure=None, httponly=False)
- Sets a cookie. The parameters are the same as in the cookie _Morsel_object in the Python standard library but it accepts unicode data, too.
参数:
- **key** – the key (name) of the cookie to be set.
- **value** – the value of the cookie.
- **max_age** – should be a number of seconds, or _None_ (default) ifthe cookie should last only as long as the client’sbrowser session.
- **expires** – should be a _datetime_ object or UNIX timestamp.
- **domain** – if you want to set a cross-domain cookie. For example,domain=".example.com" will set a cookie that isreadable by the domain www.example.com,foo.example.com etc. Otherwise, a cookie will onlybe readable by the domain that set it.
- **path** – limits the cookie to a given path, per default it willspan the whole domain.
- setdata(_value)
- Sets a new string as response. The value set must either by aunicode or bytestring. If a unicode string is set it’s encodedautomatically to the charset of the response (utf-8 by default).
0.9 新版功能.
Mixin Classes
Werkzeug also provides helper mixins for various HTTP related functionalitysuch as etags, cache control, user agents etc. When subclassing you canmix those classes in to extend the functionality of the BaseRequestor BaseResponse object. Here a small example for a request objectthat parses accept headers:
from werkzeug.wrappers import AcceptMixin, BaseRequest
class Request(BaseRequest, AcceptMixin):
pass
The Request and Response classes subclass the BaseRequestand BaseResponse classes and implement all the mixins Werkzeug provides:
- class _werkzeug.wrappers.Request(_environ, populate_request=True, shallow=False)
Full featured request object implementing the following mixins:
- AcceptMixin for accept header parsing
- ETagRequestMixin for etag and cache control handling
- UserAgentMixin for user agent introspection
- AuthorizationMixin for http auth handling
- CommonRequestDescriptorsMixin for common headers
- class _werkzeug.wrappers.Response(_response=None, status=None, headers=None, mimetype=None, content_type=None, direct_passthrough=False)
Full featured response object implementing the following mixins:
- ETagResponseMixin for etag and cache control handling
- ResponseStreamMixin to add support for the stream property
- CommonResponseDescriptorsMixin for various HTTP descriptors
- WWWAuthenticateMixin for HTTP authentication support
- _class _werkzeug.wrappers.AcceptMixin
A mixin for classes with an environ attributeto get all the HTTP accept headers asAccept objects (or subclassesthereof).
- accept_charsets
List of charsets this client supports asCharsetAccept object.
List of encodings this client accepts. Encodings in a HTTP termare compression encodings such as gzip. For charsets have a look ataccept_charset.
List of languages this client accepts asLanguageAccept object.
- List of mimetypes this client supports asMIMEAccept object.
- _class _werkzeug.wrappers.AuthorizationMixin
Adds an authorization property that represents the parsedvalue of the Authorization header asAuthorization object.
- _class _werkzeug.wrappers.ETagRequestMixin
Add entity tag and cache descriptors to a request object or object witha WSGI environment available as environ. This notonly provides access to etags but also to the cache control header.
- cache_control
A RequestCacheControl objectfor the incoming cache control headers.
- An object containing all the etags in the If-Match header.
返回类型:ETags
- if_modified_since
The parsed If-Modified-Since header as datetime object.
- An object containing all the etags in the If-None-Match header.
返回类型:ETags
0.7 新版功能.
返回类型:IfRange
- if_unmodified_since
The parsed If-Unmodified-Since header as datetime object.
- The parsed Range header.
0.7 新版功能.
返回类型:Range
- _class _werkzeug.wrappers.ETagResponseMixin
- Adds extra functionality to a response object for etag and cachehandling. This mixin requires an object with at least a _headers_object that implements a dict like interface similar toHeaders.
If you want the freeze() method to automatically add an etag, youhave to mixin this method before the response base class. The defaultresponse class does not do that.
- accept_ranges
- The Accept-Ranges header. Even though the name would indicatethat multiple values are supported, it must be one string token only.
The values 'bytes' and 'none' are common.
0.7 新版功能.
- addetag(_overwrite=False, weak=False)
Add an etag for the current response if there is none yet.
The Cache-Control general-header field is used to specifydirectives that MUST be obeyed by all caching mechanisms along therequest/response chain.
- The Content-Range header asContentRange object. Even if theheader is not set it wil provide such an object for easiermanipulation.
0.7 新版功能.
- freeze(no_etag=False)
Call this method if you want to make your response object ready forpickeling. This buffers the generator if there is one. This alsosets the etag unless no_etag is set to True.
Return a tuple in the form (etag,is_weak). If there is noETag the return value is (None,None).
- Make the response conditional to the request. This method worksbest if an etag was defined for the response already. The _add_etag_method can be used to do that. If called without etag just the dateheader is set.
This does nothing if the request method in the request or environ isanything but GET or HEAD.
It does not remove the body of the response because that’s somethingthe call() function does for us automatically.
Returns self so that you can do returnresp.make_conditional(req)but modifies the object in-place.
参数:request_or_environ – a request object or WSGI environment to beused to make the response conditionalagainst.
- _class _werkzeug.wrappers.ResponseStreamMixin
Mixin for BaseRequest subclasses. Classes that inherit fromthis mixin will automatically get a stream property that providesa write-only interface to the response iterable.
- _class _werkzeug.wrappers.CommonRequestDescriptorsMixin
- A mixin for BaseRequest subclasses. Request objects thatmix this class in will automatically get descriptors for a couple ofHTTP headers with automatic type conversion.
0.5 新版功能.
- content_encoding
- The Content-Encoding entity-header field is used as a modifier to themedia-type. When present, its value indicates what additional contentcodings have been applied to the entity-body, and thus what decodingmechanisms must be applied in order to obtain the media-typereferenced by the Content-Type header field.
0.9 新版功能.
- content_length
The Content-Length entity-header field indicates the size of theentity-body in bytes or, in the case of the HEAD method, the size ofthe entity-body that would have been sent had the request been aGET.
The Content-MD5 entity-header field, as defined in RFC 1864, is anMD5 digest of the entity-body for the purpose of providing anend-to-end message integrity check (MIC) of the entity-body. (Note:a MIC is good for detecting accidental modification of theentity-body in transit, but is not proof against malicious attacks.)
0.9 新版功能.
- content_type
The Content-Type entity-header field indicates the media type ofthe entity-body sent to the recipient or, in the case of the HEADmethod, the media type that would have been sent had the requestbeen a GET.
The Date general-header field represents the date and time at whichthe message was originated, having the same semantics as orig-datein RFC 822.
The Max-Forwards request-header field provides a mechanism with theTRACE and OPTIONS methods to limit the number of proxies or gatewaysthat can forward the request to the next inbound server.
Like content_type but without parameters (eg, withoutcharset, type etc.). For example if the contenttype is text/html;charset=utf-8 the mimetype would be'text/html'.
The mimetype parameters as dict. For example if the contenttype is text/html;charset=utf-8 the params would be{'charset':'utf-8'}.
The Pragma general-header field is used to includeimplementation-specific directives that might apply to any recipientalong the request/response chain. All pragma directives specifyoptional behavior from the viewpoint of the protocol; however, somesystems MAY require that behavior be consistent with the directives.
- The Referer[sic] request-header field allows the client to specify,for the server’s benefit, the address (URI) of the resource from whichthe Request-URI was obtained (the “referrer”, although the headerfield is misspelled).
- _class _werkzeug.wrappers.CommonResponseDescriptorsMixin
A mixin for BaseResponse subclasses. Response objects thatmix this class in will automatically get descriptors for a couple ofHTTP headers with automatic type conversion.
Age values are non-negative decimal integers, representing time inseconds.
- allow
The Allow entity-header field lists the set of methods supportedby the resource identified by the Request-URI. The purpose of thisfield is strictly to inform the recipient of valid methodsassociated with the resource. An Allow header field MUST bepresent in a 405 (Method Not Allowed) response.
The Content-Encoding entity-header field is used as a modifier to themedia-type. When present, its value indicates what additional contentcodings have been applied to the entity-body, and thus what decodingmechanisms must be applied in order to obtain the media-typereferenced by the Content-Type header field.
The Content-Language entity-header field describes the naturallanguage(s) of the intended audience for the enclosed entity. Notethat this might not be equivalent to all the languages used withinthe entity-body.
The Content-Length entity-header field indicates the size of theentity-body, in decimal number of OCTETs, sent to the recipient or,in the case of the HEAD method, the size of the entity-body that wouldhave been sent had the request been a GET.
The Content-Location entity-header field MAY be used to supply theresource location for the entity enclosed in the message when thatentity is accessible from a location separate from the requestedresource’s URI.
The Content-MD5 entity-header field, as defined in RFC 1864, is anMD5 digest of the entity-body for the purpose of providing anend-to-end message integrity check (MIC) of the entity-body. (Note:a MIC is good for detecting accidental modification of theentity-body in transit, but is not proof against malicious attacks.)
The Content-Type entity-header field indicates the media type of theentity-body sent to the recipient or, in the case of the HEAD method,the media type that would have been sent had the request been a GET.
The Date general-header field represents the date and time at whichthe message was originated, having the same semantics as orig-datein RFC 822.
The Expires entity-header field gives the date/time after which theresponse is considered stale. A stale cache entry may not normally bereturned by a cache.
The Last-Modified entity-header field indicates the date and time atwhich the origin server believes the variant was last modified.
The Location response-header field is used to redirect the recipientto a location other than the Request-URI for completion of the requestor identification of a new resource.
The mimetype (content type without charset etc.)
- The mimetype parameters as dict. For example if the contenttype is text/html;charset=utf-8 the params would be{'charset':'utf-8'}.
0.5 新版功能.
- retry_after
- The Retry-After response-header field can be used with a 503 (ServiceUnavailable) response to indicate how long the service is expectedto be unavailable to the requesting client.
Time in seconds until expiration or date.
- vary
- The Vary field value indicates the set of request-header fields thatfully determines, while the response is fresh, whether a cache ispermitted to use the response to reply to a subsequent requestwithout revalidation.
- _class _werkzeug.wrappers.WWWAuthenticateMixin
Adds a www_authenticate property to a response object.
- _class _werkzeug.wrappers.UserAgentMixin
Adds a user_agent attribute to the request object which contains theparsed user agent of the browser that triggered the request as aUserAgent object.