HTTP Utilities

Werkzeug provides a couple of functions to parse and generate HTTP headersthat are useful when implementing WSGI middlewares or whenever you areoperating on a lower level layer. All this functionality is also exposedfrom request and response objects.

Date Functions

The following functions simplify working with times in an HTTP context.Werkzeug uses offset-naive datetime objects internallythat store the time in UTC. If you’re working with timezones in yourapplication make sure to replace the tzinfo attribute with a UTC timezoneinformation before processing the values.

  • werkzeug.http.cookiedate(_expires=None)
  • Formats the time to ensure compatibility with Netscape’s cookiestandard.

Accepts a floating point number expressed in seconds since the epoch in, adatetime object or a timetuple. All times in UTC. The parse_date()function can be used to parse such a date.

Outputs a string in the format Wdy,DD-Mon-YYYYHH:MM:SSGMT.

参数:expires – If provided that date is used, otherwise the current.

  • werkzeug.http.httpdate(_timestamp=None)
  • Formats the time to match the RFC1123 date format.

Accepts a floating point number expressed in seconds since the epoch in, adatetime object or a timetuple. All times in UTC. The parse_date()function can be used to parse such a date.

Outputs a string in the format Wdy,DDMonYYYYHH:MM:SSGMT.

参数:timestamp – If provided that date is used, otherwise the current.

  • werkzeug.http.parsedate(_value)
  • Parse one of the following date formats into a datetime object:
  1. Sun, 06 Nov 1994 08:49:37 GMT ; RFC 822, updated by RFC 1123
  2. Sunday, 06-Nov-94 08:49:37 GMT ; RFC 850, obsoleted by RFC 1036
  3. Sun Nov 6 08:49:37 1994 ; ANSI C's asctime() format

If parsing fails the return value is None.

参数:value – a string with a supported date format.返回:a datetime.datetime object.

Header Parsing

The following functions can be used to parse incoming HTTP headers.Because Python does not provide data structures with the semantics requiredby RFC 2616, Werkzeug implements some custom data structures that aredocumented separately.

  • werkzeug.http.parseoptions_header(_value)
  • Parse a Content-Type like header into a tuple with the contenttype and the options:
  1. >>> parse_options_header('text/html; charset=utf8')
  2. ('text/html', {'charset': 'utf8'})

This should not be used to parse Cache-Control like headers that usea slightly different format. For these headers use theparse_dict_header() function.

0.5 新版功能.

参数:value – the header to parse.返回:(str, options)

  • werkzeug.http.parseset_header(_value, on_update=None)
  • Parse a set-like header and return aHeaderSet object:
  1. >>> hs = parse_set_header('token, "quoted value"')

The return value is an object that treats the items case-insensitivelyand keeps the order of the items:

  1. >>> 'TOKEN' in hs
  2. True
  3. >>> hs.index('quoted value')
  4. 1
  5. >>> hs
  6. HeaderSet(['token', 'quoted value'])

To create a header from the HeaderSet again, use thedump_header() function.

参数:

  • value – a set header to be parsed.
  • on_update – an optional callable that is called every time avalue on the HeaderSetobject is changed.返回:a HeaderSet
  • werkzeug.http.parselist_header(_value)
  • Parse lists as described by RFC 2068 Section 2.

In particular, parse comma-separated lists where the elements ofthe list may include quoted-strings. A quoted-string couldcontain a comma. A non-quoted string could have quotes in themiddle. Quotes are removed automatically after parsing.

It basically works like parse_set_header() just that itemsmay appear multiple times and case sensitivity is preserved.

The return value is a standard list:

  1. >>> parse_list_header('token, "quoted value"')
  2. ['token', 'quoted value']

To create a header from the list again, use thedump_header() function.

参数:value – a string with a list header.返回:list

  • werkzeug.http.parsedict_header(_value, cls=)
  • Parse lists of key, value pairs as described by RFC 2068 Section 2 andconvert them into a python dict (or any other mapping object created fromthe type with a dict like interface provided by the cls arugment):
  1. >>> d = parse_dict_header('foo="is a fish", bar="as well"')
  2. >>> type(d) is dict
  3. True
  4. >>> sorted(d.items())
  5. [('bar', 'as well'), ('foo', 'is a fish')]

If there is no value for a key it will be None:

  1. >>> parse_dict_header('key_without_value')
  2. {'key_without_value': None}

To create a header from the dict again, use thedump_header() function.

在 0.9 版更改: Added support for cls argument.

参数:

  • value – a string with a dict header.
  • cls – callable to use for storage of parsed results.返回:an instance of cls

  • werkzeug.http.parseaccept_header(_value[, class])
  • Parses an HTTP Accept-* header. This does not implement a completevalid algorithm but one that supports at least value and qualityextraction.

Returns a new Accept object (basically a list of (value,quality)tuples sorted by the quality with some additional accessor methods).

The second parameter can be a subclass of Accept that is createdwith the parsed values and returned.

参数:

  • value – the accept header string to be parsed.
  • cls – the wrapper class for the return value (can beAccept or a subclass thereof)返回:an instance of cls.
  • werkzeug.http.parsecache_control_header(_value, on_update=None, cls=None)
  • Parse a cache control header. The RFC differs between response andrequest cache control, this method does not. It’s your responsibilityto not use the wrong control statements.

0.5 新版功能: The cls was added. If not specified an immutableRequestCacheControl is returned.

参数:

  • value – a cache control header to be parsed.
  • on_update – an optional callable that is called every time a valueon the CacheControlobject is changed.
  • cls – the class for the returned object. By defaultRequestCacheControl is used.返回:a cls object.
  • werkzeug.http.parseauthorization_header(_value)
  • Parse an HTTP basic/digest authorization header transmitted by the webbrowser. The return value is either None if the header was invalid ornot given, otherwise an Authorizationobject.

参数:value – the authorization header to parse.返回:a Authorization object or None.

  • werkzeug.http.parsewww_authenticate_header(_value, on_update=None)
  • Parse an HTTP WWW-Authenticate header into aWWWAuthenticate object.

参数:

  • value – a WWW-Authenticate header to parse.
  • on_update – an optional callable that is called every time a valueon the WWWAuthenticateobject is changed.返回:a WWWAuthenticate object.
  • werkzeug.http.parseif_range_header(_value)
  • Parses an if-range header which can be an etag or a date. Returnsa IfRange object.

0.7 新版功能.

  • werkzeug.http.parserange_header(_value, make_inclusive=True)
  • Parses a range header into a Rangeobject. If the header is missing or malformed None is returned.ranges is a list of (start,stop) tuples where the ranges arenon-inclusive.

0.7 新版功能.

  • werkzeug.http.parsecontent_range_header(_value, on_update=None)
  • Parses a range header into aContentRange object or None ifparsing is not possible.

0.7 新版功能.

参数:

  • value – a content range header to be parsed.
  • on_update – an optional callable that is called every time a valueon the ContentRangeobject is changed.

Header Utilities

The following utilities operate on HTTP headers well but do not parsethem. They are useful if you’re dealing with conditional responses or ifyou want to proxy arbitrary requests but want to remove WSGI-unsupportedhop-by-hop headers. Also there is a function to create HTTP headerstrings from the parsed data.

  • werkzeug.http.isentity_header(_header)
  • Check if a header is an entity header.

0.5 新版功能.

参数:header – the header to test.返回:True if it’s an entity header, False otherwise.

  • werkzeug.http.ishop_by_hop_header(_header)
  • Check if a header is an HTTP/1.1 “Hop-by-Hop” header.

0.5 新版功能.

参数:header – the header to test.返回:True if it’s an entity header, False otherwise.

  • werkzeug.http.removeentity_headers(_headers, allowed=('expires', 'content-location'))
  • Remove all entity headers from a list or Headers object. Thisoperation works in-place. Expires and Content-Location headers areby default not removed. The reason for this is RFC 2616 section10.3.5 which specifies some entity headers that should be sent.

在 0.5 版更改: added allowed parameter.

参数:

  • headers – a list or Headers object.
  • allowed – a list of headers that should still be allowed even thoughthey are entity headers.
  • werkzeug.http.removehop_by_hop_headers(_headers)
  • Remove all HTTP/1.1 “Hop-by-Hop” headers from a list orHeaders object. This operation works in-place.

0.5 新版功能.

参数:headers – a list or Headers object.

  • werkzeug.http.isbyte_range_valid(_start, stop, length)
  • Checks if a given byte content range is valid for the given length.

0.7 新版功能.

  • werkzeug.http.quoteheader_value(_value, extra_chars='', allow_token=True)
  • Quote a header value if necessary.

0.5 新版功能.

参数:

  • value – the value to quote.
  • extra_chars – a list of extra characters to skip quoting.
  • allow_token – if this is enabled token values are returnedunchanged.
  • werkzeug.http.unquoteheader_value(_value, is_filename=False)
  • Unquotes a header value. (Reversal of quote_header_value()).This does not use the real unquoting but what browsers are actuallyusing for quoting.

0.5 新版功能.

参数:value – the header value to unquote.

  1. >>> dump_header({'foo': 'bar baz'})
  2. 'foo="bar baz"'
  3. >>> dump_header(('foo', 'bar baz'))
  4. 'foo, "bar baz"'

参数:

  • iterable – the iterable or dict of values to quote.
  • allow_token – if set to False tokens as values are disallowed.See quote_header_value() for more details.

Cookies

  • werkzeug.http.parsecookie(_header, charset='utf-8', errors='replace', cls=None)
  • Parse a cookie. Either from a string or WSGI environ.

Per default encoding errors are ignored. If you want a different behavioryou can set errors to 'replace' or 'strict'. In strict mode aHTTPUnicodeError is raised.

在 0.5 版更改: This function now returns a TypeConversionDict instead of aregular dict. The cls parameter was added.

参数:

  • header – the header to be used to parse the cookie. Alternativelythis can be a WSGI environment.
  • charset – the charset for the cookie values.
  • errors – the error behavior for the charset decoding.
  • cls – an optional dict class to use. If this is not specifiedor None the default TypeConversionDict isused.
  • werkzeug.http.dumpcookie(_key, value='', max_age=None, expires=None, path='/', domain=None, secure=False, httponly=False, charset='utf-8', sync_expires=True)
  • Creates a new Set-Cookie header without the Set-Cookie prefixThe parameters are the same as in the cookie Morsel object in thePython standard library but it accepts unicode data, too.

On Python 3 the return value of this function will be a unicodestring, on Python 2 it will be a native string. In both cases thereturn value is usually restricted to ascii as the vast majority ofvalues are properly escaped, but that is no guarantee. If a unicodestring is returned it’s tunneled through latin1 as required byPEP 3333.

The return value is not ASCII safe if the key contains unicodecharacters. This is technically against the specification buthappens in the wild. It’s strongly recommended to not usenon-ASCII values for the keys.

参数:

  • max_age – should be a number of seconds, or None (default) ifthe cookie should last only as long as the client’sbrowser session. Additionally timedelta objectsare accepted, too.
  • expires – should be a datetime object or unix timestamp.
  • path – limits the cookie to a given path, per default it willspan the whole domain.
  • domain – Use this if you want to set a cross-domain cookie. Forexample, domain=".example.com" will set a cookiethat is readable by the domain www.example.com,foo.example.com etc. Otherwise, a cookie will onlybe readable by the domain that set it.
  • secure – The cookie will only be available via HTTPS
  • httponly – disallow JavaScript to access the cookie. This is anextension to the cookie standard and probably notsupported by all browsers.
  • charset – the encoding for unicode values.
  • sync_expires – automatically set expires if max_age is definedbut expires not.

Conditional Response Helpers

For conditional responses the following functions might be useful:

  • werkzeug.http.parseetags(_value)
  • Parse an etag header.

参数:value – the tag header to parse返回:an ETags object.

  • werkzeug.http.quoteetag(_etag, weak=False)
  • Quote an etag.

参数:

  • etag – the etag to quote.
  • weak – set to True to tag it “weak”.
  • werkzeug.http.unquoteetag(_etag)
  • Unquote a single etag:
  1. >>> unquote_etag('w/"bar"')
  2. ('bar', True)
  3. >>> unquote_etag('"bar"')
  4. ('bar', False)

参数:etag – the etag identifier to unquote.返回:a (etag,weak) tuple.

  • werkzeug.http.generateetag(_data)
  • Generate an etag for some data.
  • werkzeug.http.isresource_modified(_environ, etag=None, data=None, last_modified=None)
  • Convenience method for conditional requests.

参数:

  • environ – the WSGI environment of the request to be checked.
  • etag – the etag for the response for comparison.
  • data – or alternatively the data of the response to automaticallygenerate an etag using generate_etag().
  • last_modified – an optional date of the last modification.返回:True if the resource was modified, otherwise False.

Constants

  • werkzeug.http.HTTP_STATUS_CODES
  • A dict of status code -> default status message pairs. This is usedby the wrappers and other places where an integer status code is expandedto a string throughout Werkzeug.

Form Data Parsing

Werkzeug provides the form parsing functions separately from the requestobject so that you can access form data from a plain WSGI environment.

The following formats are currently supported by the form data parser:

  • application/x-www-form-urlencoded
  • multipart/form-data

Nested multipart is not currently supported (Werkzeug 0.9), but it isn’t usedby any of the modern web browsers.

Usage example:

  1. >>> from cStringIO import StringIO
  2. >>> data = '--foo\r\nContent-Disposition: form-data; name="test"\r\n' \
  3. ... '\r\nHello World!\r\n--foo--'
  4. >>> environ = {'wsgi.input': StringIO(data), 'CONTENT_LENGTH': str(len(data)),
  5. ... 'CONTENT_TYPE': 'multipart/form-data; boundary=foo',
  6. ... 'REQUEST_METHOD': 'POST'}
  7. >>> stream, form, files = parse_form_data(environ)
  8. >>> stream.read()
  9. ''
  10. >>> form['test']
  11. u'Hello World!'
  12. >>> not files
  13. True

Normally the WSGI environment is provided by the WSGI gateway with theincoming data as part of it. If you want to generate such fake-WSGIenvironments for unittesting you might want to use thecreate_environ() function or the EnvironBuilder instead.

  • class _werkzeug.formparser.FormDataParser(_stream_factory=None, charset='utf-8', errors='replace', max_form_memory_size=None, max_content_length=None, cls=None, silent=True)
  • This class implements parsing of form data for Werkzeug. By itselfit can parse multipart and url encoded form data. It can be subclassedand extended but for most mimetypes it is a better idea to use theuntouched stream and expose it as separate attributes on a requestobject.

0.8 新版功能.

参数:

  • stream_factory – An optional callable that returns a new read andwriteable file descriptor. This callable worksthe same as _get_file_stream().
  • charset – The character set for URL and url encoded form data.
  • errors – The encoding error behavior.
  • max_form_memory_size – the maximum number of bytes to be accepted forin-memory stored form data. If the dataexceeds the value specified anRequestEntityTooLargeexception is raised.
  • max_content_length – If this is provided and the transmitted datais longer than this value anRequestEntityTooLargeexception is raised.
  • cls – an optional dict class to use. If this is not specifiedor None the default MultiDict is used.
  • silent – If set to False parsing errors will not be caught.
  • werkzeug.formparser.parseform_data(_environ, stream_factory=None, charset='utf-8', errors='replace', max_form_memory_size=None, max_content_length=None, cls=None, silent=True)
  • Parse the form data in the environ and return it as tuple in the form(stream,form,files). You should only call this method if thetransport method is POST, PUT, or PATCH.

If the mimetype of the data transmitted is multipart/form-data thefiles multidict will be filled with FileStorage objects. If themimetype is unknown the input stream is wrapped and returned as firstargument, else the stream is empty.

This is a shortcut for the common usage of FormDataParser.

Have a look at Dealing with Request Data for more details.

0.5 新版功能: The max_form_memory_size, max_content_length andcls parameters were added.

0.5.1 新版功能: The optional silent flag was added.

参数:

  • environ – the WSGI environment to be used for parsing.
  • stream_factory – An optional callable that returns a new read andwriteable file descriptor. This callable worksthe same as _get_file_stream().
  • charset – The character set for URL and url encoded form data.
  • errors – The encoding error behavior.
  • max_form_memory_size – the maximum number of bytes to be accepted forin-memory stored form data. If the dataexceeds the value specified anRequestEntityTooLargeexception is raised.
  • max_content_length – If this is provided and the transmitted datais longer than this value anRequestEntityTooLargeexception is raised.
  • cls – an optional dict class to use. If this is not specifiedor None the default MultiDict is used.
  • silent – If set to False parsing errors will not be caught.返回:A tuple in the form (stream,form,files).
  • werkzeug.formparser.parsemultipart_headers(_iterable)
  • Parses multipart headers from an iterable that yields lines (includingthe trailing newline symbol). The iterable has to be newline terminated.

The iterable will stop at the line where the headers ended so it can befurther consumed.

参数:iterable – iterable of strings that are newline terminated