WebOb
+++++
.. toctree::
reference
modules/webob
modules/dec
modules/static
modules/exceptions
modules/client
differences
file-example
wiki-example
comment-example
jsonrpc-example
do-it-yourself
news
license
.. contents::
.. comment:
>>> from doctest import ELLIPSIS
Status & License
================
WebOb is an extraction and refinement of pieces from `Paste
`_. It is under active development.
Discussion should happen on the `Paste mailing lists
`_, and bugs can go on the `issue tracker
`_. It was originally
written by `Ian Bicking `_, and is being maintained
by the `Pylons Project `.
WebOb is released under an `MIT-style license `_.
WebOb development happens on `GitHub `_.
Development version is installable via `easy_install
webob==dev `__. You
can clone the source code with::
$ git clone https://github.com/Pylons/webob.git
Introduction
============
WebOb provides objects for HTTP requests and responses. Specifically
it does this by wrapping the `WSGI `_ request
environment and response status/headers/app_iter(body).
The request and response objects provide many conveniences for parsing
HTTP request and forming HTTP responses. Both objects are read/write:
as a result, WebOb is also a nice way to create HTTP requests and
parse HTTP responses; however, we won't cover that use case in this
document. The `reference documentation `_ shows many
examples of creating requests.
Request
=======
The request object is a wrapper around the `WSGI environ dictionary
`_. This
dictionary contains keys for each header, keys that describe the
request (including the path and query string), a file-like object for
the request body, and a variety of custom keys. You can always access
the environ with ``req.environ``.
Some of the most important/interesting attributes of a request
object:
``req.method``:
The request method, e.g., ``'GET'``, ``'POST'``
``req.GET``:
A `dictionary-like object`_ with all the variables in the query
string.
``req.POST``:
A `dictionary-like object`_ with all the variables in the request
body. This only has variables if the request was a ``POST`` and
it is a form submission.
``req.params``:
A `dictionary-like object`_ with a combination of everything in
``req.GET`` and ``req.POST``.
``req.body``:
The contents of the body of the request. This contains the entire
request body as a string. This is useful when the request is a
``POST`` that is *not* a form submission, or a request like a
``PUT``. You can also get ``req.body_file`` for a file-like
object.
``req.cookies``:
A simple dictionary of all the cookies.
``req.headers``:
A dictionary of all the headers. This is dictionary is case-insensitive.
``req.urlvars`` and ``req.urlargs``:
``req.urlvars`` is the keyword parameters associated with the
request URL. ``req.urlargs`` are the positional parameters.
These are set by products like `Routes
`_ and `Selector
`_.
.. _`dictionary-like object`: #multidict
Also, for standard HTTP request headers there are usually attributes,
for instance: ``req.accept_language``, ``req.content_length``,
``req.user_agent``, as an example. These properties expose the
*parsed* form of each header, for whatever parsing makes sense. For
instance, ``req.if_modified_since`` returns a `datetime
`_ object
(or None if the header is was not provided). Details are in the
`Request reference `_.
URLs
----
In addition to these attributes, there are several ways to get the URL
of the request. I'll show various values for an example URL
``http://localhost/app-root/doc?article_id=10``, where the application
is mounted at ``http://localhost/app-root``.
``req.url``:
The full request URL, with query string, e.g.,
``'http://localhost/app-root/doc?article_id=10'``
``req.application_url``:
The URL of the application (just the SCRIPT_NAME portion of the
path, not PATH_INFO). E.g., ``'http://localhost/app-root'``
``req.host_url``:
The URL with the host, e.g., ``'http://localhost'``
``req.relative_url(url, to_application=False)``:
Gives a URL, relative to the current URL. If ``to_application``
is True, then resolves it relative to ``req.application_url``.
Methods
-------
There are several methods in :class:`webob.Request` but only a few you'll use
often:
``Request.blank(base_url)``:
Creates a new request with blank information, based at the given
URL. This can be useful for subrequests and artificial requests.
You can also use ``req.copy()`` to copy an existing request, or
for subrequests ``req.copy_get()`` which copies the request but
always turns it into a GET (which is safer to share for
subrequests).
``req.get_response(wsgi_application)``:
This method calls the given WSGI application with this request,
and returns a `Response`_ object. You can also use this for
subrequests or testing.
Unicode
-------
Many of the properties in the request object will return unicode
values if the request encoding/charset is provided. The client *can*
indicate the charset with something like ``Content-Type:
application/x-www-form-urlencoded; charset=utf8``, but browsers seldom
set this. You can set the charset with ``req.charset = 'utf8'``, or
during instantiation with ``Request(environ, charset='utf8')``. If
you subclass ``Request`` you can also set ``charset`` as a class-level
attribute.
If it is set, then ``req.POST``, ``req.GET``, ``req.params``, and
``req.cookies`` will contain unicode strings. Each has a
corresponding ``req.str_*`` (like ``req.str_POST``) that is always
``str`` and never unicode.
Response
========
The response object looks a lot like the request object, though with
some differences. The request object wraps a single ``environ``
object; the response object has three fundamental parts (based on
WSGI):
``response.status``:
The response code plus message, like ``'200 OK'``. To set the
code without the reason, use ``response.status_code = 200``.
``response.headerlist``:
A list of all the headers, like ``[('Content-Type',
'text/html')]``. There's a case-insensitive `dictionary-like
object`_ in ``response.headers`` that also allows you to access
these same headers.
``response.app_iter``:
An iterable (such as a list or generator) that will produce the
content of the response. This is also accessible as
``response.body`` (a string), ``response.unicode_body`` (a
unicode object, informed by ``response.charset``), and
``response.body_file`` (a file-like object; writing to it appends
to ``app_iter``).
Everything else in the object derives from this underlying state.
Here's the highlights:
``response.content_type``:
The content type *not* including the ``charset`` parameter.
Typical use: ``response.content_type = 'text/html'``. You can
subclass ``Response`` and add a class-level attribute
``default_content_type`` to set this automatically on
instantiation.
``response.charset``:
The ``charset`` parameter of the content-type, it also informs
encoding in ``response.unicode_body``.
``response.content_type_params`` is a dictionary of all the
parameters.
``response.request``:
This optional attribute can point to the request object associated
with this response object.
``response.set_cookie(key, value, max_age=None, path='/', domain=None, secure=None, httponly=False, version=None, comment=None)``:
Set a cookie. The keyword arguments control the various cookie
parameters. The ``max_age`` argument is the length for the cookie
to live in seconds (you may also use a timedelta object). The
`Expires`` key will also be set based on the value of ``max_age``.
``response.delete_cookie(key, path='/', domain=None)``:
Delete a cookie from the client. This sets ``max_age`` to 0 and
the cookie value to ``''``.
``response.cache_expires(seconds=0)``:
This makes this response cachable for the given number of seconds,
or if ``seconds`` is 0 then the response is uncacheable (this also
sets the ``Expires`` header).
``response(environ, start_response)``: The response object is a WSGI
application. As an application, it acts according to how you
create it. It *can* do conditional responses if you pass
``conditional_response=True`` when instantiating (or set that
attribute later). It can also do HEAD and Range requests.
Headers
-------
Like the request, most HTTP response headers are available as
properties. These are parsed, so you can do things like
``response.last_modified = os.path.getmtime(filename)``.
The details are available in the `extracted Response documentation
`_.
Instantiating the Response
--------------------------
Of course most of the time you just want to *make* a response.
Generally any attribute of the response can be passed in as a keyword
argument to the class; e.g.:
.. code-block:: python
response = Response(body='hello world!', content_type='text/plain')
The status defaults to ``'200 OK'``. The content_type does not
default to anything, though if you subclass ``Response`` and set
``default_content_type`` you can override this behavior.
Exceptions
==========
To facilitate error responses like 404 Not Found, the module
``webob.exc`` contains classes for each kind of error response. These
include boring but appropriate error bodies.
Each class is named ``webob.exc.HTTP*``, where ``*`` is the reason for
the error. For instance, ``webob.exc.HTTPNotFound``. It subclasses
``Response``, so you can manipulate the instances in the same way. A
typical example is:
.. code-block:: python
response = HTTPNotFound('There is no such resource')
# or:
response = HTTPMovedPermanently(location=new_url)
You can use this like:
.. code-block:: python
try:
... stuff ...
raise HTTPNotFound('No such resource')
except HTTPException, e:
return e(environ, start_response)
The exceptions are still WSGI applications, but you cannot set
attributes like ``content_type``, ``charset``, etc. on these exception
objects.
Multidict
=========
Several parts of WebOb use a "multidict"; this is a dictionary where a
key can have multiple values. The quintessential example is a query
string like ``?pref=red&pref=blue``; the ``pref`` variable has two
values: ``red`` and ``blue``.
In a multidict, when you do ``request.GET['pref']`` you'll get back
only ``'blue'`` (the last value of ``pref``). Sometimes returning a
string, and sometimes returning a list, is the cause of frequent
exceptions. If you want *all* the values back, use
``request.GET.getall('pref')``. If you want to be sure there is *one
and only one* value, use ``request.GET.getone('pref')``, which will
raise an exception if there is zero or more than one value for
``pref``.
When you use operations like ``request.GET.items()`` you'll get back
something like ``[('pref', 'red'), ('pref', 'blue')]``. All the
key/value pairs will show up. Similarly ``request.GET.keys()``
returns ``['pref', 'pref']``. Multidict is a view on a list of
tuples; all the keys are ordered, and all the values are ordered.
Example
=======
The `file-serving example `_ shows how to do more
advanced HTTP techniques, while the `comment middleware example
`_ shows middleware. For applications it's more
reasonable to use WebOb in the context of a larger framework. `Pylons
`_ uses WebOb in 0.9.7+.
.. meta::
:google-site-verification: 1oDd59jXPaC0wzgPn3g6cFMI-QvEHjkh8-2rlZeXqwc