Django uses request and response objects to pass state through the system.
When a page is requested, Django creates an HttpRequest object that contains metadata about the request. Then Django loads the appropriate view, passing the HttpRequest as the first argument to the view function. Each view is responsible for returning an HttpResponse object.
This document explains the APIs for HttpRequest and HttpResponse objects.
All attributes except session should be considered read-only.
A string representing the full path to the requested page, not including the domain.
Example: "/music/bands/the_beatles/"
A string representing the HTTP method used in the request. This is guaranteed to be uppercase. Example:
if request.method == 'GET':
do_something()
elif request.method == 'POST':
do_something_else()
A string representing the current encoding used to decode form submission data (or None, which means the DEFAULT_CHARSET setting is used). You can write to this attribute to change the encoding used when accessing the form data. Any subsequent attribute accesses (such as reading from GET or POST) will use the new encoding value. Useful if you know the form data is not in the DEFAULT_CHARSET encoding.
A dictionary-like object containing all given HTTP POST parameters. See the QueryDict documentation below.
It's possible that a request can come in via POST with an empty POST dictionary -- if, say, a form is requested via the POST HTTP method but does not include form data. Therefore, you shouldn't use if request.POST to check for use of the POST method; instead, use if request.method == "POST" (see above).
Note: POST does not include file-upload information. See FILES.
For convenience, a dictionary-like object that searches POST first, then GET. Inspired by PHP's $_REQUEST.
For example, if GET = {"name": "john"} and POST = {"age": '34'}, REQUEST["name"] would be "john", and REQUEST["age"] would be "34".
It's strongly suggested that you use GET and POST instead of REQUEST, because the former are more explicit.
A dictionary-like object containing all uploaded files. Each key in FILES is the name from the <input type="file" name="" />. Each value in FILES is an UploadedFile object containing the following attributes:
See Managing files for more information.
Note that FILES will only contain data if the request method was POST and the <form> that posted to the request had enctype="multipart/form-data". Otherwise, FILES will be a blank dictionary-like object.
In previous versions of Django, request.FILES contained simple dict objects representing uploaded files. This is no longer true -- files are represented by UploadedFile objects as described below.
These UploadedFile objects will emulate the old-style dict interface, but this is deprecated and will be removed in the next release of Django.
A standard Python dictionary containing all available HTTP headers. Available headers depend on the client and server, but here are some examples:
With the exception of CONTENT_LENGTH and CONTENT_TYPE, as given above, any HTTP headers in the request are converted to META keys by converting all characters to uppercase, replacing any hyphens with underscores and adding an HTTP_ prefix to the name. So, for example, a header called X-Bender would be mapped to the META key HTTP_X_BENDER.
A django.contrib.auth.models.User object representing the currently logged-in user. If the user isn't currently logged in, user will be set to an instance of django.contrib.auth.models.AnonymousUser. You can tell them apart with is_authenticated(), like so:
if request.user.is_authenticated():
# Do something for logged-in users.
else:
# Do something for anonymous users.
user is only available if your Django installation has the AuthenticationMiddleware activated. For more, see User authentication in Django.
Returns the originating host of the request using information from the HTTP_X_FORWARDED_HOST and HTTP_HOST headers (in that order). If they don't provide a value, the method uses a combination of SERVER_NAME and SERVER_PORT as detailed in PEP 333.
Example: "127.0.0.1:8000"
Returns the path, plus an appended query string, if applicable.
Example: "/music/bands/the_beatles/?print=true"
Returns the absolute URI form of location. If no location is provided, the location will be set to request.get_full_path().
If the location is already an absolute URI, it will not be altered. Otherwise the absolute URI is built using the server variables available in this request.
Example: "http://example.com/music/bands/the_beatles/?print=true"
Returns True if the request was made via an XMLHttpRequest, by checking the HTTP_X_REQUESTED_WITH header for the string 'XMLHttpRequest'. Most modern JavaScript libraries send this header. If you write your own XMLHttpRequest call (on the browser side), you'll have to set this header manually if you want is_ajax() to work.
In an HttpRequest object, the GET and POST attributes are instances of django.http.QueryDict. QueryDict is a dictionary-like class customized to deal with multiple values for the same key. This is necessary because some HTML form elements, notably <select multiple="multiple">, pass multiple values for the same key.
QueryDict instances are immutable, unless you create a copy() of them. That means you can't change attributes of request.POST and request.GET directly.
QueryDict implements all the standard dictionary methods, because it's a subclass of dictionary. Exceptions are outlined here:
Takes either a QueryDict or standard dictionary. Just like the standard dictionary update() method, except it appends to the current dictionary items rather than replacing them. For example:
>>> q = QueryDict('a=1')
>>> q = q.copy() # to make it mutable
>>> q.update({'a': '2'})
>>> q.getlist('a')
[u'1', u'2']
>>> q['a'] # returns the last
[u'2']
Just like the standard dictionary items() method, except this uses the same last-value logic as __getitem()__. For example:
>>> q = QueryDict('a=1&a=2&a=3')
>>> q.items()
[(u'a', u'3')]
Just like the standard dictionary values() method, except this uses the same last-value logic as __getitem()__. For example:
>>> q = QueryDict('a=1&a=2&a=3')
>>> q.values()
[u'3']
In addition, QueryDict has the following methods:
Like items(), except it includes all values, as a list, for each member of the dictionary. For example:
>>> q = QueryDict('a=1&a=2&a=3')
>>> q.lists()
[(u'a', [u'1', u'2', u'3'])]
In contrast to HttpRequest objects, which are created automatically by Django, HttpResponse objects are your responsibility. Each view you write is responsible for instantiating, populating and returning an HttpResponse.
The HttpResponse class lives in the django.http module.
Typical usage is to pass the contents of the page, as a string, to the HttpResponse constructor:
>>> response = HttpResponse("Here's the text of the Web page.")
>>> response = HttpResponse("Text only, please.", mimetype="text/plain")
But if you want to add content incrementally, you can use response as a file-like object:
>>> response = HttpResponse()
>>> response.write("<p>Here's the text of the Web page.</p>")
>>> response.write("<p>Here's another paragraph.</p>")
You can add and delete headers using dictionary syntax:
>>> response = HttpResponse()
>>> response['X-DJANGO'] = "It's the best."
>>> del response['X-PHP']
>>> response['X-DJANGO']
"It's the best."
Note that del doesn't raise KeyError if the header doesn't exist.
Finally, you can pass HttpResponse an iterator rather than passing it hard-coded strings. If you use this technique, follow these guidelines:
To set a header in your response, just treat it like a dictionary:
>>> response = HttpResponse()
>>> response['Cache-Control'] = 'no-cache'
HTTP headers cannot contain newlines. An attempt to set a header containing a newline character (CR or LF) will raise BadHeaderError
To tell the browser to treat the response as a file attachment, use the mimetype argument and set the Content-Disposition header. For example, this is how you might return a Microsoft Excel spreadsheet:
>>> response = HttpResponse(my_data, mimetype='application/vnd.ms-excel')
>>> response['Content-Disposition'] = 'attachment; filename=foo.xls'
There's nothing Django-specific about the Content-Disposition header, but it's easy to forget the syntax, so we've included it here.
Instantiates an HttpResponse object with the given page content (a string) and MIME type. The DEFAULT_CONTENT_TYPE is 'text/html'.
content can be an iterator or a string. If it's an iterator, it should return strings, and those strings will be joined together to form the content of the response.
status is the HTTP Status code for the response.
content_type is an alias for mimetype. Historically, this parameter was only called mimetype, but since this is actually the value included in the HTTP Content-Type header, it can also include the character set encoding, which makes it more than just a MIME type specification. If mimetype is specified (not None), that value is used. Otherwise, content_type is used. If neither is given, the DEFAULT_CONTENT_TYPE setting is used.
Sets a cookie. The parameters are the same as in the cookie Morsel object in the Python standard library.
Deletes the cookie with the given key. Fails silently if the key doesn't exist.
Due to the way cookies work, path and domain should be the same values you used in set_cookie() -- otherwise the cookie may not be deleted.
Django includes a number of HttpResponse subclasses that handle different types of HTTP responses. Like HttpResponse, these subclasses live in django.http.
Acts just like HttpResponse but uses a 400 status code.
Jul 05, 2010