Inherited by tornado.test.auth_test.GoogleOpenIdClientLoginHandler, tornado.test.auth_test.OAuth1ClientLoginHandler, tornado.test.auth_test.OAuth1ClientRequestParametersHandler, tornado.test.auth_test.OAuth1ServerAccessTokenHandler, tornado.test.auth_test.OAuth1ServerRequestTokenHandler, tornado.test.auth_test.OAuth2ClientLoginHandler, tornado.test.auth_test.OpenIdClientLoginHandler, tornado.test.auth_test.OpenIdServerAuthenticateHandler, tornado.test.auth_test.TwitterClientHandler, tornado.test.auth_test.TwitterServerAccessTokenHandler, tornado.test.auth_test.TwitterServerShowUserHandler, tornado.test.auth_test.TwitterServerVerifyCredentialsHandler, tornado.test.iostream_test.HelloHandler, tornado.test.simple_httpclient_test.ContentLengthHandler, tornado.test.simple_httpclient_test.EchoPostHandler, tornado.test.simple_httpclient_test.HangHandler, tornado.test.simple_httpclient_test.HeadHandler, tornado.test.simple_httpclient_test.HostEchoHandler, tornado.test.simple_httpclient_test.NoContentHandler, tornado.test.simple_httpclient_test.NoContentLengthHandler, tornado.test.simple_httpclient_test.OptionsHandler, tornado.test.simple_httpclient_test.RespondInPrepareHandler, tornado.test.simple_httpclient_test.SeeOtherGetHandler, tornado.test.simple_httpclient_test.SeeOtherPostHandler, tornado.test.simple_httpclient_test.TriggerHandler, tornado::test::web_test.AllHTTPMethodsTest::Handler, tornado.test.web_test.AuthRedirectRequestHandler, tornado::test::web_test.ClearAllCookiesTest::Handler, tornado::test::web_test.ClearHeaderTest::Handler, tornado::test::web_test.ClientCloseTest::Handler, tornado.test.web_test.ConnectionCloseHandler, tornado.test.web_test.CookieTestRequestHandler, tornado::test::web_test.DateHeaderTest::Handler, tornado.test.web_test.DecodeArgHandler, tornado.test.web_test.EchoHandler, tornado.test.web_test.EmptyFlushCallbackHandler, tornado::test::web_test.ExceptionHandlerTest::Handler, tornado::test::web_test.FinishExceptionTest::Handler, tornado::test::web_test.FinishInPrepareTest::Handler, tornado.test.web_test.FlowControlHandler, tornado::test::web_test.GetArgumentErrorTest::Handler, tornado.test.web_test.GetArgumentHandler, tornado.test.web_test.GetArgumentsHandler, tornado::test::web_test.GzipTestCase::Handler, tornado::test::web_test.Header304Test::Handler, tornado.test.web_test.HeaderInjectionHandler, tornado.test.web_test.HelloHandler, tornado::test::web_test.HostMatchingTest::Handler, tornado.test.web_test.LinkifyHandler, tornado.test.web_test.MultiHeaderHandler, tornado::test::web_test.MultipleExceptionTest::Handler, tornado.test.web_test.OptionalPathHandler, tornado::test::web_test.PatchMethodTest::Handler, tornado::test::web_test.PathArgsInPrepareTest::Handler, tornado::test::web_test.RaiseWithReasonTest::Handler, tornado.test.web_test.RedirectHandler, tornado::test::web_test.SetCurrentUserTest::Handler, tornado::test::web_test.StatusReasonTest::Handler, tornado.test.web_test.TypeCheckHandler, tornado::test::web_test.UIMethodUIModuleTest::Handler, tornado.test.web_test.UIModuleResourceHandler, tornado::test::web_test.UnimplementedHTTPMethodsTest::Handler, tornado::test::web_test.UnimplementedNonStandardMethodsTest::Handler, tornado::test::web_test.XSRFTest::Handler, tornado.web.ErrorHandler, tornado.web.FallbackHandler, tornado.web.RedirectHandler, tornado.web.StaticFileHandler, and tornado.websocket.WebSocketHandler.
List of all members.
Detailed Description
Subclass this class and define `get()` or `post()` to make a handler.
If you want to support more methods than the standard GET/HEAD/POST, you
should override the class variable ``SUPPORTED_METHODS`` in your
`RequestHandler` subclass.
Definition at line 142 of file web.py.
Constructor & Destructor Documentation
Member Function Documentation
Convert a cookie string into a the tuple form returned by
_get_raw_xsrf_token.
Definition at line 1114 of file web.py.
Executes this request with the given output transforms.
Definition at line 1294 of file web.py.
Read or generate the xsrf token in its raw form.
The raw_xsrf_token is a tuple containing:
* version: the version of the cookie from which this token was read,
or None if we generated a new token in this request.
* token: the raw token data; random (non-ascii) bytes.
* timestamp: the time this token was generated (will not be accurate
for version 1 cookies)
Definition at line 1090 of file web.py.
Logs the current request.
Sort of deprecated since this functionality was moved to the
Application, but left in place for the benefit of existing apps
that have overridden this method.
Definition at line 1355 of file web.py.
Adds the given response header and value.
Unlike `set_header`, `add_header` may be called multiple times
to return multiple values for the same header.
Definition at line 327 of file web.py.
Checks the ``Etag`` header against requests's ``If-None-Match``.
Returns ``True`` if the request's Etag matches and a 304 should be
returned. For example::
self.set_etag_header()
if self.check_etag_header():
self.set_status(304)
return
This method is called automatically when the request is finished,
but may be called earlier for applications that override
`compute_etag` and want to do an early check for ``If-None-Match``
before completing the request. The ``Etag`` header should be set
(perhaps with `set_etag_header`) before calling this method.
Definition at line 1261 of file web.py.
Verifies that the ``_xsrf`` cookie matches the ``_xsrf`` argument.
To prevent cross-site request forgery, we set an ``_xsrf``
cookie and include the same value as a non-cookie
field with all ``POST`` requests. If the two do not match, we
reject the form submission as a potential forgery.
The ``_xsrf`` value may be set as either a form field named ``_xsrf``
or in a custom HTTP header named ``X-XSRFToken`` or ``X-CSRFToken``
(the latter is accepted for compatibility with Django).
See http://en.wikipedia.org/wiki/Cross-site_request_forgery
Prior to release 1.1.1, this check was ignored if the HTTP header
``X-Requested-With: XMLHTTPRequest`` was present. This exception
has been shown to be insecure and has been removed. For more
information please see
http://www.djangoproject.com/weblog/2011/feb/08/security/
http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails
.. versionchanged:: 3.2.2
Added support for cookie version 2. Both versions 1 and 2 are
supported.
Reimplemented in tornado.web.ErrorHandler.
Definition at line 1141 of file web.py.
Resets all headers and content for this response.
Definition at line 274 of file web.py.
Deletes all the cookies the user sent with this request.
See `clear_cookie` for more information on the path and domain
parameters.
.. versionchanged:: 3.2
Added the ``path`` and ``domain`` parameters.
Definition at line 542 of file web.py.
Deletes the cookie with the given name.
Due to limitations of the cookie protocol, you must pass the same
path and domain to clear a cookie as were used when that cookie
was set (but there is no way to find out on the server side
which values were used for a given cookie).
Definition at line 530 of file web.py.
Clears an outgoing header, undoing a previous `set_header` call.
Note that this method does not apply to multi-valued headers
set by `add_header`.
Definition at line 335 of file web.py.
Computes the etag header to be used for this request.
By default uses a hash of the content written so far.
May be overridden to provide custom etag implementations,
or may return None to disable tornado's default etag support.
Reimplemented in tornado.web.StaticFileHandler.
Definition at line 1237 of file web.py.
An alias for `self.request.cookies <.httputil.HTTPServerRequest.cookies>`.
Definition at line 485 of file web.py.
Signs and timestamps a string so it cannot be forged.
Normally used via set_secure_cookie, but provided as a separate
method for non-cookie uses. To decode a value not stored
as a cookie use the optional value argument to get_secure_cookie.
.. versionchanged:: 3.2.1
Added the ``version`` argument. Introduced cookie version 2
and made it the default.
Definition at line 581 of file web.py.
Returns a new template loader for the given path.
May be overridden by subclasses. By default returns a
directory-based loader on the given path, using the
``autoescape`` application setting. If a ``template_loader``
application setting is supplied, uses that instead.
Definition at line 796 of file web.py.
The authenticated user for this request.
This is a cached version of `get_current_user`, which you can
override to set the user based on, e.g., a cookie. If that
method is not overridden, this method always returns None.
We lazy-load the current user the first time this method is called
and cache the result after that.
Definition at line 1011 of file web.py.
Implement this method to handle streamed request data.
Requires the `.stream_request_body` decorator.
Definition at line 1348 of file web.py.
Decodes an argument from the request.
The argument has been percent-decoded and is now a byte string.
By default, this method decodes the argument as utf-8 and returns
a unicode string, but this may be overridden in subclasses.
This method is used as a filter for both `get_argument()` and for
values extracted from the url and passed to `get()`/`post()`/etc.
The name of the argument is provided if known, but may be None
(e.g. for unnamed groups in the url regex).
Reimplemented in tornado.test.web_test.DecodeArgHandler.
Definition at line 465 of file web.py.
Finishes this response, ending the HTTP request.
Definition at line 861 of file web.py.
Flushes the current output buffer to the network.
The ``callback`` argument, if given, can be used for flow control:
it will be run when all flushed data has been written to the socket.
Note that only one flush callback can be outstanding at a time;
if another flush occurs before the previous flush's callback
has been run, the previous callback will be discarded.
.. versionchanged:: 4.0
Now returns a `.Future` if no callback is given.
Definition at line 814 of file web.py.
Returns the value of the argument with the given name.
If default is not provided, the argument is considered to be
required, and we raise a `MissingArgumentError` if it is missing.
If the argument appears in the url more than once, we return the
last value.
The returned value is always unicode.
Definition at line 368 of file web.py.
Returns a list of the arguments with the given name.
If the argument is not present, returns an empty list.
The returned values are always unicode.
Definition at line 381 of file web.py.
Returns the value of the argument with the given name
from the request body.
If default is not provided, the argument is considered to be
required, and we raise a `MissingArgumentError` if it is missing.
If the argument appears in the url more than once, we return the
last value.
The returned value is always unicode.
.. versionadded:: 3.2
Definition at line 390 of file web.py.
Returns a list of the body arguments with the given name.
If the argument is not present, returns an empty list.
The returned values are always unicode.
.. versionadded:: 3.2
Definition at line 406 of file web.py.
Determines the user's locale from ``Accept-Language`` header.
See http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.4
Definition at line 986 of file web.py.
Gets the value of the cookie with the given name, else default.
Definition at line 489 of file web.py.
Override to determine the current user from, e.g., a cookie.
Definition at line 1029 of file web.py.
Returns the value of the argument with the given name
from the request query string.
If default is not provided, the argument is considered to be
required, and we raise a `MissingArgumentError` if it is missing.
If the argument appears in the url more than once, we return the
last value.
The returned value is always unicode.
.. versionadded:: 3.2
Definition at line 417 of file web.py.
Returns a list of the query arguments with the given name.
If the argument is not present, returns an empty list.
The returned values are always unicode.
.. versionadded:: 3.2
Definition at line 433 of file web.py.
Returns the given signed cookie if it validates, or None.
The decoded cookie value is returned as a byte string (unlike
`get_cookie`).
.. versionchanged:: 3.2.1
Added the ``min_version`` argument. Introduced cookie version 2;
both versions 1 and 2 are accepted by default.
Definition at line 597 of file web.py.
Returns the status code for our response.
Definition at line 314 of file web.py.
Returns a dictionary to be used as the default template namespace.
May be overridden by subclasses to add or modify values.
The results of this method will be combined with additional
defaults in the `tornado.template` module and keyword arguments
to `render` or `render_string`.
Definition at line 774 of file web.py.
Override to customize template path for each handler.
By default, we use the ``template_path`` application setting.
Return None to load templates relative to the calling file.
Definition at line 1041 of file web.py.
Override to determine the locale from the authenticated user.
If None is returned, we fall back to `get_browser_locale()`.
This method should return a `tornado.locale.Locale` object,
most likely obtained via a call like ``tornado.locale.get("en")``
Definition at line 976 of file web.py.
Hook for subclass initialization.
A dictionary passed as the third argument of a url spec will be
supplied as keyword arguments to initialize().
Example::
class ProfileHandler(RequestHandler):
def initialize(self, database):
self.database = database
def get(self, username):
...
app = Application([
(r'/user/(.*)', ProfileHandler, dict(database=database)),
])
Definition at line 182 of file web.py.
The local for the current session.
Determined by either `get_user_locale`, which you can override to
set the locale based on, e.g., a user preference stored in a
database, or `get_browser_locale`, which uses the ``Accept-Language``
header.
Definition at line 961 of file web.py.
Called in async handlers if the client closed the connection.
Override this to clean up resources associated with
long-lived connections. Note that this method is called only if
the connection was closed during asynchronous processing; if you
need to do cleanup after every request override `on_finish`
instead.
Proxies may keep a connection open for a time (perhaps
indefinitely) after the client has gone away, so this method
may not be called promptly after the end user closes their
connection.
Reimplemented in tornado.websocket.WebSocketHandler, and tornado.test.web_test.ConnectionCloseHandler.
Definition at line 256 of file web.py.
Called after the end of a request.
Override this method to perform cleanup, logging, etc.
This method is a counterpart to `prepare`. ``on_finish`` may
not produce any output, as it is called after the response
has been sent to the client.
Definition at line 246 of file web.py.
Sends a redirect to the given (optionally relative) URL.
If the ``status`` argument is specified, that value is used as the
HTTP status code; otherwise either 301 (permanent) or 302
(temporary) is chosen based on the ``permanent`` argument.
The default is 302 (temporary).
Definition at line 616 of file web.py.
Renders the template with the given arguments as the response.
Definition at line 663 of file web.py.
Generate the given template with the given arguments.
We return the generated byte string (in utf8). To generate and
write a template as a response, use render() above.
Definition at line 749 of file web.py.
Raises an exception if the given app setting is not defined.
Definition at line 1227 of file web.py.
Alias for `Application.reverse_url`.
Definition at line 1233 of file web.py.
Sends the given HTTP error code to the browser.
If `flush()` has already been called, it is not possible to send
an error, so this method will simply terminate the response.
If output has been written but not yet flushed, it will be discarded
and replaced with the error page.
Override `write_error()` to customize the error page that is returned.
Additional keyword arguments are passed through to `write_error`.
Definition at line 904 of file web.py.
Sets the given cookie name/value with the given options.
Additional keyword arguments are set on the Cookie.Morsel
directly.
See http://docs.python.org/library/cookie.html#morsel-objects
for available attributes.
Definition at line 495 of file web.py.
Override this to set HTTP headers at the beginning of the request.
For example, this is the place to set a custom ``Server`` header.
Note that setting such headers in the normal flow of request
processing may not do what you want, since headers may be reset
during error handling.
Definition at line 286 of file web.py.
Sets the response's Etag header using ``self.compute_etag()``.
Note: no header will be set if ``compute_etag()`` returns ``None``.
This method is called automatically when the request is finished.
Definition at line 1250 of file web.py.
Sets the given response header name and value.
If a datetime is given, we automatically format it according to the
HTTP specification. If the value is not a string, we convert it to
a string. All header values are then encoded as UTF-8.
Definition at line 318 of file web.py.
Signs and timestamps a cookie so it cannot be forged.
You must specify the ``cookie_secret`` setting in your Application
to use this method. It should be a long, random sequence of bytes
to be used as the HMAC secret for the signature.
To read a cookie set with this method, use `get_secure_cookie()`.
Note that the ``expires_days`` parameter sets the lifetime of the
cookie in the browser, but is independent of the ``max_age_days``
parameter to `get_secure_cookie`.
Secure cookies may contain arbitrary byte values, not just unicode
strings (unlike regular cookies)
.. versionchanged:: 3.2.1
Added the ``version`` argument. Introduced cookie version 2
and made it the default.
Definition at line 555 of file web.py.
Sets the status code for our response.
:arg int status_code: Response status code. If ``reason`` is ``None``,
it must be present in `httplib.responses <http.client.responses>`.
:arg string reason: Human-readable reason phrase describing the status
code. If ``None``, it will be filled in from
`httplib.responses <http.client.responses>`.
Definition at line 296 of file web.py.
An alias for `self.application.settings <Application.settings>`.
Definition at line 204 of file web.py.
Returns a static URL for the given relative static file path.
This method requires you set the ``static_path`` setting in your
application (which specifies the root directory of your static
files).
This method returns a versioned url (by default appending
``?v=<signature>``), which allows the static files to be
cached indefinitely. This can be disabled by passing
``include_version=False`` (in the default implementation;
other static file implementations are not required to support
this, but they may support other options).
By default this method returns URLs relative to the current
host, but if ``include_host`` is true the URL returned will be
absolute. If this handler has an ``include_host`` attribute,
that value will be used as the default for all `static_url`
calls that do not pass ``include_host`` as a keyword argument.
Definition at line 1192 of file web.py.
Writes the given chunk to the output buffer.
To write the output to the network, use the flush() method below.
If the given chunk is a dictionary, we write it as JSON and set
the Content-Type of the response to be ``application/json``.
(if you want to send JSON as a different ``Content-Type``, call
set_header *after* calling write()).
Note that lists are not converted to JSON because of a potential
cross-site security vulnerability. All JSON output should be
wrapped in a dictionary. More details at
http://haacked.com/archive/2009/06/25/json-hijacking.aspx/ and
https://github.com/facebook/tornado/issues/1009
Definition at line 635 of file web.py.
Override to implement custom error pages.
``write_error`` may call `write`, `render`, `set_header`, etc
to produce output as usual.
If this error was caused by an uncaught exception (including
HTTPError), an ``exc_info`` triple will be available as
``kwargs["exc_info"]``. Note that this exception may not be
the "current" exception for purposes of methods like
``sys.exc_info()`` or ``traceback.format_exc``.
Reimplemented in tornado::test::web_test.ExceptionHandlerTest::Handler.
Definition at line 935 of file web.py.
An HTML ``<input/>`` element to be included with all POST forms.
It defines the ``_xsrf`` input value, which we check on all POST
requests to prevent cross-site request forgery. If you have set
the ``xsrf_cookies`` application setting, you must include this
HTML within all of your HTML forms.
In a template, this method should be called with ``{% module
xsrf_form_html() %}``
See `check_xsrf_cookie()` above for more information.
Definition at line 1176 of file web.py.
The XSRF-prevention token for the current user/session.
To prevent cross-site request forgery, we set an '_xsrf' cookie
and include the same '_xsrf' value as an argument with all POST
requests. If the two do not match, we reject the form submission
as a potential forgery.
See http://en.wikipedia.org/wiki/Cross-site_request_forgery
.. versionchanged:: 3.2.2
The xsrf token will now be have a random mask applied in every
request, which makes it safe to include the token in pages
that are compressed. See http://breachattack.com for more
information on the issue fixed by this change. Old (version 1)
cookies will be converted to version 2 when this method is called
unless the ``xsrf_cookie_version`` `Application` setting is
set to 1.
Definition at line 1050 of file web.py.
Member Data Documentation
The documentation for this class was generated from the following file: