HTTP Response
Nette encapsulates the HTTP response into objects with a clear API.
The HTTP response is represented by the Nette\Http\Response object. If you are working with Nette,
this object is automatically created by the framework, and you can have it passed to you using dependency injection. In presenters, simply call the
$this->getHttpResponse() method.
→ Installation and requirements
Nette\Http\Response
Unlike Nette\Http\Request, this object is mutable, so you can use setters
to change the state, e.g., to send headers. Remember that all setters must be called before any actual output is sent. The
isSent() method indicates if the output has already been sent. If it returns true, any attempt to send a
header will throw an Nette\InvalidStateException.
setCode (int $code, ?string $reason=null)
Changes the status response code. For better source code readability, it is recommended to use predefined constants instead of actual numbers.
$httpResponse->setCode(Nette\Http\Response::S404_NotFound);
getCode(): int
Returns the status code of the response.
isSent(): bool
Returns whether headers have already been sent from the server to the browser, meaning it is no longer possible to send headers or change the status code.
setHeader (string $name, string $value)
Sends an HTTP header and overwrites a previously sent header of the same name.
$httpResponse->setHeader('Pragma', 'no-cache');
addHeader (string $name, string $value)
Sends an HTTP header and does not overwrite a previously sent header of the same name.
$httpResponse->addHeader('Accept', 'application/json');
$httpResponse->addHeader('Accept', 'application/xml');
deleteHeader (string $name)
Deletes a previously sent HTTP header.
getHeader (string $header): ?string
Returns the sent HTTP header or null if it doesn't exist. The parameter is case-insensitive.
$pragma = $httpResponse->getHeader('Pragma');
getHeaders(): array
Returns all sent HTTP headers as an associative array.
$headers = $httpResponse->getHeaders();
echo $headers['Pragma'];
setContentType (string $type, ?string $charset=null)
Changes the Content-Type header.
$httpResponse->setContentType('text/plain', 'UTF-8');
redirect (string $url, int $code=self::S302_Found): void
Redirects to another URL. Remember to terminate the script afterwards.
$httpResponse->redirect('http://example.com');
exit;
setExpiration (?string $time)
Sets the expiration of the HTTP document using the Cache-Control and Expires headers. The parameter
is either a time interval (as text) or null, which disables caching.
// browser cache expires in one hour
$httpResponse->setExpiration('1 hour');
sendAsFile (string $fileName)
The response will be downloaded via a Save as dialog box with the specified name. It does not send the file itself.
$httpResponse->sendAsFile('invoice.pdf');
setCookie (string $name, string $value, $time, ?string $path=null, ?string $domain=null, ?bool $secure=null, ?bool $httpOnly=null, ?string $sameSite=null)
Sends a cookie. Default parameter values:
$path |
'/' |
cookie is available for all paths within the (sub)domain (configurable) |
$domain |
null |
meaning available for the current (sub)domain, but not its subdomains (configurable) |
$secure |
true |
if the site is running on HTTPS, otherwise false (configurable) |
$httpOnly |
true |
cookie is inaccessible to JavaScript |
$sameSite |
'Lax' |
cookie might not be sent during cross-origin access |
You can change the default values of the $path, $domain, and $secure parameters in the
configuration.
The time can be specified as a number of seconds or a string:
$httpResponse->setCookie('lang', 'en', '100 days');
The $domain parameter determines which domains can accept the cookie. If not specified, the cookie is accepted by
the same (sub)domain that set it, but not its subdomains. If $domain is specified, subdomains are also included.
Therefore, specifying $domain is less restrictive than omitting it. For example, with
$domain = 'nette.org', cookies are also available on all subdomains like doc.nette.org.
You can use the constants Response::SameSiteLax, Response::SameSiteStrict, and
Response::SameSiteNone for the $sameSite value.
deleteCookie (string $name, ?string $path=null, ?string $domain=null, ?bool $secure=null): void
Deletes a cookie. The default values of the parameters are:
$pathwith scope to all directories ('/')$domainwith scope to the current (sub)domain, but not its subdomains$securedepends on the settings in the configuration
$httpResponse->deleteCookie('lang');
