Smalltalk/X Webserver

Documentation of class 'HTTPRequest':

Class: HTTPRequest

Inheritance
Description
Class protocol
Instance protocol
Private classes

Inheritance:

   Object
   |
   +--HTTPRequest
      |
      +--FCGIRequest

Package:: stx:goodies/webServer

Category:: Net-Communication-HTTP-Server

Version:: rev: 1.305 date: 2024/03/26 13:06:39; user: cg; file: HTTPRequest.st directory: goodies/webServer; module: stx stc-classLibrary: webServer

Description:

represents an HTTP request as received by the HTTPServer.


[instance variables:]
    server              the server from which this request was received
    connection          the socket conection from which this request was received
    peer                the sender of this request
    peerName

    rawRequestString:   the whole request incl. any POST-data (required for com-swiki)
    rawHeader           the raw http-header (without data)
    headerDictionary    extracted fields
    headerLines         header lines
    method              ?
    httpVersion         httpVersion from the header
    url                 the requests original url
    postDataFields      POST request arguments
    urlParameters       &-parameters as extracted from the URL
    contentLength       contentLength from the header
    contentType         contentType from the header
    contentEncoding     contentEncoding from the header
    connectionAttributes     connectionAttributes from the header (Keep/close etc.)
    userAgent           userAgent from the header (IE, mozilla etc.)
    authorization       authorization from the header
    acceptedTypes       acceptedTypes from the header
    acceptedEncodings   acceptedEncodings from the header
    acceptedCharsets    acceptedCharsets from the header
    acceptedLanguages   acceptedLanguages from the header
    referer             referrer from the header 
                        (notice the misspelling due to the misspelling in HTTP - see RFC)
    host                host from the header
    soapAction          soapAction from the header
    cookies             cookies from the header

    data                the POST-data alone
    postData            ?
    userId              ?
    serviceLinkName     ?
    service             ?
    relativePath        URL relative to service-linkName
    message             the original message; split and preparsed
    arguments           additional arguments for object-requests (preparsed from the url)
    selector            ?
    multipartBoundary   ?
    multiPartChunks     ?
    queryString         url parameters - rest after any in { & ; ? }
    response            response object

copyrightCOPYRIGHT (c) 2003 by eXept Software AG
             All Rights Reserved

This software is furnished under a license and may be used
only in accordance with the terms of that license and with the
inclusion of the above copyright notice.   This software may not
be provided or otherwise made available to, or used by, any
other person.  No title to or ownership of the software is
hereby transferred.

Class protocol:

defaults

allowedRequestMethods

header parsing

extractCookiesFrom: line: now done lazy, when the value is asked for;

helpers

extractAcceptedFromLine: acceptLine: self extractAccepted:'accept:' fromLine:'image/gif, image/x-xbitmap;q=0.2, image/jpeg, image/pjpeg, image/png, */*;q=0'

self extractAccepted:'accept:' fromLine:'text/*;q=0.3, text/html;q=0.7, text/html;level=1, text/html;level=2;q=0.4, */*;q=0.5'
should cause the following values to be associated:

text/html;level=1 = 1
text/html = 0.7
text/plain = 0.3

image/jpeg = 0.5
text/html;level=2 = 0.4
text/html;level=3 = 0.7
extractMultipartBoundaryFromContentType: contentTypeLine

instance creation

server: httpServer connection: connection

serving-helpers

controlCharacters: ** This is an obsolete interface - do not use it (it may vanish in future versions) **
escape: arg: ** This is an obsolete interface - do not use it (it may vanish in future versions) **
escapeCharacterEntities: arg: ** This is an obsolete interface - do not use it (it may vanish in future versions) **
unEscape: arg: ** This is an obsolete interface - do not use it (it may vanish in future versions) **
urlEncoded: arg: ** This is an obsolete interface - do not use it (it may vanish in future versions) **

Instance protocol:

accessing

arguments: the arguments of a SelectorService
authenticator
authenticator: something
connection: return the connection from which this request came
multiPartChunks
pathRelativeToService: get the path relative to the service's root path.
- without a leading /
pathRelativeToService: aString: set the path relative to the service's root path.
- without a leading /
queryString
rawUrl
rawUrl: something
relativePath: Obsolete: use #pathRelativeToService.
get the path relative to the services root path.
- with a leading /

** This is an obsolete interface - do not use it (it may vanish in future versions) **
replyPresenter
response
selector: the selector of a SelectorService
service
service: serviceArg serviceLinkName: serviceLinkNameArg
serviceRequestContext
serviceRequestContext: something

accessing-http request data

cookiesAt: aString: Selects all the cookies with the name aString.
<return: Collection>
data
getURLQueryString
hasUrlParameter: key: true, if key is present in the url-param (after the urls path, separated by &'s)
multiPartChunkDataAt: key
multiPartChunkDataAt: key ifAbsent: replacement
multiPartChunkFilenameAt: key
multiPartChunkFilenameAt: key ifAbsent: aBlock
peer: get the peer (ip-address) of the connection from which this request came from
peer: something: set the value of the instance variable 'peer' (automatically generated)
peerName: get the hostname of the requestor from which this request came from
peerName: something: set the value of the instance variable 'peerName' (automatically generated)
postData: get the post data (if any)
postDataFieldAt: key: a field (typically of a POST request)
postDataFieldAt: key ifAbsent: replacement: a field (typically of a POST request)
postDataFields: the fields (typically of a POST request).
Nil if there are none.
postDataVectorAt: key: all url parameters for key (after the urls path, separated by &'s)
postDataVectorAt: key ifAbsent: replacement: all url parameters for key (after the urls path, separated by &'s)
rawRequestString
realPeer: get the real peer (ip-address) of the connection from which this request came from.
This takes possible proxies into account.
selector: selectorArg arguments: argumentsArg: remember selector and arguments of a SelectorService (for the service)
server
serverHostName
serviceLinkName
serviceLinkName: something
socketAddress: answer the address that received the request.
This is one of the addresses assigned to the server
urlParameterAt: key: a scalar url-param (after the urls path, separated by &'s).
For example, if the url is 'foo?bar=1?baz=2', then
urlParameterAt:'bar'
would return '1' (a string)
urlParameterAt: key ifAbsent: replacement: a scalar url-param (after the urls path, separated by &'s)
urlParameterAt: key put: aString
urlParameterVectorAt: key: all url parameters for key (after the urls path, separated by &'s)
urlParameterVectorAt: key ifAbsent: replacement: all url parameters for key (after the urls path, separated by &'s)
urlParameters: the url-params (after the urls path, separated by &'s).
Nil if there are none.
valueOfNumericPostDataField: fieldName

accessing-http request header

acceptedCharsets

as extracted from the http-header,
returns key-value associations

acceptedEncodings

as extracted from the http-header

acceptedLanguages

return the value of the instance variable 'acceptedLanguages' (automatically generated)

acceptedTypes

as extracted from the http-header, if no Accept: field is present,
then it is assumed that text/plain and text/html are accepted.

Usage example(s):

acceptedTypes := #('text/plain' 'text/html').

authorizationHeader

as extracted from the http-header

connectionAttributes

return the connection's attributes

contentEncoding

return the content-encoding (charset) value from the header (if present)

contentLength

return the value of the instance variable 'contentLength' (automatically generated)

contentType

return the content-type (mime) field from the header (if present)

cookies

return the cookies sent with the request (if any)

fieldValueFor: aFieldKey

extract a field from the header

fieldValues

answer all the header fields as a Dictionary

header

the header as a dictionary

headerFieldValueFor: keyword

extract a field from the header

** This is an obsolete interface - do not use it (it may vanish in future versions) **

host

get the header's host field (not really trustable)

httpVersion

ifModifiedSince

the file should be sent if modified after this date.
Otherwise reponseCode 304 Not Modified may be sent.

method

return the method of this request (GET, POST, PUT, HEADER or DELETE)

method: aStringOrSymbol

multipartBoundary

rawHeader

referer

yes, I know that 'referer' is a misspelling of 'referrer'.
However, somehow it made it into the HTTP standard, and is called 'referer' there - sigh.
So PLEASE keep this name and also the string below.
See https://en.wikipedia.org/wiki/HTTP_referer

referrer

the referring page - if known.
Notice the misspelling below - due to the fact that the misspelling made it into the HTTP standard.
So PLEASE keep the string below.
See https://en.wikipedia.org/wiki/HTTP_referer

soapAction

strip off quotes

url

userAgent

accessing-http response data

binary: aBoolean: set/clear binary mode in the response (data is bytes as opposed to text)
expirationTime: aTimeStamp: the responses expirationTimestamp.
Obsolete, only for old HHTP/1.0 caches, which are long gone.
Use #maxAge:
replyData: aStringOrBytes: set the reply data
replyHeader: return the value of the instance variable 'replyHeader' (automatically generated)
resetResponseData: start anew collecting response data
(i.e. throw away what has been already collected)
responseContentType: something: set the value of the instance variable 'contentType' (automatically generated)

accessing-sessions

getSession
getSession: shouldCreateIfNone: nil -> do not change the default behavior (here)
getSession: shouldCreateIfNone forceLinkName: aLinkName: nil -> do not change the default behavior (here)
getSession: shouldCreateIfNone httpOnly: httpOnly sameSiteRestrictionLevel: sameSiteRestrictionLevel forceSecure: forceSecure forceLinkName: aLinkName: if true, the cookie can not be read by javascript for e.g. (Document.cookie property),
note that the cookie will still be sent with javascript initiated requests (XMLHttpRequest.send())

authentication

authenticateForRealm: aRealm: authenticate myself for a realm.
Raise an error, if authentication fails
authenticatedUsername: get the user, that has been authenticated
or nil, if there is none
isForbiddenUserAgent: aUserAgentString: are there user agents which we definitely do not want in our house?

error reporting

reportBadRequest: msg: bad request.
This method will not return (i.e. aborts).
reportException: ex: Write an error report.
This method will not return (i.e. aborts).
reportForbidden: msg: access forbidden.
This method will not return (i.e. aborts).
reportForbidden: msg info: infoText: access forbidden.
This method will not return (i.e. aborts).
reportHTTPVersionNotSupported: msg: This method will not return (i.e. aborts).
reportMethodNotAllowed: msg method: badMethod url: badURL: method (such as POST, PUT etc.) is not allowed.
This method will not return (i.e. aborts).
reportMovedPermanently: newUrl: page has been permanently moved to another location, newUrl.
This method will not return (i.e. aborts).
reportNotAcceptable: typeAvailable: not acceptable - content-type not in accept list.
This method will not return (i.e. aborts).
reportNotFound: msg: document/object was not found.
This method will not return (i.e. aborts).

Take care: IE6 will not show this message, but its own message,
if the whole repsonse is shorter than 512 bytes and
'Show Short HTTP Error Messages' is on in Internet Settings
reportNotFound: msg moreInfo: moreInfoText: document/object was not found.
This method will not return (i.e. aborts).

Take care: IE6 will not show this message, but its own message,
if the whole repsonse is shorter than 512 bytes and
'Show Short HTTP Error Messages' is on in Internet Settings
reportRequestTimeout: message: request timeout - the request was transmitted too slowly.
This method will not return (i.e. aborts).
reportServerError: msg moreInfo: aStringOrNil: server error.
This method will not return (i.e. aborts).
reportServiceUnavailable: msg: report temporary down.
This method will not return (i.e. aborts).
reportUnauthorized: messageText: no authorization - ask for authorization.
This method will not return (i.e. aborts).
reportUnsupportedFeature: msg: bad request.
This method will not return (i.e. aborts).
sendErrorResponseForResponseCode: aStatusCode
sendErrorResponseForResponseCode: aStatusCode body: bodyText
sendErrorResponseForResponseCode: aStatusCode message: messageString: Send an error for aStatusCode (e.g. 404 - Not found).
messageString may contain additional information
sendErrorResponseForResponseCode: aStatusCode title: titleText body: bodyText: abort processing request - do not close socket in exception handler
sendErrorResponseForStatusCode: aStatusCode: ** This is an obsolete interface - do not use it (it may vanish in future versions) **
sendErrorResponseForStatusCode: aStatusCode body: bodyText: ** This is an obsolete interface - do not use it (it may vanish in future versions) **

header parsing

extractCookiesFrom: arg
headerParser
parseFirstLine: parse the line consisting of GET/HEAD/POST <url> <httpVersion>
parseHeader: parse the first header line now - the rest is parsed on demand
rawRequestString: rawRequestStringArg rawHeader: rawHeaderArg data: dataArg: MessageTally spyDetailedOn:[

html reply composition-stream protocol

nextPutAll: aString: append aString to the collected reply.
Answer the receiver
nextPutAllEscaped: aString: append aString to the collected reply.
The string is processed, by replacing html-special characters by there html-equivalent (such as '>' into <)
nextPutLine: aString: append aString to the collected reply and append a lineBreak.
nextPutLineEscaped: aString: append aString to the collected reply and append a cr.
The string is processed, by replacing html-special characters by there html-equivalent (such as '>' into <)

logging

logAccess
logError: aString

misc

environmentValueFor: aFieldKey: return the value of an environment value.
We have none, so return nil here. This is defined for FastCGI compatibility

obsolete

escape: aString: use class escape:

** This is an obsolete interface - do not use it (it may vanish in future versions) **
unEscape: aString: use class unEscape:

** This is an obsolete interface - do not use it (it may vanish in future versions) **

old html reply composition

bodyEnd: Write </BODY>.
OLD stuff - please use a TreeBuilder
bodyStart: Write <BODY>.
OLD stuff - please use a TreeBuilder
formEnd: append the standard footer for a form.
OLD stuff - please use a TreeBuilder
formFooter: Write the standard footer for a form.
OLD stuff - please use a TreeBuilder
formResetButton: generate a reset button for a form.
OLD stuff - please use a TreeBuilder
formSubmitButton: OLD stuff - please use a TreeBuilder
formSubmitButtonForString: aString: OLD stuff - please use a TreeBuilder
formSubmitButtonForString: aString name: aName: OLD stuff - please use a TreeBuilder
formSubmitButtonStringForString: aString name: aName: OLD stuff - please use a TreeBuilder
htmlEnd: OLD stuff - please use a TreeBuilder
htmlStart: OLD stuff - please use a TreeBuilder
imageFor: anImageOrImageFilename: generate an IMG tag for a real image (or an image file name).
OLD stuff - please use a TreeBuilder
imageFor: anImageOrImageFilename alt: alt: an IMG tag for a real image (or an image file name).
OLD stuff - please use a TreeBuilder
imageLinkTextFor: anImageOrImageFilename alt: alt: return an IMG tag for a real image (or an image file name).
OLD stuff - please use a TreeBuilder
inputFieldFor: varName label: label initialValue: value: an input field - must be within a form.
OLD stuff - please use a TreeBuilder
inputFieldFor: varName size: size label: label initialValue: value: add an input field - must be within a form.
OLD stuff - please use a TreeBuilder
inputFieldFor: varName type: aType size: size label: label initialValue: value: add an input field - must be within a form.
OLD stuff - please use a TreeBuilder
inputFieldFor: varName type: aType size: size label: label initialValue: value append: aString: add an input field - must be within a form.
type: 'password' | 'checkbox' | 'submit' | 'reset' | nil
inputFieldStringFor: varName type: aType size: size label: label initialValue: value append: aString: an input field - must be within a form.
type: 'password' | 'checkbox' | 'submit' | 'reset' | nil
label: labelString id: idString value: anObject: Add a table row for the given data to the reply.
label: labelString text: aString id: idString rows: rows cols: cols: Build a textarea form field.
refreshStringFor: aService selector: aSelector arguments: arguments time: seconds: OLD stuff - please use a TreeBuilder
refreshStringFor: aService selector: aSelector time: seconds: OLD stuff - please use a TreeBuilder
table: aBlock: OLD stuff - please use a TreeBuilder
table: aBlock attributes: attrString: OLD stuff - please use a TreeBuilder
tableEnd: OLD stuff - please use a TreeBuilder
tableFormFooter: Close the table and write the standard footer for a form.
tableRow: aBlock: OLD stuff - please use a TreeBuilder
tableRow: aBlock attributes: attrString: OLD stuff - please use a TreeBuilder
tableRowEnd: OLD stuff - please use a TreeBuilder
tableRowStart: attrString: OLD stuff - please use a TreeBuilder
tableStart: attrString: OLD stuff - please use a TreeBuilder
title: aString: Write a standard header and set the document title.

** This is an obsolete interface - do not use it (it may vanish in future versions) **
title: aString with: someMoreHeaderStuff: Write a standard header and set the document title. Also used for logging purposes.

** This is an obsolete interface - do not use it (it may vanish in future versions) **
titleAndHeader: aString: Write a standard header and set the document title.

** This is an obsolete interface - do not use it (it may vanish in future versions) **
unformattedCodeTextEnd: end some plainText.
unformattedCodeTextStart: start some plainText.
unformattedText: aString: add some plainText.
unformattedTextEnd: end some plainText.
unformattedTextStart: start some plainText.

old html reply composition stx

pageFinish: finish the page.
pageSTXFooter: Write the standard page footer.
stxBodyEnd
stxBodyStart: aString: Write a standard stx body with a headline #f6feff
stxBodyStart: aString homeLink: aHomeLink: Write a standard stx body with a headline #f6feff
stxBodyStart: aString homeLink: aHomeLink afterButtons: afterButtonsString: Write a standard stx body with a headline #f6feff
stxPageFinish: finish the page.

** This is an obsolete interface - do not use it (it may vanish in future versions) **
stxPageParameters
stxPoweredByString
stxReply: aString

old links-html generation

homeWebLinkForText: nameString: Return HTML code for a link to anObject using the given name and message selector.
linkIdFor: aService: Return the linkId to send aMessage to anObject.
if the request is for another service, answer the first link for the service
linkIdFor: aService argument: argumentString: Return the linkId to send aMessage to anObject.
Create a new linkId if necessary.
linkIdFor: aService selector: aSelector: Return the linkId to send aMessage to anObject.
Create a new linkId if necessary.
linkIdFor: aService selector: aSelector argument: argumentString: Return the linkId to send aMessage to anObject.
Create a new linkId if necessary.
webLinkForImage: imageOrImageFilename service: aService argument: aSelector: Return HTML code for a link to anObject using the given name and message selector.
webLinkForImage: imageOrImageFilename service: aService selector: aSelector: Return HTML code for a link to anObject using the given name and message selector.
webLinkForText: nameString link: aLinkId: Return HTML code for a linkId using the given name
and message selector. When the link is followed,
aSelector plus argument will be sent to anObject.
webLinkForText: nameString service: aService argument: anArgument: Return HTML code for a link to aService using the given nameString
and aSelector. When the link is followed,
aSelector plus argument will be sent to aService.
webLinkForText: nameString service: aService selector: aSelector: Return HTML code for a link to anObject using the given name and message selector.
webLinkForText: nameString service: aService selector: aSelector argument: anArgument: Return HTML code for a link to aService using the given nameString
and aSelector. When the link is followed,
aSelector plus argument will be sent to aService.
webLinkText: nameString target: targetString service: aService selector: aSelector: Return HTML code for a link to aService using the given name and message selector.

printing

printOn: aStream: (comment from inherited method)
append a user printed representation of the receiver to aStream.
The format is suitable for a human - not meant to be read back.

The default here is to output the receiver's class name.
BUT: this method is heavily redefined for objects which
can print prettier.

queries

closeConnectionAfterError: Answer true, if the connection should be closed when the request resulted in
an error. To avoid getting hogged down by a bad guy, limit his access speed,
by closing the connection.
But keep connection, if we did refer to the bad page.
fullPath: return the full path from this requrest's URL
isDELETE: return true, if the request was a DELETE request
isGET: return true, if the request was a GET request
isHEAD: return true, if the request was a HEAD request
isOPTIONS: return true, if the request was an OPTIONS request
isPOST: return true, if the request was a POST request
isPUT: return true, if the request was a PUT request
isReferredFromOwnHost: answer true, if this request is referred to from my own host.
This cannot be reliably trusted, since the client can send any referrer.
isSecure: answer true, if this request was issued over an secure channel (SSL/TLS)
isWebSocketRequest: is this a request to switch to websocket protocol?
secWebSocketKey: returns nil or a string (may an empty string)
secWebSocketVersion: returns nil or a version number as inetger
startReadRequestTime
timeToPerform: in milliseconds

response collecting

addCookie: cookie: send a cokkie with the response.
Remember the cookie in the request, so that session cookies
will not be created twice
addToReplyHeader: aString: collect part of a header (i.e. append aString to the reply header).
reply: aString: collect part of a reply (i.e. append aString to the reply buffer).
reply: aString with: aParameter: collect part of a reply (i.e. append aString to the reply buffer);
aString may contain %1 escape which is replaced by aParameter.
replyCR: Append a cr to the reply buffer
replyEscaped: aStringOrCharacter: collect part of a reply (i.e. append aString to the reply buffer).
Special character (lt, gt) are escaped.
replyHeader: aString: set the reply header
replyURLEscaped: aStringOrCharacter: collect part of a reply (i.e. append aString to the reply buffer).
URL-Special characters (&, space etc.) are escaped.

response sending

redirectTo: link: redirect both per META and per 302-location-redirect.
(because content-location redirection doesn't work for most of the browsers)
sendBinary: aStreamOrBytes type: contentType: send some binary data as a response.
Typically used with images and non-text documents
sendBinaryData: binaryData type: contentType: send some binary data as a response.
Typically used with images and non-text documents
sendBinaryStream: aStreamOrBytes type: contentType: send some binary data as a response.
Typically used with images and non-text documents
sendImage: inImage: reply with a bitmap image.
For now, must send it as gif ... (could do jpg as well),
or even better, remember what types are supported by the browser
sendImage: inImage type: imageType: reply with a bitmap image.
For now, must send it as gif ... (could do jpg as well),
or even better, remember what types are supported by the browser
sendResponse: send the response
sendResponseWithType: aContentType: send the response

serving-helpers

checkAcceptableType: type

the requested file exists and is of given type;
check if it is in the list of acceptedTypes (in the request header)

decodeFields: aString

Convert the form fields in Collection of strings into a dictionary.
collection is needed because e.g. (on <SELECT name=FOO MULTIPLE> by client selects more than one
FOO comes with same key and different values)
Each field should be of the form: &nameKey=collection of values

Usage example(s):

     self basicNew decodeFields:'&foo;&bar;&baz'        => OrderedDictionary(''->OrderedCollection('foo' 'bar' 'baz'))
     self basicNew decodeFields:'&foo=1;&bar=2;&baz=3'  => OrderedDictionary('foo'->OrderedCollection('1') 'bar'->OrderedCollection('2') 'baz'->OrderedCollection('3'))     
     self basicNew decodeFields:'&foo=1;&bar=2;&baz=3;&foo=10;&bar=20;&baz=30' => OrderedDictionary('foo'->OrderedCollection('1' '10') 'bar'->OrderedCollection('2' '20') 'baz'->OrderedCollection('3' '30'))

extractPostDataFields

small; data already in memory

extractURLParametersFromPath: path

answer the local part of the path without parameters.
As a side effect the parameters are stored in the instVar urlParameters

serving-processing

handleSOAPAction: marked as obsolete by exept MBP at 05-07-2023

** This is an obsolete interface - do not use it (it may vanish in future versions) **
handleSOAPAction: soapAction: the argument soapAction is as extracted from the http header;
however, it might be nil, as we also support docType xml+soap (with or without soapaction)
reprocess: reproces the current request (see handler in generateReply)
reprocessWithInternalURL: aNewInternalURL: reproces the current request with another URL (see handler in generateReply)
reprocessWithServiceURL: aNewInternalServiceURL
robotPolicy: Return a text specifying our robots policy.
This is the answer to be given to webCrawlers and tells them,
which URLs (subtrees) should not be visited.
See
http://info.webcrawler.com/mak/projects/robots/norobots.html
for details.
The default here is to disallow everything.
url: aNewURL

serving-requests

generateReply: handle a request; generate the reply.
generateReplyForDeleteRequest: handle a delete-request; generate the reply.
generateReplyForGetRequest: Generate the reply to a GET request.
generateReplyForHeadRequest: Generate the reply to a HEAD request (same as GET, but no data is sent at the end).
generateReplyForOptionsRequest: handle an options-request; generate the reply.
generateReplyForPostRequest: handle a post-request; generate the reply.
generateReplyForPutRequest: handle a put-request; generate the reply.

serving-serverState

checkMaintenanceMode: if server is in maintenance mode, no files are served to normal users.
Access to a server in maintenance mode is only possibly to a user
that has authenticated for maintenance service

setup from connection

initializeForServer: serverArg connection: connectionArg
postData: something

Private classes:

    MultipartChunk
    ReprocessRequest

ST/X 7.7.0.0; WebServer 1.702 at 20f6060372b9.unknown:8081; Mon, 18 Nov 2024 04:41:02 GMT