1 :mod:`http.server` --- HTTP servers 2 =================================== 3 4 .. module:: http.server 5 :synopsis: HTTP server and request handlers. 6 7 **Source code:** :source:`Lib/http/server.py` 8 9 .. index:: 10 pair: WWW; server 11 pair: HTTP; protocol 12 single: URL 13 single: httpd 14 15 -------------- 16 17 This module defines classes for implementing HTTP servers (Web servers). 18 19 .. warning:: 20 21 :mod:`http.server` is not recommended for production. It only implements 22 basic security checks. 23 24 One class, :class:`HTTPServer`, is a :class:`socketserver.TCPServer` subclass. 25 It creates and listens at the HTTP socket, dispatching the requests to a 26 handler. Code to create and run the server looks like this:: 27 28 def run(server_class=HTTPServer, handler_class=BaseHTTPRequestHandler): 29 server_address = ('', 8000) 30 httpd = server_class(server_address, handler_class) 31 httpd.serve_forever() 32 33 34 .. class:: HTTPServer(server_address, RequestHandlerClass) 35 36 This class builds on the :class:`~socketserver.TCPServer` class by storing 37 the server address as instance variables named :attr:`server_name` and 38 :attr:`server_port`. The server is accessible by the handler, typically 39 through the handler's :attr:`server` instance variable. 40 41 .. class:: ThreadingHTTPServer(server_address, RequestHandlerClass) 42 43 This class is identical to HTTPServer but uses threads to handle 44 requests by using the :class:`~socketserver.ThreadingMixIn`. This 45 is useful to handle web browsers pre-opening sockets, on which 46 :class:`HTTPServer` would wait indefinitely. 47 48 .. versionadded:: 3.7 49 50 51 The :class:`HTTPServer` and :class:`ThreadingHTTPServer` must be given 52 a *RequestHandlerClass* on instantiation, of which this module 53 provides three different variants: 54 55 .. class:: BaseHTTPRequestHandler(request, client_address, server) 56 57 This class is used to handle the HTTP requests that arrive at the server. By 58 itself, it cannot respond to any actual HTTP requests; it must be subclassed 59 to handle each request method (e.g. GET or POST). 60 :class:`BaseHTTPRequestHandler` provides a number of class and instance 61 variables, and methods for use by subclasses. 62 63 The handler will parse the request and the headers, then call a method 64 specific to the request type. The method name is constructed from the 65 request. For example, for the request method ``SPAM``, the :meth:`do_SPAM` 66 method will be called with no arguments. All of the relevant information is 67 stored in instance variables of the handler. Subclasses should not need to 68 override or extend the :meth:`__init__` method. 69 70 :class:`BaseHTTPRequestHandler` has the following instance variables: 71 72 .. attribute:: client_address 73 74 Contains a tuple of the form ``(host, port)`` referring to the client's 75 address. 76 77 .. attribute:: server 78 79 Contains the server instance. 80 81 .. attribute:: close_connection 82 83 Boolean that should be set before :meth:`handle_one_request` returns, 84 indicating if another request may be expected, or if the connection should 85 be shut down. 86 87 .. attribute:: requestline 88 89 Contains the string representation of the HTTP request line. The 90 terminating CRLF is stripped. This attribute should be set by 91 :meth:`handle_one_request`. If no valid request line was processed, it 92 should be set to the empty string. 93 94 .. attribute:: command 95 96 Contains the command (request type). For example, ``'GET'``. 97 98 .. attribute:: path 99 100 Contains the request path. 101 102 .. attribute:: request_version 103 104 Contains the version string from the request. For example, ``'HTTP/1.0'``. 105 106 .. attribute:: headers 107 108 Holds an instance of the class specified by the :attr:`MessageClass` class 109 variable. This instance parses and manages the headers in the HTTP 110 request. The :func:`~http.client.parse_headers` function from 111 :mod:`http.client` is used to parse the headers and it requires that the 112 HTTP request provide a valid :rfc:`2822` style header. 113 114 .. attribute:: rfile 115 116 An :class:`io.BufferedIOBase` input stream, ready to read from 117 the start of the optional input data. 118 119 .. attribute:: wfile 120 121 Contains the output stream for writing a response back to the 122 client. Proper adherence to the HTTP protocol must be used when writing to 123 this stream in order to achieve successful interoperation with HTTP 124 clients. 125 126 .. versionchanged:: 3.6 127 This is an :class:`io.BufferedIOBase` stream. 128 129 :class:`BaseHTTPRequestHandler` has the following attributes: 130 131 .. attribute:: server_version 132 133 Specifies the server software version. You may want to override this. The 134 format is multiple whitespace-separated strings, where each string is of 135 the form name[/version]. For example, ``'BaseHTTP/0.2'``. 136 137 .. attribute:: sys_version 138 139 Contains the Python system version, in a form usable by the 140 :attr:`version_string` method and the :attr:`server_version` class 141 variable. For example, ``'Python/1.4'``. 142 143 .. attribute:: error_message_format 144 145 Specifies a format string that should be used by :meth:`send_error` method 146 for building an error response to the client. The string is filled by 147 default with variables from :attr:`responses` based on the status code 148 that passed to :meth:`send_error`. 149 150 .. attribute:: error_content_type 151 152 Specifies the Content-Type HTTP header of error responses sent to the 153 client. The default value is ``'text/html'``. 154 155 .. attribute:: protocol_version 156 157 This specifies the HTTP protocol version used in responses. If set to 158 ``'HTTP/1.1'``, the server will permit HTTP persistent connections; 159 however, your server *must* then include an accurate ``Content-Length`` 160 header (using :meth:`send_header`) in all of its responses to clients. 161 For backwards compatibility, the setting defaults to ``'HTTP/1.0'``. 162 163 .. attribute:: MessageClass 164 165 Specifies an :class:`email.message.Message`\ -like class to parse HTTP 166 headers. Typically, this is not overridden, and it defaults to 167 :class:`http.client.HTTPMessage`. 168 169 .. attribute:: responses 170 171 This attribute contains a mapping of error code integers to two-element tuples 172 containing a short and long message. For example, ``{code: (shortmessage, 173 longmessage)}``. The *shortmessage* is usually used as the *message* key in an 174 error response, and *longmessage* as the *explain* key. It is used by 175 :meth:`send_response_only` and :meth:`send_error` methods. 176 177 A :class:`BaseHTTPRequestHandler` instance has the following methods: 178 179 .. method:: handle() 180 181 Calls :meth:`handle_one_request` once (or, if persistent connections are 182 enabled, multiple times) to handle incoming HTTP requests. You should 183 never need to override it; instead, implement appropriate :meth:`do_\*` 184 methods. 185 186 .. method:: handle_one_request() 187 188 This method will parse and dispatch the request to the appropriate 189 :meth:`do_\*` method. You should never need to override it. 190 191 .. method:: handle_expect_100() 192 193 When a HTTP/1.1 compliant server receives an ``Expect: 100-continue`` 194 request header it responds back with a ``100 Continue`` followed by ``200 195 OK`` headers. 196 This method can be overridden to raise an error if the server does not 197 want the client to continue. For e.g. server can chose to send ``417 198 Expectation Failed`` as a response header and ``return False``. 199 200 .. versionadded:: 3.2 201 202 .. method:: send_error(code, message=None, explain=None) 203 204 Sends and logs a complete error reply to the client. The numeric *code* 205 specifies the HTTP error code, with *message* as an optional, short, human 206 readable description of the error. The *explain* argument can be used to 207 provide more detailed information about the error; it will be formatted 208 using the :attr:`error_message_format` attribute and emitted, after 209 a complete set of headers, as the response body. The :attr:`responses` 210 attribute holds the default values for *message* and *explain* that 211 will be used if no value is provided; for unknown codes the default value 212 for both is the string ``???``. The body will be empty if the method is 213 HEAD or the response code is one of the following: ``1xx``, 214 ``204 No Content``, ``205 Reset Content``, ``304 Not Modified``. 215 216 .. versionchanged:: 3.4 217 The error response includes a Content-Length header. 218 Added the *explain* argument. 219 220 .. method:: send_response(code, message=None) 221 222 Adds a response header to the headers buffer and logs the accepted 223 request. The HTTP response line is written to the internal buffer, 224 followed by *Server* and *Date* headers. The values for these two headers 225 are picked up from the :meth:`version_string` and 226 :meth:`date_time_string` methods, respectively. If the server does not 227 intend to send any other headers using the :meth:`send_header` method, 228 then :meth:`send_response` should be followed by an :meth:`end_headers` 229 call. 230 231 .. versionchanged:: 3.3 232 Headers are stored to an internal buffer and :meth:`end_headers` 233 needs to be called explicitly. 234 235 .. method:: send_header(keyword, value) 236 237 Adds the HTTP header to an internal buffer which will be written to the 238 output stream when either :meth:`end_headers` or :meth:`flush_headers` is 239 invoked. *keyword* should specify the header keyword, with *value* 240 specifying its value. Note that, after the send_header calls are done, 241 :meth:`end_headers` MUST BE called in order to complete the operation. 242 243 .. versionchanged:: 3.2 244 Headers are stored in an internal buffer. 245 246 .. method:: send_response_only(code, message=None) 247 248 Sends the response header only, used for the purposes when ``100 249 Continue`` response is sent by the server to the client. The headers not 250 buffered and sent directly the output stream.If the *message* is not 251 specified, the HTTP message corresponding the response *code* is sent. 252 253 .. versionadded:: 3.2 254 255 .. method:: end_headers() 256 257 Adds a blank line 258 (indicating the end of the HTTP headers in the response) 259 to the headers buffer and calls :meth:`flush_headers()`. 260 261 .. versionchanged:: 3.2 262 The buffered headers are written to the output stream. 263 264 .. method:: flush_headers() 265 266 Finally send the headers to the output stream and flush the internal 267 headers buffer. 268 269 .. versionadded:: 3.3 270 271 .. method:: log_request(code='-', size='-') 272 273 Logs an accepted (successful) request. *code* should specify the numeric 274 HTTP code associated with the response. If a size of the response is 275 available, then it should be passed as the *size* parameter. 276 277 .. method:: log_error(...) 278 279 Logs an error when a request cannot be fulfilled. By default, it passes 280 the message to :meth:`log_message`, so it takes the same arguments 281 (*format* and additional values). 282 283 284 .. method:: log_message(format, ...) 285 286 Logs an arbitrary message to ``sys.stderr``. This is typically overridden 287 to create custom error logging mechanisms. The *format* argument is a 288 standard printf-style format string, where the additional arguments to 289 :meth:`log_message` are applied as inputs to the formatting. The client 290 ip address and current date and time are prefixed to every message logged. 291 292 .. method:: version_string() 293 294 Returns the server software's version string. This is a combination of the 295 :attr:`server_version` and :attr:`sys_version` attributes. 296 297 .. method:: date_time_string(timestamp=None) 298 299 Returns the date and time given by *timestamp* (which must be ``None`` or in 300 the format returned by :func:`time.time`), formatted for a message 301 header. If *timestamp* is omitted, it uses the current date and time. 302 303 The result looks like ``'Sun, 06 Nov 1994 08:49:37 GMT'``. 304 305 .. method:: log_date_time_string() 306 307 Returns the current date and time, formatted for logging. 308 309 .. method:: address_string() 310 311 Returns the client address. 312 313 .. versionchanged:: 3.3 314 Previously, a name lookup was performed. To avoid name resolution 315 delays, it now always returns the IP address. 316 317 318 .. class:: SimpleHTTPRequestHandler(request, client_address, server, directory=None) 319 320 This class serves files from the current directory and below, directly 321 mapping the directory structure to HTTP requests. 322 323 A lot of the work, such as parsing the request, is done by the base class 324 :class:`BaseHTTPRequestHandler`. This class implements the :func:`do_GET` 325 and :func:`do_HEAD` functions. 326 327 The following are defined as class-level attributes of 328 :class:`SimpleHTTPRequestHandler`: 329 330 .. attribute:: server_version 331 332 This will be ``"SimpleHTTP/" + __version__``, where ``__version__`` is 333 defined at the module level. 334 335 .. attribute:: extensions_map 336 337 A dictionary mapping suffixes into MIME types. The default is 338 signified by an empty string, and is considered to be 339 ``application/octet-stream``. The mapping is used case-insensitively, 340 and so should contain only lower-cased keys. 341 342 .. attribute:: directory 343 344 If not specified, the directory to serve is the current working directory. 345 346 The :class:`SimpleHTTPRequestHandler` class defines the following methods: 347 348 .. method:: do_HEAD() 349 350 This method serves the ``'HEAD'`` request type: it sends the headers it 351 would send for the equivalent ``GET`` request. See the :meth:`do_GET` 352 method for a more complete explanation of the possible headers. 353 354 .. method:: do_GET() 355 356 The request is mapped to a local file by interpreting the request as a 357 path relative to the current working directory. 358 359 If the request was mapped to a directory, the directory is checked for a 360 file named ``index.html`` or ``index.htm`` (in that order). If found, the 361 file's contents are returned; otherwise a directory listing is generated 362 by calling the :meth:`list_directory` method. This method uses 363 :func:`os.listdir` to scan the directory, and returns a ``404`` error 364 response if the :func:`~os.listdir` fails. 365 366 If the request was mapped to a file, it is opened. Any :exc:`OSError` 367 exception in opening the requested file is mapped to a ``404``, 368 ``'File not found'`` error. If there was a ``'If-Modified-Since'`` 369 header in the request, and the file was not modified after this time, 370 a ``304``, ``'Not Modified'`` response is sent. Otherwise, the content 371 type is guessed by calling the :meth:`guess_type` method, which in turn 372 uses the *extensions_map* variable, and the file contents are returned. 373 374 A ``'Content-type:'`` header with the guessed content type is output, 375 followed by a ``'Content-Length:'`` header with the file's size and a 376 ``'Last-Modified:'`` header with the file's modification time. 377 378 Then follows a blank line signifying the end of the headers, and then the 379 contents of the file are output. If the file's MIME type starts with 380 ``text/`` the file is opened in text mode; otherwise binary mode is used. 381 382 For example usage, see the implementation of the :func:`test` function 383 invocation in the :mod:`http.server` module. 384 385 .. versionchanged:: 3.7 386 Support of the ``'If-Modified-Since'`` header. 387 388 The :class:`SimpleHTTPRequestHandler` class can be used in the following 389 manner in order to create a very basic webserver serving files relative to 390 the current directory:: 391 392 import http.server 393 import socketserver 394 395 PORT = 8000 396 397 Handler = http.server.SimpleHTTPRequestHandler 398 399 with socketserver.TCPServer(("", PORT), Handler) as httpd: 400 print("serving at port", PORT) 401 httpd.serve_forever() 402 403 .. _http-server-cli: 404 405 :mod:`http.server` can also be invoked directly using the :option:`-m` 406 switch of the interpreter with a ``port number`` argument. Similar to 407 the previous example, this serves files relative to the current directory:: 408 409 python -m http.server 8000 410 411 By default, server binds itself to all interfaces. The option ``-b/--bind`` 412 specifies a specific address to which it should bind. For example, the 413 following command causes the server to bind to localhost only:: 414 415 python -m http.server 8000 --bind 127.0.0.1 416 417 .. versionadded:: 3.4 418 ``--bind`` argument was introduced. 419 420 By default, server uses the current directory. The option ``-d/--directory`` 421 specifies a directory to which it should serve the files. For example, 422 the following command uses a specific directory:: 423 424 python -m http.server --directory /tmp/ 425 426 .. versionadded:: 3.7 427 ``--directory`` specify alternate directory 428 429 .. class:: CGIHTTPRequestHandler(request, client_address, server) 430 431 This class is used to serve either files or output of CGI scripts from the 432 current directory and below. Note that mapping HTTP hierarchic structure to 433 local directory structure is exactly as in :class:`SimpleHTTPRequestHandler`. 434 435 .. note:: 436 437 CGI scripts run by the :class:`CGIHTTPRequestHandler` class cannot execute 438 redirects (HTTP code 302), because code 200 (script output follows) is 439 sent prior to execution of the CGI script. This pre-empts the status 440 code. 441 442 The class will however, run the CGI script, instead of serving it as a file, 443 if it guesses it to be a CGI script. Only directory-based CGI are used --- 444 the other common server configuration is to treat special extensions as 445 denoting CGI scripts. 446 447 The :func:`do_GET` and :func:`do_HEAD` functions are modified to run CGI scripts 448 and serve the output, instead of serving files, if the request leads to 449 somewhere below the ``cgi_directories`` path. 450 451 The :class:`CGIHTTPRequestHandler` defines the following data member: 452 453 .. attribute:: cgi_directories 454 455 This defaults to ``['/cgi-bin', '/htbin']`` and describes directories to 456 treat as containing CGI scripts. 457 458 The :class:`CGIHTTPRequestHandler` defines the following method: 459 460 .. method:: do_POST() 461 462 This method serves the ``'POST'`` request type, only allowed for CGI 463 scripts. Error 501, "Can only POST to CGI scripts", is output when trying 464 to POST to a non-CGI url. 465 466 Note that CGI scripts will be run with UID of user nobody, for security 467 reasons. Problems with the CGI script will be translated to error 403. 468 469 :class:`CGIHTTPRequestHandler` can be enabled in the command line by passing 470 the ``--cgi`` option:: 471 472 python -m http.server --cgi 8000 473
