CSC 2720 Building Web Applications Getting and Setting HTTP Headers (With PHP Examples)

Download Report

Transcript CSC 2720 Building Web Applications Getting and Setting HTTP Headers (With PHP Examples) 

CSC 2720
Building Web Applications
Getting and Setting HTTP Headers
(With PHP Examples)
Outline
 What kinds of data are embedded in the HTTP
request/response headers?
 How useful could these data be?
 What can we achieve by setting HTTP response
header?
 PHP APIs for getting headers from HTTP request
 PHP APIs for setting HTTP response headers
 Examples
Introduction
HTTP/1.1 200 OK
Date: Mon, 23 May 2005 22:38:34 GMT
Server: Apache/1.3.3.7 (Unix) (Red-Hat/Linux)
Last-Modified: Wed, 08 Jan 2003 23:11:55 GMT
Etag: "3f80f-1b6-3e1cb03b"
Accept-Ranges: bytes
Content-Length: 438
Connection: close
Content-Type: text/html; charset=UTF-8
Body of the contents goes here …
The header section of a HTTP response
 The data in the HTTP header contains info about
client/server and the data embedded in the HTTP
body.
HTTP Request Headers
 You can find out more about your client.
 For examples
 accept, accept-encoding, accept-language,
accept-charset: Content types, compression
schemes, languages, and character sets that the web
client can handle.
 user-agent: Info about the web client and operating
system
 referer: The URL of the webpage that "brings" the
client to the requested page
 cookie: Cookies
Obtaining HTTP Header Fields
 Header fields of the current request is stored in
$_SERVER.
 For a complete list of predefined names, please refer to
http://www.php.net/manual/en/reserved.variables.server.php
 Some of the useful info include
 $_SERVER['HTTP_USER_AGENT']
 Contains info about the web client
 $_SERVER['HTTP_REFERER']
 URL of the page (if any) which referred the web client to the
current page. (May not be reliable)
 Cookies should be access through $_COOKIE instead.
HTTP Response Headers
 You can modify the HTTP response header to





Redirect the web client to another URL
Send a different HTTP status code
Tell the web client whether to cache the current document or not
Tell web client what language is used in the current document
Change the content type of the current document
 You can use PHP to dynamically create text file, CSV file, image, etc.
 Requesting the web client to download another file.
 Set cookies (but in PHP, cookies should be set through $_COOKIE
instead.)
Examples of HTTP 1.1 Response Headers
 Cache-Control
 Tells all caching mechanisms from server to client
whether they may cache this object.
 To tells a client not to cache the requested resource, set
the its value to no-cache.
 Content-Language
 The language the content is in
 Content-Type
 The MIME type of the content being returned
Examples of HTTP 1.1 Response Headers
 Expires
 The time at which document should be considered as outof-date
 Last-Modified
 The time in which the requested resource was last
modified.
 Location
 To redirect the web client to a new URL
 Set-Cookie
 The cookies that browser should remember.
Functions for Dealing with Header Fields in the HTTP
Response
 header()
 Set a raw HTTP header
 headers_list()
 Return a list of headers to be sent to the web client
 The list is a numerically indexed array
 headers_sent()
 Return FALSE if no HTTP headers have already been
sent or TRUE otherwise
Redirecting the web client to another URL
1
2
3
4
5
<?php
header('Location: http://www.yahoo.com/');
exit(); // Return immediately
?>
When a web client access the above file, it will go to http://www.yahoo.com
immeidately.
 header() must be called before any actual output is sent!
1
2
3
4
5
<?php
header('Location: http://www.yahoo.com/');
exit();
?>
Even with only one empty space sent, subsequent calls to header() will fail.
Send a different HTTP status code
1
2
3
4
5
6
<?php
header("HTTP/1.0 404 Not Found");
?>
<html>
<!-- Content of the error page goes here … -->
</html>
Creating a custom-made page to display the error message when a
requested resource cannot be found by the server.
You also need to configure the web server to use your custom-made page.
Tell the web client whether to cache the current
document or not
1
2
3
4
<?php
// HTTP/1.1
header("Cache-Control: no-cache, must-revalidate");
?>
For the format of HTTP header fields, please refer to
HTTP/1.1: Header Field Definitions
http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html
The above example is extracted from:
http://www.php.net/header
Requesting the web client to download a file
1 <?php
2
$imagename = 'test.jpg';
3
$info = getimagesize($imagename);
4
$fs = filesize($imagename);
5
6
// Setting the mime-type of the file
7
header("Content-type: {$info['mime']}\n");
8
9
// Send as attachment (request client to download)
10
header("Content-Disposition: attachment;" .
11
" filename=\"$imagename\"\n");
12
13
header("Content-Length: $fs\n");
14
readfile("$imagename");
15 ?>
References
 Wiki: List of HTTP headers
 http://en.wikipedia.org/wiki/List_of_HTTP_headers
 HTTP/1.1: Header Field Definitions
 http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html
 PHP Manual
 http://www.php.net/manual/en/index.php