http.server
--- HTTP servers¶
Code source : Lib/http/server.py
Ce module définit des classes implémentant des serveurs HTTP.
Avertissement
http.server
is not recommended for production. It only implements
basic security checks.
Availability: not Emscripten, not WASI.
This module does not work or is not available on WebAssembly platforms
wasm32-emscripten
and wasm32-wasi
. See
Plateformes WebAssembly for more information.
Une des classes, HTTPServer
, est une sous-classe de socketserver.TCPServer
. Elle crée une interface de connexion (socket en anglais) avant de rester à l'écoute des messages reçus sur celle-ci, les répartissant à un gestionnaire d'évènements (handler en anglais). Le code pour créer et exécuter le serveur ressemble à ceci :
def run(server_class=HTTPServer, handler_class=BaseHTTPRequestHandler):
server_address = ('', 8000)
httpd = server_class(server_address, handler_class)
httpd.serve_forever()
- class http.server.HTTPServer(server_address, RequestHandlerClass)¶
Cette classe hérite de la classe
TCPServer
. Ses instances contiennent l'adresse du serveur dans les variables d'instanceserver_name
etserver_port
.Le serveur est accessible par le gestionnaire d'évènements, habituellement par le biais de sa variable d'instanceserver
.
- class http.server.ThreadingHTTPServer(server_address, RequestHandlerClass)¶
Cette classe est identique à HTTPServer mais utilise des fils d'exécution afin de gérer les requêtes, et ce, par le biais de
ThreadingMixIn
. Ceci est utile afin de gérer les pré-ouvertures des interfaces de connexion des navigateurs web, sur lesquellesHTTPServer
attendrait de façon perpétuelle.Ajouté dans la version 3.7.
On doit passer un RequestHandlerClass lors de l'instanciation de HTTPServer
et de ThreadingHTTPServer
. Ce module fournit trois variantes différentes :
- class http.server.BaseHTTPRequestHandler(request, client_address, server)¶
Cette classe est utilisée afin de gérer les requêtes HTTP arrivant au serveur. Elle ne peut pas répondre par elle-même à des requêtes HTTP ; cette méthode doit être surchargée dans les classes dérivées, par exemple GET ou POST. La classe
BaseHTTPRequestHandler
fournit plusieurs classes et variables d'instance, ainsi que des méthodes à utiliser par les sous-classes.The handler will parse the request and the headers, then call a method specific to the request type. The method name is constructed from the request. For example, for the request method
SPAM
, thedo_SPAM()
method will be called with no arguments. All of the relevant information is stored in instance variables of the handler. Subclasses should not need to override or extend the__init__()
method.BaseHTTPRequestHandler
a les variables d'instances suivantes :- client_address¶
Contient un n-uplet de la forme
(host, port)
, faisant référence à l'adresse du client.
- server¶
Contient l'instance du serveur.
- close_connection¶
Booléen qui doit être défini avant que
handle_one_request()
ne termine son exécution, indiquant si on peut recevoir une autre requête ou si la connexion doit être fermée.
- requestline¶
Contient la chaîne de caractères représentant la ligne de requête HTTP. La dénotation de fin de ligne CRLF est enlevée. Cet attribut doit être défini par
handle_one_request()
. Dans le cas où aucune ligne de requête valide n'a été traitée, il doit prendre la valeur de la chaîne de caractères vide.
- command¶
Contient la commande (le type de requête). Par exemple,
'GET'
.
- path¶
Contient le chemin de la requête. Si la composante de requête de l'URL est présente, alors
path
contient la requête. Selon la terminologie de RFC 3986,path
inclut icihier-part
et laquery
.
- request_version¶
Contient la version de la requête, en chaîne de caractères. Par exemple,
'HTTP/1.0'
.
- headers¶
Holds an instance of the class specified by the
MessageClass
class variable. This instance parses and manages the headers in the HTTP request. Theparse_headers()
function fromhttp.client
is used to parse the headers and it requires that the HTTP request provide a valid RFC 2822 style header.
- rfile¶
An
io.BufferedIOBase
input stream, ready to read from the start of the optional input data.
- wfile¶
Contains the output stream for writing a response back to the client. Proper adherence to the HTTP protocol must be used when writing to this stream in order to achieve successful interoperation with HTTP clients.
Modifié dans la version 3.6: This is an
io.BufferedIOBase
stream.
BaseHTTPRequestHandler
has the following attributes:- server_version¶
Précise la version du logiciel du serveur. Vous pouvez la modifier. Le format utilisé est constitué de plusieurs chaînes de caractères séparées par des caractères d'espacement, où chaque chaîne prend la forme nom[/version]. Par exemple,
'BaseHTTP/0.2'
.
- sys_version¶
Contient la version système de Python, dans une forme pouvant être utilisée par la méthode
version_string
ainsi que par la variable de classeserver_version
. Par exemple,'Python/1.4'
.
- error_message_format¶
Définit une chaîne de caractères avec champs de formatage devant être utilisée par la méthode
send_error()
afin de construire une réponse d'erreur pour le client. Par défaut, la chaîne contient des variables provenant de l'attributresponses
se basant sur le code de statut passé àsend_error()
.
- error_content_type¶
Définit l'en-tête HTTP Content-Type des réponses d'erreur envoyées au client. La valeur par défaut est
'text/html'
.
- protocol_version¶
Specifies the HTTP version to which the server is conformant. It is sent in responses to let the client know the server's communication capabilities for future requests. If set to
'HTTP/1.1'
, the server will permit HTTP persistent connections; however, your server must then include an accurateContent-Length
header (usingsend_header()
) in all of its responses to clients. For backwards compatibility, the setting defaults to'HTTP/1.0'
.
- MessageClass¶
Définit une classe similaire à
email.message.Message
permettant l'analyse des en-têtes HTTP. Habituellement, cette valeur n'est pas modifiée, et prend par défaut la valeur dehttp.client.HTTPMessage
.
- responses¶
Cet attribut contient une table de correspondance entre des codes d'erreurs dénotés par des entiers et des n-uplets contenant un message court et un message long. Par exemple,
{code: (shortmessage, longmessage)}
. Habituellement, le message shortmessage correspond à la clé message d'une réponse d'erreur, alors que le message longmessage correspond à la clé explain de celle-ci. Il est utilisé par les méthodessend_response_only()
etsend_error()
.
Une instance de la classe
BaseHTTPRequestHandler
contient les méthodes suivantes :- handle()¶
Calls
handle_one_request()
once (or, if persistent connections are enabled, multiple times) to handle incoming HTTP requests. You should never need to override it; instead, implement appropriatedo_*()
methods.
- handle_one_request()¶
This method will parse and dispatch the request to the appropriate
do_*()
method. You should never need to override it.
- handle_expect_100()¶
When an HTTP/1.1 conformant server receives an
Expect: 100-continue
request header it responds back with a100 Continue
followed by200 OK
headers. This method can be overridden to raise an error if the server does not want the client to continue. For e.g. server can choose to send417 Expectation Failed
as a response header andreturn False
.Ajouté dans la version 3.2.
- send_error(code, message=None, explain=None)¶
Sends and logs a complete error reply to the client. The numeric code specifies the HTTP error code, with message as an optional, short, human readable description of the error. The explain argument can be used to provide more detailed information about the error; it will be formatted using the
error_message_format
attribute and emitted, after a complete set of headers, as the response body. Theresponses
attribute holds the default values for message and explain that will be used if no value is provided; for unknown codes the default value for both is the string???
. The body will be empty if the method is HEAD or the response code is one of the following:1xx
,204 No Content
,205 Reset Content
,304 Not Modified
.Modifié dans la version 3.4: The error response includes a Content-Length header. Added the explain argument.
- send_response(code, message=None)¶
Adds a response header to the headers buffer and logs the accepted request. The HTTP response line is written to the internal buffer, followed by Server and Date headers. The values for these two headers are picked up from the
version_string()
anddate_time_string()
methods, respectively. If the server does not intend to send any other headers using thesend_header()
method, thensend_response()
should be followed by anend_headers()
call.Modifié dans la version 3.3: Headers are stored to an internal buffer and
end_headers()
needs to be called explicitly.
- send_header(keyword, value)¶
Adds the HTTP header to an internal buffer which will be written to the output stream when either
end_headers()
orflush_headers()
is invoked. keyword should specify the header keyword, with value specifying its value. Note that, after the send_header calls are done,end_headers()
MUST BE called in order to complete the operation.Modifié dans la version 3.2: Headers are stored in an internal buffer.
- send_response_only(code, message=None)¶
Sends the response header only, used for the purposes when
100 Continue
response is sent by the server to the client. The headers not buffered and sent directly the output stream.If the message is not specified, the HTTP message corresponding the response code is sent.Ajouté dans la version 3.2.
- end_headers()¶
Adds a blank line (indicating the end of the HTTP headers in the response) to the headers buffer and calls
flush_headers()
.Modifié dans la version 3.2: The buffered headers are written to the output stream.
- flush_headers()¶
Finally send the headers to the output stream and flush the internal headers buffer.
Ajouté dans la version 3.3.
- log_request(code='-', size='-')¶
Logs an accepted (successful) request. code should specify the numeric HTTP code associated with the response. If a size of the response is available, then it should be passed as the size parameter.
- log_error(...)¶
Logs an error when a request cannot be fulfilled. By default, it passes the message to
log_message()
, so it takes the same arguments (format and additional values).
- log_message(format, ...)¶
Logs an arbitrary message to
sys.stderr
. This is typically overridden to create custom error logging mechanisms. The format argument is a standard printf-style format string, where the additional arguments tolog_message()
are applied as inputs to the formatting. The client ip address and current date and time are prefixed to every message logged.
- version_string()¶
Returns the server software's version string. This is a combination of the
server_version
andsys_version
attributes.
- date_time_string(timestamp=None)¶
Returns the date and time given by timestamp (which must be
None
or in the format returned bytime.time()
), formatted for a message header. If timestamp is omitted, it uses the current date and time.The result looks like
'Sun, 06 Nov 1994 08:49:37 GMT'
.
- log_date_time_string()¶
Returns the current date and time, formatted for logging.
- address_string()¶
Returns the client address.
Modifié dans la version 3.3: Previously, a name lookup was performed. To avoid name resolution delays, it now always returns the IP address.
- class http.server.SimpleHTTPRequestHandler(request, client_address, server, directory=None)¶
This class serves files from the directory directory and below, or the current directory if directory is not provided, directly mapping the directory structure to HTTP requests.
Modifié dans la version 3.7: Added the directory parameter.
Modifié dans la version 3.9: The directory parameter accepts a path-like object.
A lot of the work, such as parsing the request, is done by the base class
BaseHTTPRequestHandler
. This class implements thedo_GET()
anddo_HEAD()
functions.The following are defined as class-level attributes of
SimpleHTTPRequestHandler
:- server_version¶
This will be
"SimpleHTTP/" + __version__
, where__version__
is defined at the module level.
- extensions_map¶
A dictionary mapping suffixes into MIME types, contains custom overrides for the default system mappings. The mapping is used case-insensitively, and so should contain only lower-cased keys.
Modifié dans la version 3.9: This dictionary is no longer filled with the default system mappings, but only contains overrides.
The
SimpleHTTPRequestHandler
class defines the following methods:- do_HEAD()¶
This method serves the
'HEAD'
request type: it sends the headers it would send for the equivalentGET
request. See thedo_GET()
method for a more complete explanation of the possible headers.
- do_GET()¶
The request is mapped to a local file by interpreting the request as a path relative to the current working directory.
If the request was mapped to a directory, the directory is checked for a file named
index.html
orindex.htm
(in that order). If found, the file's contents are returned; otherwise a directory listing is generated by calling thelist_directory()
method. This method usesos.listdir()
to scan the directory, and returns a404
error response if thelistdir()
fails.If the request was mapped to a file, it is opened. Any
OSError
exception in opening the requested file is mapped to a404
,'File not found'
error. If there was an'If-Modified-Since'
header in the request, and the file was not modified after this time, a304
,'Not Modified'
response is sent. Otherwise, the content type is guessed by calling theguess_type()
method, which in turn uses the extensions_map variable, and the file contents are returned.A
'Content-type:'
header with the guessed content type is output, followed by a'Content-Length:'
header with the file's size and a'Last-Modified:'
header with the file's modification time.Then follows a blank line signifying the end of the headers, and then the contents of the file are output. If the file's MIME type starts with
text/
the file is opened in text mode; otherwise binary mode is used.For example usage, see the implementation of the
test
function in Lib/http/server.py.Modifié dans la version 3.7: Support of the
'If-Modified-Since'
header.
The SimpleHTTPRequestHandler
class can be used in the following
manner in order to create a very basic webserver serving files relative to
the current directory:
import http.server
import socketserver
PORT = 8000
Handler = http.server.SimpleHTTPRequestHandler
with socketserver.TCPServer(("", PORT), Handler) as httpd:
print("serving at port", PORT)
httpd.serve_forever()
SimpleHTTPRequestHandler
can also be subclassed to enhance behavior,
such as using different index file names by overriding the class attribute
index_pages
.
http.server
can also be invoked directly using the -m
switch of the interpreter. Similar to
the previous example, this serves files relative to the current directory:
python -m http.server
The server listens to port 8000 by default. The default can be overridden by passing the desired port number as an argument:
python -m http.server 9000
By default, the server binds itself to all interfaces. The option -b/--bind
specifies a specific address to which it should bind. Both IPv4 and IPv6
addresses are supported. For example, the following command causes the server
to bind to localhost only:
python -m http.server --bind 127.0.0.1
Modifié dans la version 3.4: Added the --bind
option.
Modifié dans la version 3.8: Support IPv6 in the --bind
option.
By default, the server uses the current directory. The option -d/--directory
specifies a directory to which it should serve the files. For example,
the following command uses a specific directory:
python -m http.server --directory /tmp/
Modifié dans la version 3.7: Added the --directory
option.
By default, the server is conformant to HTTP/1.0. The option -p/--protocol
specifies the HTTP version to which the server is conformant. For example, the
following command runs an HTTP/1.1 conformant server:
python -m http.server --protocol HTTP/1.1
Modifié dans la version 3.11: Added the --protocol
option.
- class http.server.CGIHTTPRequestHandler(request, client_address, server)¶
This class is used to serve either files or output of CGI scripts from the current directory and below. Note that mapping HTTP hierarchic structure to local directory structure is exactly as in
SimpleHTTPRequestHandler
.Note
CGI scripts run by the
CGIHTTPRequestHandler
class cannot execute redirects (HTTP code 302), because code 200 (script output follows) is sent prior to execution of the CGI script. This pre-empts the status code.The class will however, run the CGI script, instead of serving it as a file, if it guesses it to be a CGI script. Only directory-based CGI are used --- the other common server configuration is to treat special extensions as denoting CGI scripts.
The
do_GET()
anddo_HEAD()
functions are modified to run CGI scripts and serve the output, instead of serving files, if the request leads to somewhere below thecgi_directories
path.The
CGIHTTPRequestHandler
defines the following data member:- cgi_directories¶
This defaults to
['/cgi-bin', '/htbin']
and describes directories to treat as containing CGI scripts.
The
CGIHTTPRequestHandler
defines the following method:- do_POST()¶
This method serves the
'POST'
request type, only allowed for CGI scripts. Error 501, "Can only POST to CGI scripts", is output when trying to POST to a non-CGI url.
Note that CGI scripts will be run with UID of user nobody, for security reasons. Problems with the CGI script will be translated to error 403.
CGIHTTPRequestHandler
can be enabled in the command line by passing
the --cgi
option:
python -m http.server --cgi
Avertissement
CGIHTTPRequestHandler
and the --cgi
command line option
are not intended for use by untrusted clients and may be vulnerable
to exploitation. Always use within a secure environment.
Security Considerations¶
SimpleHTTPRequestHandler
will follow symbolic links when handling
requests, this makes it possible for files outside of the specified directory
to be served.
Earlier versions of Python did not scrub control characters from the
log messages emitted to stderr from python -m http.server
or the
default BaseHTTPRequestHandler
.log_message
implementation. This could allow remote clients connecting to your
server to send nefarious control codes to your terminal.
Modifié dans la version 3.12: Control characters are scrubbed in stderr logs.