LastChangedDate: | |
---|---|
LastChangedRevision: | |
LastChangedBy: |
This document describes how to use the HTTP client included in Twisted Web. After reading it, you should be able to make HTTP and HTTPS requests using Twisted Web. You will be able to specify the request method, headers, and body and you will be able to retrieve the response code, headers, and body.
A number of higher-level features are also explained, including proxying, automatic content encoding negotiation, and cookie handling.
This document assumes that you are familiar with :doc:`Deferreds and Failures <../../core/howto/defer>` , and :doc:`producers and consumers <../../core/howto/producers>` . It also assumes you are familiar with the basic concepts of HTTP, such as requests and responses, methods, headers, and message bodies. The HTTPS section of this document also assumes you are somewhat familiar with SSL and have read about :doc:`using SSL in Twisted <../../core/howto/ssl>` .
The :py:class:`twisted.web.client.Agent` class is the entry point into the client API. Requests are issued using the :py:meth:`request <twisted.web.client.Agent.request>` method, which takes as parameters a request method, a request URI, the request headers, and an object which can produce the request body (if there is to be one). The agent is responsible for connection setup. Because of this, it requires a reactor as an argument to its initializer. An example of creating an agent and issuing a request using it might look like this:
:download:`request.py <listings/client/request.py>`
.. literalinclude:: listings/client/request.py
As may be obvious, this issues a new GET request for /
to the web server on example.com
. Agent
is
responsible for resolving the hostname into an IP address and connecting
to it on port 80 (for HTTP URIs), port 443 (for HTTPS
URIs), or on the port number specified in the URI itself. It is also
responsible for cleaning up the connection afterwards. This code sends
a request which includes one custom header, User-Agent . The
last argument passed to Agent.request
is None
,
though, so the request has no body.
Sending a request which does include a body requires passing an object
providing :py:class:`twisted.web.iweb.IBodyProducer`
to Agent.request
. This interface extends the more general
:py:class:`IPushProducer <twisted.internet.interfaces.IPushProducer>`
by adding a new length
attribute and adding several
constraints to the way the producer and consumer interact.
- The length attribute must be a non-negative integer or the constant
twisted.web.iweb.UNKNOWN_LENGTH
. If the length is known, it will be used to specify the value for the Content-Length header in the request. If the length is unknown the attribute should be set toUNKNOWN_LENGTH
. Since more servers support Content-Length , if a length can be provided it should be. - An additional method is required on
IBodyProducer
implementations:startProducing
. This method is used to associate a consumer with the producer. It should return aDeferred
which fires when all data has been produced. IBodyProducer
implementations should never call the consumer'sunregisterProducer
method. Instead, when it has produced all of the data it is going to produce, it should only fire theDeferred
returned bystartProducing
.
For additional details about the requirements of :py:class:`IBodyProducer <twisted.web.iweb.IBodyProducer>` implementations, see the API documentation.
Here's a simple IBodyProducer
implementation which
writes an in-memory string to the consumer:
:download:`bytesprod.py <listings/client/bytesprod.py>`
.. literalinclude:: listings/client/bytesprod.py
This producer can be used to issue a request with a body:
:download:`sendbody.py <listings/client/sendbody.py>`
.. literalinclude:: listings/client/sendbody.py
If you want to upload a file or you just have some data in a string, you
don't have to copy StringProducer
though. Instead, you can
use :py:class:`FileBodyProducer <twisted.web.client.FileBodyProducer>` .
This IBodyProducer
implementation works with any file-like
object (so use it with a StringIO
if your upload data is
already in memory as a string); the idea is the same
as StringProducer
from the previous example, but with a
little extra code to only send data as fast as the server will take it.
:download:`filesendbody.py <listings/client/filesendbody.py>`
.. literalinclude:: listings/client/filesendbody.py
FileBodyProducer
closes the file when it no longer needs it.
If the connection or the request take too much time, you can cancel the
Deferred
returned by the Agent.request
method.
This will abort the connection, and the Deferred
will errback
with :py:class:`CancelledError <twisted.internet.defer.CancelledError>` .
So far, the examples have demonstrated how to issue a request. However,
they have ignored the response, except for showing that it is a
Deferred
which seems to fire when the response has been
received. Next we'll cover what that response is and how to interpret
it.
Agent.request
, as with most Deferred
-returning
APIs, can return a Deferred
which fires with a
Failure
. If the request fails somehow, this will be
reflected with a failure. This may be due to a problem looking up the
host IP address, or it may be because the HTTP server is not accepting
connections, or it may be because of a problem parsing the response, or
any other problem which arises which prevents the response from being
received. It does not include responses with an error status.
If the request succeeds, though, the Deferred
will fire with
a :py:class:`Response <twisted.web.client.Response>` . This
happens as soon as all the response headers have been received. It
happens before any of the response body, if there is one, is processed.
The Response
object has several attributes giving the
response information: its code, version, phrase, and headers, as well as
the length of the body to expect. In addition to these, the
Response
also contains a reference to the :py:class:`request <twisted.web.iweb.IClientRequest>` that it is
a response to; one particularly useful attribute on the request is :py:attr:`absoluteURI <twisted.web.iweb.IClientRequest.absoluteURI>` :
The absolute URI to which the request was made. The
Response
object has a method which makes the response body
available: :py:meth:`deliverBody <twisted.web.client.Response.deliverBody>` . Using the
attributes of the response object and this method, here's an example
which displays part of the response to a request:
:download:`response.py <listings/client/response.py>`
.. literalinclude:: listings/client/response.py
The BeginningPrinter
protocol in this example is passed to
Response.deliverBody
and the response body is then delivered
to its dataReceived
method as it arrives. When the body has
been completely delivered, the protocol's connectionLost
method is called. It is important to inspect the Failure
passed to connectionLost
. If the response body has been
completely received, the failure will wrap a :py:class:`twisted.web.client.ResponseDone` exception. This
indicates that it is known that all data has been received. It
is also possible for the failure to wrap a :py:class:`twisted.web.http.PotentialDataLoss` exception: this
indicates that the server framed the response such that there is no way
to know when the entire response body has been received. Only
HTTP/1.0 servers should behave this way. Finally, it is possible for
the exception to be of another type, indicating guaranteed data loss for
some reason (a lost connection, a memory error, etc).
Just as protocols associated with a TCP connection are given a transport,
so will be a protocol passed to deliverBody
. Since it makes
no sense to write more data to the connection at this stage of the
request, though, the transport only provides :py:class:`IPushProducer <twisted.internet.interfaces.IPushProducer>` . This allows the
protocol to control the flow of the response data: a call to the
transport's pauseProducing
method will pause delivery; a
later call to resumeProducing
will resume it. If it is
decided that the rest of the response body is not desired,
stopProducing
can be used to stop delivery permanently;
after this, the protocol's connectionLost
method will be
called.
An important thing to keep in mind is that the body will only be read
from the connection after Response.deliverBody
is called.
This also means that the connection will remain open until this is done
(and the body read). So, in general, any response with a body
must have that body read using deliverBody
. If the
application is not interested in the body, it should issue a
HEAD request or use a protocol which immediately calls
stopProducing
on its transport.
If the body of the response isn't going to be consumed incrementally, then :py:func:`readBody <twisted.web.client.readBody>` can be used to get the body as a byte-string.
This function returns a Deferred
that fires with the body after the request has been completed; cancelling this Deferred
will close the connection to the HTTP server immediately.
:download:`responseBody.py <listings/client/responseBody.py>`
.. literalinclude:: listings/client/responseBody.py
Everything you've read so far applies whether the scheme of the request URI is HTTP or HTTPS .
Since version 15.0.0, Twisted's Agent
HTTP client will validate https
URLs against your platform's trust store by default.
Note
If you're using an earlier version, please upgrade, as this is a critical security feature!
Note
Only Agent
, and things that use it, validates HTTPS.
Do not use getPage
to retrieve HTTPS URLs; although we have not yet removed all the examples that use it, we discourage its use.
You should pip install twisted[tls]
in order to get all the dependencies necessary to do TLS properly.
The :doc:`installation instructions <../../installation/howto/optional>` gives more detail on optional dependencies and how to install them which may be of interest.
For some uses, you may need to customize Agent's use of HTTPS; for example, to provide a client certificate, or to use a custom certificate authority for an internal network.
Here, we're just going to show you how to inject the relevant TLS configuration into an Agent, so we'll use the simplest possible example, rather than a more useful but complex one.
Agent
's constructor takes an optional second argument, which allows you to customize its behavior with respect to HTTPS.
The object passed here must provide the :py:class:`twisted.web.iweb.IPolicyForHTTPS` interface.
Using the very helpful badssl.com
web API, we will construct a request that fails to validate, because the certificate has the wrong hostname in it.
The following Python program should produce a verification error when run as python example.py https://wrong.host.badssl.com/
.
import sys
from twisted.internet.task import react
from twisted.web.client import Agent, ResponseFailed
@react
def main(reactor):
agent = Agent(reactor)
requested = agent.request(b"GET", sys.argv[1].encode("ascii"))
def gotResponse(response):
print(response.code)
def noResponse(failure):
failure.trap(ResponseFailed)
print(failure.value.reasons[0].getTraceback())
return requested.addCallbacks(gotResponse, noResponse)
The verification error you see when running the above program is due to the mismatch between "wrong.host.badssl.com
", the expected hostname derived from the URL, and "badssl.com
", the hostname contained in the certificate presented by the server.
In our pretend scenario, we want to construct an Agent
that validates HTTPS certificates normally, _except_ for this one host.
For "wrong.host.badssl.com"
, we wish to supply the correct hostname to check the certificate against manually, to work around this problem.
In order to do that, we will supply our own policy that creates a different TLS configuration depending on the hostname, like so:
import sys
from zope.interface import implementer
from twisted.internet.task import react
from twisted.internet.ssl import optionsForClientTLS
from twisted.web.iweb import IPolicyForHTTPS
from twisted.web.client import Agent, ResponseFailed, BrowserLikePolicyForHTTPS
@implementer(IPolicyForHTTPS)
class OneHostnameWorkaroundPolicy(object):
def __init__(self):
self._normalPolicy = BrowserLikePolicyForHTTPS()
def creatorForNetloc(self, hostname, port):
if hostname == b"wrong.host.badssl.com":
hostname = b"badssl.com"
return self._normalPolicy.creatorForNetloc(hostname, port)
@react
def main(reactor):
agent = Agent(reactor, OneHostnameWorkaroundPolicy())
requested = agent.request(b"GET", sys.argv[1].encode("ascii"))
def gotResponse(response):
print(response.code)
def noResponse(failure):
failure.trap(ResponseFailed)
print(failure.value.reasons[0].getTraceback())
return requested.addCallbacks(gotResponse, noResponse)
Now, invoking python example.py https://wrong.host.badssl.com/
will happily give us a 200
status code; however, running it with https://expired.badssl.com/
or https://self-signed.badssl.com/
or any of the other error hostnames should still give an error.
Note
The technique presented above does not ignore the mismatching hostname, but rather, it provides the erroneous hostname specifically so that the misconfiguration is expected. Twisted does not document any facilities for disabling verification, since that makes TLS useless; instead, we strongly encourage you to figure out what properties you need from the connection and verify those.
Using this TLS policy mechanism, you can customize Agent to use any feature of TLS that Twisted has support for, including the examples given above; client certificates, alternate trust roots, and so on. For a more detailed explanation of what options exist for client TLS configuration in Twisted, check out the documentation for the :py:func:`optionsForClientTLS <twisted.internet.ssl.optionsForClientTLS>` API and the :doc:`Using SSL in Twisted <../../core/howto/ssl>` chapter of this documentation.
HTTP persistent connections use the same TCP connection to send and receive multiple HTTP requests/responses. This reduces latency and TCP connection establishment overhead.
The constructor of :py:class:`twisted.web.client.Agent`
takes an optional parameter pool, which should be an instance
of :py:class:`HTTPConnectionPool <twisted.web.client.HTTPConnectionPool>` , which will be used
to manage the connections. If the pool is created with the
parameter persistent
set to True
(the
default), it will not close connections when the request is done, and
instead hold them in its cache to be re-used.
Here's an example which sends requests over a persistent connection:
from twisted.internet import reactor
from twisted.internet.defer import Deferred, DeferredList
from twisted.internet.protocol import Protocol
from twisted.web.client import Agent, HTTPConnectionPool
class IgnoreBody(Protocol):
def __init__(self, deferred):
self.deferred = deferred
def dataReceived(self, bytes):
pass
def connectionLost(self, reason):
self.deferred.callback(None)
def cbRequest(response):
print('Response code:', response.code)
finished = Deferred()
response.deliverBody(IgnoreBody(finished))
return finished
pool = HTTPConnectionPool(reactor)
agent = Agent(reactor, pool=pool)
def requestGet(url):
d = agent.request('GET', url)
d.addCallback(cbRequest)
return d
# Two requests to the same host:
d = requestGet('http://localhost:8080/foo').addCallback(
lambda ign: requestGet("http://localhost:8080/bar"))
def cbShutdown(ignored):
reactor.stop()
d.addCallback(cbShutdown)
reactor.run()
Here, the two requests are to the same host, one after the each other. In most cases, the same connection will be used for the second request, instead of two different connections when using a non-persistent pool.
:py:class:`twisted.web.client.HTTPConnectionPool` instances
have an attribute
called maxPersistentPerHost
which limits the
number of cached persistent connections to the same server. The default
value is 2. This is effective only when the :py:attr:`persistent <twisted.web.client.HTTPConnectionPool.persistent>` option is
True. You can change the value like bellow:
from twisted.web.client import HTTPConnectionPool
pool = HTTPConnectionPool(reactor, persistent=True)
pool.maxPersistentPerHost = 1
With the default value of 2, the pool keeps around two connections to
the same host at most. Eventually the cached persistent connections will
be closed, by default after 240 seconds; you can change this timeout
value with the cachedConnectionTimeout
attribute of the pool. To force all connections to close use
the :py:meth:`closeCachedConnections <twisted.web.client.HTTPConnectionPool.closeCachedConnections>`
method.
If a request fails without getting a response, and the request is
something that hopefully can be retried without having any side-effects
(e.g. a request with method GET), it will be retried automatically when
sending a request over a previously-cached persistent connection. You can
disable this behavior by setting :py:attr:`retryAutomatically <twisted.web.client.HTTPConnectionPool.retryAutomatically>`
to False
. Note that each request will only be retried
once.
By itself, Agent
doesn't follow HTTP redirects (responses
with 301, 302, 303, 307 status codes and a location
header
field). You need to use the :py:class:`twisted.web.client.RedirectAgent` class to do so. It
implements a rather strict behavior of the RFC, meaning it will redirect
301 and 302 as 307, only on GET
and HEAD
requests.
The following example shows how to have a redirect-enabled agent.
from twisted.python.log import err
from twisted.web.client import Agent, RedirectAgent
from twisted.internet import reactor
def display(response):
print("Received response")
print(response)
def main():
agent = RedirectAgent(Agent(reactor))
d = agent.request("GET", "http://example.com/")
d.addCallbacks(display, err)
d.addCallback(lambda ignored: reactor.stop())
reactor.run()
if __name__ == "__main__":
main()
In contrast, :py:class:`twisted.web.client.BrowserLikeRedirectAgent` implements
more lenient behaviour that closely emulates what web browsers do; in
other words 301 and 302 POST
redirects are treated like 303,
meaning the method is changed to GET
before making the redirect
request.
As mentioned previously, :py:class:`Response <twisted.web.client.Response>` contains a reference to both
the :py:class:`request <twisted.web.iweb.IClientRequest>` that it is a response
to, and the previously received :py:class:`response <twisted.web.client.Response>` , accessible by :py:attr:`previousResponse <twisted.web.client.Response.previousResponse>` .
In most cases there will not be a previous response, but in the case of
RedirectAgent
the response history can be obtained by
following the previous responses from response to response.
To be able to use HTTP proxies with an agent, you can use the :py:class:`twisted.web.client.ProxyAgent` class.
It supports the same interface as Agent
, but takes the endpoint of the proxy as initializer argument.
This is specifically intended for talking to servers that implement the proxying variation of the HTTP protocol; for other types of proxies you will want :py:meth:`Agent.usingEndpointFactory <twisted.web.client.Agent.usingEndpointFactory>` (see documentation below).
Here's an example demonstrating the use of an HTTP proxy running on localhost:8000.
from twisted.python.log import err
from twisted.web.client import ProxyAgent
from twisted.internet import reactor
from twisted.internet.endpoints import TCP4ClientEndpoint
def display(response):
print("Received response")
print(response)
def main():
endpoint = TCP4ClientEndpoint(reactor, "localhost", 8000)
agent = ProxyAgent(endpoint)
d = agent.request("GET", "https://example.com/")
d.addCallbacks(display, err)
d.addCallback(lambda ignored: reactor.stop())
reactor.run()
if __name__ == "__main__":
main()
Please refer to the :doc:`endpoints documentation <../../core/howto/endpoints>` for more information about how they work and the :py:mod:`twisted.internet.endpoints` API documentation to learn what other kinds of endpoints exist.
An existing agent instance can be wrapped with
:py:class:`twisted.web.client.CookieAgent` to automatically store, send and
track HTTP cookies. A CookieJar
instance, from the Python standard library
module http.cookiejar ,
is used to store the cookie information. An example of using CookieAgent
to
perform a request and display the collected cookies might look like this:
:download:`cookies.py <listings/client/cookies.py>`
.. literalinclude:: listings/client/cookies.py
:py:class:`twisted.web.client.ContentDecoderAgent` adds
support for sending Accept-Encoding request headers and
interpreting Content-Encoding response headers. These headers
allow the server to encode the response body somehow, typically with some
compression scheme to save on transfer
costs. ContentDecoderAgent
provides this functionality as a
wrapper around an existing agent instance. Together with one or more
decoder objects (such as
:py:class:`twisted.web.client.GzipDecoder` ), this wrapper
automatically negotiates an encoding to use and decodes the response body
accordingly. To application code using such an agent, there is no visible
difference in the data delivered.
:download:`gzipdecoder.py <listings/client/gzipdecoder.py>`
.. literalinclude:: listings/client/gzipdecoder.py
Implementing support for new content encodings is as simple as writing a
new class like GzipDecoder
that can decode a response using
the new encoding. As there are not many content encodings in widespread
use, gzip is the only encoding supported by Twisted itself.
Typically you want your HTTP client to open a TCP connection directly to the web server.
Sometimes however it's useful to be able to connect some other way, e.g. making an HTTP request over a SOCKS proxy connection or connecting to a server listening on a UNIX socket.
For this reason, there is an alternate constructor called :py:meth:`Agent.usingEndpointFactory <twisted.web.client.Agent.usingEndpointFactory>` that takes an endpointFactory
argument.
This argument must provide the :py:class:`twisted.web.iweb.IAgentEndpointFactory` interface.
Note that when talking to a HTTP proxy, i.e. a server that implements the proxying-specific variant of HTTP you should use :py:class:`ProxyAgent <twisted.web.client.ProxyAgent>` - see documentation above.
:download:`endpointconstructor.py <listings/client/endpointconstructor.py>`
.. literalinclude:: listings/client/endpointconstructor.py
You should now understand the basics of the Twisted Web HTTP client. In particular, you should understand:
- How to issue requests with arbitrary methods, headers, and bodies.
- How to access the response version, code, phrase, headers, and body.
- How to store, send, and track cookies.
- How to control the streaming of the response body.
- How to enable the HTTP persistent connection, and control the number of connections.