🌐 Nette Http: abstraction for HTTP request, response and session. Provides careful data sanitization and utility for URL and cookies manipulation.

Installs: 1 708 758

Dependents: 385

Suggesters: 8

Stars: 113

Watchers: 40

Forks: 62

Open Issues: 14

v3.0.0-beta2 2018-10-25 18:08 UTC


Downloads this Month Build Status Build Status Windows Coverage Status Latest Stable Version License


HTTP request and response are encapsulated in Nette\Http\Request and Nette\Http\Response objects which offer comfortable API and also act as sanitization filter.

Documentation can be found on the website.

If you like Nette, please make a donation now. Thank you!


The recommended way to install is via Composer:

composer require nette/http

It requires PHP version 5.6 and supports PHP up to 7.3. The dev-master version requires PHP 7.1.

HTTP Request

Nette cleans out data sent by user from control and invalid characters.

The URL of the request is available as [api:Nette\Http\UrlScript] instance:

$url = $httpRequest->getUrl();
echo $url;       // e.g.
echo $url->host; //

Determine current HTTP method:

echo $httpRequest->getMethod(); // GET, POST, HEAD, PUT

if ($httpRequest->isMethod('GET')) ...

Is the connection encrypted (HTTPS)?

echo $httpRequest->isSecured() ? 'yes' : 'no';

Is this an AJAX request?

echo $httpRequest->isAjax() ? 'yes' : 'no';

What is the user's IP address?

echo $httpRequest->getRemoteAddress(); // user's IP address
echo $httpRequest->getRemoteHost();    // and its DNS translation

What URL the user came from? Returned as [Nette\Http\Url |urls] object.

echo $httpRequest->getReferer()->host;

Request parameters:

$get = $httpRequest->getQuery();    // array of all URL parameters
$id = $httpRequest->getQuery('id'); // returns GET parameter 'id' (or null)

$post = $httpRequest->getPost();    // array of all POST parameters
$id = $httpRequest->getPost('id');  // returns POST parameter 'id' (or null)

$cookies = $httpRequest->getCookies(); // array of all cookies
$sessId = $httpRequest->getCookie('sess_id'); // returns the cookie (or null)

Uploaded files are encapsulated into [api:Nette\Http\FileUpload] objects:

$files = $httpRequest->getFiles(); // array of all uploaded files

$file = $httpRequest->getFile('avatar'); // returns one file
echo $file->getName(); // name of the file sent by user
echo $file->getSanitizedName(); // the name without dangerous characters

HTTP headers are also accessible:

// returns associative array of HTTP headers
$headers = $httpRequest->getHeaders();

// returns concrete header (case-insensitive)
$userAgent = $httpRequest->getHeader('User-Agent');

A useful method is detectLanguage(). You can pass it an array with languages supported by application and it returns the one preferred by browser. It is not magic, the method just uses the Accept-Language header.

// Header sent by browser: Accept-Language: cs,en-us;q=0.8,en;q=0.5,sl;q=0.3

$langs = array('hu', 'pl', 'en'); // languages supported in application

echo $httpRequest->detectLanguage($langs); // en

RequestFactory and URL filtering

Object holding current HTTP request is created by [api:Nette\Http\RequestFactory]. Its behavior can be modified. It's possible to clean up URLs from characters that can get into them because of poorly implemented comment systems on various other websites by using filters:

$requestFactory = new Nette\Http\RequestFactory;

// remove spaces from path
$requestFactory->addUrlFilter('%20', '', PHP_URL_PATH);

// remove dot, comma or right parenthesis form the end of the URL

// clean the path from duplicated slashes (default filter)
$requestFactory->addUrlFilter('/{2,}', '/', PHP_URL_PATH);

And then we let the factory generate a new httpRequest and we store it in a system container:

// $container is a system container
$container->addService('httpRequest', $requestFactory->createHttpRequest());

HTTP response

Whether it is still possible to send headers or change the status code tells the isSent() method. If it returns true, it won't be possible to send another header or change the status code.

In that case, any attempt to send header or change code invokes Nette\InvalidStateException. .[caution]

[Response status code |] can be sent and retrieved this way:


echo $httpResponse->getCode(); // 404

For better source code readability it is recommended to use predefined constants instead of actual numbers:


Method setContentType($type, $charset=null) changes Content-Type response header:

$httpResponse->setContentType('text/plain', 'UTF-8');

Redirection to another URL is done by redirect($url, $code=302) method. Do not forget to terminate the script afterwards!


To set the document expiration date, we can use setExpiration() method. The parameter is either text data, number of seconds or a timestamp:

// browser cache expires in one hour
$httpResponse->setExpiration('+ 1 hours');

Now we send the HTTP response header:

$httpResponse->setHeader('Pragma', 'no-cache');

// or if we want to send the same header more times with different values
$httpResponse->addHeader('Pragma', 'no-cache');

Sent headers are also available:

// returns associative array of headers
$headers = $httpResponse->getHeaders();

// returns concrete header (case-insensitive)
$pragma = $httpResponse->getHeader('Pragma');

There are two methods for cookie manipulation: setCookie() and deleteCookie().

// setCookie($name, $value, $time, [$path, [$domain, [$secure, [$httpOnly]]]])
$httpResponse->setCookie('lang', 'en', '100 days'); // send cookie

// deleteCookie($name, [$path, [$domain, [$secure]]])
$httpResponse->deleteCookie('lang'); // delete cookie

These two methods can take more parameters: $path (subdirectory where the cookie will be available), $domain and $secure. Their detailed description can be found in PHP manual for [php:setcookie] function.