LuaSocket
Network support for the Lua language

home · download · introduction · reference


HTTP

HTTP (Hyper Text Transfer Protocol) is the protocol used to exchange information between web-browsers and servers. The http.lua module offers support for the client side of the HTTP protocol (i.e., the facilities that would be used by a web-browser implementation). The implementation conforms to the HTTP/1.1 standard, RFC 2616.

The module exports functions that provide HTTP functionality in different levels of abstraction, from the simple get function to the generic, LTN12 based request function.

URLs must conform to RFC 1738, that is, an URL is a string in the form:

[http://][<user>[:<password>]@]<host>[:<port>][/<path>] 

MIME headers are represented as a Lua table in the form:

headers = {
  field-1-name = field-1-value,
  field-2-name = field-2-value,
  field-3-name = field-3-value,
  ...
  field-n-name = field-n-value
}

Field names are case insensitive (as specified by the standard) and all functions work with lowercase field names. Field values are left unmodified.

Note: MIME headers are independent of order. Therefore, there is no problem in representing them in a Lua table.

The following constants can be set to control the default behaviour of the HTTP module:

http.get(url)

Performs the HTTP method GET.

Url identifies the entity to retrieve.

If successful, the function returns the response message body, the mime headers, and the status code. In case of failure, the function returns nil followed by an error message.

Note: The function is trivially implemented with the use of the request function.

-- load the http module
http = require("http")

-- connect to server "www.tecgraf.puc-rio.br" and retrieves this manual
-- file from "/luasocket/http.html"
b, h, c = http.get("http://www.tecgraf.puc-rio.br/luasocket/http.html")

-- connect to server "www.tecgraf.puc-rio.br" and tries to retrieve
-- "~diego/auth/index.html". Fails because authentication is needed.
b, h, c = http.get("http://www.tecgraf.puc-rio.br/~diego/auth/index.html")
-- b returns some useless page telling about the denied access, 
-- h returns authentication information
-- and c returns with value 401 (Authentication Required)

-- tries to connect to server "wrong.host" to retrieve "/"
-- and fails because the host does not exist.
r, e = http.get("http://wrong.host/")
-- r is nil, and e returns with value "host not found"

http.post(url, body)

Same as get, except that the POST method is used and the request message body is sent along with the request.

Note: This function is also trivially implemented with the use of the request function.

http.request{
  url = string,
  [sink = LTN12 sink],]
  [method = string,]
  [headers = header-table,]
  [source = LTN12 source],
  [step = LTN12 pump step,]
  [proxy = string,]
  [redirect = boolean]
}

Performs the generic HTTP request, controled by a request table.

The most important parameters are the url and the simple LTN12 sink that will receive the downloaded content. Any part of the url can be overriden by including the appropriate field in the request table. If authentication information is provided, the function uses the Basic Authentication Scheme (see note) to retrieve the document. If sink is nil, the function discards the downloaded data. The optional parameters are the following:

In case of failure, the function returns nil followed by an error message. If successful, the function returns a table with all components of the response message. The response table has the following form:

respt = {
  headers = header-table,
  status = string,
  code = number,
}

Even when there was failure (URL not found, for example), the function usually succeeds retrieving a message body (a web page informing the URL was not found or some other useless page). To make sure the operation was successful, check the returned status code. For a list of the possible values and their meanings, refer to RFC 2616.

-- load the http module
http = require("http")

-- Requests information about a document, without downloading it.
-- Useful, for example, if you want to display a download gauge and need
-- to know the size of the document in advance
respt = http.request {
  method = "HEAD",
  url = "http://www.tecgraf.puc-rio.br/~diego"
}
-- Would return the following headers:
-- respt.headers = {
--   date = "Tue, 18 Sep 2001 20:42:21 GMT",
--   server = "Apache/1.3.12 (Unix)  (Red Hat/Linux)",
--   ["last-modified"] = "Wed, 05 Sep 2001 06:11:20 GMT",
--   ["content-length"] = 15652,
--   ["connection"] = "close",
--   ["content-Type"] = "text/html"
-- }

Note: Some URLs are protected by their servers from anonymous download. For those URLs, the server must receive some sort of authentication along with the request or it will deny download and return status "401 Authentication Required".

The HTTP/1.1 standard defines two authentication methods: the Basic Authentication Scheme and the Digest Authentication Scheme, both explained in detail in RFC 2068.

The Basic Authentication Scheme sends <user> and <password> unencrypted to the server and is therefore considered unsafe. Unfortunately, by the time of this implementation, the wide majority of servers and browsers support the Basic Scheme only. Therefore, this is the method used by the toolkit whenever authentication is required.

-- load required modules
http = require("http")
mime = require("mime")

-- Connect to server "www.tecgraf.puc-rio.br" and tries to retrieve
-- "~diego/auth/index.html", using the provided name and password to
-- authenticate the request
respt = http.request{
  url = "http://www.tecgraf.puc-rio.br/~diego/auth/index.html",
  user = "diego",
  password = "password"
}

-- Alternatively, one could fill the appropriate header and authenticate
-- the request directly.
respt = http.request {
  url = "http://www.tecgraf.puc-rio.br/~diego/auth/index.html",
  headers = { authentication = "Basic " .. (mime.b64("diego:password")) }
}