U a5^@sddlZddlZddlmZddlmZddlmZddlmZddlmZddl m Z dd l m Z dd lm Z dd lm Z dd lmZdd lmZddlmZddlmZddlmZddlmZddlmZddlmZddlmZddlmZddlmZddlmZddlmZddlmZddlmZddlm Z ddlm!Z!ddlm"Z"ddlm#Z#ddlm$Z$dd lm%Z%dd!lm&Z&dd"l'm(Z(d(e)ej*e)e+d#d$d%Z,Gd&d'd'Z-dS))N)datetime) timedelta)timezone) HTTPStatus)_to_str)Headers) HeaderSet) dump_cookie)HTTP_STATUS_CODES)get_content_type) CallbackDict) ContentRange)ResponseCacheControl)WWWAuthenticateCOEPCOOP)dump_age)dump_csp_header) dump_header)dump_options_header) http_date) parse_age)parse_cache_control_header)parse_content_range_header)parse_csp_header) parse_date)parse_options_header)parse_set_header)parse_www_authenticate_header) quote_etag) unquote_etag)header_property)namedocreturnc sddtdfdd }dtjtjttjttjttfftjtfddfdd }t|||dS) NResponse)selfr'cs(tddfdd }tj|S)N) header_setr'cs.|sjkrj=n|r*|j<dSNheaders to_header)r*)r%r)YC:\Users\vtejo\AppData\Local\Temp\pip-unpacked-wheel-1tps7o9u\werkzeug\sansio\response.py on_update(s z._set_property..fget..on_update)r r r-getr)r1r%r)r0fget'sz_set_property..fget)r)valuer'cs6|s|j=n$t|tr$||j<nt||j<dSr+)r- isinstancestrrr)r7r4r/r0fset0s    z_set_property..fsetr&) r tOptionalUnionr9DictintIterableproperty)r%r&r6r;r/r4r0 _set_property&s ( rDc @seZdZUdZdZdZdZdZee d<dqe j e j e eefe j e j e jee j ee e je j ee fffe je jee j ee fffe j ee j eddd d Zed d d Zee d ddZeje ddddZeed ddZeje j ee efddddZe j ee efe jee fdddZdreee j e j ee fe j e j eee efe j ee j eeee j edd ddZdseee j eeee j edddd Zeed d!d"Z ee j ed d#d$Z!e!jeddd%d$Z!ee j"eefd d&d'Z#e$ed(d)d*Z%e$d+de&e'd,d*Z(e$ed-d.d*Z)e$d/de ed0d*Z*e$ed1d2d*Z+e$ed3d4d*Z,e$ed5d6d*Z-e$d7de.e/d8d*Z0e$d9de.e/d:d*Z1e$d;de.e/dZ3e3je j e j ee efddd?d>Z3e4d@dAd*Z5e4dBdCd*Z6e4dDdEd*Z7ee8d dFdGZ9dteeddHdIdJZ:e j e jeefe jdKfd dLdMZ;e$edNdOd*Ze>je j e j e=efdddRdQZ>ee?d dSdTZ@e$dUdeAeBdVd*ZCe$dWdeAeBdXd*ZDeed dYdZZEeEje j eddd[dZZEe$d\eFeGd]d^ZHe$d_eFeGd`d^ZIe$edadbd*ZJe$dceFeGddd^ZKe$dee edfd^ZLe$eMdgdhdidjdieMjNdkdlZOe$ePdmdndidodiePjNdpdlZQdS)ur(atRepresents the non-IO parts of an HTTP response, specifically the status and headers but not the body. This class is not meant for general use. It should only be used when implementing WSGI, ASGI, or another HTTP application spec. Werkzeug provides a WSGI implementation at :cls:`werkzeug.wrappers.Response`. :param status: The status code for the response. Either an int, in which case the default status message is added, or a string in the form ``{code} {message}``, like ``404 Not Found``. Defaults to 200. :param headers: A :class:`~werkzeug.datastructures.Headers` object, or a list of ``(key, value)`` tuples that will be converted to a ``Headers`` object. :param mimetype: The mime type (content type without charset or other parameters) of the response. If the value starts with ``text/`` (or matches some other special cases), the charset will be added to create the ``content_type``. :param content_type: The full content type of the response. Overrides building the value from ``mimetype``. .. versionadded:: 2.0 zutf-8z text/plainir-N)statusr-mimetype content_typer'cCst|tr||_n|s t|_n t||_|dkrb|dkrJd|jkrJ|j}|dk r^t||j}|}|dk rt||jd<|dkr|j}||_dS)N content-type Content-Type)r8rr-default_mimetyper charsetdefault_statusrF)r)rFr-rGrHr/r/r0__init__os     zResponse.__init__)r'cCsdt|jd|jdS)N)type__name__rFr5r/r/r0__repr__szResponse.__repr__cCs|jS)z!The HTTP status code as a number.) _status_coder5r/r/r0 status_codeszResponse.status_code)coder'cCs ||_dSr+)rF)r)rUr/r/r0rTscCs|jS)z!The HTTP status code as a string.)_statusr5r/r/r0rFszResponse.status)r7r'cCs0t|ttttfstd||\|_|_dS)NzInvalid status argument) r8r9bytesrAr TypeError _clean_statusrVrSr:r/r/r0rFscCst|trt|}t||j}|dd}t|dkr>tdt|dkrt|drf|t|dfSd|dfS|drt|d}z|dt | }Wnt k r|d}YnX||fSd|dfS)NrzEmpty status argumentz0  z UNKNOWN) r8rrArrLsplitlen ValueErrorisdigitr upperKeyError)r)r7rFZ split_statusrTr/r/r0rYs$        zResponse._clean_status/F) keyr7max_ageexpirespathdomainsecurehttponlysamesiter'c Cs0|jdt|||||||||j|j| d dS)aSets a cookie. A warning is raised if the size of the cookie header exceeds :attr:`max_cookie_size`, but the header will still be set. :param key: the key (name) of the cookie to be set. :param value: the value of the cookie. :param max_age: should be a number of seconds, or `None` (default) if the cookie should last only as long as the client's browser session. :param expires: should be a `datetime` object or UNIX timestamp. :param path: limits the cookie to a given path, per default it will span the whole domain. :param domain: if you want to set a cross-domain cookie. For example, ``domain=".example.com"`` will set a cookie that is readable by the domain ``www.example.com``, ``foo.example.com`` etc. Otherwise, a cookie will only be readable by the domain that set it. :param secure: If ``True``, the cookie will only be available via HTTPS. :param httponly: Disallow JavaScript access to the cookie. :param samesite: Limit the scope of the cookie to only be attached to requests that are "same-site". z Set-Cookie) r7rerfrgrhrirjrLmax_sizerkN)r-addr rLmax_cookie_size) r)rdr7rerfrgrhrirjrkr/r/r0 set_cookies $zResponse.set_cookie)rdrgrhrirjrkr'c Cs|j|dd|||||ddS)aDelete a cookie. Fails silently if key doesn't exist. :param key: the key (name) of the cookie to be deleted. :param path: if the cookie that should be deleted was limited to a path, the path has to be defined here. :param domain: if the cookie that should be deleted was limited to a domain, that domain has to be defined here. :param secure: If ``True``, the cookie will only be available via HTTPS. :param httponly: Disallow JavaScript access to the cookie. :param samesite: Limit the scope of the cookie to only be attached to requests that are "same-site". r)rfrergrhrirjrkN)ro)r)rdrgrhrirjrkr/r/r0 delete_cookieszResponse.delete_cookiecCs*|j}|dk o(|dkp(|do(|dS)zCheck if the mimetype indicates JSON data, either :mimetype:`application/json` or :mimetype:`application/*+json`. Nzapplication/jsonz application/z+json)rG startswithendswith)r)mtr/r/r0is_jsons  zResponse.is_jsoncCs*|jd}|r"|ddSdSdS)z0The mimetype (content type without charset etc.)rI;rN)r-r2r\strip)r)ctr/r/r0rG)s zResponse.mimetypecCst||j|jd<dSNrJ)r rLr-r:r/r/r0rG3scs>tjttfddfdd }tjddd}t||S)zThe mimetype parameters as dict. For example if the content type is ``text/html; charset=utf-8`` the params would be ``{'charset': 'utf-8'}``. .. versionadded:: 0.5 N)dr'cstj|jd<dSrx)rrGr-)ryr5r/r0r1@sz+Response.mimetype_params..on_updaterIrbrZ)r=r@r9rr-r2r )r)r1ryr/r5r0mimetype_params7s zResponse.mimetype_paramsZLocationzThe Location response-header field is used to redirect the recipient to a location other than the Request-URI for completion of the request or identification of a new resource.r<ZAgea The Age response-header field conveys the sender's estimate of the amount of time since the response (or its revalidation) was generated at the origin server. Age values are non-negative decimal integers, representing time in seconds.rJzThe Content-Type entity-header field indicates the media type of the entity-body sent to the recipient or, in the case of the HEAD method, the media type that would have been sent had the request been a GET.zContent-LengthaThe Content-Length entity-header field indicates the size of the entity-body, in decimal number of OCTETs, sent to the recipient or, in the case of the HEAD method, the size of the entity-body that would have been sent had the request been a GET.zContent-LocationzThe Content-Location entity-header field MAY be used to supply the resource location for the entity enclosed in the message when that entity is accessible from a location separate from the requested resource's URI.zContent-EncodingabThe Content-Encoding entity-header field is used as a modifier to the media-type. When present, its value indicates what additional content codings have been applied to the entity-body, and thus what decoding mechanisms must be applied in order to obtain the media-type referenced by the Content-Type header field.z Content-MD5alThe Content-MD5 entity-header field, as defined in RFC 1864, is an MD5 digest of the entity-body for the purpose of providing an end-to-end message integrity check (MIC) of the entity-body. (Note: a MIC is good for detecting accidental modification of the entity-body in transit, but is not proof against malicious attacks.)DatezThe Date general-header field represents the date and time at which the message was originated, having the same semantics as orig-date in RFC 822. .. versionchanged:: 2.0 The datetime object is timezone-aware. ZExpiresa The Expires entity-header field gives the date/time after which the response is considered stale. A stale cache entry may not normally be returned by a cache. .. versionchanged:: 2.0 The datetime object is timezone-aware. z Last-ModifiedzThe Last-Modified entity-header field indicates the date and time at which the origin server believes the variant was last modified. .. versionchanged:: 2.0 The datetime object is timezone-aware. cCsB|jd}|dkrdS|r:ttjtt|dSt |S)aTThe Retry-After response-header field can be used with a 503 (Service Unavailable) response to indicate how long the service is expected to be unavailable to the requesting client. Time in seconds until expiration or date. .. versionchanged:: 2.0 The datetime object is timezone-aware. retry-afterN)seconds) r-r2r_rnowrutcrrArr:r/r/r0 retry_afters zResponse.retry_aftercCsH|dkrd|jkr|jd=dSt|tr2t|}nt|}||jd<dS)Nr|z Retry-After)r-r8rrr9r:r/r/r0rs   ZVaryzThe Vary field value indicates the set of request-header fields that fully determines, while the response is fresh, whether a cache is permitted to use the response to reply to a subsequent request without revalidation.zContent-LanguagezThe Content-Language entity-header field describes the natural language(s) of the intended audience for the enclosed entity. Note that this might not be equivalent to all the languages used within the entity-body.ZAllowaRThe Allow entity-header field lists the set of methods supported by the resource identified by the Request-URI. The purpose of this field is strictly to inform the recipient of valid methods associated with the resource. An Allow header field MUST be present in a 405 (Method Not Allowed) response.cs(tddfdd }tjd|tS)zThe Cache-Control general-header field is used to specify directives that MUST be obeyed by all caching mechanisms along the request/response chain. N) cache_controlr'cs.|sdjkrjd=n|r*|jd<dS)N cache-controlz Cache-Controlr,)rr5r/r0r1s z)Response.cache_control..on_updater)rrr-r2r3r/r5r0rs  zResponse.cache_control)etagweakr'cCst|||jd<dS)z8Set the etag, and override the old one if there was one.ETagN)r"r-)r)rrr/r/r0set_etagszResponse.set_etag)NNcCst|jdS)z{Return a tuple in the form ``(etag, is_weak)``. If there is no ETag the return value is ``(None, None)``. r)r#r-r2r5r/r/r0get_etagszResponse.get_etagz Accept-RangeszThe `Accept-Ranges` header. Even though the name would indicate that multiple values are supported, it must be one string token only. The values ``'bytes'`` and ``'none'`` are common. .. versionadded:: 0.7csBtddfdd }tjd|}|dkr>tddd|d}|S)zThe ``Content-Range`` header as a :class:`~werkzeug.datastructures.ContentRange` object. Available even if the header is not set. .. versionadded:: 0.7 N)rngr'cs |sjd=n|jd<dSN content-rangez Content-Ranger,)rr5r/r0r1s z)Response.content_range..on_updater)r1)rrr-r2)r)r1rvr/r5r0 content_range s zResponse.content_rangecCs6|s|jd=n$t|tr$||jd<n||jd<dSr)r-r8r9r.r:r/r/r0r!s    cs*tddfdd }jd}t||S)z1The ``WWW-Authenticate`` header in a parsed form.N)www_authr'cs.|sdjkrjd=n|r*|jd<dS)Nwww-authenticatezWWW-Authenticater,)rr5r/r0r10s z,Response.www_authenticate..on_updater)rr-r2r!)r)r1headerr/r5r0www_authenticate,s zResponse.www_authenticatezContent-Security-PolicyzThe Content-Security-Policy header adds an additional layer of security to help detect and mitigate certain types of attacks.z#Content-Security-Policy-Report-OnlyzThe Content-Security-Policy-Report-Only header adds a csp policy that is not enforced but is reported thereby helping detect certain types of attacks.cCs d|jkS)zWhether credentials can be shared by the browser to JavaScript code. As part of the preflight request it indicates whether credentials can be used on the cross origin request. Access-Control-Allow-Credentials)r-r5r/r/r0 access_control_allow_credentialsOsz)Response.access_control_allow_credentialscCs&|dkrd|jd<n|jdddS)NTtruer)r-popr:r/r/r0rWs zAccess-Control-Allow-Headersz8Which headers can be sent with the cross origin request.) load_func dump_funcr&zAccess-Control-Allow-Methodsz7Which methods can be used for the cross origin request.zAccess-Control-Allow-OriginzEThe origin or '*' for any origin that may make cross origin requests.zAccess-Control-Expose-Headersz>Which headers can be shared by the browser to JavaScript code.zAccess-Control-Max-AgezIThe maximum age in seconds the access control settings can be cached for.zCross-Origin-Opener-PolicycCst|Sr+rr7r/r/r0zResponse.cCs|jSr+rrr/r/r0rrzAllows control over sharing of browsing context group with cross-origin documents. Values must be a member of the :class:`werkzeug.http.COOP` enum.)rrdefaultr&zCross-Origin-Embedder-PolicycCst|Sr+rrr/r/r0rrcCs|jSr+rrr/r/r0rrzPrevents a document from loading any cross-origin resources that do not explicitly grant the document permission. Values must be a member of the :class:`werkzeug.http.COEP` enum.)NNNN)rbNNrcNFFN)rcNFFN)F)RrQ __module__ __qualname____doc__rLrMrKrnr__annotations__r=r>r?rAr9rMappingrBTuplerNrRrCrTsetterrFrYrrfloatboolrorprtrGr@rzr$locationrrZagerHcontent_lengthcontent_locationcontent_encodingZ content_md5rrdaterfZ last_modifiedrrDvaryZcontent_languageZallowrrrrZ accept_rangesrrrrrrZcontent_security_policyZ#content_security_policy_report_onlyrr rZaccess_control_allow_headersZaccess_control_allow_methodsZaccess_control_allow_originZaccess_control_expose_headersZaccess_control_max_agerZ UNSAFE_NONEZcross_origin_opener_policyrZcross_origin_embedder_policyr/r/r/r0r(@s  ( &" 8 !        $  ( "   r()N).typingr=rrrhttpr _internalrZdatastructuresrr r r utilsr Zwerkzeug.datastructuresr rrrZ werkzeug.httprrrrrrrrrrrrrr r!r"r#Zwerkzeug.utilsr$r9r>rCrDr(r/r/r/r0sF