Docs Developer Site
Enonic XP
arrow-down
    1. Overview
    2. Core concepts
    3. Using docs
    4. Intro Videos
    5. Tutorials
    1. Intro
    2. GraphQL API
    3. Media API
    4. Extending the API
    5. Component API
    1. Content Studio
      1. Branches
    3. Layers
      1. Lifecycle
      2. Media
      3. Attachments
      4. X-data
        1. Page templates
        2. Fragments
      6. Variants
      7. Permissions
      8. Versions
    5. Sites
      1. Visual editor
    7. Publishing
    1. Introduction
      1. Controllers
      2. Globals
      3. Events
      4. HTTP Request
      5. HTTP Response
      6. Error handler
      7. Filters
      8. Templating
      9. Localization
      10. Websocket
      11. Tasks
      12. Main controller
      13. Java bridge
      1. Admin Lib
      2. Application Lib
      3. Auditlog Lib
      4. Authentication Lib
      5. Cluster Lib
      6. Common Lib
      7. Content Lib
      8. Context Lib
      9. Event Lib
      10. Export Lib
      11. Grid Lib
      12. I18N Lib
      13. IO Lib
      14. Mail Lib
      15. Node Lib
      16. Portal Lib
      17. Project Lib
      18. Repo Lib
      19. Scheduler Lib
      20. Schema Lib
      21. Tasks Lib
      22. Value Lib
      23. VHost Lib
      24. Websocket Lib
    4. Other Libraries
      1. CLI
      2. Sandboxes
      3. Code
      4. Building
      5. Configuration
      6. TypeScript
    6. Building APIs
      1. Mappings
      2. Components
      3. Processors
      4. Contributions
    8. Building Webapps
      1. ID providers
      2. Admin Apps
      3. Admin Widgets
    1. Architecture
      1. TODO
      1. Navigating
      2. Users
      3. Applications
      4. Data management
      5. System info
      6. Audit Logs
      7. Task management
      1. Portal
      2. IDprovider
      3. Management
      4. Statistics
      1. Nodes and repos
      2. Properties
      3. Indexing
      4. Branches
      5. Editors
      1. DSL Queries
      2. NoQL Queries
      3. Filters
      4. Aggregations
      5. Highlighting
      1. ID providers
      2. System ID provider
      3. Users and groups
      4. Roles
      1. Strategies
      2. Distributions
      3. Docker
      4. Kubernetes
      5. Systemd
      6. Vhosts
      7. Configuration
      8. Backup & restore
      9. Clustering
      10. Observability
      1. Notes
      2. Upgrade
      3. Upgrading Apps
        1. Asset service
        2. HTTP service
        3. Image service
    1. Best practice
        1. AttachmentUploader
        2. Checkbox
        3. Combobox
        4. ContentSelector
        5. ContentTypeFilter
        6. CustomSelector
        7. Date
        8. DateTime
        9. Double
        10. GeoPoint
        11. HtmlArea
        12. ImageSelector
        13. Long
        14. MediaSelector
        15. Radiobutton
        16. Tag
        17. TextArea
        18. TextLine
        19. Time
        1. Field set
        2. Item set
        3. Option set
      3. Mixins
      4. Localization
      5. Styles
    3. Content Types
    4. X-data
    5. Macros
      1. Pages
      2. Regions
      3. Part component
      4. Layout component
      5. Text component
      6. Component Filtering
      7. Component Indexing
    1. Marketplace
    2. Market guidelines
Developer Docs Xp Next Framework Response

HTTP response

Contents

The framework defines the following HTTP response object:

HTTP Response

The response object is the value returned by an HTTP controller - as a response to an :ref:`http_request`.

{
  "status": 200,  (1)
  "body": "Hello World",  (2)
  "contentType": "text/plain",  (3)
  "headers": {   (4)
      "key": "value"
  },
  "cookies": {},   (5)
  "redirect": "/another/page",   (6)
  "postProcess": true,   (7)
  "pageContributions": {},   (8)
  "applyFilters": true   (9)
}
1 HTTP response status code (default is 200).
2 HTTP message body of the response that can either be a string or a JavaScript object.
3 MIME type of the body (defaults to text/plain; charset=utf-8).
4 Name/value pairs with the HTTP headers to be added to the response. Starting from XP 7.15.0 value can be null/undefined to remove a headers added by other controllers/filters.
5 HTTP cookies to be added to the response. Will be described in a later section.
6 URI to redirect to. If specified, the value will be set in the "Location" header and the status will be set to 303.
7 Site engine only: If enabled the response body from a page render is processed to find and render any component tags found. (default is true). Set to false to skip post processing of tags.
8 Site engine only: Use to contribute html to the resulting response markup. See page contributions for more information.
9 Site engine only: If enabled, any defined response processors in the pipeline will be executed.

HTTP Cookies

There are two ways that Http Cookie values can be set in responses (see examples).

Here’s an example of how the cookies are set:

return {
    status: 200,
    body: "Hello World",
    cookies: {
        "plain": "value",  (1)
        "complex": {  (2)
            value: "value",  (3)
            path: "/valid/path",  (4)
            domain: "enonic.com",  (5)
            comment: "Some cookie comments",  (6)
            maxAge: 2000,  (7)
            secure: false,  (8)
            httpOnly: false,  (9)
            sameSite: "Lax" (10)
        }
    }
};
1 If the value is a string then the cookie is created using default settings.
2 If the value is an object, it will try to apply the settings.
3 Value (required) The value to store in the cookie. This example will create a cookie looking like this complex: value.
4 The paths on the site where this cookie should be available from (and all containing paths). Defaults to empty
5 Add additional sites that should be able to read the cookie. Defaults to empty (Only the server that creates the cookie can read it.)
6 A comment describing the cookie. Default to `null. Deprecated and will be removed in future versions of XP.
7 Number of seconds before the browser is allowed to delete the cookie. Defaults to -1 (The cookie will live until the browser is shut down.)
8 Control if the cookie should only be accepted to be created and read over https and similar secure protocols. Defaults to false
9 Control if the cookie is available for scripts or not. If true, only the serverside code can read the cookie. Defaults to false (Also client-side scripts can read the cookie.)
10 SameSite flag for the cookie. Can be lax, strict, none or   for "not set". Default is "not set", meaning "browser’s default".

Contents

Contents

AI-powered search

Juke AI