1HTTP::Tiny(3)         User Contributed Perl Documentation        HTTP::Tiny(3)
2
3
4

NAME

6       HTTP::Tiny - A small, simple, correct HTTP/1.1 client
7

VERSION

9       version 0.086
10

SYNOPSIS

12           use HTTP::Tiny;
13
14           my $response = HTTP::Tiny->new->get('http://example.com/');
15
16           die "Failed!\n" unless $response->{success};
17
18           print "$response->{status} $response->{reason}\n";
19
20           while (my ($k, $v) = each %{$response->{headers}}) {
21               for (ref $v eq 'ARRAY' ? @$v : $v) {
22                   print "$k: $_\n";
23               }
24           }
25
26           print $response->{content} if length $response->{content};
27

DESCRIPTION

29       This is a very simple HTTP/1.1 client, designed for doing simple
30       requests without the overhead of a large framework like LWP::UserAgent.
31
32       It is more correct and more complete than HTTP::Lite.  It supports
33       proxies and redirection.  It also correctly resumes after EINTR.
34
35       If IO::Socket::IP 0.25 or later is installed, HTTP::Tiny will use it
36       instead of IO::Socket::INET for transparent support for both IPv4 and
37       IPv6.
38
39       Cookie support requires HTTP::CookieJar or an equivalent class.
40

METHODS

42   new
43           $http = HTTP::Tiny->new( %attributes );
44
45       This constructor returns a new HTTP::Tiny object.  Valid attributes
46       include:
47
48       •   "agent" — A user-agent string (defaults to 'HTTP-Tiny/$VERSION').
49           If "agent" — ends in a space character, the default user-agent
50           string is appended.
51
52       •   "cookie_jar" — An instance of HTTP::CookieJar — or equivalent class
53           that supports the "add" and "cookie_header" methods
54
55       •   "default_headers" — A hashref of default headers to apply to
56           requests
57
58       •   "local_address" — The local IP address to bind to
59
60       •   "keep_alive" — Whether to reuse the last connection (if for the
61           same scheme, host and port) (defaults to 1)
62
63       •   "max_redirect" — Maximum number of redirects allowed (defaults to
64           5)
65
66       •   "max_size" — Maximum response size in bytes (only when not using a
67           data callback).  If defined, requests with responses larger than
68           this will return a 599 status code.
69
70       •   "http_proxy" — URL of a proxy server to use for HTTP connections
71           (default is $ENV{http_proxy} — if set)
72
73       •   "https_proxy" — URL of a proxy server to use for HTTPS connections
74           (default is $ENV{https_proxy} — if set)
75
76       •   "proxy" — URL of a generic proxy server for both HTTP and HTTPS
77           connections (default is $ENV{all_proxy} — if set)
78
79       •   "no_proxy" — List of domain suffixes that should not be proxied.
80           Must be a comma-separated string or an array reference. (default is
81           $ENV{no_proxy} —)
82
83       •   "timeout" — Request timeout in seconds (default is 60) If a socket
84           open, read or write takes longer than the timeout, the request
85           response status code will be 599.
86
87       •   "verify_SSL" — A boolean that indicates whether to validate the
88           TLS/SSL certificate of an "https" — connection (default is true).
89           Changed from false to true in version 0.083.
90
91       •   "SSL_options" — A hashref of "SSL_*" — options to pass through to
92           IO::Socket::SSL
93
94       •   $ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT} - Changes the default
95           certificate verification behavior to not check server identity if
96           set to 1. Only effective if "verify_SSL" is not set. Added in
97           version 0.083.
98
99       An accessor/mutator method exists for each attribute.
100
101       Passing an explicit "undef" for "proxy", "http_proxy" or "https_proxy"
102       will prevent getting the corresponding proxies from the environment.
103
104       Errors during request execution will result in a pseudo-HTTP status
105       code of 599 and a reason of "Internal Exception". The content field in
106       the response will contain the text of the error.
107
108       The "keep_alive" parameter enables a persistent connection, but only to
109       a single destination scheme, host and port.  If any connection-relevant
110       attributes are modified via accessor, or if the process ID or thread ID
111       change, the persistent connection will be dropped.  If you want
112       persistent connections across multiple destinations, use multiple
113       HTTP::Tiny objects.
114
115       See "SSL SUPPORT" for more on the "verify_SSL" and "SSL_options"
116       attributes.
117
118   get|head|put|post|patch|delete
119           $response = $http->get($url);
120           $response = $http->get($url, \%options);
121           $response = $http->head($url);
122
123       These methods are shorthand for calling request() for the given method.
124       The URL must have unsafe characters escaped and international domain
125       names encoded.  See request() for valid options and a description of
126       the response.
127
128       The "success" field of the response will be true if the status code is
129       2XX.
130
131   post_form
132           $response = $http->post_form($url, $form_data);
133           $response = $http->post_form($url, $form_data, \%options);
134
135       This method executes a "POST" request and sends the key/value pairs
136       from a form data hash or array reference to the given URL with a
137       "content-type" of "application/x-www-form-urlencoded".  If data is
138       provided as an array reference, the order is preserved; if provided as
139       a hash reference, the terms are sorted on key and value for
140       consistency.  See documentation for the "www_form_urlencode" method for
141       details on the encoding.
142
143       The URL must have unsafe characters escaped and international domain
144       names encoded.  See request() for valid options and a description of
145       the response.  Any "content-type" header or content in the options
146       hashref will be ignored.
147
148       The "success" field of the response will be true if the status code is
149       2XX.
150
151   mirror
152           $response = $http->mirror($url, $file, \%options)
153           if ( $response->{success} ) {
154               print "$file is up to date\n";
155           }
156
157       Executes a "GET" request for the URL and saves the response body to the
158       file name provided.  The URL must have unsafe characters escaped and
159       international domain names encoded.  If the file already exists, the
160       request will include an "If-Modified-Since" header with the
161       modification timestamp of the file.  You may specify a different
162       "If-Modified-Since" header yourself in the "$options->{headers}" hash.
163
164       The "success" field of the response will be true if the status code is
165       2XX or if the status code is 304 (unmodified).
166
167       If the file was modified and the server response includes a properly
168       formatted "Last-Modified" header, the file modification time will be
169       updated accordingly.
170
171   request
172           $response = $http->request($method, $url);
173           $response = $http->request($method, $url, \%options);
174
175       Executes an HTTP request of the given method type ('GET', 'HEAD',
176       'POST', 'PUT', etc.) on the given URL.  The URL must have unsafe
177       characters escaped and international domain names encoded.
178
179       NOTE: Method names are case-sensitive per the HTTP/1.1 specification.
180       Don't use "get" when you really want "GET".  See LIMITATIONS for how
181       this applies to redirection.
182
183       If the URL includes a "user:password" stanza, they will be used for
184       Basic-style authorization headers.  (Authorization headers will not be
185       included in a redirected request.) For example:
186
187           $http->request('GET', 'http://Aladdin:open sesame@example.com/');
188
189       If the "user:password" stanza contains reserved characters, they must
190       be percent-escaped:
191
192           $http->request('GET', 'http://john%40example.com:password@example.com/');
193
194       A hashref of options may be appended to modify the request.
195
196       Valid options are:
197
198       •   "headers" — A hashref containing headers to include with the
199           request.  If the value for a header is an array reference, the
200           header will be output multiple times with each value in the array.
201           These headers over-write any default headers.
202
203       •   "content" — A scalar to include as the body of the request OR a
204           code reference that will be called iteratively to produce the body
205           of the request
206
207       •   "trailer_callback" — A code reference that will be called if it
208           exists to provide a hashref of trailing headers (only used with
209           chunked transfer-encoding)
210
211       •   "data_callback" — A code reference that will be called for each
212           chunks of the response body received.
213
214       •   "peer" — Override host resolution and force all connections to go
215           only to a specific peer address, regardless of the URL of the
216           request.  This will include any redirections!  This options should
217           be used with extreme caution (e.g. debugging or very special
218           circumstances). It can be given as either a scalar or a code
219           reference that will receive the hostname and whose response will be
220           taken as the address.
221
222       The "Host" header is generated from the URL in accordance with RFC
223       2616.  It is a fatal error to specify "Host" in the "headers" option.
224       Other headers may be ignored or overwritten if necessary for transport
225       compliance.
226
227       If the "content" option is a code reference, it will be called
228       iteratively to provide the content body of the request.  It should
229       return the empty string or undef when the iterator is exhausted.
230
231       If the "content" option is the empty string, no "content-type" or
232       "content-length" headers will be generated.
233
234       If the "data_callback" option is provided, it will be called
235       iteratively until the entire response body is received.  The first
236       argument will be a string containing a chunk of the response body, the
237       second argument will be the in-progress response hash reference, as
238       described below.  (This allows customizing the action of the callback
239       based on the "status" or "headers" received prior to the content body.)
240
241       Content data in the request/response is handled as "raw bytes".  Any
242       encoding/decoding (with associated headers) are the responsibility of
243       the caller.
244
245       The "request" method returns a hashref containing the response.  The
246       hashref will have the following keys:
247
248       •   "success" — Boolean indicating whether the operation returned a 2XX
249           status code
250
251       •   "url" — URL that provided the response. This is the URL of the
252           request unless there were redirections, in which case it is the
253           last URL queried in a redirection chain
254
255       •   "status" — The HTTP status code of the response
256
257       •   "reason" — The response phrase returned by the server
258
259       •   "content" — The body of the response.  If the response does not
260           have any content or if a data callback is provided to consume the
261           response body, this will be the empty string
262
263       •   "headers" — A hashref of header fields.  All header field names
264           will be normalized to be lower case. If a header is repeated, the
265           value will be an arrayref; it will otherwise be a scalar string
266           containing the value
267
268       •   "protocol" - If this field exists, it is the protocol of the
269           response such as HTTP/1.0 or HTTP/1.1
270
271       •   "redirects" If this field exists, it is an arrayref of response
272           hash references from redirects in the same order that redirections
273           occurred.  If it does not exist, then no redirections occurred.
274
275       On an error during the execution of the request, the "status" field
276       will contain 599, and the "content" field will contain the text of the
277       error.
278
279   www_form_urlencode
280           $params = $http->www_form_urlencode( $data );
281           $response = $http->get("http://example.com/query?$params");
282
283       This method converts the key/value pairs from a data hash or array
284       reference into a "x-www-form-urlencoded" string.  The keys and values
285       from the data reference will be UTF-8 encoded and escaped per RFC 3986.
286       If a value is an array reference, the key will be repeated with each of
287       the values of the array reference.  If data is provided as a hash
288       reference, the key/value pairs in the resulting string will be sorted
289       by key and value for consistent ordering.
290
291   can_ssl
292           $ok         = HTTP::Tiny->can_ssl;
293           ($ok, $why) = HTTP::Tiny->can_ssl;
294           ($ok, $why) = $http->can_ssl;
295
296       Indicates if SSL support is available.  When called as a class object,
297       it checks for the correct version of Net::SSLeay and IO::Socket::SSL.
298       When called as an object methods, if "SSL_verify" is true or if
299       "SSL_verify_mode" is set in "SSL_options", it checks that a CA file is
300       available.
301
302       In scalar context, returns a boolean indicating if SSL is available.
303       In list context, returns the boolean and a (possibly multi-line) string
304       of errors indicating why SSL isn't available.
305
306   connected
307           $host = $http->connected;
308           ($host, $port) = $http->connected;
309
310       Indicates if a connection to a peer is being kept alive, per the
311       "keep_alive" option.
312
313       In scalar context, returns the peer host and port, joined with a colon,
314       or "undef" (if no peer is connected).  In list context, returns the
315       peer host and port or an empty list (if no peer is connected).
316
317       Note: This method cannot reliably be used to discover whether the
318       remote host has closed its end of the socket.
319

TLS/SSL SUPPORT

321       Direct "https" connections are supported only if IO::Socket::SSL 1.56
322       or greater and Net::SSLeay 1.49 or greater are installed. An error will
323       occur if new enough versions of these modules are not installed or if
324       the TLS encryption fails. You can also use HTTP::Tiny::can_ssl()
325       utility function that returns boolean to see if the required modules
326       are installed.
327
328       An "https" connection may be made via an "http" proxy that supports the
329       CONNECT command (i.e. RFC 2817).  You may not proxy "https" via a proxy
330       that itself requires "https" to communicate.
331
332       TLS/SSL provides two distinct capabilities:
333
334       •   Encrypted communication channel
335
336       •   Verification of server identity
337
338       By default, HTTP::Tiny verifies server identity.
339
340       This was changed in version 0.083 due to security concerns. The
341       previous default behavior can be enabled by setting
342       $ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT} to 1.
343
344       Verification is done by checking that that the TLS/SSL connection has a
345       valid certificate corresponding to the host name of the connection and
346       that the certificate has been verified by a CA. Assuming you trust the
347       CA, this will protect against machine-in-the-middle attacks
348       <http://en.wikipedia.org/wiki/Machine-in-the-middle_attack>.
349
350       Certificate verification requires a file containing trusted CA
351       certificates.
352
353       If the environment variable "SSL_CERT_FILE" is present, HTTP::Tiny will
354       try to find a CA certificate file in that location.
355
356       If the Mozilla::CA module is installed, HTTP::Tiny will use the CA file
357       included with it as a source of trusted CA's.
358
359       If that module is not available, then HTTP::Tiny will search several
360       system-specific default locations for a CA certificate file:
361
362       •   /etc/ssl/certs/ca-certificates.crt
363
364       •   /etc/pki/tls/certs/ca-bundle.crt
365
366       •   /etc/ssl/ca-bundle.pem
367
368       •   /etc/openssl/certs/ca-certificates.crt
369
370       •   /etc/ssl/cert.pem
371
372       •   /usr/local/share/certs/ca-root-nss.crt
373
374       •   /etc/pki/tls/cacert.pem
375
376       •   /etc/certs/ca-certificates.crt
377
378       An error will be occur if "verify_SSL" is true and no CA certificate
379       file is available.
380
381       If you desire complete control over TLS/SSL connections, the
382       "SSL_options" attribute lets you provide a hash reference that will be
383       passed through to IO::Socket::SSL::start_SSL(), overriding any options
384       set by HTTP::Tiny. For example, to provide your own trusted CA file:
385
386           SSL_options => {
387               SSL_ca_file => $file_path,
388           }
389
390       The "SSL_options" attribute could also be used for such things as
391       providing a client certificate for authentication to a server or
392       controlling the choice of cipher used for the TLS/SSL connection. See
393       IO::Socket::SSL documentation for details.
394

PROXY SUPPORT

396       HTTP::Tiny can proxy both "http" and "https" requests.  Only Basic
397       proxy authorization is supported and it must be provided as part of the
398       proxy URL: "http://user:pass@proxy.example.com/".
399
400       HTTP::Tiny supports the following proxy environment variables:
401
402       •   http_proxy or HTTP_PROXY
403
404       •   https_proxy or HTTPS_PROXY
405
406       •   all_proxy or ALL_PROXY
407
408       If the "REQUEST_METHOD" environment variable is set, then this might be
409       a CGI process and "HTTP_PROXY" would be set from the "Proxy:" header,
410       which is a security risk.  If "REQUEST_METHOD" is set, "HTTP_PROXY"
411       (the upper case variant only) is ignored, but "CGI_HTTP_PROXY" is
412       considered instead.
413
414       Tunnelling "https" over an "http" proxy using the CONNECT method is
415       supported.  If your proxy uses "https" itself, you can not tunnel
416       "https" over it.
417
418       Be warned that proxying an "https" connection opens you to the risk of
419       a man-in-the-middle attack by the proxy server.
420
421       The "no_proxy" environment variable is supported in the format of a
422       comma-separated list of domain extensions proxy should not be used for.
423
424       Proxy arguments passed to "new" will override their corresponding
425       environment variables.
426

LIMITATIONS

428       HTTP::Tiny is conditionally compliant with the HTTP/1.1 specifications
429       <http://www.w3.org/Protocols/>:
430
431       •   "Message Syntax and Routing" [RFC7230]
432
433       •   "Semantics and Content" [RFC7231]
434
435       •   "Conditional Requests" [RFC7232]
436
437       •   "Range Requests" [RFC7233]
438
439       •   "Caching" [RFC7234]
440
441       •   "Authentication" [RFC7235]
442
443       It attempts to meet all "MUST" requirements of the specification, but
444       does not implement all "SHOULD" requirements.  (Note: it was developed
445       against the earlier RFC 2616 specification and may not yet meet the
446       revised RFC 7230-7235 spec.) Additionally, HTTP::Tiny supports the
447       "PATCH" method of RFC 5789.
448
449       Some particular limitations of note include:
450
451       •   HTTP::Tiny focuses on correct transport.  Users are responsible for
452           ensuring that user-defined headers and content are compliant with
453           the HTTP/1.1 specification.
454
455       •   Users must ensure that URLs are properly escaped for unsafe
456           characters and that international domain names are properly encoded
457           to ASCII. See URI::Escape, URI::_punycode and Net::IDN::Encode.
458
459       •   Redirection is very strict against the specification.  Redirection
460           is only automatic for response codes 301, 302, 307 and 308 if the
461           request method is 'GET' or 'HEAD'.  Response code 303 is always
462           converted into a 'GET' redirection, as mandated by the
463           specification.  There is no automatic support for status 305 ("Use
464           proxy") redirections.
465
466       •   There is no provision for delaying a request body using an "Expect"
467           header.  Unexpected "1XX" responses are silently ignored as per the
468           specification.
469
470       •   Only 'chunked' "Transfer-Encoding" is supported.
471
472       •   There is no support for a Request-URI of '*' for the 'OPTIONS'
473           request.
474
475       •   Headers mentioned in the RFCs and some other, well-known headers
476           are generated with their canonical case.  Other headers are sent in
477           the case provided by the user.  Except for control headers (which
478           are sent first), headers are sent in arbitrary order.
479
480       Despite the limitations listed above, HTTP::Tiny is considered feature-
481       complete.  New feature requests should be directed to HTTP::Tiny::UA.
482

SEE ALSO

484       •   HTTP::Tiny::UA - Higher level UA features for HTTP::Tiny
485
486       •   HTTP::Thin - HTTP::Tiny wrapper with HTTP::Request/HTTP::Response
487           compatibility
488
489       •   HTTP::Tiny::Mech - Wrap WWW::Mechanize instance in HTTP::Tiny
490           compatible interface
491
492       •   IO::Socket::IP - Required for IPv6 support
493
494       •   IO::Socket::SSL - Required for SSL support
495
496       •   LWP::UserAgent - If HTTP::Tiny isn't enough for you, this is the
497           "standard" way to do things
498
499       •   Mozilla::CA - Required if you want to validate SSL certificates
500
501       •   Net::SSLeay - Required for SSL support
502

SUPPORT

504   Bugs / Feature Requests
505       Please report any bugs or feature requests through the issue tracker at
506       <https://github.com/chansen/p5-http-tiny/issues>.  You will be notified
507       automatically of any progress on your issue.
508
509   Source Code
510       This is open source software.  The code repository is available for
511       public review and contribution under the terms of the license.
512
513       <https://github.com/chansen/p5-http-tiny>
514
515         git clone https://github.com/chansen/p5-http-tiny.git
516

AUTHORS

518       •   Christian Hansen <chansen@cpan.org>
519
520       •   David Golden <dagolden@cpan.org>
521

CONTRIBUTORS

523       •   Alan Gardner <gardner@pythian.com>
524
525       •   Alessandro Ghedini <al3xbio@gmail.com>
526
527       •   A. Sinan Unur <nanis@cpan.org>
528
529       •   Brad Gilbert <bgills@cpan.org>
530
531       •   brian m. carlson <sandals@crustytoothpaste.net>
532
533       •   Chris Nehren <apeiron@cpan.org>
534
535       •   Chris Weyl <cweyl@alumni.drew.edu>
536
537       •   Claes Jakobsson <claes@surfar.nu>
538
539       •   Clinton Gormley <clint@traveljury.com>
540
541       •   Craig A. Berry <craigberry@mac.com>
542
543       •   Craig Berry <cberry@cpan.org>
544
545       •   David Golden <xdg@xdg.me>
546
547       •   David Mitchell <davem@iabyn.com>
548
549       •   Dean Pearce <pearce@pythian.com>
550
551       •   Edward Zborowski <ed@rubensteintech.com>
552
553       •   Felipe Gasper <felipe@felipegasper.com>
554
555       •   Graham Knop <haarg@haarg.org>
556
557       •   Greg Kennedy <kennedy.greg@gmail.com>
558
559       •   James E Keenan <jkeenan@cpan.org>
560
561       •   James Raspass <jraspass@gmail.com>
562
563       •   Jeremy Mates <jmates@cpan.org>
564
565       •   Jess Robinson <castaway@desert-island.me.uk>
566
567       •   Karen Etheridge <ether@cpan.org>
568
569       •   Lukas Eklund <leklund@gmail.com>
570
571       •   Martin J. Evans <mjegh@ntlworld.com>
572
573       •   Martin-Louis Bright <mlbright@gmail.com>
574
575       •   Matthew Horsfall <wolfsage@gmail.com>
576
577       •   Michael R. Davis <mrdvt92@users.noreply.github.com>
578
579       •   Mike Doherty <doherty@cpan.org>
580
581       •   Nicolas Rochelemagne <rochelemagne@cpanel.net>
582
583       •   Olaf Alders <olaf@wundersolutions.com>
584
585       •   Olivier Mengué <dolmen@cpan.org>
586
587       •   Petr Písař <ppisar@redhat.com>
588
589       •   sanjay-cpu <snjkmr32@gmail.com>
590
591       •   Serguei Trouchelle <stro@cpan.org>
592
593       •   Shoichi Kaji <skaji@cpan.org>
594
595       •   SkyMarshal <skymarshal1729@gmail.com>
596
597       •   Sören Kornetzki <soeren.kornetzki@delti.com>
598
599       •   Steve Grazzini <steve.grazzini@grantstreet.com>
600
601       •   Stig Palmquist <git@stig.io>
602
603       •   Syohei YOSHIDA <syohex@gmail.com>
604
605       •   Tatsuhiko Miyagawa <miyagawa@bulknews.net>
606
607       •   Tom Hukins <tom@eborcom.com>
608
609       •   Tony Cook <tony@develop-help.com>
610
611       •   Xavier Guimard <yadd@debian.org>
612
614       This software is copyright (c) 2023 by Christian Hansen.
615
616       This is free software; you can redistribute it and/or modify it under
617       the same terms as the Perl 5 programming language system itself.
618
619
620
621perl v5.36.1                      2023-08-03                     HTTP::Tiny(3)
Impressum