Microsoft.AspNetCore.Http.Features

Use to dynamically control response compression for HTTPS requests.

No value has been specified, use the configured defaults.

Opts out of compression over HTTPS. Enabling compression on HTTPS requests for remotely manipulable content may expose security problems.

Opts into compression over HTTPS. Enabling compression on HTTPS requests for remotely manipulable content may expose security problems.

Represents a collection of HTTP features.

Indicates if the collection can be modified.

Incremented for each modification and can be used to verify cached results.

Gets or sets a given feature. Setting a null value removes the feature.

The requested feature, or null if it is not present.

Retrieves the requested feature from the collection.

The feature key. The requested feature, or null if it is not present.

Sets the given feature in the collection.

The feature key. The feature value.

Indicates if the request has a supported form content-type.

The parsed form, if any.

Parses the request body as a form.

Controls the IO behavior for the and

Gets or sets a value that controls whether synchronous IO is allowed for the and

Information regarding the TCP/IP connection carrying the request.

The unique identifier for the connection the request was received on. This is primarily for diagnostic purposes.

The IPAddress of the client making the request. Note this may be for a proxy rather than the end user.

The local IPAddress on which the request was received.

The remote port of the client making the request.

The local port on which the request was received.

Feature to inspect and modify the maximum request body size for a single request.

Indicates whether is read-only. If true, this could mean that the request body has already been read from or that was called.

The maximum allowed size of the current request body in bytes. When set to null, the maximum request body size is unlimited. This cannot be modified after the reading the request body has started. This limit does not affect upgraded connections which are always unlimited.

Defaults to the server's global max request body size limit.

Contains the details of a given request. These properties should all be mutable. None of these properties should ever be set to null.

The HTTP-version as defined in RFC 7230. E.g. "HTTP/1.1"

The request uri scheme. E.g. "http" or "https". Note this value is not included in the original request, it is inferred by checking if the transport used a TLS connection or not.

The request method as defined in RFC 7230. E.g. "GET", "HEAD", "POST", etc..

The first portion of the request path associated with application root. The value is un-escaped. The value may be string.Empty.

The portion of the request path that identifies the requested resource. The value is un-escaped. The value may be string.Empty if contains the full path.

The query portion of the request-target as defined in RFC 7230. The value may be string.Empty. If not empty then the leading '?' will be included. The value is in its original form, without un-escaping.

The request target as it was sent in the HTTP request. This property contains the raw path and full query, as well as other request targets such as * for OPTIONS requests (https://tools.ietf.org/html/rfc7230#section-5.3).

This property is not used internally for routing or authorization decisions. It has not been UrlDecoded and care should be taken in its use.

Headers included in the request, aggregated by header name. The values are not split or merged across header lines. E.g. The following headers: HeaderA: value1, value2 HeaderA: value3 Result in Headers["HeaderA"] = { "value1, value2", "value3" }

A representing the request body, if any. Stream.Null may be used to represent an empty request body.

Feature to identify a request.

Identifier to trace a request.

A that fires if the request is aborted and the application should cease processing. The token will not fire if the request completes successfully.

Forcefully aborts the request if it has not already completed. This will result in RequestAborted being triggered.

This feature exposes HTTP request trailer headers, either for HTTP/1.1 chunked bodies or HTTP/2 trailing headers.

Indicates if the are available yet. They may not be available until the request body is fully read.

The trailing headers received. This will throw if returns false. They may not be available until the request body is fully read. If there are no trailers this will return an empty collection.

Represents the fields and state of an HTTP response.

The status-code as defined in RFC 7230. The default value is 200.

The reason-phrase as defined in RFC 7230. Note this field is no longer supported by HTTP/2.

The response headers to send. Headers with multiple values will be emitted as multiple headers.

The for writing the response body.

Indicates if the response has started. If true, the , , and are now immutable, and OnStarting should no longer be called.

Registers a callback to be invoked just before the response starts. This is the last chance to modify the , , or .

The callback to invoke when starting the response. The state to pass into the callback.

Registers a callback to be invoked after a response has fully completed. This is intended for resource cleanup.

The callback to invoke after the response has completed. The state to pass into the callback.

Feature to start response writing.

Starts the response by calling OnStarting() and making headers unmodifiable.

Configures response compression behavior for HTTPS on a per-request basis.

The to use.

Provides an efficient mechanism for transferring files from disk to the network.

Sends the requested file in the response body. This may bypass the IHttpResponseFeature.Body . A response may include multiple writes.

The full disk path to the file. The offset in the file to start at. The number of bytes to send, or null to send the remainder of the file. A used to abort the transmission.

Indicates if the server can upgrade this request to an opaque, bidirectional stream.

Attempt to upgrade the request to an opaque, bidirectional stream. The response status code and headers need to be set before this is invoked. Check before invoking.

Indicates if this is a WebSocket upgrade request.

Attempts to upgrade the request to a . Check before invoking this.

Represents the HttpRequestBody as a PipeReader.

A representing the request body, if any.

Represents the HttpResponseBody as a PipeWriter

A representing the response body, if any.

A helper for creating the response Set-Cookie header.

Gets the wrapper for the response Set-Cookie header.

Synchronously retrieves the client certificate, if any.

Asynchronously retrieves the client certificate, if any.

Provides information regarding TLS token binding parameters.

TLS token bindings help mitigate the risk of impersonation by an attacker in the event an authenticated client's bearer tokens are somehow exfiltrated from the client's machine. See https://datatracker.ietf.org/doc/draft-popov-token-binding/ for more information.

Gets the 'provided' token binding identifier associated with the request.

The token binding identifier, or null if the client did not supply a 'provided' token binding or valid proof of possession of the associated private key. The caller should treat this identifier as an opaque blob and should not try to parse it.

Gets the 'referred' token binding identifier associated with the request.

The token binding identifier, or null if the client did not supply a 'referred' token binding or valid proof of possession of the associated private key. The caller should treat this identifier as an opaque blob and should not try to parse it.

Used to query, grant, and withdraw user consent regarding the storage of user information related to site activity and functionality.

Indicates if consent is required for the given request.

Indicates if consent was given.

Indicates either if consent has been given or if consent is not required.

Grants consent for this request. If the response has not yet started then this will also grant consent for future requests.

Withdraws consent for this request. If the response has not yet started then this will also withdraw consent for future requests.

Creates a consent cookie for use when granting consent from a javascript client.

Options used to create a new cookie.

Creates a default cookie with a path of '/'.

Gets or sets the domain to associate the cookie with.

The domain to associate the cookie with.

Gets or sets the cookie path.

The cookie path.

Gets or sets the expiration date and time for the cookie.

The expiration date and time for the cookie.

Gets or sets a value that indicates whether to transmit the cookie using Secure Sockets Layer (SSL)--that is, over HTTPS only.

true to transmit the cookie only over an SSL connection (HTTPS); otherwise, false.

Gets or sets the value for the SameSite attribute of the cookie. The default value is

The representing the enforcement mode of the cookie.

Gets or sets a value that indicates whether a cookie is accessible by client-side script.

true if a cookie must not be accessible by client-side script; otherwise, false.

Gets or sets the max-age for the cookie.

The max-age date and time for the cookie.

Indicates if this cookie is essential for the application to function correctly. If true then consent policy checks may be bypassed. The default value is false.

Represents the parsed form values sent with the HttpRequest.

Gets the number of elements contained in the .

The number of elements contained in the .

Gets an containing the keys of the .

An containing the keys of the object that implements .

Determines whether the contains an element with the specified key.

The key to locate in the . true if the contains an element with the key; otherwise, false. key is null.

Gets the value associated with the specified key.

The key of the value to get. The key of the value to get. When this method returns, the value associated with the specified key, if the key is found; otherwise, the default value for the type of the value parameter. This parameter is passed uninitialized. true if the object that implements contains an element with the specified key; otherwise, false. key is null.

Gets the value with the specified key.

The key of the value to get. The element with the specified key, or StringValues.Empty if the key is not present. key is null. has a different indexer contract than , as it will return StringValues.Empty for missing entries rather than throwing an Exception.

The file collection sent with the request.

The files included with the request.

Represents a file sent with the HttpRequest.

Gets the raw Content-Type header of the uploaded file.

Gets the raw Content-Disposition header of the uploaded file.

Gets the header dictionary of the uploaded file.

Gets the file length in bytes.

Gets the form field name from the Content-Disposition header.

Gets the file name from the Content-Disposition header.

Opens the request stream for reading the uploaded file.

Copies the contents of the uploaded file to the stream.

The stream to copy the file contents to.

Asynchronously copies the contents of the uploaded file to the stream.

The stream to copy the file contents to.

Represents the collection of files sent with the HttpRequest.

Gets the first file with the specified name.

The name of the file to get. The requested file, or null if it is not present.

Gets the first file with the specified name.

The name of the file to get. The requested file, or null if it is not present.

Gets an containing the files of the with the specified name.

The name of the files to get. An containing the files of the object that implements .

Represents HttpRequest and HttpResponse headers

IHeaderDictionary has a different indexer contract than IDictionary, where it will return StringValues.Empty for missing entries.

The stored value, or StringValues.Empty if the key is not present.

Strongly typed access to the Content-Length header. Implementations must keep this in sync with the string representation.

Represents the HttpRequest query string collection

Gets the number of elements contained in the .

The number of elements contained in the .

Gets an containing the keys of the .

An containing the keys of the object that implements .

Determines whether the contains an element with the specified key.

The key to locate in the . true if the contains an element with the key; otherwise, false. key is null.

Gets the value associated with the specified key.

Gets the value with the specified key.

Represents the HttpRequest cookie collection

Gets the number of elements contained in the .

The number of elements contained in the .

Gets an containing the keys of the .

An containing the keys of the object that implements .

Determines whether the contains an element with the specified key.

The key to locate in the . true if the contains an element with the key; otherwise, false. key is null.

Gets the value associated with the specified key.

Gets the value with the specified key.

The key of the value to get. The element with the specified key, or string.Empty if the key is not present. key is null. has a different indexer contract than , as it will return string.Empty for missing entries rather than throwing an Exception.

A wrapper for the response Set-Cookie header.

Add a new cookie and value.

Name of the new cookie. Value of the new cookie.

Add a new cookie.

Name of the new cookie. Value of the new cookie. included in the new cookie setting.

Sets an expired cookie.

Name of the cookie to expire.

Sets an expired cookie.

Name of the cookie to expire. used to discriminate the particular cookie to expire. The and values are especially important.

Indicate whether the current session has loaded.

A unique identifier for the current session. This is not the same as the session cookie since the cookie lifetime may not be the same as the session entry lifetime in the data store.

Enumerates all the keys, if any.

Load the session from the data store. This may throw if the data store is unavailable.

Store the session in the data store. This may throw if the data store is unavailable.

Retrieve the value of the given key, if present.

Set the given key and value in the current session. This will throw if the session was not established prior to sending the response.

Remove the given key from the session if present.

Remove all entries from the current session, if any. The session cookie is not removed.

Used to set the SameSite field on response cookies to indicate if those cookies should be included by the client on future "same-site" or "cross-site" requests. RFC Draft: https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site-00

No SameSite field will be set, the client should follow its default cookie policy.

Indicates the client should send the cookie with "same-site" requests, and with "cross-site" top-level navigations.

Indicates the client should only send the cookie with "same-site" requests.