View on
MetaCPAN is shutting down
For details read Perl NOC. After June 25th this page will redirect to
Matthew O'Connor > REST-Application > HTTP::Server::Simple


Annotate this POD


New  3
Open  1
View/Report Bugs


HTTP::Server::Simple - Lightweight HTTP server


 use warnings;
 use strict;
 use HTTP::Server::Simple;
 my $server = HTTP::Server::Simple->new();

However, normally you will sub-class the HTTP::Server::Simple::CGI module (see HTTP::Server::Simple::CGI);

 package Your::Web::Server;
 use base qw(HTTP::Server::Simple::CGI);
 sub handle_request {
     my ($self, $cgi) = @_;

     #... do something, print output to default
     # selected filehandle...



This is a simple standalone HTTP server. By default, it doesn't thread or fork.

It does, however, act as a simple frontend which can be used to build a standalone web-based application or turn a CGI into one.

(It's possible to use Net::Server to get threading, forking, preforking and so on. Autrijus Tang wrote the functionality and owes docs for that ;)

By default, the server traps a few signals:


When you kill -HUP the server, it does its best to rexec itself. Please note that in order to provide restart-on-SIGHUP, HTTP::Server::Simple sets a SIGHUP handler during initialisation. If your request handling code forks you need to make sure you reset this or unexpected things will happen if somebody sends a HUP to all running processes spawned by your app (e.g. by "kill -HUP <script>")


If the server detects a broken pipe while writing output to the client, it ignores the signal. Otherwise, a client closing the connection early could kill the server


API call to start a new server. Does not actually start listening until you call ->run().


Looks up the local host's hostname and IP address.

Stuffs them into

$self->{'localname'} and $self->{'localaddr'}

port [NUMBER]

Takes an optional port number for this server to listen on.

Returns this server's port. (Defaults to 8080)

host [address]

Takes an optional host address for this server to bind to.

Returns this server's bound address (if any). Defaults to undef (bind to all interfaces).


Run the server in the background. returns pid.


Run the server. If all goes well, this won't ever return, but it will start listening for http requests.


User-overridable method. If you set it to a Net::Server subclass, that subclass is used for the run method. Otherwise, a minimal implementation is used as default.

stdio_handle [FILEHANDLE]

When called with an argument, sets the socket to the server to that arg.

Returns the socket to the server; you should only use this for actual socket-related calls like getsockname. If all you want is to read or write to the socket, you should use stdin_handle and stdout_handle to get the in and out filehandles explicitly.


Returns a filehandle used for input from the client. By default, returns whatever was set with stdio_handle, but a subclass could do something interesting here (see HTTP::Server::Simple::Logger).


Returns a filehandle used for output to the client. By default, returns whatever was set with stdio_handle, but a subclass could do something interesting here (see HTTP::Server::Simple::Logger).


A selection of these methods should be provided by sub-classes of this module.


This method is called after setup, with no parameters. It should print a valid, full HTTP response to the default selected filehandle.

setup(name => $value, ...)

This method is called with a name => value list of various things to do with the request. This list is given below.

The default setup handler simply tries to call methods with the names of keys of this list.

  ITEM/METHOD   Set to                Example
  -----------  ------------------    ------------------------
  method       Request Method        "GET", "POST", "HEAD"
  protocol     HTTP version          "HTTP/1.1"
  request_uri  Complete Request URI  "/foobar/baz?foo=bar"
  path         Path part of URI      "/foobar/baz"
  query_string Query String          undef, "foo=bar"
  port         Received Port         80, 8080
  peername     Remote name           "", ""
  peeraddr     Remote address        "", "::1"
  localname    Local interface       "localhost", ""

headers([Header => $value, ...])

Receives HTTP headers and does something useful with them. This is called by the default setup() method.

You have lots of options when it comes to how you receive headers.

You can, if you really want, define parse_headers() and parse them raw yourself.

Secondly, you can intercept them very slightly cooked via the setup() method, above.

Thirdly, you can leave the setup() header as-is (or calling the superclass setup() for unknown request items). Then you can define headers() in your sub-class and receive them all at once.

Finally, you can define handlers to receive individual HTTP headers. This can be useful for very simple SOAP servers (to name a crack-fueled standard that defines its own special HTTP headers).

To do so, you'll want to define the header() method in your subclass. That method will be handed a (key,value) pair of the header name and the value.


If defined by a sub-class, this method is called directly after an accept happens.


If defined by a sub-class, this method is called after all setup has finished, before the handler method.


This routine prints a banner before the server request-handling loop starts.

Methods below this point are probably not terribly useful to define yourself in subclasses.


Parse the HTTP request line.

Returns three values, the request method, request URI and the protocol Sub-classed versions of this should return three values - request method, request URI and proto


Parse incoming HTTP headers from STDIN.

Remember, this is a simple HTTP server, so nothing intelligent is done with them :-).

This should return an ARRAY ref of (header => value) pairs inside the array.


This routine binds the server to a port and interface.


This method is called immediately after setup_listener. It's here just for you to override.


This method should print a valid HTTP response that says that the request was invalid.


Given a candidate HTTP method in $method, determine if it is valid. Override if, for example, you'd like to do some WebDAV.


Copyright (c) 2004-2006 Jesse Vincent, <>. All rights reserved.

Marcus Ramberg <> contributed tests, cleanup, etc

Sam Vilain, <> contributed the split-out and header/setup API.


There certainly are some. Please report them via


This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.


HTTP::Server::Simple::CGI - version of HTTP::Server::Simple


HTTP::Server::Simple was already simple, but some smart-ass pointed out that there is no CGI in HTTP, and so this module was born to isolate the parts of this handler.


The accept_hook in this sub-class clears the environment to the start-up state.



This method sets up CGI environment variables based on various meta-headers, like the protocol, remote host name, request path, etc.

See the docs in HTTP::Server::Simple for more detail.

handle_request CGI

This routine is called whenever your server gets a request it can handle.

It's called with a CGI object that's been pre-initialized. You want to override this method in your subclass


Handler implemented as part of HTTP::Server::Simple API


HTTP::Server::Simple::CGI::Environment - a HTTP::Server::Simple mixin to provide the CGI protocol


This mixin abstracts the CGI protocol out from HTTP::Server::Simple::CGI so that it's easier to provide your own CGI handlers with HTTP::Server::Simple which don't use


setup_environemnt is usually called in the superclass's accept_hook

This routine in this sub-class clears the environment to the start-up state.


Sets up the SERVER_URL environment variable


This method sets up CGI environment variables based on various meta-headers, like the protocol, remote host name, request path, etc.

See the docs in HTTP::Server::Simple for more detail.


header turns a single HTTP headers into CGI environment variables.


URI::Escape - Escape and unescape unsafe characters


 use URI::Escape;
 $safe = uri_escape("10% is enough\n");
 $verysafe = uri_escape("foo", "\0-\377");
 $str  = uri_unescape($safe);


This module provides functions to escape and unescape URI strings as defined by RFC 2396 (and updated by RFC 2732). A URI consists of a restricted set of characters, denoted as uric in RFC 2396. The restricted set of characters consists of digits, letters, and a few graphic symbols chosen from those common to most of the character encodings and input facilities available to Internet users:

  "A" .. "Z", "a" .. "z", "0" .. "9",
  ";", "/", "?", ":", "@", "&", "=", "+", "$", ",", "[", "]",   # reserved
  "-", "_", ".", "!", "~", "*", "'", "(", ")"

In addition, any byte (octet) can be represented in a URI by an escape sequence: a triplet consisting of the character "%" followed by two hexadecimal digits. A byte can also be represented directly by a character, using the US-ASCII character for that octet (iff the character is part of uric).

Some of the uric characters are reserved for use as delimiters or as part of certain URI components. These must be escaped if they are to be treated as ordinary data. Read RFC 2396 for further details.

The functions provided (and exported by default) from this module are:

uri_escape( $string )
uri_escape( $string, $unsafe )

Replaces each unsafe character in the $string with the corresponding escape sequence and returns the result. The $string argument should be a string of bytes. The uri_escape() function will croak if given a characters with code above 255. Use uri_escape_utf8() if you know you have such chars or/and want chars in the 128 .. 255 range treated as UTF-8.

The uri_escape() function takes an optional second argument that overrides the set of characters that are to be escaped. The set is specified as a string that can be used in a regular expression character class (between [ ]). E.g.:

  "\x00-\x1f\x7f-\xff"          # all control and hi-bit characters
  "a-z"                         # all lower case characters
  "^A-Za-z"                     # everything not a letter

The default set of characters to be escaped is all those which are not part of the uric character class shown above as well as the reserved characters. I.e. the default is:

uri_escape_utf8( $string )
uri_escape_utf8( $string, $unsafe )

Works like uri_escape(), but will encode chars as UTF-8 before escaping them. This makes this function able do deal with characters with code above 255 in $string. Note that chars in the 128 .. 255 range will be escaped differently by this function compared to what uri_escape() would. For chars in the 0 .. 127 range there is no difference.

The call:

    $uri = uri_escape_utf8($string);

will be the same as:

    use Encode qw(encode);
    $uri = uri_escape(encode("UTF-8", $string));

but will even work for perl-5.6 for chars in the 128 .. 255 range.

Note: Javascript has a function called escape() that produce the sequence "%uXXXX" for chars in the 256 .. 65535 range. This function has really nothing to do with URI escaping but some folks got confused since it "does the right thing" in the 0 .. 255 range. Because of this you sometimes see "URIs" with these kind of escapes. The JavaScript encodeURI() function is similar to uri_escape_utf8().


Returns a string with each %XX sequence replaced with the actual byte (octet).

This does the same as:

   $string =~ s/%([0-9A-Fa-f]{2})/chr(hex($1))/eg;

but does not modify the string in-place as this RE would. Using the uri_unescape() function instead of the RE might make the code look cleaner and is a few characters less to type.

In a simple benchmark test I did, calling the function (instead of the inline RE above) if a few chars were unescaped was something like 40% slower, and something like 700% slower if none were. If you are going to unescape a lot of times it might be a good idea to inline the RE.

If the uri_unescape() function is passed multiple strings, then each one is returned unescaped.

The module can also export the %escapes hash, which contains the mapping from all 256 bytes to the corresponding escape codes. Lookup in this hash is faster than evaluating sprintf("%%%02X", ord($byte)) each time.




Copyright 1995-2004 Gisle Aas.

This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

syntax highlighting: