# Networking
The `System.Net` unit provides objects for both client-side networking (making requests) and server-side web environment handling (handling incoming requests).
## HttpQuery (Outbound)
`HttpQuery` is used to make HTTP requests from the server to other web services. It is available in any script that uses `System.Net`.
| Method | Description |
| :--- | :--- |
| `GetText(url, var data)` | Performs a GET request. Returns status code. |
| `PostData(url, data, type, var reply)` | Performs a POST request. |
| `Request(method, url, data, type)` | Performs an arbitrary request and returns an `HttpRequest`. |
| `SetConnectTimeoutMSec(ms)` | Sets the connection timeout in milliseconds. |
| `SetSendTimeoutMSec(ms)` | Sets the send timeout in milliseconds. |
| `SetReceiveTimeoutMSec(ms)` | Sets the receive timeout in milliseconds. |
| `SetIgnoreSSLCertificateErrors(bool)`| If true, invalid SSL certificates will be ignored. |
| `SetEnableSSLRevocation(bool)` | Enables or disables SSL certificate revocation checking. |
| `SetProxyName(proxy)` | Sets the proxy server to use. |
| `SetCustomHeaders(headers)` | Sets custom headers for subsequent requests (array of string). |
### Configuring HttpQuery
```pascal
// NO_RUN
uses System.Net;
// Set timeouts in milliseconds
HttpQuery.SetConnectTimeoutMSec(5000);
HttpQuery.SetReceiveTimeoutMSec(30000);
// Security settings
HttpQuery.SetEnableSSLRevocation(True);
HttpQuery.SetIgnoreSSLCertificateErrors(False);
var data: String;
var status := HttpQuery.GetText('https://api.example.com', data);
```
## Web Environment (Inbound)
In a web server context (DWSWebServer or CGI), `System.Net` provides the objects representing the current HTTP transaction.
### WebRequest
Information about the incoming client request.
| Member | Description |
| :--- | :--- |
| `Method` | HTTP verb (GET, POST, etc). |
| `URL` / `FullURL` | The requested URL. |
| `RemoteIP` | Client's IP address. |
| `UserAgent` | Client's browser agent string. |
| `QueryField[name]` | Accesses GET parameters. |
| `ContentField[name]` | Accesses POST parameters (Form data). |
| `Cookie[name]` | Accesses cookies sent by client. |
| `Header[name]` | Accesses arbitrary HTTP headers. |
| `ContentType` | MIME type of the request content. |
| `ContentData` | Raw POST data. |
### WebResponse
Control the response sent back to the client.
| Member | Description |
| :--- | :--- |
| `StatusCode` | HTTP status code (e.g. 200, 404, 301). |
| `ContentType` | MIME type of response (e.g. 'application/json'). |
| `ContentEncoding` | Encoding of the content (e.g. 'gzip'). |
| `ContentData` | Sets the raw response body. |
| `ContentText[type]` | Sets content type and text body. |
| `Header[name]` | Sets a response header. |
| `Compression` | Enables or disables automatic compression. |
| `SetCookie(name, val [, expires])` | Sends a cookie to the client. |
| `SetCookie(name, val, expires, path, ...)` | Sends a cookie with advanced options (domain, flags, sameSite). |
| `SetStatusRedirect(code, url)` | Issues an HTTP redirect. |
| `SetStatusPlainText(code, text)` | Sets status code and text content. |
| `SetStatusJSON(code, json)` | Sets status code and JSON content. |
| `SetContentJSON(j)` | Sends a JSON object as the response. |
| `SetContentFile(fileName [, type])` | Sends a file as the response. |
| `SetETag(etag)` | Sets the ETag header for caching. |
| `SetCacheControl(control)` | Sets the Cache-Control header. |
| `SetLastModified(date)` | Sets the Last-Modified header. |
| `RequestAuthentication(authType)` | Triggers an authentication challenge (e.g. `WebAuthentication.Basic`). |
### Cookie Security Flags
The advanced `SetCookie` overload uses a numeric bitmask for flags and an enum for SameSite.
| Value | Flag | When to Use |
| :--- | :--- | :--- |
| `1` | `Secure` | Always when site uses HTTPS |
| `2` | `HttpOnly` | Always for session cookies (prevents XSS) |
| SameSite | Value | Description |
| :--- | :--- | :--- |
| `Strict` | `1` | Maximum security, no cross-site requests |
| `Lax` | `2` | Balanced, allows top-level navigations |
## Server-Sent Events (SSE)
Support for real-time updates pushed from server to client.
| Method | Description |
| :--- | :--- |
| `WebServerSentEvents.PostRaw(source, data)` | Posts a raw message to the event stream `source`. |
| `WebServerSentEvents.Close(source)` | Closes the event stream `source`. |
| `WebServerSentEvents.Connections(source)` | Returns an array of active connection IDs for `source`. |
| `WebServerSentEvents.SourceNames` | Returns an array of active event source names. |
### WebServerSentEvent
| Member | Description |
| :--- | :--- |
| `ID`, `Name` | Event ID and Event Name. |
| `Data` | Array of data strings (lines). |
| `Retry` | Retry interval in milliseconds. |
| `Post(source)` | Sends the constructed event to `source`. |
Networking
The System.Net unit provides objects for both client-side networking (making requests) and server-side web environment handling (handling incoming requests).
HttpQuery (Outbound)
HttpQuery is used to make HTTP requests from the server to other web services. It is available in any script that uses System.Net.
Method
Description
GetText(url, var data)
Performs a GET request. Returns status code.
PostData(url, data, type, var reply)
Performs a POST request.
Request(method, url, data, type)
Performs an arbitrary request and returns an HttpRequest.
SetConnectTimeoutMSec(ms)
Sets the connection timeout in milliseconds.
SetSendTimeoutMSec(ms)
Sets the send timeout in milliseconds.
SetReceiveTimeoutMSec(ms)
Sets the receive timeout in milliseconds.
SetIgnoreSSLCertificateErrors(bool)
If true, invalid SSL certificates will be ignored.
SetEnableSSLRevocation(bool)
Enables or disables SSL certificate revocation checking.
SetProxyName(proxy)
Sets the proxy server to use.
SetCustomHeaders(headers)
Sets custom headers for subsequent requests (array of string).
Configuring HttpQuery
// NO_RUNuses System.Net;// Set timeouts in milliseconds
HttpQuery.SetConnectTimeoutMSec(5000);
HttpQuery.SetReceiveTimeoutMSec(30000);// Security settings
HttpQuery.SetEnableSSLRevocation(True);
HttpQuery.SetIgnoreSSLCertificateErrors(False);var data:String;var status := HttpQuery.GetText('https://api.example.com', data);
Web Environment (Inbound)
In a web server context (DWSWebServer or CGI), System.Net provides the objects representing the current HTTP transaction.
WebRequest
Information about the incoming client request.
Member
Description
Method
HTTP verb (GET, POST, etc).
URL / FullURL
The requested URL.
RemoteIP
Client's IP address.
UserAgent
Client's browser agent string.
QueryField[name]
Accesses GET parameters.
ContentField[name]
Accesses POST parameters (Form data).
Cookie[name]
Accesses cookies sent by client.
Header[name]
Accesses arbitrary HTTP headers.
ContentType
MIME type of the request content.
ContentData
Raw POST data.
WebResponse
Control the response sent back to the client.
Member
Description
StatusCode
HTTP status code (e.g. 200, 404, 301).
ContentType
MIME type of response (e.g. 'application/json').
ContentEncoding
Encoding of the content (e.g. 'gzip').
ContentData
Sets the raw response body.
ContentText[type]
Sets content type and text body.
Header[name]
Sets a response header.
Compression
Enables or disables automatic compression.
SetCookie(name, val [, expires])
Sends a cookie to the client.
SetCookie(name, val, expires, path, ...)
Sends a cookie with advanced options (domain, flags, sameSite).
SetStatusRedirect(code, url)
Issues an HTTP redirect.
SetStatusPlainText(code, text)
Sets status code and text content.
SetStatusJSON(code, json)
Sets status code and JSON content.
SetContentJSON(j)
Sends a JSON object as the response.
SetContentFile(fileName [, type])
Sends a file as the response.
SetETag(etag)
Sets the ETag header for caching.
SetCacheControl(control)
Sets the Cache-Control header.
SetLastModified(date)
Sets the Last-Modified header.
RequestAuthentication(authType)
Triggers an authentication challenge (e.g. WebAuthentication.Basic).
Cookie Security Flags
The advanced SetCookie overload uses a numeric bitmask for flags and an enum for SameSite.
Value
Flag
When to Use
1
Secure
Always when site uses HTTPS
2
HttpOnly
Always for session cookies (prevents XSS)
SameSite
Value
Description
Strict
1
Maximum security, no cross-site requests
Lax
2
Balanced, allows top-level navigations
Server-Sent Events (SSE)
Support for real-time updates pushed from server to client.
Method
Description
WebServerSentEvents.PostRaw(source, data)
Posts a raw message to the event stream source.
WebServerSentEvents.Close(source)
Closes the event stream source.
WebServerSentEvents.Connections(source)
Returns an array of active connection IDs for source.