.Request method

Executed when a request is made to a file, like so:

  • The request will be parsed,
  • the target file located by the request path,
  • the .Request file located on the target file’s type chain, and
  • the .Request file executed.

Parsing the request

Any HTTP GET or POST parameters will be accessible as string attributes of the request file. In case the user uploaded some files with the same request, those will be accessible to you as children of the request file.

Executing the .Request method

The following files are injected in an isolated VM at runtime:

f         - file specified by the request PATH
app       - pointer to the .Request file being executed
request   - access request parameters and HTTP request body, uploaded files
response  - decorate for returning a response

Note: in the sjs-3 interpreter, these files are accessible as variables. You can use them to access the entire filesystem.


To return a HTTP response, decorate the response file.

Interface summary:

- response file body
- response file statusCode property
- response file string attribute `content-type`
- response file string attribute `location`
- response/.Trust file body

Response body

The response file’s body will translate to the HTTP response body.

Response statuscode

The response file’s statusCode property. If 0, defaults to 200. When the location string attribute is set, defaults to 301.

Response Content-Type

The response file’s content-type string attribute will translate to the HTTP header Content-Type.

For common text based content-types, like text/html or text/css, if you ommit the charset, Boomla will automatically expand it for you. Boomla uses UTF-8 character encoding internally and also defaults to this charset for responses.


Set the response file’s string attribute location to the desired URL. If you leave the response file’s statusCode 0, it will default to temporary redirection with statusCode 303. Alternatively, you can set the statusCode to 301 and the HTTP response status-code, caching and search-engine-juice passing will be automatically handled for you. Of course, you can also set a different 3xx statusCode.

Browser security

The .Trust file is used to populate the Content-Security-Policy HTTP header, which allows embedding 3rd party resources in your website or embedding your resources in 3rd party sites.

Note: while you can create the response/.Trust file yourself, Boomla will pick up any .Trust files stored in the requested file or its application.

See the docs of the .Trust file for more details.

Post-processing responses

Boomla is a platform built to simplify web development. The goal of a platform is to centralize the solution of common problems.

Boomla does the following post-processing to text/html responses:

  • apply CSS namespacing (namespace any HTML classes starting with a dash),
  • link the stylesheet generated by .RequestStyle,
  • inject authentication code,
  • inject client-side tools (eg. Toolbar).

Post-processing that applies to all responses:

  • set security headers
  • cache control
  • compress if possible