io.netty.handler.codec.http.HttpResponseDecoder Maven / Gradle / Ivy
/*
* Copyright 2012 The Netty Project
*
* The Netty Project licenses this file to you under the Apache License,
* version 2.0 (the "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at:
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations
* under the License.
*/
package io.netty.handler.codec.http;
import io.netty.buffer.ByteBuf;
import io.netty.buffer.Unpooled;
import io.netty.channel.ChannelPipeline;
/**
* Decodes {@link ByteBuf}s into {@link HttpResponse}s and
* {@link HttpContent}s.
*
* Parameters that prevents excessive memory consumption
*
*
* Name Meaning
*
*
* {@code maxInitialLineLength}
* The maximum length of the initial line (e.g. {@code "HTTP/1.0 200 OK"})
* If the length of the initial line exceeds this value, a
* {@link TooLongHttpLineException} will be raised.
*
*
* {@code maxHeaderSize}
* The maximum length of all headers. If the sum of the length of each
* header exceeds this value, a {@link TooLongHttpHeaderException} will be raised.
*
*
* {@code maxChunkSize}
* The maximum length of the content or each chunk. If the content length
* exceeds this value, the transfer encoding of the decoded response will be
* converted to 'chunked' and the content will be split into multiple
* {@link HttpContent}s. If the transfer encoding of the HTTP response is
* 'chunked' already, each chunk will be split into smaller chunks if the
* length of the chunk exceeds this value. If you prefer not to handle
* {@link HttpContent}s in your handler, insert {@link HttpObjectAggregator}
* after this decoder in the {@link ChannelPipeline}.
*
*
*
* Parameters that control parsing behavior
*
*
* Name Default value Meaning
*
*
* {@code allowDuplicateContentLengths}
* {@value #DEFAULT_ALLOW_DUPLICATE_CONTENT_LENGTHS}
* When set to {@code false}, will reject any messages that contain multiple Content-Length header fields.
* When set to {@code true}, will allow multiple Content-Length headers only if they are all the same decimal value.
* The duplicated field-values will be replaced with a single valid Content-Length field.
* See RFC 7230, Section 3.3.2.
*
*
* {@code allowPartialChunks}
* {@value #DEFAULT_ALLOW_PARTIAL_CHUNKS}
* If the length of a chunk exceeds the {@link ByteBuf}s readable bytes and {@code allowPartialChunks}
* is set to {@code true}, the chunk will be split into multiple {@link HttpContent}s.
* Otherwise, if the chunk size does not exceed {@code maxChunkSize} and {@code allowPartialChunks}
* is set to {@code false}, the {@link ByteBuf} is not decoded into an {@link HttpContent} until
* the readable bytes are greater or equal to the chunk size.
*
*
*
* Decoding a response for a HEAD request
*
* Unlike other HTTP requests, the successful response of a HEAD
* request does not have any content even if there is Content-Length
* header. Because {@link HttpResponseDecoder} is not able to determine if the
* response currently being decoded is associated with a HEAD request,
* you must override {@link #isContentAlwaysEmpty(HttpMessage)} to return
* true for the response of the HEAD request.
*
* If you are writing an HTTP client that issues a HEAD request,
* please use {@link HttpClientCodec} instead of this decoder. It will perform
* additional state management to handle the responses for HEAD
* requests correctly.
*
*
* Decoding a response for a CONNECT request
*
* You also need to do additional state management to handle the response of a
* CONNECT request properly, like you did for HEAD. One
* difference is that the decoder should stop decoding completely after decoding
* the successful 200 response since the connection is not an HTTP connection
* anymore.
*
* {@link HttpClientCodec} also handles this edge case correctly, so you have to
* use {@link HttpClientCodec} if you are writing an HTTP client that issues a
* CONNECT request.
*
*
* Header Validation
*
* It is recommended to always enable header validation.
*
* Without header validation, your system can become vulnerable to
*
* CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
* .
*
* This recommendation stands even when both peers in the HTTP exchange are trusted,
* as it helps with defence-in-depth.
*/
public class HttpResponseDecoder extends HttpObjectDecoder {
private static final HttpResponseStatus UNKNOWN_STATUS = new HttpResponseStatus(999, "Unknown");
/**
* Creates a new instance with the default
* {@code maxInitialLineLength (4096)}, {@code maxHeaderSize (8192)}, and
* {@code maxChunkSize (8192)}.
*/
public HttpResponseDecoder() {
}
/**
* Creates a new instance with the specified parameters.
*/
public HttpResponseDecoder(
int maxInitialLineLength, int maxHeaderSize, int maxChunkSize) {
super(new HttpDecoderConfig()
.setMaxInitialLineLength(maxInitialLineLength)
.setMaxHeaderSize(maxHeaderSize)
.setMaxChunkSize(maxChunkSize));
}
/**
* @deprecated Prefer the {@link #HttpResponseDecoder(HttpDecoderConfig)} constructor.
*/
@Deprecated
public HttpResponseDecoder(
int maxInitialLineLength, int maxHeaderSize, int maxChunkSize, boolean validateHeaders) {
super(maxInitialLineLength, maxHeaderSize, maxChunkSize, DEFAULT_CHUNKED_SUPPORTED, validateHeaders);
}
/**
* @deprecated Prefer the {@link #HttpResponseDecoder(HttpDecoderConfig)} constructor.
*/
@Deprecated
public HttpResponseDecoder(
int maxInitialLineLength, int maxHeaderSize, int maxChunkSize, boolean validateHeaders,
int initialBufferSize) {
super(maxInitialLineLength, maxHeaderSize, maxChunkSize, DEFAULT_CHUNKED_SUPPORTED, validateHeaders,
initialBufferSize);
}
/**
* @deprecated Prefer the {@link #HttpResponseDecoder(HttpDecoderConfig)} constructor.
*/
@Deprecated
public HttpResponseDecoder(
int maxInitialLineLength, int maxHeaderSize, int maxChunkSize, boolean validateHeaders,
int initialBufferSize, boolean allowDuplicateContentLengths) {
super(maxInitialLineLength, maxHeaderSize, maxChunkSize, DEFAULT_CHUNKED_SUPPORTED, validateHeaders,
initialBufferSize, allowDuplicateContentLengths);
}
/**
* @deprecated Prefer the {@link #HttpResponseDecoder(HttpDecoderConfig)} constructor.
*/
@Deprecated
public HttpResponseDecoder(
int maxInitialLineLength, int maxHeaderSize, int maxChunkSize, boolean validateHeaders,
int initialBufferSize, boolean allowDuplicateContentLengths, boolean allowPartialChunks) {
super(maxInitialLineLength, maxHeaderSize, maxChunkSize, DEFAULT_CHUNKED_SUPPORTED, validateHeaders,
initialBufferSize, allowDuplicateContentLengths, allowPartialChunks);
}
/**
* Creates a new instance with the specified configuration.
*/
public HttpResponseDecoder(HttpDecoderConfig config) {
super(config);
}
@Override
protected HttpMessage createMessage(String[] initialLine) {
return new DefaultHttpResponse(
HttpVersion.valueOf(initialLine[0]),
HttpResponseStatus.valueOf(Integer.parseInt(initialLine[1]), initialLine[2]), headersFactory);
}
@Override
protected HttpMessage createInvalidMessage() {
return new DefaultFullHttpResponse(HttpVersion.HTTP_1_0, UNKNOWN_STATUS, Unpooled.buffer(0),
headersFactory, trailersFactory);
}
@Override
protected boolean isDecodingRequest() {
return false;
}
}