Package io.netty.handler.codec.http

Class DefaultHttpHeadersFactory

    • Method Detail

      • withNameValidation

        public DefaultHttpHeadersFactory withNameValidation​(boolean validation)
        Create a new builder that has HTTP header name validation enabled or disabled.

        Warning! Setting validation to false will mean that Netty won't validate & protect against user-supplied headers that are malicious. This can leave your server implementation vulnerable to CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') . When disabling this validation, it is the responsibility of the caller to ensure that the values supplied do not contain a non-url-escaped carriage return (CR) and/or line feed (LF) characters.

        Parameters:
        validation - If validation should be enabled or disabled.
        Returns:
        The new builder.

      • withNameValidator

        public DefaultHttpHeadersFactory withNameValidator​(io.netty.handler.codec.DefaultHeaders.NameValidator<CharSequence> validator)
        Create a new builder that with the given DefaultHeaders.NameValidator.

        Warning! If the given validator does not check that the header names are standards compliant, Netty won't validate & protect against user-supplied headers that are malicious. This can leave your server implementation vulnerable to CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') . When disabling this validation, it is the responsibility of the caller to ensure that the values supplied do not contain a non-url-escaped carriage return (CR) and/or line feed (LF) characters.

        Parameters:
        validator - The HTTP header name validator to use.
        Returns:
        The new builder.

      • withValueValidation

        public DefaultHttpHeadersFactory withValueValidation​(boolean validation)
        Create a new builder that has HTTP header value validation enabled or disabled.

        Warning! Setting validation to false will mean that Netty won't validate & protect against user-supplied headers that are malicious. This can leave your server implementation vulnerable to CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') . When disabling this validation, it is the responsibility of the caller to ensure that the values supplied do not contain a non-url-escaped carriage return (CR) and/or line feed (LF) characters.

        Parameters:
        validation - If validation should be enabled or disabled.
        Returns:
        The new builder.

      • withValueValidator

        public DefaultHttpHeadersFactory withValueValidator​(io.netty.handler.codec.DefaultHeaders.ValueValidator<CharSequence> validator)
        Create a new builder that with the given DefaultHeaders.ValueValidator.

        Warning! If the given validator does not check that the header values are standards compliant, Netty won't validate & protect against user-supplied headers that are malicious. This can leave your server implementation vulnerable to CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') . When disabling this validation, it is the responsibility of the caller to ensure that the values supplied do not contain a non-url-escaped carriage return (CR) and/or line feed (LF) characters.

        Parameters:
        validator - The HTTP header name validator to use.
        Returns:
        The new builder.

      • withValidation

        public DefaultHttpHeadersFactory withValidation​(boolean validation)
        Create a new builder that has HTTP header validation enabled or disabled.

        Warning! Setting validation to false will mean that Netty won't validate & protect against user-supplied headers that are malicious. This can leave your server implementation vulnerable to CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') . When disabling this validation, it is the responsibility of the caller to ensure that the values supplied do not contain a non-url-escaped carriage return (CR) and/or line feed (LF) characters.

        Parameters:
        validation - If validation should be enabled or disabled.
        Returns:
        The new builder.

      • withCombiningHeaders

        public DefaultHttpHeadersFactory withCombiningHeaders​(boolean combiningHeaders)
        Create a new builder that will build HttpHeaders objects that either combine multi-valued headers, or not.
        Parameters:
        combiningHeaders - true if multi-valued headers should be combined, otherwise false.
        Returns:
        The new builder.

      • getNameValidator

        public io.netty.handler.codec.DefaultHeaders.NameValidator<CharSequence> getNameValidator()
        Get the currently configured DefaultHeaders.NameValidator.

        This method will be used by the newHeaders() method.

        Returns:
        The configured name validator.

      • getValueValidator

        public io.netty.handler.codec.DefaultHeaders.ValueValidator<CharSequence> getValueValidator()
        Get the currently configured DefaultHeaders.ValueValidator.

        This method will be used by the newHeaders() method.

        Returns:
        The configured value validator.

      • isCombiningHeaders

        public boolean isCombiningHeaders()
        Check whether header combining is enabled or not.
        Returns:
        true if header value combining is enabled, otherwise false.

      • isValidatingHeaderNames

        public boolean isValidatingHeaderNames()
        Check whether header name validation is enabled.
        Returns:
        true if header name validation is enabled, otherwise false.

      • isValidatingHeaderValues

        public boolean isValidatingHeaderValues()
        Check whether header value validation is enabled.
        Returns:
        true if header value validation is enabled, otherwise false.