View Javadoc
1   /*
2    * Copyright 2012 The Netty Project
3    *
4    * The Netty Project licenses this file to you under the Apache License,
5    * version 2.0 (the "License"); you may not use this file except in compliance
6    * with the License. You may obtain a copy of the License at:
7    *
8    *   https://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12   * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13   * License for the specific language governing permissions and limitations
14   * under the License.
15   */
16  package io.netty.example.http.cors;
17  
18  import io.netty.channel.ChannelInitializer;
19  import io.netty.channel.ChannelPipeline;
20  import io.netty.channel.socket.SocketChannel;
21  import io.netty.handler.codec.http.HttpObjectAggregator;
22  import io.netty.handler.codec.http.HttpRequestDecoder;
23  import io.netty.handler.codec.http.HttpResponseEncoder;
24  import io.netty.handler.codec.http.cors.CorsConfig;
25  import io.netty.handler.codec.http.cors.CorsConfigBuilder;
26  import io.netty.handler.codec.http.cors.CorsHandler;
27  import io.netty.handler.ssl.SslContext;
28  import io.netty.handler.stream.ChunkedWriteHandler;
29  
30  /**
31   * Please refer to the {@link CorsConfig} javadocs for information about all the
32   * configuration options available.
33   *
34   * Below are some of configuration discussed in this example:
35   * <h3>Support only a specific origin</h3>
36   * To support a single origin instead of the wildcard use the following:
37   * <pre>
38   * CorsConfig corsConfig = CorsConfig.withOrigin("http://domain1.com")
39   * </pre>
40   *
41   * <h3>Enable loading from the file system</h3>
42   * To enable the server to handle an origin specified as 'null', which happens
43   * when a web browser loads a file from the local file system use the following:
44   * <pre>
45   * corsConfig.isNullOriginAllowed()
46   * </pre>
47   *
48   * <h3>Enable request headers</h3>
49   * To enable additional request headers:
50   * <pre>
51   * corsConfig.allowedRequestHeaders("custom-request-header")
52   * </pre>
53   *
54   * <h3>Expose response headers</h3>
55   * By default a browser only exposes the following simple header:
56   * <ul>
57   * <li>Cache-Control</li>
58   * <li>Content-Language</li>
59   * <li>Content-Type</li>
60   * <li>Expires</li>
61   * <li>Last-Modified</li>
62   * <li>Pragma</li>
63   * </ul>
64   * Any of the above response headers can be retrieved by:
65   * <pre>
66   * xhr.getResponseHeader("Content-Type");
67   * </pre>
68   * If you need to get access to other headers this must be enabled by the server, for example:
69   * <pre>
70   * corsConfig.exposedHeaders("custom-response-header");
71   * </pre>
72   */
73  public class HttpCorsServerInitializer extends ChannelInitializer<SocketChannel> {
74  
75      private final SslContext sslCtx;
76  
77      public HttpCorsServerInitializer(SslContext sslCtx) {
78          this.sslCtx = sslCtx;
79      }
80  
81      @Override
82      public void initChannel(SocketChannel ch) {
83          CorsConfig corsConfig = CorsConfigBuilder.forAnyOrigin().allowNullOrigin().allowCredentials().build();
84          ChannelPipeline pipeline = ch.pipeline();
85          if (sslCtx != null) {
86              pipeline.addLast(sslCtx.newHandler(ch.alloc()));
87          }
88          pipeline.addLast(new HttpResponseEncoder());
89          pipeline.addLast(new HttpRequestDecoder());
90          pipeline.addLast(new HttpObjectAggregator(65536));
91          pipeline.addLast(new ChunkedWriteHandler());
92          pipeline.addLast(new CorsHandler(corsConfig));
93          pipeline.addLast(new OkResponseHandler());
94      }
95  
96  }