View Javadoc
1   /*
2    * Copyright 2012 The Netty Project
3    *
4    * The Netty Project licenses this file to you under the Apache License,
5    * version 2.0 (the "License"); you may not use this file except in compliance
6    * with the License. You may obtain a copy of the License at:
7    *
8    *   http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12   * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13   * License for the specific language governing permissions and limitations
14   * under the License.
15   */
16  package io.netty.example.http.cors;
17  
18  import io.netty.channel.ChannelInitializer;
19  import io.netty.channel.ChannelPipeline;
20  import io.netty.channel.socket.SocketChannel;
21  import io.netty.handler.codec.http.HttpObjectAggregator;
22  import io.netty.handler.codec.http.HttpRequestDecoder;
23  import io.netty.handler.codec.http.HttpResponseEncoder;
24  import io.netty.handler.codec.http.cors.CorsConfig;
25  import io.netty.handler.codec.http.cors.CorsHandler;
26  import io.netty.handler.ssl.SslContext;
27  import io.netty.handler.stream.ChunkedWriteHandler;
28  
29  /**
30   * Please refer to the {@link CorsConfig} javadocs for information about all the
31   * configuration options available.
32   *
33   * Below are some of configuration discussed in this example:
34   * <h3>Support only a specific origin</h3>
35   * To support a single origin instead of the wildcard use the following:
36   * <pre>
37   * CorsConfig corsConfig = CorsConfig.withOrigin("http://domain1.com")
38   * </pre>
39   *
40   * <h3>Enable loading from the file system</h3>
41   * To enable the server to handle an origin specified as 'null', which happens
42   * when a web browser loads a file from the local file system use the following:
43   * <pre>
44   * corsConfig.isNullOriginAllowed()
45   * </pre>
46   *
47   * <h3>Enable request headers</h3>
48   * To enable additional request headers:
49   * <pre>
50   * corsConfig.allowedRequestHeaders("custom-request-header")
51   * </pre>
52   *
53   * <h3>Expose response headers</h3>
54   * By default a browser only exposes the following simple header:
55   * <ul>
56   * <li>Cache-Control</li>
57   * <li>Content-Language</li>
58   * <li>Content-Type</li>
59   * <li>Expires</li>
60   * <li>Last-Modified</li>
61   * <li>Pragma</li>
62   * </ul>
63   * Any of the above response headers can be retreived by:
64   * <pre>
65   * xhr.getResponseHeader("Content-Type");
66   * </pre>
67   * If you need to get access to other headers this must be enabled by the server, for example:
68   * <pre>
69   * corsConfig.exposedHeaders("custom-response-header");
70   * </pre>
71   */
72  public class HttpCorsServerInitializer extends ChannelInitializer<SocketChannel> {
73  
74      private final SslContext sslCtx;
75  
76      public HttpCorsServerInitializer(SslContext sslCtx) {
77          this.sslCtx = sslCtx;
78      }
79  
80      @Override
81      public void initChannel(SocketChannel ch) {
82          CorsConfig corsConfig = CorsConfig.withAnyOrigin().build();
83          ChannelPipeline pipeline = ch.pipeline();
84          if (sslCtx != null) {
85              pipeline.addLast(sslCtx.newHandler(ch.alloc()));
86          }
87          pipeline.addLast(new HttpResponseEncoder());
88          pipeline.addLast(new HttpRequestDecoder());
89          pipeline.addLast(new HttpObjectAggregator(65536));
90          pipeline.addLast(new ChunkedWriteHandler());
91          pipeline.addLast(new CorsHandler(corsConfig));
92          pipeline.addLast(new OkResponseHandler());
93      }
94  
95  }