public final class DefaultHttpHeadersFactory extends Object implements HttpHeadersFactory
HttpHeadersFactory
instances, that itself implements HttpHeadersFactory
.
The builder is immutable, and every with-
method produce a new, modified instance.
The default builder you most likely want to start with is headersFactory()
.
Modifier and Type | Method and Description |
---|---|
DefaultHeaders.NameValidator<CharSequence> |
getNameValidator()
Get the currently configured
DefaultHeaders.NameValidator . |
DefaultHeaders.ValueValidator<CharSequence> |
getValueValidator()
Get the currently configured
DefaultHeaders.ValueValidator . |
static DefaultHttpHeadersFactory |
headersFactory()
Get the default implementation of
HttpHeadersFactory for creating headers. |
boolean |
isCombiningHeaders()
Check whether header combining is enabled or not.
|
boolean |
isValidatingHeaderNames()
Check whether header name validation is enabled.
|
boolean |
isValidatingHeaderValues()
Check whether header value validation is enabled.
|
HttpHeaders |
newEmptyHeaders()
Create a new
HttpHeaders instance, but sized to be as small an object as possible. |
HttpHeaders |
newHeaders()
Create a new
HttpHeaders instance. |
static DefaultHttpHeadersFactory |
trailersFactory()
Get the default implementation of
HttpHeadersFactory for creating trailers. |
DefaultHttpHeadersFactory |
withCombiningHeaders(boolean combiningHeaders)
Create a new builder that will build
HttpHeaders objects that either combine
multi-valued headers, or not. |
DefaultHttpHeadersFactory |
withNameValidation(boolean validation)
Create a new builder that has HTTP header name validation enabled or disabled.
|
DefaultHttpHeadersFactory |
withNameValidator(DefaultHeaders.NameValidator<CharSequence> validator)
Create a new builder that with the given
DefaultHeaders.NameValidator . |
DefaultHttpHeadersFactory |
withValidation(boolean validation)
Create a new builder that has HTTP header validation enabled or disabled.
|
DefaultHttpHeadersFactory |
withValueValidation(boolean validation)
Create a new builder that has HTTP header value validation enabled or disabled.
|
DefaultHttpHeadersFactory |
withValueValidator(DefaultHeaders.ValueValidator<CharSequence> validator)
Create a new builder that with the given
DefaultHeaders.ValueValidator . |
public static DefaultHttpHeadersFactory headersFactory()
HttpHeadersFactory
for creating headers.
This DefaultHttpHeadersFactory
creates HttpHeaders
instances that has the
recommended header validation enabled.
public static DefaultHttpHeadersFactory trailersFactory()
HttpHeadersFactory
for creating trailers.
This DefaultHttpHeadersFactory
creates HttpHeaders
instances that has the
validation enabled that is recommended for trailers.
public HttpHeaders newHeaders()
HttpHeadersFactory
HttpHeaders
instance.newHeaders
in interface HttpHeadersFactory
public HttpHeaders newEmptyHeaders()
HttpHeadersFactory
HttpHeaders
instance, but sized to be as small an object as possible.newEmptyHeaders
in interface HttpHeadersFactory
public DefaultHttpHeadersFactory withNameValidation(boolean validation)
Warning! Setting validation
to false
will mean that Netty won't
validate & protect against user-supplied headers that are malicious.
This can leave your server implementation vulnerable to
CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
.
When disabling this validation, it is the responsibility of the caller to ensure that the values supplied
do not contain a non-url-escaped carriage return (CR) and/or line feed (LF) characters.
validation
- If validation should be enabled or disabled.public DefaultHttpHeadersFactory withNameValidator(DefaultHeaders.NameValidator<CharSequence> validator)
DefaultHeaders.NameValidator
.
Warning! If the given validator does not check that the header names are standards compliant, Netty won't validate & protect against user-supplied headers that are malicious. This can leave your server implementation vulnerable to CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') . When disabling this validation, it is the responsibility of the caller to ensure that the values supplied do not contain a non-url-escaped carriage return (CR) and/or line feed (LF) characters.
validator
- The HTTP header name validator to use.public DefaultHttpHeadersFactory withValueValidation(boolean validation)
Warning! Setting validation
to false
will mean that Netty won't
validate & protect against user-supplied headers that are malicious.
This can leave your server implementation vulnerable to
CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
.
When disabling this validation, it is the responsibility of the caller to ensure that the values supplied
do not contain a non-url-escaped carriage return (CR) and/or line feed (LF) characters.
validation
- If validation should be enabled or disabled.public DefaultHttpHeadersFactory withValueValidator(DefaultHeaders.ValueValidator<CharSequence> validator)
DefaultHeaders.ValueValidator
.
Warning! If the given validator does not check that the header values are standards compliant, Netty won't validate & protect against user-supplied headers that are malicious. This can leave your server implementation vulnerable to CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') . When disabling this validation, it is the responsibility of the caller to ensure that the values supplied do not contain a non-url-escaped carriage return (CR) and/or line feed (LF) characters.
validator
- The HTTP header name validator to use.public DefaultHttpHeadersFactory withValidation(boolean validation)
Warning! Setting validation
to false
will mean that Netty won't
validate & protect against user-supplied headers that are malicious.
This can leave your server implementation vulnerable to
CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
.
When disabling this validation, it is the responsibility of the caller to ensure that the values supplied
do not contain a non-url-escaped carriage return (CR) and/or line feed (LF) characters.
validation
- If validation should be enabled or disabled.public DefaultHttpHeadersFactory withCombiningHeaders(boolean combiningHeaders)
HttpHeaders
objects that either combine
multi-valued headers, or not.combiningHeaders
- true
if multi-valued headers should be combined, otherwise false
.public DefaultHeaders.NameValidator<CharSequence> getNameValidator()
DefaultHeaders.NameValidator
.
This method will be used by the newHeaders()
method.
public DefaultHeaders.ValueValidator<CharSequence> getValueValidator()
DefaultHeaders.ValueValidator
.
This method will be used by the newHeaders()
method.
public boolean isCombiningHeaders()
true
if header value combining is enabled, otherwise false
.public boolean isValidatingHeaderNames()
true
if header name validation is enabled, otherwise false
.public boolean isValidatingHeaderValues()
true
if header value validation is enabled, otherwise false
.Copyright © 2008–2024 The Netty Project. All rights reserved.