Class DefaultHttpHeadersFactory

    • Method Detail

      • withNameValidation

        public DefaultHttpHeadersFactory withNameValidation​(boolean validation)
        Create a new builder that has HTTP header name validation enabled or disabled.

        Warning! Setting validation to false will mean that Netty won't validate & protect against user-supplied headers that are malicious. This can leave your server implementation vulnerable to CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') . When disabling this validation, it is the responsibility of the caller to ensure that the values supplied do not contain a non-url-escaped carriage return (CR) and/or line feed (LF) characters.

        Parameters:
        validation - If validation should be enabled or disabled.
        Returns:
        The new builder.
      • withValueValidation

        public DefaultHttpHeadersFactory withValueValidation​(boolean validation)
        Create a new builder that has HTTP header value validation enabled or disabled.

        Warning! Setting validation to false will mean that Netty won't validate & protect against user-supplied headers that are malicious. This can leave your server implementation vulnerable to CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') . When disabling this validation, it is the responsibility of the caller to ensure that the values supplied do not contain a non-url-escaped carriage return (CR) and/or line feed (LF) characters.

        Parameters:
        validation - If validation should be enabled or disabled.
        Returns:
        The new builder.
      • withValidation

        public DefaultHttpHeadersFactory withValidation​(boolean validation)
        Create a new builder that has HTTP header validation enabled or disabled.

        Warning! Setting validation to false will mean that Netty won't validate & protect against user-supplied headers that are malicious. This can leave your server implementation vulnerable to CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') . When disabling this validation, it is the responsibility of the caller to ensure that the values supplied do not contain a non-url-escaped carriage return (CR) and/or line feed (LF) characters.

        Parameters:
        validation - If validation should be enabled or disabled.
        Returns:
        The new builder.
      • withCombiningHeaders

        public DefaultHttpHeadersFactory withCombiningHeaders​(boolean combiningHeaders)
        Create a new builder that will build HttpHeaders objects that either combine multi-valued headers, or not.
        Parameters:
        combiningHeaders - true if multi-valued headers should be combined, otherwise false.
        Returns:
        The new builder.
      • isCombiningHeaders

        public boolean isCombiningHeaders()
        Check whether header combining is enabled or not.
        Returns:
        true if header value combining is enabled, otherwise false.
      • isValidatingHeaderNames

        public boolean isValidatingHeaderNames()
        Check whether header name validation is enabled.
        Returns:
        true if header name validation is enabled, otherwise false.
      • isValidatingHeaderValues

        public boolean isValidatingHeaderValues()
        Check whether header value validation is enabled.
        Returns:
        true if header value validation is enabled, otherwise false.