1 /*
2 * Copyright 2012 The Netty Project
3 *
4 * The Netty Project licenses this file to you under the Apache License,
5 * version 2.0 (the "License"); you may not use this file except in compliance
6 * with the License. You may obtain a copy of the License at:
7 *
8 * https://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13 * License for the specific language governing permissions and limitations
14 * under the License.
15 */
16 package io.netty.handler.codec.http;
17
18 import io.netty.buffer.ByteBuf;
19 import io.netty.buffer.Unpooled;
20 import io.netty.channel.ChannelPipeline;
21
22 /**
23 * Decodes {@link ByteBuf}s into {@link HttpResponse}s and
24 * {@link HttpContent}s.
25 *
26 * <h3>Parameters that prevents excessive memory consumption</h3>
27 * <table border="1">
28 * <tr>
29 * <th>Name</th><th>Meaning</th>
30 * </tr>
31 * <tr>
32 * <td>{@code maxInitialLineLength}</td>
33 * <td>The maximum length of the initial line (e.g. {@code "HTTP/1.0 200 OK"})
34 * If the length of the initial line exceeds this value, a
35 * {@link TooLongHttpLineException} will be raised.</td>
36 * </tr>
37 * <tr>
38 * <td>{@code maxHeaderSize}</td>
39 * <td>The maximum length of all headers. If the sum of the length of each
40 * header exceeds this value, a {@link TooLongHttpHeaderException} will be raised.</td>
41 * </tr>
42 * <tr>
43 * <td>{@code maxChunkSize}</td>
44 * <td>The maximum length of the content or each chunk. If the content length
45 * exceeds this value, the transfer encoding of the decoded response will be
46 * converted to 'chunked' and the content will be split into multiple
47 * {@link HttpContent}s. If the transfer encoding of the HTTP response is
48 * 'chunked' already, each chunk will be split into smaller chunks if the
49 * length of the chunk exceeds this value. If you prefer not to handle
50 * {@link HttpContent}s in your handler, insert {@link HttpObjectAggregator}
51 * after this decoder in the {@link ChannelPipeline}.</td>
52 * </tr>
53 * </table>
54 *
55 * <h3>Parameters that control parsing behavior</h3>
56 * <table border="1">
57 * <tr>
58 * <th>Name</th><th>Default value</th><th>Meaning</th>
59 * </tr>
60 * <tr>
61 * <td>{@code allowDuplicateContentLengths}</td>
62 * <td>{@value #DEFAULT_ALLOW_DUPLICATE_CONTENT_LENGTHS}</td>
63 * <td>When set to {@code false}, will reject any messages that contain multiple Content-Length header fields.
64 * When set to {@code true}, will allow multiple Content-Length headers only if they are all the same decimal value.
65 * The duplicated field-values will be replaced with a single valid Content-Length field.
66 * See <a href="https://tools.ietf.org/html/rfc7230#section-3.3.2">RFC 7230, Section 3.3.2</a>.</td>
67 * </tr>
68 * <tr>
69 * <td>{@code allowPartialChunks}</td>
70 * <td>{@value #DEFAULT_ALLOW_PARTIAL_CHUNKS}</td>
71 * <td>If the length of a chunk exceeds the {@link ByteBuf}s readable bytes and {@code allowPartialChunks}
72 * is set to {@code true}, the chunk will be split into multiple {@link HttpContent}s.
73 * Otherwise, if the chunk size does not exceed {@code maxChunkSize} and {@code allowPartialChunks}
74 * is set to {@code false}, the {@link ByteBuf} is not decoded into an {@link HttpContent} until
75 * the readable bytes are greater or equal to the chunk size.</td>
76 * </tr>
77 * </table>
78 *
79 * <h3>Decoding a response for a <tt>HEAD</tt> request</h3>
80 * <p>
81 * Unlike other HTTP requests, the successful response of a <tt>HEAD</tt>
82 * request does not have any content even if there is <tt>Content-Length</tt>
83 * header. Because {@link HttpResponseDecoder} is not able to determine if the
84 * response currently being decoded is associated with a <tt>HEAD</tt> request,
85 * you must override {@link #isContentAlwaysEmpty(HttpMessage)} to return
86 * <tt>true</tt> for the response of the <tt>HEAD</tt> request.
87 * </p><p>
88 * If you are writing an HTTP client that issues a <tt>HEAD</tt> request,
89 * please use {@link HttpClientCodec} instead of this decoder. It will perform
90 * additional state management to handle the responses for <tt>HEAD</tt>
91 * requests correctly.
92 * </p>
93 *
94 * <h3>Decoding a response for a <tt>CONNECT</tt> request</h3>
95 * <p>
96 * You also need to do additional state management to handle the response of a
97 * <tt>CONNECT</tt> request properly, like you did for <tt>HEAD</tt>. One
98 * difference is that the decoder should stop decoding completely after decoding
99 * the successful 200 response since the connection is not an HTTP connection
100 * anymore.
101 * </p><p>
102 * {@link HttpClientCodec} also handles this edge case correctly, so you have to
103 * use {@link HttpClientCodec} if you are writing an HTTP client that issues a
104 * <tt>CONNECT</tt> request.
105 * </p>
106 *
107 * <h3>Header Validation</h3>
108 *
109 * It is recommended to always enable header validation.
110 * <p>
111 * Without header validation, your system can become vulnerable to
112 * <a href="https://cwe.mitre.org/data/definitions/113.html">
113 * CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
114 * </a>.
115 * <p>
116 * This recommendation stands even when both peers in the HTTP exchange are trusted,
117 * as it helps with defence-in-depth.
118 */
119 public class HttpResponseDecoder extends HttpObjectDecoder {
120
121 private static final HttpResponseStatus UNKNOWN_STATUS = new HttpResponseStatus(999, "Unknown");
122
123 /**
124 * Creates a new instance with the default
125 * {@code maxInitialLineLength (4096)}, {@code maxHeaderSize (8192)}, and
126 * {@code maxChunkSize (8192)}.
127 * @see HttpDecoderConfig HttpDecoderConfig API documentation for detailed descriptions of
128 * the configuration parameters.
129 */
130 public HttpResponseDecoder() {
131 }
132
133 /**
134 * Creates a new instance with the specified parameters.
135 *
136 * @param maxInitialLineLength the initial size of the temporary buffer used when parsing the lines of the
137 * HTTP headers.
138 * @param maxHeaderSize the maximum permitted combined size of all headers in any one response.
139 * @param maxChunkSize The maximum amount of data that the decoder will buffer
140 * before sending chunks down the pipeline.
141 * @see HttpDecoderConfig HttpDecoderConfig API documentation for detailed descriptions of
142 * the configuration parameters.
143 */
144 public HttpResponseDecoder(
145 int maxInitialLineLength, int maxHeaderSize, int maxChunkSize) {
146 super(new HttpDecoderConfig()
147 .setMaxInitialLineLength(maxInitialLineLength)
148 .setMaxHeaderSize(maxHeaderSize)
149 .setMaxChunkSize(maxChunkSize));
150 }
151
152 /**
153 * @deprecated Prefer the {@link #HttpResponseDecoder(HttpDecoderConfig)} constructor.
154 * @see HttpDecoderConfig HttpDecoderConfig API documentation for detailed descriptions of
155 * the configuration parameters.
156 */
157 @Deprecated
158 public HttpResponseDecoder(
159 int maxInitialLineLength, int maxHeaderSize, int maxChunkSize, boolean validateHeaders) {
160 super(maxInitialLineLength, maxHeaderSize, maxChunkSize, DEFAULT_CHUNKED_SUPPORTED, validateHeaders);
161 }
162
163 /**
164 * @deprecated Prefer the {@link #HttpResponseDecoder(HttpDecoderConfig)} constructor.
165 * @see HttpDecoderConfig HttpDecoderConfig API documentation for detailed descriptions of
166 * the configuration parameters.
167 */
168 @Deprecated
169 public HttpResponseDecoder(
170 int maxInitialLineLength, int maxHeaderSize, int maxChunkSize, boolean validateHeaders,
171 int initialBufferSize) {
172 super(maxInitialLineLength, maxHeaderSize, maxChunkSize, DEFAULT_CHUNKED_SUPPORTED, validateHeaders,
173 initialBufferSize);
174 }
175
176 /**
177 * @deprecated Prefer the {@link #HttpResponseDecoder(HttpDecoderConfig)} constructor.
178 * @see HttpDecoderConfig HttpDecoderConfig API documentation for detailed descriptions of
179 * the configuration parameters.
180 */
181 @Deprecated
182 public HttpResponseDecoder(
183 int maxInitialLineLength, int maxHeaderSize, int maxChunkSize, boolean validateHeaders,
184 int initialBufferSize, boolean allowDuplicateContentLengths) {
185 super(maxInitialLineLength, maxHeaderSize, maxChunkSize, DEFAULT_CHUNKED_SUPPORTED, validateHeaders,
186 initialBufferSize, allowDuplicateContentLengths);
187 }
188
189 /**
190 * @deprecated Prefer the {@link #HttpResponseDecoder(HttpDecoderConfig)} constructor.
191 * @see HttpDecoderConfig HttpDecoderConfig API documentation for detailed descriptions of
192 * the configuration parameters.
193 */
194 @Deprecated
195 public HttpResponseDecoder(
196 int maxInitialLineLength, int maxHeaderSize, int maxChunkSize, boolean validateHeaders,
197 int initialBufferSize, boolean allowDuplicateContentLengths, boolean allowPartialChunks) {
198 super(maxInitialLineLength, maxHeaderSize, maxChunkSize, DEFAULT_CHUNKED_SUPPORTED, validateHeaders,
199 initialBufferSize, allowDuplicateContentLengths, allowPartialChunks);
200 }
201
202 /**
203 * Creates a new instance with the specified configuration.
204 * @see HttpDecoderConfig HttpDecoderConfig API documentation for detailed descriptions of
205 * the configuration parameters.
206 */
207 public HttpResponseDecoder(HttpDecoderConfig config) {
208 super(config);
209 }
210
211 @Override
212 protected HttpMessage createMessage(String[] initialLine) {
213 return new DefaultHttpResponse(
214 // Do strict version checking
215 HttpVersion.valueOf(initialLine[0], true),
216 HttpResponseStatus.valueOf(Integer.parseInt(initialLine[1]), initialLine[2]), headersFactory);
217 }
218
219 @Override
220 protected HttpMessage createInvalidMessage() {
221 return new DefaultFullHttpResponse(HttpVersion.HTTP_1_0, UNKNOWN_STATUS, Unpooled.buffer(0),
222 headersFactory, trailersFactory);
223 }
224
225 @Override
226 protected boolean isDecodingRequest() {
227 return false;
228 }
229 }