1 /* 2 * Copyright 2012 The Netty Project 3 * 4 * The Netty Project licenses this file to you under the Apache License, 5 * version 2.0 (the "License"); you may not use this file except in compliance 6 * with the License. You may obtain a copy of the License at: 7 * 8 * https://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 12 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 13 * License for the specific language governing permissions and limitations 14 * under the License. 15 */ 16 package io.netty5.example.http.cors; 17 18 import io.netty5.channel.ChannelInitializer; 19 import io.netty5.channel.ChannelPipeline; 20 import io.netty5.channel.socket.SocketChannel; 21 import io.netty5.handler.codec.http.HttpObjectAggregator; 22 import io.netty5.handler.codec.http.HttpRequestDecoder; 23 import io.netty5.handler.codec.http.HttpResponseEncoder; 24 import io.netty5.handler.codec.http.cors.CorsConfig; 25 import io.netty5.handler.codec.http.cors.CorsConfigBuilder; 26 import io.netty5.handler.codec.http.cors.CorsHandler; 27 import io.netty5.handler.ssl.SslContext; 28 import io.netty5.handler.stream.ChunkedWriteHandler; 29 30 /** 31 * Please refer to the {@link CorsConfig} javadocs for information about all the 32 * configuration options available. 33 * 34 * Below are some of configuration discussed in this example: 35 * <h3>Support only a specific origin</h3> 36 * To support a single origin instead of the wildcard use the following: 37 * <pre> 38 * CorsConfig corsConfig = CorsConfig.withOrigin("http://domain1.com") 39 * </pre> 40 * 41 * <h3>Enable loading from the file system</h3> 42 * To enable the server to handle an origin specified as 'null', which happens 43 * when a web browser loads a file from the local file system use the following: 44 * <pre> 45 * corsConfig.isNullOriginAllowed() 46 * </pre> 47 * 48 * <h3>Enable request headers</h3> 49 * To enable additional request headers: 50 * <pre> 51 * corsConfig.allowedRequestHeaders("custom-request-header") 52 * </pre> 53 * 54 * <h3>Expose response headers</h3> 55 * By default a browser only exposes the following simple header: 56 * <ul> 57 * <li>Cache-Control</li> 58 * <li>Content-Language</li> 59 * <li>Content-Type</li> 60 * <li>Expires</li> 61 * <li>Last-Modified</li> 62 * <li>Pragma</li> 63 * </ul> 64 * Any of the above response headers can be retrieved by: 65 * <pre> 66 * xhr.getResponseHeader("Content-Type"); 67 * </pre> 68 * If you need to get access to other headers this must be enabled by the server, for example: 69 * <pre> 70 * corsConfig.exposedHeaders("custom-response-header"); 71 * </pre> 72 */ 73 public class HttpCorsServerInitializer extends ChannelInitializer<SocketChannel> { 74 75 private final SslContext sslCtx; 76 77 public HttpCorsServerInitializer(SslContext sslCtx) { 78 this.sslCtx = sslCtx; 79 } 80 81 @Override 82 public void initChannel(SocketChannel ch) { 83 CorsConfig corsConfig = CorsConfigBuilder.forAnyOrigin().allowNullOrigin().allowCredentials().build(); 84 ChannelPipeline pipeline = ch.pipeline(); 85 if (sslCtx != null) { 86 pipeline.addLast(sslCtx.newHandler(ch.bufferAllocator())); 87 } 88 pipeline.addLast(new HttpResponseEncoder()); 89 pipeline.addLast(new HttpRequestDecoder()); 90 pipeline.addLast(new HttpObjectAggregator(65536)); 91 pipeline.addLast(new ChunkedWriteHandler()); 92 pipeline.addLast(new CorsHandler(corsConfig)); 93 pipeline.addLast(new OkResponseHandler()); 94 } 95 96 }