Class HttpServerCodec

All Implemented Interfaces:
ChannelHandler, ChannelInboundHandler, ChannelOutboundHandler, HttpServerUpgradeHandler.SourceCodec

A combination of HttpRequestDecoder and HttpResponseEncoder which enables easier server side HTTP implementation.

Header Validation

It is recommended to always enable header validation.

Without header validation, your system can become vulnerable to CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') .

This recommendation stands even when both peers in the HTTP exchange are trusted, as it helps with defence-in-depth.

See Also:
  • Field Details

    • queue

      private final Queue<HttpMethod> queue
      A queue that is used for correlating a request and a response.
  • Constructor Details

    • HttpServerCodec

      public HttpServerCodec()
      Creates a new instance with the default decoder options (maxInitialLineLength (4096), maxHeaderSize (8192), and maxChunkSize (8192)).
    • HttpServerCodec

      public HttpServerCodec(int maxInitialLineLength, int maxHeaderSize, int maxChunkSize)
      Creates a new instance with the specified decoder options.
    • HttpServerCodec

      @Deprecated public HttpServerCodec(int maxInitialLineLength, int maxHeaderSize, int maxChunkSize, boolean validateHeaders)
      Deprecated.
      Prefer the HttpServerCodec(HttpDecoderConfig) constructor, to always enable header validation.
      Creates a new instance with the specified decoder options.
    • HttpServerCodec

      @Deprecated public HttpServerCodec(int maxInitialLineLength, int maxHeaderSize, int maxChunkSize, boolean validateHeaders, int initialBufferSize)
      Deprecated.
      Prefer the HttpServerCodec(HttpDecoderConfig) constructor, to always enable header validation.
      Creates a new instance with the specified decoder options.
    • HttpServerCodec

      @Deprecated public HttpServerCodec(int maxInitialLineLength, int maxHeaderSize, int maxChunkSize, boolean validateHeaders, int initialBufferSize, boolean allowDuplicateContentLengths)
      Deprecated.
      Prefer the HttpServerCodec(HttpDecoderConfig) constructor, to always enable header validation.
      Creates a new instance with the specified decoder options.
    • HttpServerCodec

      @Deprecated public HttpServerCodec(int maxInitialLineLength, int maxHeaderSize, int maxChunkSize, boolean validateHeaders, int initialBufferSize, boolean allowDuplicateContentLengths, boolean allowPartialChunks)
      Deprecated.
      Prefer the HttpServerCodec(HttpDecoderConfig) constructor, to always enable header validation.
      Creates a new instance with the specified decoder options.
    • HttpServerCodec

      public HttpServerCodec(HttpDecoderConfig config)
      Creates a new instance with the specified decoder configuration.
  • Method Details