netty Architecture Docs
Home / Class/ DefaultHttpHeaders Class — netty Architecture

DefaultHttpHeaders Class — netty Architecture

Architecture documentation for the DefaultHttpHeaders class in DefaultHttpHeaders.java from the netty codebase.

Class java

Entity Profile

Dependency Diagram

graph TD
  bb5f80fa_2679_bd7f_1650_3116f74ce49e["DefaultHttpHeaders"]
  9013afb2_1b13_dbf5_c530_859833f73cc5["DefaultHttpHeaders.java"]
  bb5f80fa_2679_bd7f_1650_3116f74ce49e -->|defined in| 9013afb2_1b13_dbf5_c530_859833f73cc5
  bbf05608_0815_e932_8d46_20e3427016a9["DefaultHttpHeaders()"]
  bb5f80fa_2679_bd7f_1650_3116f74ce49e -->|method| bbf05608_0815_e932_8d46_20e3427016a9
  d8684740_d7e9_4ad3_1532_93b4c2957dd2["unwrap()"]
  bb5f80fa_2679_bd7f_1650_3116f74ce49e -->|method| d8684740_d7e9_4ad3_1532_93b4c2957dd2
  09e24b2a_b0ce_ce5d_c21f_503c459523f2["HttpHeaders()"]
  bb5f80fa_2679_bd7f_1650_3116f74ce49e -->|method| 09e24b2a_b0ce_ce5d_c21f_503c459523f2
  5b487c9e_9585_1afe_cfe9_152e6d18e8e7["String()"]
  bb5f80fa_2679_bd7f_1650_3116f74ce49e -->|method| 5b487c9e_9585_1afe_cfe9_152e6d18e8e7
  76fbf11c_56c8_781f_e910_d672f899911f["Integer()"]
  bb5f80fa_2679_bd7f_1650_3116f74ce49e -->|method| 76fbf11c_56c8_781f_e910_d672f899911f
  5b221f18_bc99_7e1d_1b7f_d255b15c9dff["getInt()"]
  bb5f80fa_2679_bd7f_1650_3116f74ce49e -->|method| 5b221f18_bc99_7e1d_1b7f_d255b15c9dff
  c3e4d6bf_d736_4c36_03b0_0449962c28f6["Short()"]
  bb5f80fa_2679_bd7f_1650_3116f74ce49e -->|method| c3e4d6bf_d736_4c36_03b0_0449962c28f6
  097fba3d_b6b1_d781_ce20_08fad60eb1c9["getShort()"]
  bb5f80fa_2679_bd7f_1650_3116f74ce49e -->|method| 097fba3d_b6b1_d781_ce20_08fad60eb1c9
  feabd94e_1779_ac39_ccec_0212957b72fc["Long()"]
  bb5f80fa_2679_bd7f_1650_3116f74ce49e -->|method| feabd94e_1779_ac39_ccec_0212957b72fc
  8a9528a4_5559_d74e_271c_d26b11fa380b["getTimeMillis()"]
  bb5f80fa_2679_bd7f_1650_3116f74ce49e -->|method| 8a9528a4_5559_d74e_271c_d26b11fa380b
  281a275f_adc4_9be7_2de7_96b83c44459b["getAll()"]
  bb5f80fa_2679_bd7f_1650_3116f74ce49e -->|method| 281a275f_adc4_9be7_2de7_96b83c44459b
  7999d6c5_79e4_5da6_fddb_f8b2f133fcaf["entries()"]
  bb5f80fa_2679_bd7f_1650_3116f74ce49e -->|method| 7999d6c5_79e4_5da6_fddb_f8b2f133fcaf
  751a5541_25da_e2cb_f0ab_fa0dafa113d7["iterator()"]
  bb5f80fa_2679_bd7f_1650_3116f74ce49e -->|method| 751a5541_25da_e2cb_f0ab_fa0dafa113d7

Relationship Graph

Source Code

codec-http/src/main/java/io/netty/handler/codec/http/DefaultHttpHeaders.java lines 45–464

public class DefaultHttpHeaders extends HttpHeaders {
    private static final BiPredicate<CharSequence, CharSequence> CASE_INSENSITIVE_CONTAINS =
            (value, expected) ->
                    HttpHeaders.containsCommaSeparatedTrimmed(value, expected, true);
    private static final BiPredicate<CharSequence, CharSequence> CASE_SENSITIVE_CONTAINS =
            (value, expected) ->
                    HttpHeaders.containsCommaSeparatedTrimmed(value, expected, false);

    private final DefaultHeaders<CharSequence, CharSequence, ?> headers;

    /**
     * Create a new, empty HTTP headers object.
     * <p>
     * Header names and values are validated as they are added, to ensure they are compliant with the HTTP protocol.
     */
    public DefaultHttpHeaders() {
        this(nameValidator(true), valueValidator(true));
    }

    /**
     * <b>Warning!</b> Setting {@code validate} to {@code false} will mean that Netty won't
     * validate & protect against user-supplied header values that are malicious.
     * This can leave your server implementation vulnerable to
     * <a href="https://cwe.mitre.org/data/definitions/113.html">
     *     CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
     * </a>.
     * When disabling this validation, it is the responsibility of the caller to ensure that the values supplied
     * do not contain a non-url-escaped carriage return (CR) and/or line feed (LF) characters.
     *
     * @param validate Should Netty validate header values to ensure they aren't malicious.
     * @deprecated Prefer using the {@link #DefaultHttpHeaders()} constructor instead,
     * to always have validation enabled.
     */
    @Deprecated
    public DefaultHttpHeaders(boolean validate) {
        this(nameValidator(validate), valueValidator(validate));
    }

    /**
     * Create an HTTP headers object with the given name validator.
     * <p>
     * <b>Warning!</b> It is strongly recommended that the name validator implement validation that is at least as
     * strict as {@link HttpHeaderValidationUtil#validateToken(CharSequence)}.
     * It is also strongly recommended that {@code validateValues} is enabled.
     * <p>
     * Without these validations in place, your code can be susceptible to
     * <a href="https://cwe.mitre.org/data/definitions/113.html">
     *     CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
     * </a>.
     * It is the responsibility of the caller to ensure that the values supplied
     * do not contain a non-url-escaped carriage return (CR) and/or line feed (LF) characters.
     *
     * @param validateValues Should Netty validate header values to ensure they aren't malicious.
     * @param nameValidator The {@link NameValidator} to use, never {@code null.
     */
    protected DefaultHttpHeaders(boolean validateValues, NameValidator<CharSequence> nameValidator) {
        this(nameValidator, valueValidator(validateValues));
    }

    /**
     * Create an HTTP headers object with the given name and value validators.
     * <p>
     * <b>Warning!</b> It is strongly recommended that the name validator implement validation that is at least as
     * strict as {@link HttpHeaderValidationUtil#validateToken(CharSequence)}.
     * And that the value validator is at least as strict as
     * {@link HttpHeaderValidationUtil#validateValidHeaderValue(CharSequence)}.
     * <p>
     * Without these validations in place, your code can be susceptible to
     * <a href="https://cwe.mitre.org/data/definitions/113.html">
     *     CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
     * </a>.
     * It is the responsibility of the caller to ensure that the values supplied
     * do not contain a non-url-escaped carriage return (CR) and/or line feed (LF) characters.
     *
     * @param nameValidator The {@link NameValidator} to use, never {@code null}.
     * @param valueValidator The {@link ValueValidator} to use, never {@code null}.
     */
    protected DefaultHttpHeaders(
            NameValidator<CharSequence> nameValidator,
            ValueValidator<CharSequence> valueValidator) {
        this(nameValidator, valueValidator, 16);

Defined In

Source

Frequently Asked Questions

What is the DefaultHttpHeaders class?
DefaultHttpHeaders is a class in the netty codebase, defined in codec-http/src/main/java/io/netty/handler/codec/http/DefaultHttpHeaders.java.
Where is DefaultHttpHeaders defined?
DefaultHttpHeaders is defined in codec-http/src/main/java/io/netty/handler/codec/http/DefaultHttpHeaders.java at line 45.

Analyze Your Own Codebase

Get architecture documentation, dependency graphs, and domain analysis for your codebase in minutes.

Try Supermodel Free