Commit Graph

720 Commits

Author SHA1 Message Date
Daniel Bevenius
7c6f862d98 Adding origins whitelist support for CORS
Motivation:
Currently the CORS support only handles a single origin, or a wildcard
origin. This task should enhance Netty's CORS support to allow multiple
origins to be specified. Just being allowed to specify one origin is
particulary limiting when a site support both http and https for
example.

Modifications:
- Updated CorsConfig and its Builder to accept multiple origins.

Result:
Users are now able to configure multiple origins for CORS.

[https://github.com/netty/netty/issues/2346]
2014-03-30 19:40:59 +02:00
Brendt Lucas
98bc7b7859 [#2234] Use QueryStringDecoder.decodeComponent to decode url-encoded data instead of Java's URLDecoder.
Motivation:
Previously, we used URLDecoder.decode(...) to decode url-encoded data. This generates a lot of garbage and takes a considerable amount of time.

Modifications:
Replace URLDecoder.decode(...) with QueryStringDecoder.decodeComponent(...)

Result:
Less garbage to GC and faster decode processing.
2014-03-22 14:02:35 +01:00
Daniel Bevenius
27671e0dbd Fixing CorsConfigTest failure under Java 8.
Motivation:
When running the build with Java 8 the following error occurred:

java: reference to preflightResponseHeader is ambiguous
  both method
  <T>preflightResponseHeader(java.lang.CharSequence,java.lang.Iterable<T>)
  in io.netty.handler.codec.http.cors.CorsConfig.Builder and method
  <T>preflightResponseHeader(java.lang.String,java.util.concurrent.Callable<T>)
  in io.netty.handler.codec.http.cors.CorsConfig.Builder match

The offending class was CorsConfigTest and its shouldThrowIfValueIsNull
which contained the following line:
withOrigin("*").preflightResponseHeader("HeaderName", null).build();

Modifications:
Updated the offending method with to supply a type, and object array, to
avoid the error.

Result:
After this I was able to build with Java 7 and Java 8
2014-03-22 07:20:10 +01:00
Daniel Bevenius
321e770c9b Adding support for specifying preflight response headers.
Motivation:

An intermediary like a load balancer might require that a Cross Origin
Resource Sharing (CORS) preflight request have certain headers set.
As a concrete example the Elastic Load Balancer (ELB) requires the
'Date' and 'Content-Length' header to be set or it will fail with a 502
error code.

This works is an enhancement of https://github.com/netty/netty/pull/2290

Modifications:

CorsConfig has been extended to make additional HTTP response headers
configurable for preflight responses. Since some headers, like the
'Date' header need to be generated each time, m0wfo suggested using a
Callable.

Result:

By default, the 'Date' and 'Content-Lenght' headers will be sent in a
preflight response. This can be overriden and users can specify
any headers that might be required by different intermediaries.
2014-03-21 15:05:29 +01:00
Frederic Bregier
ef53227836 [#2305] Fix issue related to decoding post request raized an exception due to a split of information by chunk not correctly taken into account by the decoder
Motivation:

If the last item analyzed in a previous received HttpChunk/HttpContent was a part of an attribute's name, the read index was not set to the new right place and therefore raizing an exception in some case (since the "new" name analyzed is empty, which is not allowed so the exception).

What appears there is that the read index should be reset to the last valid position encountered whatever the case. Currently it was set when only when there is an attribute not already finished (name is ok, but content is possibly not).

Therefore the issue is that elements could be rescanned multiple times (including completed elements) and moreover some bad decoding can occur such as when in a middle of an attribute's name.

Modifications:

To fix this issue, since "firstpos" contains the last "valid" read index of the decoding (when finding a '&', '=', 'CR/LF'), we should add the setting of the read index for the following cases:

'lastchunk' encountered, therefore finishing the current buffer
any other cases than current attribute is not finished (name not found yet in particular)
So adding for this 2 cases:

undecodedChunk.readerIndex(firstpos);

Result:

Now the decoding is done once, content is added from chunk/content to chunk/content, name is decoded correctly even if in the middle of 2 chunks/contents.
A Junit test code was added: testChunkCorrect that should not raized any exception.
2014-03-14 09:46:58 +01:00
David Dossot
c31e8f59ba added support for empty query parameters 2014-03-10 06:29:45 +01:00
Chris Mowforth
59bfd69c9b Add content length and date headers to CORS response 2014-03-06 20:59:53 +01:00
Dao Ngoc
94bcbba324 Fix #2275 %s WebSocket version %s server handshake 2014-02-28 17:18:58 -08:00
Trustin Lee
b6aa032376 Fix checkstyle 2014-02-26 16:18:39 -08:00
Trustin Lee
c42570576e Fix a bug where HttpObjectDecoder generates two LastHttpContent consecutively
Motivation:
When an HttpResponseDecoder decodes an invalid chunk, a LastHttpContent instance is produced and the decoder enters the 'BAD_MESSAGE' state, which is not supposed to produce a message any further.  However, because HttpObjectDecoder.invalidChunk() did not clear this.message out to null, decodeLast() will produce another LastHttpContent message on a certain situation.

Modification:
Do not forget to null out HttpObjectDecoder.message in invalidChunk(), and add a test case for it.

Result:
No more consecutive LastHttpContent messages produced by HttpObjectDecoder.
2014-02-26 15:54:45 -08:00
Jeff Pinner
97f120330b SPDY: remove SPDY/3 support 2014-02-20 15:02:16 -08:00
Trustin Lee
ff8df41541 Fix another leak in HttpObjectAggregatorTest by removing redundant code 2014-02-20 14:30:42 -08:00
Trustin Lee
2e6918c21a Fix a memory leak in HttpObjectAggregatorTest 2014-02-20 13:49:56 -08:00
Trustin Lee
f4b9aaaf18 Add an operation that resets the state of HttpObjectDecoder
Motivation:

Currently, it is impossible to give a user the full control over what to do in response to the request with 'Expect: 100-continue' header.  Currently, a user have to do one of the following:

- Accept the request and respond with 100 Continue, or
- Send the reject response and close the connection.

.. which means it is impossible to send the reject response and keep the connection alive so that the client sends additional requests.

Modification:

Added a public method called 'reset()' to HttpObjectDecoder so that a user can reset the state of the decoder easily.  Once called, the decoder will assume the next input will be the beginning of a new request.

HttpObjectAggregator now calls `reset()`right after calling 'handleOversizedMessage()' so that the decoder can continue to decode the subsequent request even after the request with 'Expect: 100-continue' header is rejected.

Added relevant unit tests / Minor clean-up

Result:

This commit completes the fix of #2211
2014-02-20 13:42:58 -08:00
Trustin Lee
7d238aaf45 Added a test for oversized HTTP responses 2014-02-20 11:47:19 -08:00
Trustin Lee
5f62821b84 Remove the deprecated constant field
Exposing the constant as a public static final field is usually not a
good idea because it gives less flexibility to us when we happen to
change our internal implementation.
2014-02-20 11:38:49 -08:00
Trustin Lee
b2174fccc1 Overall clean-up of HttpObjectAggregator / Handle oversized response differently
- Related: #2211
2014-02-20 11:37:35 -08:00
Chris Mowforth
84946b617b Expose a callback in HttpObjectAggregator to handle oversized messages
- Related: #2211
2014-02-20 11:37:35 -08:00
Trustin Lee
97662a6c94 Fix a bug where HttpObjectAggregator doesn't always produce FullHttpMessage
- Fixes #2182
- Always convert an unfull invalid message to a full message
2014-02-19 15:33:53 -08:00
Trustin Lee
acc781ba1b Ensure that the last bad chunk is LastHttpChunk 2014-02-19 15:20:58 -08:00
Trustin Lee
18d91b8bf6 HttpObjectDecoder.invalidChunk() should return LastHttpChunk
because the decoder will enter 'BAD_MESSAGE' state and will not produce any chunk since then.
2014-02-19 14:59:26 -08:00
Trustin Lee
c73e1e3c1e Fix inefficient loop in QueryStringDecoder.decodeComponent()
- Fixes #2228
- There's no point of looping until the end of the component if at least one '%' or '+' is found.
2014-02-14 13:27:08 -08:00
Trustin Lee
ce9403cc3a Do not use String.format() for log message generation
- It's slow.
2014-02-13 19:31:45 -08:00
Norman Maurer
b07acfc28b [#2219] Fix javadocs of HttpObjectAggregator to show correct handler order in pipeline 2014-02-09 17:10:38 +01:00
Trustin Lee
ad121c73b0 Prefer interface to implementation in type declaration
This fixes the build failure with JDK 8 due to animal sniffer error
2014-02-08 08:50:41 -08:00
Daniel Bevenius
96216a9657 Fixing spelling of 'request' for handler names. 2014-02-07 13:51:02 +01:00
Trustin Lee
2b769c6daf Fix resource leaks in WebSocketServerProtocolHandler
- Related: #1975
2014-02-06 21:23:10 -08:00
Trustin Lee
8738bc4ae7 Clean up HttpObjectAggregator 2014-02-06 21:00:24 -08:00
Trustin Lee
c01f08d306 Fix a leak in WebSocketServerProtocolHandshakeHandler
- Related: #1975
2014-02-06 20:57:55 -08:00
Norman Maurer
4f6ccbbb78 [#2173] Fix regression that let HttpRequestDecoder fail if the websocket response and a websocketframe are send in one go 2014-02-06 10:48:48 +01:00
Trustin Lee
0f1b1be0aa Enable a user specify an arbitrary information with ReferenceCounted.touch()
- Related: #2163
- Add ResourceLeakHint to allow a user to provide a meaningful information about the leak when touching it
- DefaultChannelHandlerContext now implements ResourceLeakHint to tell where the message is going.
- Cleaner resource leak report by excluding noisy stack trace elements
2014-01-29 11:44:59 +09:00
Trustin Lee
b887e35ac2 Add ReferenceCounted.touch() / Add missing retain() overrides
- Fixes #2163
- Inspector warnings
2014-01-28 20:06:55 +09:00
Norman Maurer
f122118bf7 Not throw an exception if subprotocol is not supported but just drop the header as stated in the RFC's 2014-01-26 11:00:40 +01:00
Trustin Lee
714ed77e17 Add a log message on deletion failure 2014-01-24 16:45:20 +09:00
Frederic Bregier
19f9bcfe8b Fix fileChannel not closed, preventing delete to occur correctly 2014-01-24 16:45:20 +09:00
Frederic Bregier
ce39e6409e Fix try to delete file while it does not exist anymore (see #2102 and #1713) in reference to this issue 2014-01-21 14:16:59 +09:00
Trustin Lee
a69c4f2371 Fix IllegalReferenceCountException which occurs when multipart data is stored in memory
- Fixes #2102
2014-01-19 17:51:20 +09:00
Trustin Lee
a4e587c46b Fix resource leak in HttpPostRequestEncoderTest / Typo 2014-01-19 16:52:13 +09:00
Trustin Lee
5f9854d8ac Fix resource leak in InternalAttribute.setValue() 2014-01-19 16:51:31 +09:00
Trustin Lee
eb4ef433c6 Fix a test failure in Windows due to newline differences 2014-01-19 16:13:49 +09:00
Trustin Lee
f97f6b938e Use package-local fields instead of reflection / Reapply 4dc78c10ee / Inspector warnings 2014-01-19 14:58:48 +09:00
IonuČ› G. Stan
709be30442 Add an HTML5 encoder mode for HttpPostRequestEncoder 2014-01-19 14:58:28 +09:00
Trustin Lee
a0714d1da3 Revert "+= won't let compile optimize String concats"
This reverts commit 4dc78c10ee.
2014-01-19 14:39:29 +09:00
Norman Maurer
1f049367a4 Make use of ByteBufProcessor for extract initial line and headers
This gives some nice performance boost as readByte() is quite expensive because of the index / replay checks.
2014-01-16 20:14:28 +01:00
Stephane Landelle
4dc78c10ee += won't let compile optimize String concats 2014-01-16 20:09:11 +01:00
Michael Nitschinger
75cb91ed0c Rename HttpDataFactory.*datas to *data. Fixes #2094 2014-01-16 09:52:25 +01:00
Daniel Bevenius
6a954d5b47 Adding a Cross Origin Resource Sharing (CORS) handler. 2014-01-16 07:58:32 +01:00
Norman Maurer
29484a44d5 Fix inspector warnings 2014-01-15 17:02:04 +01:00
Veebs
4c0be9b57c Add HttpChunkedInput for easier streaming of chunked content 2014-01-15 15:33:29 +09:00
Trustin Lee
2f9ad15d3f Use the source frame's allocator instead of the unpooled allocator 2014-01-14 14:22:06 +09:00