2 * Licensed to the University Corporation for Advanced Internet
3 * Development, Inc. (UCAID) under one or more contributor license
4 * agreements. See the NOTICE file distributed with this work for
5 * additional information regarding copyright ownership.
7 * UCAID licenses this file to you under the Apache License,
8 * Version 2.0 (the "License"); you may not use this file except
9 * in compliance with the License. You may obtain a copy of the
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
17 * either express or implied. See the License for the specific
18 * language governing permissions and limitations under the License.
22 * @file xmltooling/io/HTTPResponse.h
24 * Interface to HTTP responses.
27 #ifndef __xmltooling_httpres_h__
28 #define __xmltooling_httpres_h__
30 #include <xmltooling/io/GenericResponse.h>
35 namespace xmltooling {
37 #if defined (_MSC_VER)
38 #pragma warning( push )
39 #pragma warning( disable : 4251 )
43 * Interface to HTTP response.
45 * <p>To supply information to the surrounding web server environment,
46 * a shim must be supplied in the form of this interface to adapt the
47 * library to different proprietary server APIs.
49 * <p>This interface need not be threadsafe.
51 class XMLTOOL_API HTTPResponse : public GenericResponse {
55 virtual ~HTTPResponse();
57 void setContentType(const char* type);
60 * Sets or clears a response header.
62 * @param name header name
63 * @param value value to set, or nullptr to clear
65 virtual void setResponseHeader(const char* name, const char* value);
68 * Sets a client cookie.
70 * @param name cookie name
71 * @param value value to set, or nullptr to clear
73 virtual void setCookie(const char* name, const char* value);
76 * Redirect the client to the specified URL and complete the response.
78 * <p>Any headers previously set will be sent ahead of the redirect.
80 * <p>The URL will be validated with the sanitizeURL method below.
82 * @param url location to redirect client
83 * @return a result code to return from the calling MessageEncoder
85 virtual long sendRedirect(const char* url);
87 /** Some common HTTP status codes. */
89 XMLTOOLING_HTTP_STATUS_OK = 200,
90 XMLTOOLING_HTTP_STATUS_MOVED = 302,
91 XMLTOOLING_HTTP_STATUS_NOTMODIFIED = 304,
92 XMLTOOLING_HTTP_STATUS_UNAUTHORIZED = 401,
93 XMLTOOLING_HTTP_STATUS_FORBIDDEN = 403,
94 XMLTOOLING_HTTP_STATUS_NOTFOUND = 404,
95 XMLTOOLING_HTTP_STATUS_ERROR = 500
98 long sendError(std::istream& inputStream);
100 using GenericResponse::sendResponse;
101 long sendResponse(std::istream& inputStream);
104 * Returns a modifiable array of schemes to permit in sanitized URLs.
106 * <p>Updates to this array must be externally synchronized with any use
107 * of this class or its subclasses.
109 * @return a mutable array of strings containing the schemes to permit
111 static std::vector<std::string>& getAllowedSchemes();
114 * Manually check for unsafe URLs vulnerable to injection attacks.
116 * @param url location to check
118 static void sanitizeURL(const char* url);
121 static std::vector<std::string> m_allowedSchemes;
124 #if defined (_MSC_VER)
125 #pragma warning( pop )
129 #endif /* __xmltooling_httpres_h__ */