xmltooling 3.2.4
xmltooling::HTTPResponse Class Reference

Interface to HTTP response. More...

#include <xmltooling/io/HTTPResponse.h>

Inheritance diagram for xmltooling::HTTPResponse:
xmltooling::GenericResponse

Public Types

enum  samesite_t { SAMESITE_ABSENT = 0 , SAMESITE_NONE = 1 , SAMESITE_LAX = 2 , SAMESITE_STRICT = 3 }
 Cookie SameSite values.
 
enum  status_t {
  XMLTOOLING_HTTP_STATUS_OK = 200 , XMLTOOLING_HTTP_STATUS_MOVED = 302 , XMLTOOLING_HTTP_STATUS_NOTMODIFIED = 304 , XMLTOOLING_HTTP_STATUS_BADREQUEST = 400 ,
  XMLTOOLING_HTTP_STATUS_UNAUTHORIZED = 401 , XMLTOOLING_HTTP_STATUS_FORBIDDEN = 403 , XMLTOOLING_HTTP_STATUS_NOTFOUND = 404 , XMLTOOLING_HTTP_STATUS_ERROR = 500
}
 Some common HTTP status codes.
 

Public Member Functions

void setContentType (const char *type)
 Sets or clears the MIME type of the response.
 
virtual void setResponseHeader (const char *name, const char *value, bool replace=false)
 Sets, adds, or clears a response header.
 
virtual void setCookie (const char *name, const char *value, time_t expires, samesite_t sameSiteValue, bool sameSiteFallback)
 Sets or unsets a client cookie.
 
virtual void setCookie (const char *name, const char *value, time_t expires=0, samesite_t sameSiteValue=SAMESITE_ABSENT)
 Sets or unsets a client cookie.
 
virtual long sendRedirect (const char *url)
 Redirect the client to the specified URL and complete the response.
 
long sendError (std::istream &inputStream)
 Sends an "error" response to the client along with a transport-specific error indication.
 
long sendResponse (std::istream &inputStream)
 Sends a completed response to the client along with a transport-specific "OK" indication.
 
virtual long sendResponse (std::istream &inputStream, long status)=0
 Sends a completed response to the client.
 
- Public Member Functions inherited from xmltooling::GenericResponse

Static Public Member Functions

static std::vector< std::string > & getAllowedSchemes ()
 Returns a modifiable array of schemes to permit in sanitized URLs.
 
static void sanitizeURL (const char *url)
 Manually check for unsafe URLs vulnerable to injection attacks.
 

Detailed Description

Interface to HTTP response.

To supply information to the surrounding web server environment, a shim must be supplied in the form of this interface to adapt the library to different proprietary server APIs.

This interface need not be threadsafe.

Member Function Documentation

◆ getAllowedSchemes()

static std::vector< std::string > & xmltooling::HTTPResponse::getAllowedSchemes ( )
static

Returns a modifiable array of schemes to permit in sanitized URLs.

Updates to this array must be externally synchronized with any use of this class or its subclasses.

Returns
a mutable array of strings containing the schemes to permit

◆ sanitizeURL()

static void xmltooling::HTTPResponse::sanitizeURL ( const char * url)
static

Manually check for unsafe URLs vulnerable to injection attacks.

Parameters
urllocation to check

◆ sendError()

long xmltooling::HTTPResponse::sendError ( std::istream & inputStream)
virtual

Sends an "error" response to the client along with a transport-specific error indication.

Parameters
inputStreamreference to source of response data
Returns
a result code to return from the calling MessageEncoder

Implements xmltooling::GenericResponse.

◆ sendRedirect()

virtual long xmltooling::HTTPResponse::sendRedirect ( const char * url)
virtual

Redirect the client to the specified URL and complete the response.

Any headers previously set will be sent ahead of the redirect.

The URL will be validated with the sanitizeURL method below.

Parameters
urllocation to redirect client
Returns
a result code to return from the calling MessageEncoder

◆ sendResponse() [1/2]

long xmltooling::HTTPResponse::sendResponse ( std::istream & inputStream)
virtual

Sends a completed response to the client along with a transport-specific "OK" indication.

Used for "normal" responses.

Parameters
inputStreamreference to source of response data
Returns
a result code to return from the calling MessageEncoder

Implements xmltooling::GenericResponse.

◆ sendResponse() [2/2]

virtual long xmltooling::GenericResponse::sendResponse ( std::istream & inputStream,
long status )
virtual

Sends a completed response to the client.

Parameters
inputStreamreference to source of response data
statustransport-specific status to return
Returns
a result code to return from the calling MessageEncoder

Implements xmltooling::GenericResponse.

◆ setContentType()

void xmltooling::HTTPResponse::setContentType ( const char * type)
virtual

Sets or clears the MIME type of the response.

Parameters
typethe MIME type, or nullptr to clear

Implements xmltooling::GenericResponse.

◆ setCookie() [1/2]

virtual void xmltooling::HTTPResponse::setCookie ( const char * name,
const char * value,
time_t expires,
samesite_t sameSiteValue,
bool sameSiteFallback )
virtual

Sets or unsets a client cookie.

The boolean flag enables the workaround for older clients with broken SameSite support by setting a second cookie with a decorated name that would not carry the SameSite flag.

Parameters
namecookie name
valuevalue to set, or nullptr to clear
expiresoptional expiration time for the cookie, 0 means session
sameSiteValuethe SameSite value to apply to the cookie
sameSiteFallbackenables setting of a fallback cookie

◆ setCookie() [2/2]

virtual void xmltooling::HTTPResponse::setCookie ( const char * name,
const char * value,
time_t expires = 0,
samesite_t sameSiteValue = SAMESITE_ABSENT )
virtual

Sets or unsets a client cookie.

Now defaults to calling the new version with a false flag.

Parameters
namecookie name
valuevalue to set, or nullptr to clear
expiresoptional expiration time for the cookie, 0 means session
sameSiteValuethe SameSite value to apply to the cookie

◆ setResponseHeader()

virtual void xmltooling::HTTPResponse::setResponseHeader ( const char * name,
const char * value,
bool replace = false )
virtual

Sets, adds, or clears a response header.

Parameters
nameheader name
valuevalue to set, or nullptr to clear
replacetrue iff this should replace existing header(s)

The documentation for this class was generated from the following file: