private void sendMessage(
      HttpMessage msg, Channel channel, ByteBuf out, HttpResponse res, ChannelPromise promise) {
    channel.write(res);

    if (log.isTraceEnabled()) {
      log.trace(
          "Out message: {} - sessionId: {}", out.toString(CharsetUtil.UTF_8), msg.getSessionId());
    }

    if (out.isReadable()) {
      channel.write(out);
    } else {
      out.release();
    }

    channel
        .writeAndFlush(LastHttpContent.EMPTY_LAST_CONTENT, promise)
        .addListener(ChannelFutureListener.CLOSE);
  }
  private void sendMessage(
      HttpMessage msg, Channel channel, ByteBuf out, String type, ChannelPromise promise) {
    HttpResponse res = new DefaultHttpResponse(HTTP_1_1, HttpResponseStatus.OK);

    res.headers()
        .add(CONTENT_TYPE, type)
        .add("Set-Cookie", "io=" + msg.getSessionId())
        .add(CONNECTION, KEEP_ALIVE);

    addOriginHeaders(channel, res);
    HttpHeaders.setContentLength(res, out.readableBytes());

    // prevent XSS warnings on IE
    // https://github.com/LearnBoost/socket.io/pull/1333
    String userAgent = channel.attr(EncoderHandler.USER_AGENT).get();
    if (userAgent != null && (userAgent.contains(";MSIE") || userAgent.contains("Trident/"))) {
      res.headers().add("X-XSS-Protection", "0");
    }

    sendMessage(msg, channel, out, res, promise);
  }