[CAMEL-9052] HttpHeaderFilterStrategy should filter any Camel header on consumer side as well - ASF JIRA

Attach files

Attach Screenshot

Voters

Watch issue

Watchers

Create sub-task

Link

Clone

Update Comment Author

Replace String in Comment

Update Comment Visibility

Delete Comments

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.16.0
Component/s: camel-ahc, camel-http, camel-http4, camel-jetty, camel-netty-http, camel-netty4-http, camel-servlet
Labels:
None

Estimated Complexity:
Unknown

Description

We filter only on producer, eg when using to. But if you use jetty as consumer then it may return Camel headers in the http response by default.

Those headers are not intended for http responses and should be skipped. This is done already when using the producer.

See nabble
http://camel.465427.n5.nabble.com/security-http4-endpoint-headers-leaking-tp5770298.html

Attachments

Activity

Comment

This comment will be Viewable by All Users Viewable by All Users

Cancel

People

Assignee:: Claus Ibsen

Reporter:: Claus Ibsen

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 05/Aug/15 08:55

Updated:: 05/Aug/15 09:37

Resolved:: 05/Aug/15 09:37

Agile

View on Board

HttpHeaderFilterStrategy should filter any Camel header on consumer side as well

Details

Description

Attachments

Attachments

Activity

People

Dates

Agile

Slack

Issue deployment