Details
-
Improvement
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
-
Unknown
Description
We filter only on producer, eg when using to. But if you use jetty as consumer then it may return Camel headers in the http response by default.
Those headers are not intended for http responses and should be skipped. This is done already when using the producer.
See nabble
http://camel.465427.n5.nabble.com/security-http4-endpoint-headers-leaking-tp5770298.html