Uploaded image for project: 'Camel'
  1. Camel
  2. CAMEL-9052

HttpHeaderFilterStrategy should filter any Camel header on consumer side as well

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Unknown

    Description

      We filter only on producer, eg when using to. But if you use jetty as consumer then it may return Camel headers in the http response by default.

      Those headers are not intended for http responses and should be skipped. This is done already when using the producer.

      See nabble
      http://camel.465427.n5.nabble.com/security-http4-endpoint-headers-leaking-tp5770298.html

      Attachments

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            davsclaus Claus Ibsen
            davsclaus Claus Ibsen
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment