You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@camel.apache.org by Nobuyuki Mizoguchi <nm...@yahoo-corp.jp> on 2016/07/27 06:38:01 UTC

Any good ways to prevent unintentional headers from leaking out?

Hello.
I am troubled with unintentional headers leaked out through http component.
More specifically, the request headers servlet received, which contains some private headers that I don't want to be leaked out, are put into IN message, then http component automatically use that headers and leak them out.

// Request headers come in, e.g. Cookie, Authorization, etc...
rest("/foo").verb("GET", "/sample")
  .to("direct:sample");
 
from("direct:sample")
  // The above headers are unintentionally leaked out here.
  .to("http://example.com");

To cope with it, I am moving headers of IN message to Exchange Property.
Are there any better ways?
I don't use HeaderFilterStrategy or removeHeaders because I want to keep some of them to use later.

Also, I am concerned about the possibility that http component will be changed in the future to use Exchange Property and leak them out.
Does anyone know if there is such possibility?
I know that the following statement get the value of foo from Exchange Property when foo is not found in headers.
<simple>${header.foo}</simple>
That's why I have become concerned about the possibility.


Thank you in advance.
Best regards.
Nobuyuki Mizoguchi