You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@camel.apache.org by "orpiske (via GitHub)" <gi...@apache.org> on 2023/07/18 14:49:48 UTC

[GitHub] [camel] orpiske commented on pull request #10717: CAMEL-19568: disable header validation on camel-netty-http

orpiske commented on PR #10717:
URL: https://github.com/apache/camel/pull/10717#issuecomment-1640377232

   > This will open us to CVE weakness. From http response splitting to other stuff. Validation should be always enabled
   
   That's a good point 🤔 
   
   Any suggestions how we could possibly work-around the original issue? One idea I had (which I scrapped) was to change the code like from:
   
   ```
   response.headers().set(HttpHeaderNames.CONTENT_TYPE.toString(), contentType);
   ```
   
   To:
   ```
   response.headers().set(HttpHeaderNames.CONTENT_TYPE.toString(), contentType.replace("\r\n\t", "");
   ```
   
   wdyt? 
   
   
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org