You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@camel.apache.org by da...@apache.org on 2024/03/28 16:14:04 UTC

(camel) branch pp created (now 05fcf0ae646)

This is an automated email from the ASF dual-hosted git repository.

davsclaus pushed a change to branch pp
in repository https://gitbox.apache.org/repos/asf/camel.git


      at 05fcf0ae646 CAMEL-20620: camel-platform-http-vertx - Path parameters should not leak back to calling client

This branch includes the following new commits:

     new 05fcf0ae646 CAMEL-20620: camel-platform-http-vertx - Path parameters should not leak back to calling client

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.

(camel) 01/01: CAMEL-20620: camel-platform-http-vertx - Path parameters should not leak back to calling client

Posted by da...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

davsclaus pushed a commit to branch pp
in repository https://gitbox.apache.org/repos/asf/camel.git

commit 05fcf0ae646b959269e4585f60b595e0b7dbfe6b
Author: Claus Ibsen <cl...@gmail.com>
AuthorDate: Thu Mar 28 17:13:48 2024 +0100

    CAMEL-20620: camel-platform-http-vertx - Path parameters should not leak back to calling client
---
 .../platform/http/vertx/VertxPlatformHttpSupport.java    | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/components/camel-platform-http-vertx/src/main/java/org/apache/camel/component/platform/http/vertx/VertxPlatformHttpSupport.java b/components/camel-platform-http-vertx/src/main/java/org/apache/camel/component/platform/http/vertx/VertxPlatformHttpSupport.java
index 9230343a36e..887064f6ddf 100644
--- a/components/camel-platform-http-vertx/src/main/java/org/apache/camel/component/platform/http/vertx/VertxPlatformHttpSupport.java
+++ b/components/camel-platform-http-vertx/src/main/java/org/apache/camel/component/platform/http/vertx/VertxPlatformHttpSupport.java
@@ -66,16 +66,17 @@ public final class VertxPlatformHttpSupport {
     }
 
     static Object toHttpResponse(
-            HttpServerResponse response, Message message, HeaderFilterStrategy headerFilterStrategy,
+            RoutingContext ctx, Message message, HeaderFilterStrategy headerFilterStrategy,
             boolean muteExceptions) {
         final Exchange exchange = message.getExchange();
 
+        HttpServerResponse response = ctx.response();
         final int code = determineResponseCode(exchange, message.getBody());
         response.setStatusCode(code);
 
         // copy headers from Message to Response
         if (headerFilterStrategy != null) {
-            copyMessageHeadersToResponse(response, message, headerFilterStrategy, exchange);
+            copyMessageHeadersToResponse(response, ctx.pathParams(), message, headerFilterStrategy, exchange);
         }
 
         final Object body = getBody(message, muteExceptions, exchange);
@@ -130,11 +131,18 @@ public final class VertxPlatformHttpSupport {
     }
 
     private static void copyMessageHeadersToResponse(
-            HttpServerResponse response, Message message, HeaderFilterStrategy headerFilterStrategy, Exchange exchange) {
+            HttpServerResponse response, Map<String, String> pathParams,
+            Message message, HeaderFilterStrategy headerFilterStrategy, Exchange exchange) {
         final TypeConverter tc = exchange.getContext().getTypeConverter();
 
         for (Map.Entry<String, Object> entry : message.getHeaders().entrySet()) {
             final String key = entry.getKey();
+
+            // skip headers that are path-params as we do not want to leak them back to the caller
+            if (pathParams.containsKey(key)) {
+                continue;
+            }
+
             final Object value = entry.getValue();
             // use an iterator as there can be multiple values. (must not use a delimiter)
             final Iterator<?> it = ObjectHelper.createIterator(value, null, true);
@@ -170,7 +178,7 @@ public final class VertxPlatformHttpSupport {
 
     static Future<Void> writeResponse(
             RoutingContext ctx, Exchange camelExchange, HeaderFilterStrategy headerFilterStrategy, boolean muteExceptions) {
-        final Object body = toHttpResponse(ctx.response(), camelExchange.getMessage(), headerFilterStrategy, muteExceptions);
+        final Object body = toHttpResponse(ctx, camelExchange.getMessage(), headerFilterStrategy, muteExceptions);
         final Promise<Void> promise = Promise.promise();
 
         if (body == null) {