You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by da...@apache.org on 2024/03/29 07:34:45 UTC
(camel) branch main updated: CAMEL-20620: camel-platform-http-vertx - Path parameters should not leak back to calling client (#13648)
This is an automated email from the ASF dual-hosted git repository.
davsclaus pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel.git
The following commit(s) were added to refs/heads/main by this push:
new 77653d0644b CAMEL-20620: camel-platform-http-vertx - Path parameters should not leak back to calling client (#13648)
77653d0644b is described below
commit 77653d0644b1ff75816b870042f0c38dcc79a6ec
Author: Claus Ibsen <cl...@gmail.com>
AuthorDate: Fri Mar 29 08:34:38 2024 +0100
CAMEL-20620: camel-platform-http-vertx - Path parameters should not leak back to calling client (#13648)
---
.../platform/http/vertx/VertxPlatformHttpSupport.java | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
diff --git a/components/camel-platform-http-vertx/src/main/java/org/apache/camel/component/platform/http/vertx/VertxPlatformHttpSupport.java b/components/camel-platform-http-vertx/src/main/java/org/apache/camel/component/platform/http/vertx/VertxPlatformHttpSupport.java
index 9230343a36e..887064f6ddf 100644
--- a/components/camel-platform-http-vertx/src/main/java/org/apache/camel/component/platform/http/vertx/VertxPlatformHttpSupport.java
+++ b/components/camel-platform-http-vertx/src/main/java/org/apache/camel/component/platform/http/vertx/VertxPlatformHttpSupport.java
@@ -66,16 +66,17 @@ public final class VertxPlatformHttpSupport {
}
static Object toHttpResponse(
- HttpServerResponse response, Message message, HeaderFilterStrategy headerFilterStrategy,
+ RoutingContext ctx, Message message, HeaderFilterStrategy headerFilterStrategy,
boolean muteExceptions) {
final Exchange exchange = message.getExchange();
+ HttpServerResponse response = ctx.response();
final int code = determineResponseCode(exchange, message.getBody());
response.setStatusCode(code);
// copy headers from Message to Response
if (headerFilterStrategy != null) {
- copyMessageHeadersToResponse(response, message, headerFilterStrategy, exchange);
+ copyMessageHeadersToResponse(response, ctx.pathParams(), message, headerFilterStrategy, exchange);
}
final Object body = getBody(message, muteExceptions, exchange);
@@ -130,11 +131,18 @@ public final class VertxPlatformHttpSupport {
}
private static void copyMessageHeadersToResponse(
- HttpServerResponse response, Message message, HeaderFilterStrategy headerFilterStrategy, Exchange exchange) {
+ HttpServerResponse response, Map<String, String> pathParams,
+ Message message, HeaderFilterStrategy headerFilterStrategy, Exchange exchange) {
final TypeConverter tc = exchange.getContext().getTypeConverter();
for (Map.Entry<String, Object> entry : message.getHeaders().entrySet()) {
final String key = entry.getKey();
+
+ // skip headers that are path-params as we do not want to leak them back to the caller
+ if (pathParams.containsKey(key)) {
+ continue;
+ }
+
final Object value = entry.getValue();
// use an iterator as there can be multiple values. (must not use a delimiter)
final Iterator<?> it = ObjectHelper.createIterator(value, null, true);
@@ -170,7 +178,7 @@ public final class VertxPlatformHttpSupport {
static Future<Void> writeResponse(
RoutingContext ctx, Exchange camelExchange, HeaderFilterStrategy headerFilterStrategy, boolean muteExceptions) {
- final Object body = toHttpResponse(ctx.response(), camelExchange.getMessage(), headerFilterStrategy, muteExceptions);
+ final Object body = toHttpResponse(ctx, camelExchange.getMessage(), headerFilterStrategy, muteExceptions);
final Promise<Void> promise = Promise.promise();
if (body == null) {