[GitHub] [camel] orpiske commented on pull request #10717: CAMEL-19568: disable header validation on camel-netty-http

via GitHub Tue, 18 Jul 2023 07:49:52 -0700


orpiske commented on PR #10717:
URL: https://github.com/apache/camel/pull/10717#issuecomment-1640377232


   > This will open us to CVE weakness. From http response splitting to other 
stuff. Validation should be always enabled
   
   That's a good point 🤔 
   
   Any suggestions how we could possibly work-around the original issue? One 
idea I had (which I scrapped) was to change the code like from:
   
   ```
   response.headers().set(HttpHeaderNames.CONTENT_TYPE.toString(), contentType);
   ```
   
   To:
   ```
   response.headers().set(HttpHeaderNames.CONTENT_TYPE.toString(), 
contentType.replace("\r\n\t", "");
   ```
   
   wdyt? 
   
   
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

[GitHub] [camel] orpiske commented on pull request #10717: CAMEL-19568: disable header validation on camel-netty-http

Reply via email to